Allow passing API credentials directly to Mastr.download() instead of relying on credentials.cfg

[Samurai32Champloo]

Description of the issue

Currently the download(method="API") function internally calls validate_api_credentials(), which instantiates MaStRAPI() without arguments. This requires the presence of a credentials.cfg file.

This approach creates two major problems:

• Security risk: keeping credentials.cfg in local repos or shared environments exposes sensitive credentials.
• Cloud workflows: in managed environments like Databricks it is nearly impossible to provide credentials.cfg in a secure way, since credentials are normally injected via secret scopes or environment variables.

Ideas of solution

A more flexible approach would be to extend Mastr.download() with optional parameters user and key. These would be forwarded to validate_api_credentials() and then to MaStRAPI(user, key). This would allow secure integration in production pipelines while preserving backward compatibility with the current credentials.cfg logic.

Proposed change

• Extend Mastr.download() with optional user and key arguments.
• Adapt validate_api_credentials() to accept and pass through these credentials if provided.
• Fallback to credentials.cfg only if no arguments are given.

This small change would make open-mastr usable in secure, cloud-native setups (Databricks, Airflow, CI/CD) without relying on an insecure file-based credential store.

[FlorianK13]

Hi @Samurai32Champloo - this opens up a more complicated topic: We plan to deprecate the download(method="API") part of open-mastr in the next release, see #635 and #487

Can you explain a bit on how you use this API download? Is either download via method="bulk" or the direct usage of the MastrAPI class also a way to go for you?