I am using swagger-ui to create and test my apis calls but in case where I have a GET call with Authorization header it fails and returns ERROR. When I try to debug I found out that it sends this GET call as OPTIONS if Authorization header is present, else as a GET call.
The strange part is with Authorization header the POST call works fine.
/urlCode:
get:
description: Initiate something
parameters:
- name: Authorization
in: header
description: Authorization token
required: true
type: string
- name: var
in: query
description: variable
required: true
type: string
format: string
This is a CORS issue. To see what's allowed, web applications must first send an OPTIONS request prior to submitting the actual request (which is why you see OPTIONS and not GET). In order for it to work properly, you must enable CORS on the API itself. Further details can be found in swagger-ui's repository.
Related
My spec is as below.
/path:
/user:
get:
parameters:
- name: Authorization
in: header
required: true
schema:
type: string
Problem is that it is giving me the below warning. I get the same warning if I add Content-Type or Accept header.
Header parameters named Authorization are ignored. Use securitySchemes and security to define the Authorization
I tried the below but I don't see Authorization header added in the request. I am using https://editor.swagger.io to create the spec.
/path:
/user:
get:
parameters:
- name: Authorization
in: header
required: true
schema:
type: string
security:
- my_auth: []
components:
securitySchemes:
my_auth:
type: http
scheme: bearer
bearerFormat: JWT
Any help is appreciated. Thanks !!
In the request parameters, there are operation's specific parameters.
The general purpose HTTP headers aren't defined here because:
Content-Type is defined by the request body content. If there are multiple content types, the consumer has to choose and set Content-Type accordingly.
Accept is similar; it only relates to the response message.
For security, we do not describe the Authorization header but instead define the security scheme (see docs for more).
You may use the description property to explain how to use these headers with your API. However, if your API follows standards, it should not be necessary.
Once you have added the security schema to your API definition, you can use the Authorization function of Swagger Editor. So, you will add your token and trigger "Try it out." Swagger will populate the Authorization header; see the attached screenshot.
I'm new to OpenApi and Swagger Ui,I tried Using this but this gives me a response as unable to login and the request Url is correct so I don't understand what i'm doing wrong and i tried using postman with the same url and in the header i'm passing Authorization:{"token":"TOKEN","refreshToken":"REFRESHTOKEN"} it works there:
parameters:
- in: header
name: Authorization
content:
application/json:
schema:
type: object
properties:
token:
type: token
example: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjYwNTFiNGE0MmJhZGI0MTlkZTA5MDRhZiIsImVtYWlsIjoic2hpdmFteWFkYXYucy5rLnlAZ21haWwuY29tIiwiZXhwaXJ5RGF0ZSI6IjIwMjEtMDktMjhUMDA6MDA6MDAuMDAwWiIsInByb3RvY29sIjpmYWxzZSwicGxhblR5cGUiOiJwYWlkIiwidHlwZSI6MSwiY3VycmVudFZlcnNpb24iOiIwLjIuOSIsImJldGFWZXJzaW9uIjoiMC4yLjkiLCJpYXQiOjE2MjU0ODE2MjQsImV4cCI6MTYyNTQ4MzQyNH0.p1KmZkxbieH6lWr6JURbHgHBpkJngJYzlrHOMEWAbXk"
refreshToken:
type: token
example: "5PrWmJyxheJ4hUY2bEHsZBtXRcJhY7v7I4jb9PmwxL9zaMgF8FalWatnl5YOT316y9IiQFzUsBDWyFay6tTR3vP6USaz0DqZ9l0obLGMCP8nmGhMvDQwTaZXGMXqisDy"
required: true
Header parameters named Accept, Content-Type and Authorization are not allowed. check this doc
I am facing fellow two problems related to Swagger open API
I am not able to pass custom header through swagger open API while calling my API, please suggest how can we pass custom header, through swagger open API.
When I added POI dependency on my project's pom.xml, it stopped working through swagger open API, however, it is working with the postman, please suggest what could be the issue.
From Describing Parameters:
An API call may require that custom headers be sent with an HTTP request. OpenAPI lets you define custom request headers as in: header parameters. For example, suppose, a call to GET /ping requires the X-Request-ID header:
GET /ping HTTP/1.1
Host: example.com
X-Request-ID: 77e1c83b-7bb0-437b-bc50-a7a58e5660ac
Using OpenAPI 3.0, you would define this operation as follows:
paths:
/ping:
get:
summary: Checks if the server is alive
parameters:
- in: header
name: X-Request-ID
schema:
type: string
format: uuid
required: true
When I try to execute API route without authentication, it returns correct message but there in the code I see 401 Undocumented. Is this undocumented normal? where should I fix it. I have attached an image below:
yaml file:
nelmio_api_doc:
documentation:
securityDefinitions:
my_token:
type: apiKey
description: 'token'
name: token_name
in: header
I'm trying to set two different responses of 302 in out API since our API redirects to a different Endpoint depending on the request sent. I'm current using Open API ver 3.0.1. How do I do that?
I basically just want two different Location Headers for the 302
redirect describing how why the particular Location header is returned. Or have two same 302 response codes
I was following this older thread. But it doesn't correctly reference the two different Location headers in the actual API Endpoint, and instead just shows a blank Location header.
My Code snippet is:
responses:
'200':
description: 'Sample 200 Response'
'302':
description: 'Sample 302 Responses. See <302ExpiredRefreshTokenstring> & <302ExpiredUserRefreshTokenstring> schemas for reference'
headers:
Location:
schema:
oneOf:
- $ref: '#/components/schemas/302ExpiredRefreshToken'
- $ref: '#/components/schemas/302ExpiredUserRefreshToken'
And the schema is:
components:
schemas:
302ExpiredRefreshToken:
type: string
example: 'www.<UIEndpoint>/ref-login?SessionId=d3fe5c6959ae0ce502d6027a7693c3ebe4543f51a878d60004e1331723fc0187&redirect_uri=https://www.lazada.com.ph&state=sample_state_54321&refresh_token=sCY2O0kev5Ic516A1INnQwRc8D1hbuOJ&BillerCode=00494&UserId=JBC_28'
description: Redirect URI if Refresh Token (FinTech) has already expired.
302ExpiredUserRefreshToken:
type: string
example: 'www.<UIEndpoint>/cpw-login?SessionId=d3fe5c6959ae0ce502d6027a7693c3ebe4543f51a878d60004e1331723fc0187&redirect_uri=https://www.lazada.com.ph&state=sample_state_54321&refresh_token=sCY2O0kev5Ic516A1INnQwRc8D1hbuOJ&BillerCode=00494&UserId=JBC_28'
description: Redirect URI if User Refresh Token (DigiFi) has already expired. This could be triggered even if the Refresh Token (FinTech) has not expired yet.
Adding multiple examples doesn't work either as it doesn't show the multiple examples, instead it's just a blank
headers:
Location:
schema:
type: string
examples:
'test1':
value: 'value1'
'test2':
value: 'value2'
description: 'Description of Location Header'
But the Multiple examples for a header work when placed on the request paramters as I added examples in the request like this.
parameters:
name: Location
in: header
examples:
test1:
value: 'value2'
summary: 'summary 1'
test2:
value: 'value 1'
summary: 'summary 2'
There's no need for multiple schemas for the Location header because the data type is the same in both cases - type: string. Instead, add multiple examples of the header value:
responses:
...
'302':
description: Some token has expired... Clients should follow the `Location` header to refresh the token.
headers:
Location:
description: URI where the client can refresh the expired token.
schema:
type: string
format: uri # Optional - use if the Location header is an absolute URI, starting with http(s)://
examples:
302ExpiredRefreshToken:
description: Redirect URI if Refresh Token (FinTech) has already expired
value: 'www.<UIEndpoint>/ref-login?SessionId=d3fe5c6959ae0ce502d6027a7693c3ebe4543f51a878d60004e1331723fc0187&redirect_uri=https://www.lazada.com.ph&state=sample_state_54321&refresh_token=sCY2O0kev5Ic516A1INnQwRc8D1hbuOJ&BillerCode=00494&UserId=JBC_28'
302ExpiredUserRefreshToken:
description: >-
Redirect URI if User Refresh Token (DigiFi) has already expired.
This could be triggered even if the Refresh Token (FinTech) has not expired yet.
value: 'www.<UIEndpoint>/cpw-login?SessionId=d3fe5c6959ae0ce502d6027a7693c3ebe4543f51a878d60004e1331723fc0187&redirect_uri=https://www.lazada.com.ph&state=sample_state_54321&refresh_token=sCY2O0kev5Ic516A1INnQwRc8D1hbuOJ&BillerCode=00494&UserId=JBC_28'
But since you use Swagger UI, please note that it currently does not display examples in response headers. Follow this issue for updates: https://github.com/swagger-api/swagger-ui/issues/5432