2

Having documented my API, I filled the param of my request in the UI and clicked "Execute".

I was then given the corresponding curl and the response body.

For a reason I don't yet understand, I'm logged in but the response body is the one I would have expected were I logged out

But my real surprise is that when running the curl in my terminal I do receive the correct answer (the one received when logged in).

Here is the generated Curl :

curl -X GET "http://server/path" -H "accept: */*" -H "Cookie: PHPSESSID=uk30v14m2l788eehtkb9q1j260"

and the openapi specification 

openapi: '3.0.0'
paths:
  /add.php:
    get:
      tags:
        - information
      parameters:
        - in: "header"
          name: "Cookie"
          type: string
      responses:
        '200':
          description: successful operation

For context, I already had to add the "Access-Control-Allow-Origin:*" header to authorize queries from Swagger (before that I was given the "Failed to fetch error" described here)

Thanks for your help !

Emarco
  • 945
  • 3
  • 8
  • 21
  • Please post the curl command and the actual request sent by Swagger UI. To capture the Swagger UI request, open the dev tools (F12), open the Network tab, and execute the request. Then if you use Chrome, right-click the request (the actual request, not the OPTIONS request) and select "Copy as cURL (bash)". If you use Firefox, right-click the request, select "Edit and Resend", and post the screenshot here. (Alternatively, you could record the raw HTTP request using Fiddler or Charles Proxy or similar tools.) – Helen Jul 26 '18 at 10:18
  • *"But my real surprise is that when running the curl in my terminal I do receive the correct answer."* - Correct being "logged out", or a response as if you were logged in? – GolezTrol Jul 26 '18 at 10:26
  • What kind of auth does your API use? – Helen Jul 26 '18 at 10:37
  • Swagger Editor and Swagger UI currently do not support sending cookies in "try it out" requests - see [this answer](https://stackoverflow.com/a/49273653/113116) for details. That's why it didn't work in Swagger UI but worked with curl from command line. – Helen Jul 26 '18 at 13:16

1 Answers1

3

I found the answer (thanks @Helen for your tip !)

I checked the curl send by swagger in my browser developer tools and the cookie param was not there. I thought it would be handled like the others but it must be declared differently.

After checking the documentation I found that cookies param must be declared "in : cookie" instead of "in : header" (link). (which works, but there is a warning by the swagger editor which don't recognize it as a valid option)

Moreover this cookie being used for authentication purpose I used the dedicated securityScheme (link)

Here is the valid openapi specification

openapi: '3.0.0'
components:
  securitySchemes:
    PHP_session:
      type: apiKey
      in: cookie
      name: PHPSESSID
paths:
  /add.php:
    get:
      tags:
        - information
      security:
        - PHP_session: []
      responses:
        '200':
          description: successful operation

edit : Well, I learned a lot and the specification is now valid but indeed it still doesn't work (the response being hard to interpret I had some false hope there ^^'). But I guess it will do until swagger-ui support cookies.

edit : as specified in the answer of the related question (link), it works (for real this time) in SwaggerHub

Emarco
  • 945
  • 3
  • 8
  • 21
  • Not sure what you mean by "works like a charm" since Swagger UI currently [does not support](https://stackoverflow.com/a/49273653/113116) sending cookies in "try it out" requests. – Helen Jul 26 '18 at 13:17
  • @Helen Well yes ^^' I wanted to edit when I saw I had falsely thought it had worked (the response is massive and I missed the relevant info) but you were quicker than me. – Emarco Jul 26 '18 at 13:24