Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

api_key in header doesn't work at all #1593

Closed
gcsgit opened this issue Sep 10, 2015 · 7 comments
Closed

api_key in header doesn't work at all #1593

gcsgit opened this issue Sep 10, 2015 · 7 comments

Comments

@gcsgit
Copy link

gcsgit commented Sep 10, 2015

Pretty much what the title says. It shows in the sample curl command, but if you look at the request headers, it isn't there.
@jayquest
Copy link

jayquest commented Oct 1, 2015

+1

@richardkerr
Copy link

I've spent far too long looking at this. The problem is that the method used in the docs (window.swaggerUi.api.clientAuthorizations.add) will only add the header if it is present in the "security" element of the operation, within the api-docs.

In the pet store example (http://petstore.swagger.io/v2/swagger.json), GET /pet/{petId} will allow the api_key parameter, but POST to the same endpoint will only apply the OAUTH security (petstore_auth).

This also seems to mean that there is no mechanism to arbitrarily set header values, which the documentation leads us to believe.

@fehguy
Copy link
Contributor

fehguy commented Oct 15, 2015

Hi, by design, you must specify where the header needs to be applied. For example, if you want to secure every operation, you should add the security attribute at the top level. If you want to do so on a more granular level, do it at each operation.

If you want to add arbitrary headers, you are correct--the security scheme supports adding named headers as defined in the securityDefinition section of the spec (see https://github.com/swagger-api/swagger-spec/blob/master/versions/2.0.md#securityDefinitionsObject) for details.

If you want to add arbitrary headers, please use the appropriate mechanism, which is done via creating a custom request signing mechanism (see https://github.com/swagger-api/swagger-js#custom-request-signing).

These tools should give you what you're looking for. If they're hard to find, hard to understand, or don't behave the way you'd expect, please open a bug.

@rngtng
Copy link

rngtng commented Oct 16, 2015

+1, I ran into the same problem. What I understood from the docs, my definition (see below, securityDefinitions and security on root level) would add --header "mykey: #{api_key}" to the request. Dosen't work at all, so is it meant to work or do I need to customize swagger-ui??

"securityDefinitions": {
    "mykey": {
      "type": "apiKey",
      "name": "mykey",
      "in": "header"
    }
  },
  "security": [
    {
      "mykey": []
    }
  ]

@jayquest
Copy link

I have solve the problem for me, and just create a pull request with my modifications.
link to the pull request

@rngtng rngtng mentioned this issue Oct 23, 2015
Closed
@glspm
Copy link

glspm commented Nov 17, 2015

Maybe it could be just added drop-down for selecting the place where to put api_key, into "header", or as a "query param".
That drop-down could be next to api_key input field.

It is weird it only supports api_key as a query parameter (hardcoded) since it is a bad practice in general.

ikitommi added a commit to metosin/ring-swagger-ui that referenced this issue Nov 28, 2015
@ikitommi
Add support for spec-driven api-keys
7530856 
Swagger-ui uses hard-coded `api_key` query-param for api-keys,
with this commit, one can override this in the swagger spec -
both key-name & in (header, query etc.) There are lot's of open
issues related to this, without any resolution time-table. See:

swagger-api/swagger-ui#1766
swagger-api/swagger-ui#1731
swagger-api/swagger-ui#1593
@ikitommi ikitommi mentioned this issue Nov 28, 2015
Merged
@fehguy
Copy link
Contributor

fehguy commented Mar 15, 2016

Please re-test with master, #2014 should address this.

@fehguy fehguy closed this as completed Mar 15, 2016
@GUI GUI mentioned this issue Mar 29, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@rngtng @fehguy @richardkerr @jayquest @gcsgit @glspm