Search code examples
swaggerswagger-uiswagger-2.0api-key

Swagger UI Not adding Header to Requests

I am using Swagger 2.0 and Swagger UI 3.0.3.

In my api_definition.yaml I have the following before my paths: 

swagger: '2.0'

################################################################################
#                  Host, Base Path, Schemes and Content Types                  #
################################################################################
# Metadata
info:
  version: v1
  title: Microservice
  description: Microservice API!


host: sandbox

basePath: '/apps/fiji/v1'
schemes:
  - http

securityDefinitions:
  apikey:
    type: apiKey
    name: X-Access-Token
    in: header

security:
  - apikey: []

produces:
  - application/json
consumes:
  - application/json

This adds an Authorize button the the Swagger UI where the user can paste in their API key. I would like this API key to be sent in the request header of every request. This does not happen though and I'm not sure why. Am I missing something?

EDIT:

The request seems to send and I get back 401 Unauthorized.

Chrome Dev Tools shows the following Request Headers: 

GET /apps/fiji/v1/getCPICountries HTTP/1.1
Host: sandbox
Connection: keep-alive
accept: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
content-type: application/json
Referer: http://sandbox/apps/fiji/vendor/swagger-ui/dist/index.html?url=http://sandbox/apps/fiji/swagger/api_definition.yaml
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8

I have the paths set up as: 

# API Paths
paths:
  # getCPICountries endpoint
  /getCPICountries:
    # HTTP operations
    get:
      # Describe this verb here. Note: you can use markdown
      description: |
        Returns a list of countries and country codes
      produces:
      - application/json
      security:
        - auth:
          - role_admin
      # Expected responses for this operation:
      responses:
        # Response code
        200:
          description: Successful response
          # A schema describing your response object.
          # Use JSON Schema format
          schema:
            properties:
              data:
                type: array
                items:
                  $ref: '#/definitions/CPIResponse'

And definitions as follows: 

definitions:
  CPIResponse:
    type: object
  UserObject:
    type: object
    properties:
      email:
        type: string
      id:
        type: number
      orgId:
        type: number
      firstName:
        type: string
      lastName:
        type: string
Solution

  • The problem was that I override security in my paths. I need to remove the following: 

    security:
    - auth:
    - role_admin