idempotency_key is sent in request JSON

[saxon134]

VideosResource.create and TasksResource.create build json_body from the full params dict, then separately use params.get("idempotency_key") to set the Idempotency-Key header. Passing idempotency_key therefore sends it both as a header and as a JSON field, for example client.videos.create(..., idempotency_key="idem_1") serializes an idempotency_key property in the body. APIs that validate payload schemas can reject otherwise valid idempotent create requests; remove header-only params before building the sync and async create payloads.

File: src/globalrouter/_resources.py

Line: 335

Severity: medium

Summary: idempotency_key leaks into create request bodies

[saxon134]

Coding Loop Plan

Refined Issue

idempotency_key is currently treated as both an SDK transport option and a JSON payload field when passed as a keyword argument to idempotent create methods. It should be sent as the Idempotency-Key header only and omitted from the request JSON body.

Implementation Plan

Fix the idempotency-key handling only for the existing create methods that already attach an idempotency header. Add regression coverage first, then update payload construction so the keyword argument is consumed before JSON serialization. Do not change unrelated request payload behavior or broader resource APIs.

Development Tasks

1. Add regression coverage for idempotency_key payload exclusion
   Update the existing HTTP mock assertions so calls that pass idempotency_key verify two things: the outgoing request has the expected idempotency-key header, and the decoded JSON body does not contain idempotency_key. Cover videos.create(...) using the existing OpenRouter-surface test and add or extend coverage for tasks.create(...), since both resources currently use idempotency headers.
   Files: tests/test_client.py
   Tests: python -m pytest tests/test_client.py -q

2. Consume idempotency_key before building JSON payloads
   In VideosResource.create, VideosResource.create_async, TasksResource.create, and TasksResource.create_async, remove the idempotency_key keyword from params before calling _payload(request, params), and use that removed value to build _idempotency_header(...). Keep behavior unchanged when no idempotency key is provided. Limit the change to keyword SDK options; do not introduce unrelated payload filtering or refactors.
   Files: src/globalrouter/_resources.py
   Tests: python -m pytest tests/test_client.py -q, python -m ruff check src/globalrouter/_resources.py tests/test_client.py