Search code examples
c#asp.net-web-api2swaggerapi-keyswashbuckle

How to set multiple api Key with Swashbuckle in the request's header

I've a web api2 project, where I've implemented swashbuckle for test and documentation of my web services. I've tried to set an apiKey for the authentication in the SwaggerDocsConfig and it works, but if I want to add another apiKey (apiKey and appId) I can't make it works.

I read in the swagger doc that is possible, but I don't get how to configuring the swagger docs in this way, with swashbuckle.

How Swagger docs should be

securityDefinitions:
  apiKey:
    type: apiKey
    in: header
    name: X-API-KEY
  appId:
    type: apiKey
    in: header
    name: X-APP-ID
security:
  - apiKey: []
    appId: []

I've tried to simply add another ApiKey when I enable swagger in my project (see code above), but it didn't work.

    GlobalConfiguration.Configuration.EnableSwagger(swagger =>
            {
                swagger.RootUrl(req => req.RequestUri.GetLeftPart(UriPartial.Authority).TrimEnd('/') + req.GetRequestContext().VirtualPathRoot.TrimStart('/'));
                swagger.PrettyPrint();
                c.SingleApiVersion("v1", "Project.WebApi");             
                swagger.ApiKey("apiKey") //First ApiKey
                    .Description("API Key Authentication")
                    .Name("Authorization")
                    .In("header");
                swagger.ApiKey("apiId") //Second ApiKey
                    .Description("API Key Authentication")
                    .Name("Authorization") //Same Schema
                    .In("header");                              
                swagger.IncludeXmlComments(string.Format(@"{0}\bin\Project.WebApi.XML", System.AppDomain.CurrentDomain.BaseDirectory));
                swagger.ResolveConflictingActions(apiDescriptions => apiDescriptions.First());
            })
            .EnableSwaggerUi(swagger =>
            {
                swagger.DocumentTitle("Project API");               
                swagger.DocExpansion(DocExpansion.List);
                swagger.EnableDiscoveryUrlSelector();
                swagger.EnableApiKeySupport("Authorization", "header");
            });

Is it possible to do it with Swashbuckle, or I have to inject an js script and do it from client-side?

Thanks

Solution

  • I just tested this with Swagger-Net and it seems to work fine...
    Here is a fully functional example:

    http://nhc-noaa.azurewebsites.net/swagger/ui/index?filter=&docExpansion=list
    Once you enter the apiKey and appId the curl looks like this:

    curl -X GET "http://nhc-noaa.azurewebsites.net/api/Videos?count=1&frameRate=1&isCompressed=false" 
     -H "accept: application/json" -H "apiKey: 111" -H "appId: 222"

    Full disclosure I'm the owner of Swagger-Net, the implementation is very similar to swashbuckle, I just try to simplify a lot of the settings, EnableApiKeySupport is one of those things that I completely removed, to do what you ask all you need is:

    c.ApiKey("apiKey", "header", "API Key Authentication", typeof(KeyAuthorizeAttribute));
c.ApiKey("appId", "header", "APP ID Authentication", typeof(KeyAuthorizeAttribute));

    Full code is here:
    https://github.com/heldersepu/nhc-noaa/blob/master/nhc-noaa/App_Start/SwaggerConfig.cs