Swagger Editor Not Passing Authorization in the Request Header
M.Shute
I'm using Swagger Editor for the first time to test an API. I'm running it locally. My authorization is working, but my first GET path schema keeps returning "Failed to fetch" errors.
When I run the Swagger generated Curl code in GitBash, I get the result I expect, so everything I need is in the schema. I just can't get the response when I run it in Swagger Editor.
As far as I can tell, Swagger Editor is not including the Authorization token in the Request Header. Here is the request from my browser console... 
I understand that this may be a CORS issue - but I'm not a server admin and I don't have access to make changes to the server. Is there something I need to tell the server admins? Or is there something that I need to change on my local machine to include the authorization code with the header request? My server admin says that CORS is properly enabled.
The odd thing is that if I copy the CURL string that is generated by Swagger Editor, and paste it into GitBash, it runs properly and I get the result I expect. Here's the CURL sting...
If it helps, here is my Swagger JSON.
{
"swagger":"2.0",
"info":{
"description":"Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi molestie sem nec nibh blandit efficitur. Donec arcu massa, semper ut mauris eu, fermentum dictum turpis. [Test Link](http://google.com) Duis efficitur at sapien non maximus. ",
"version":"1.0.0",
"title":"LA-API",
"termsOfService":"http://swagger.io/terms/",
"contact":{
"email":"[email protected]"
},
"license":{
"name":"Apache 2.0",
"url":"http://www.apache.org/licenses/LICENSE-2.0.html"
}
},
"host":"betaapi.myDomain.com",
"basePath":"/",
"tags":[
{
"name":"Account",
"description":"First try at adding LA-API Swagger paths",
"externalDocs":{
"description":"Find out more",
"url":"http://swagger.io"
}
}
],
"schemes":[
"http"
],
"securityDefinitions":{
"la-api_auth":{
"type":"oauth2",
"tokenUrl":"http://betaauthorize.myDomain.com/access_token",
"flow":"password",
"scopes":{
"write:la":"Lorem ipsum",
"read:la":"Dolor sit amet"
}
},
"api_key":{
"type":"apiKey",
"name":"Authorization",
"in":"header"
}
},
"paths":{
"/api/account/{account_id}":{
"get":{
"tags":[
"Account"
],
"summary":"Account - View",
"description":"Lorem ipsum dolor sit amet, consectetur adipiscing elit.",
"operationId":"AccountView",
"produces":[
"application/json"
],
"parameters":[
{
"name":"account_id",
"in":"path",
"description":"ID of Account to return",
"required":true,
"type":"integer",
"format":"int64"
}
],
"security":[
{
"la-api_auth":[
"write:la",
"read:la"
]
}
],
"responses":{
"200":{
"description":"successful operation"
},
"400":{
"description":"Invalid Account ID supplied"
},
"401":{
"description":"Authorization token is required and has failed or has not yet been provided"
},
"404":{
"description":"Account ID not found"
}
}
}
}
},
"definitions":{
"Account":{
"type":"object",
"properties":{
"sms_id":{
"type":"integer",
"format":"int64",
"example":"370"
},
"address1":{
"type":"string",
"example":"123%"
},
"city":{
"type":"string",
"example":"Test%"
},
"state_id":{
"type":"string",
"example":"TN"
}
}
},
"ApiResponse":{
"type":"object",
"properties":{
"code":{
"type":"integer",
"format":"int32"
},
"type":{
"type":"string"
},
"message":{
"type":"string"
}
}
}
},
"externalDocs":{
"description":"Find out more about Swagger",
"url":"http://swagger.io"
}
}
Any advice would be appreciated. Thanks.
Doqnach
Going by this resource: https://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0
OPTIONS requests should exclude user credentials, so should also not respond with a 401 by the server.
Collected from the Internet
Please contact [email protected] to delete if infringement.
edited at
Related
Related Related
- 1
How to send Authorization header with a request in Swagger UI?
- 2
Authorization header in Http Request in linkedin
- 3
Request header field Authorization is not allowed
- 4
Swagger UI: pass custom Authorization header
- 5
Authorization header missing in PHP POST request
- 6
Guzzle HTTP - add Authorization header directly into request
- 7
Authorization header not being sent in AJAX request
- 8
angular $http GET request with authorization token header
- 9
Sending Authorization Header with JWT in HTTP-Request
- 10
Python requests: POST request dropping Authorization header
- 11
Python POST request dropping Authorization header
- 12
Python requests: POST request dropping Authorization header
- 13
Why Authorization header is not send in API request in Angular?
- 14
AFNetworking 2: Authorization header not included in request
- 15
How to remove authorization header from request
- 16
API Request with HTTP Authorization Header inside of componentDidMount
- 17
jQuery - unable to execute ajax request with authorization header
- 18
'Authorization' header sent with request, but missing from apache_request_headers()
- 19
Passing JWT to Node.js WebSocket in Authorization header on initial connection
- 20
ServiceStack, authentication and passing session header with request
- 21
Passing Cookie as a Request Header - SSO JMeter
- 22
Swagger UI passing authentication token to API call in header
- 23
Authorization Header is null when making jQuery Ajax request
- 24
What is the proper way to grab Authorization header from controller request object?
- 25
Swift 2 How do you add authorization header to POST request
- 26
Authorization Token in request header for Rails JSON API DELETE not being recognised
- 27
Adding authorization header with access token for every request using MvcHandler
- 28
What is the correct way to attach an Authorization header to an Ajax request?
- 29
NSURLRequest lost HTTP header “Authorization” while redirecting the request
Comments