Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Api key header field is missing in swagger ui calls (version 2.9.2)

See original GitHub issue

Version: 2.9.2

Hello everybody,

this bug report is refering to https://github.com/springfox/springfox/issues/1804. It seems that the header field (here: api_key) is missing in the swagger ui calls. We see it for example at the generated curl commands (examples are below).

Java code

public class SwaggerConfig {

    @Bean
    public Docket api() {
        return new Docket(DocumentationType.SWAGGER_2)
            .select()
            .apis(RequestHandlerSelectors.withClassAnnotation(RestController.class))
            .paths(PathSelectors.regex(Constants.REST_API_PATH_ROOT + ".*"))
            .build()
            .securitySchemes(Arrays.asList(apiKey()))
            .useDefaultResponseMessages(false);

    }

    private ApiKey apiKey() {
        return new ApiKey("APIKey", "api_key", "header");
    }
}

Input at swagger-ui

name: APIKey
in: header
value: my_key_value

curl at swagger-ui (current behaviour)

curl -X GET "http://localhost:8080/api/users" -H "accept: application/json"

curl at swagger-ui (expected behaviour)

curl -X GET "http://localhost:8080/api/users" -H 'Accept: application/json' -H 'api_key: my_key_value'

Thank you very much for your help!

Issue Analytics

State:
Created 5 years ago
Reactions:13
Comments:9 (1 by maintainers)

Top GitHub Comments

12reactions

tholucommented, Jul 26, 2018

@medialwerk I had the same issue, you are missing this in the return of your api() method after .build():

.securityContexts(Collections.singletonList(securityContext()))

The references methods need to be like this:

private SecurityContext securityContext() {
    return SecurityContext.builder().securityReferences(defaultAuth()).forPaths(PathSelectors.regex("/.*")).build();
  }

  private List<SecurityReference> defaultAuth() {
    final AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything");
    final AuthorizationScope[] authorizationScopes = new AuthorizationScope[]{authorizationScope};
    return Collections.singletonList(new SecurityReference("api_key", authorizationScopes));
  }```

6reactions

medialwerkcommented, Jul 26, 2018

Thank you very much! 😃. That was the missing part! 😃.

I only had to change api_key to APIKey in your code sample:

  private List<SecurityReference> defaultAuth() {
    final AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything");
    final AuthorizationScope[] authorizationScopes = new AuthorizationScope[]{authorizationScope};
    return Collections.singletonList(new SecurityReference("APIKey", authorizationScopes));
  }

Top Results From Across the Web

Cannot send Authorization token from Swagger-UI using ...

If you remove .securitySchemes(Arrays.asList(apiKey())) line, Autorize button disappear from UI. How do you enter your token into header?

API Keys - Swagger

Some APIs use API keys for authorization. An API key is a token that a client provides when making API calls. The key...

API Keys - Swagger

An API key is a special token that the client needs to provide when making API calls. The key is usually sent as...

OpenAPI Specification - Version 2.0 - Swagger

The files describing the RESTful API in accordance with the Swagger specification are represented as JSON objects and conform to the JSON standards....

Springfox Reference Documentation - GitHub Pages

Springfox works by examining an application, once, at runtime to infer API semantics based on spring configurations, class structure and various ...