Code Room
Code reviewMedium
Question
Review this Go middleware that authenticates internal service-to-service calls with a shared API key.
What a strong answer looks like
Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.
Learn the concepts
func requireAPIKey(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { provided := r.Header.Get("X-Api-Key") if provided == os.Getenv("INTERNAL_API_KEY") { next.ServeHTTP(w, r) return } http.Error(w, "forbidden", http.StatusForbidden) })}Run or narrate your approach, then ask the coach.