All our services require an authentication token to be passed in a header. I know the correct way to go about that would be to use oauth but its not yet supported for our use case.
What I want to do is to get the token once by making a call to authentication service and then set it for all try out requests from swagger UI index page. There is enough documentation on how to pass a custom header to swagger API calls (the calls to get API info) but I couldn't find anything which would set a custom header for all the "try out" calls.
I will appreciate any advise.
Thanks,
Jas
Related
I am using 2 Oauth services in my website. They both send back a query parameter called code. And I use a custom function to grab that code field when my page loads. Do OAuth services have a way you can change that code field to be custom? I am using Google OAuth for one and I am unable to locate this.
No, the standard specifies that the query parameter is named code, so there's no way to name them differently.
But the client can add a state parameter to the authorization request, which the authorization server has to return with the code. You can use that parameter to distinguish between the two authorization requests.
I am trying ot find a way how to setup properly Swagger UI to be able use Try It Out functionality with Authentication. I have API whith Basic HTTP Authentication which is crucial for business.
Unfortunately Swagger UI sends only OPTIONS requests without Basic HTTP header.
I found some articles on internet but almost all are saying that OPTIONS doesn't contain the header.
Is it there any way how to force Swagger UI use POST including the Authorization header instead of OPTIONS without the header?
Request URL:https://blabla.blabla.com/rest/blabla/ShipmentRequest
Request Method:OPTIONS
Status Code:401 Unauthorized
Remote Address:001.02.003.004:443
Referrer Policy:no-referrer-when-downgrade
Thank you, Reddy
when I write this
https://api.twitter.com/1.1/search/tweets.json?q=%23baseball&result_type=recent to search for #baseball but then I get a Bad Authentication data.
How do I add the Authentication to the request? I'm asking how do I make the request? Could someone give me an example of how it would look? If I have a Consumer Key and an Access Token?
The 1.1 API assures that all requests made to Twitter are made with some sort of authentication. To try out the API, use the API console here: https://apigee.com/console/twitter
To simply browse the request, use one of the auth methods in the console and pass in your request with GET https://api.twitter.com/1.1/search/tweets.json?q=baseball&result_type=recent
I am trying to make a GET request with AFNetworking to facebook's graph api. For various reasons, I'd rather not use the facebook SDK's native objects and would prefer to make those requests via AFNetworking. However, I'm a bit new to the networking side of things and I am unsure how to include the access token along with my GET request. Can anyone point me in the right direction?
I've tried setting the http header field to include this:
Authentication : {my access token}
but that doesn't seem to be working.
You need to add access_token as a URL query parameter for GET requests. See the docs here.
I use asp.net mvc controller instead of Web Service in my project.
When I call the controller from my client app,there will be a authentication problem. If I use Web Service ,I can use SOAP Header , but now in asp.net mvc, There is no soap header.
Please help.
I am really know a little about the web security.
Normal way of doing this when you come to http services is to pass it in authorization header in following format (if you are doing request from fiddler)
Authorization: Basic user123:pass123
user123:pass123 string is normally base64 encoded and you have to decode it on server side, check it against user store and authenticate the user. One example can be found here
You have several options.
Use a request header to contain some security token.
Include security tokens in the message that you send in the request body.
If your application uses something like Forms Authentication, you can ask consumers to call a login action, then grab the Forms Auth cookie and include that cookie in subsequent calls.
Since you are not using soap. You may use a simple http way. Which means you start a HttpRequest and handle result via HttpResponse. Thus you have to simulate a authenticate action as signing in from web browser.
You need to get the security token or cookie from the reponse. And put them into your following request. Thus your controller will recognize the request's identity.