CRED-2148: Add PAT auth support to TypeScript API client

[tausman]

Why

Add support for Personal Access Token (PAT) authentication via the Authorization: Bearer <PAT> header. The OpenAPI spec now defines bearerAuth as a security scheme with x-env-name: DD_BEARER_TOKEN, and this aligns the TypeScript client with that spec.

Behavior

When DD_BEARER_TOKEN is set, the Authorization: Bearer header is sent alongside any configured API key and app key headers. Auth methods are NOT mutually exclusive — all configured headers are sent, and the server uses whichever is valid.

• DD_API_KEY set -> DD-API-KEY header sent
• DD_APP_KEY set -> DD-APPLICATION-KEY header sent
• DD_BEARER_TOKEN set -> Authorization: Bearer <token> header sent
• All three can be sent simultaneously

Summary

• packages/datadog-api-client-common/auth.ts: Added BearerAuthAuthentication class that sets Authorization: Bearer <token> header. Added bearerAuth to AuthMethods and AuthMethodsConfiguration types, and configureAuthMethods().
• packages/datadog-api-client-common/configuration.ts: Added DD_BEARER_TOKEN env var support in createConfiguration(). Bearer auth is applied in applySecurityAuthentication() alongside (not instead of) API key and app key auth.
• packages/datadog-api-client-common/http/isomorphic-fetch.ts: Added redaction of Authorization header in debug logging, matching the existing pattern for DD-API-KEY and DD-APPLICATION-KEY.
• tests/api/auth.test.ts: 10 unit tests covering bearer header application, configureAuthMethods, createConfiguration with DD_BEARER_TOKEN env var, and combined auth header behavior.

Test plan

• 10 unit tests pass (npx jest tests/api/auth.test.ts)
• Verified all configured auth headers are sent simultaneously
• Verified bearer-only auth sends only Authorization: Bearer header
• Naming aligned with OpenAPI spec: bearerAuth scheme, DD_BEARER_TOKEN env var

Generated with Claude Code

---

PR Stack

API Client Libraries

• Go: CRED-2147: Add PAT auth support to Go API client datadog-api-client-go#3764 — CRED-2147: Add PAT auth support to Go API client
• Python: CRED-2146: Add PAT auth support to Python API client datadog-api-client-python#3243 — CRED-2146: Add PAT auth support to Python API client
• TypeScript: CRED-2148: Add PAT auth support to TypeScript API client #3588 — CRED-2148: Add PAT auth support to TypeScript API client
• TypeScript v2: CRED-2148: Add PAT auth support to TypeScript v2 API client #3610 — CRED-2148: Add PAT auth support to TypeScript v2 API client
• Java: CRED-2149: Add PAT auth support to Java API client datadog-api-client-java#3555 — CRED-2149: Add PAT auth support to Java API client
• Rust: CRED-2150: Add PAT auth support to Rust API client datadog-api-client-rust#1310 — CRED-2150: Add PAT auth support to Rust API client
• Ruby: CRED-2151: Add PAT auth support to Ruby API client datadog-api-client-ruby#3058 — CRED-2151: Add PAT auth support to Ruby API client

OpenAPI Spec Changes

• https://github.com/DataDog/datadog-api-spec/pull/5166 — CRED-2275: Add bearerAuth to global default security for PAT support
• https://github.com/DataDog/datadog-api-spec/pull/5164 — CRED-2275: Add PAT/SAT management API endpoints