I have an endpoint defined in OpenAPI spec :
paths:
/employee:
get:
parameters:
- name: sourceSystem
in: header
description: ID of organisation
required: true
schema:
type: string
security:
- apiMyHeaderKey: []
components:
securitySchemes:
apiMyHeaderKey:
type: apiKey
description: 'API Key to authorise requests.'
name: MyKey
in: header
So I have two headers - 'sourceSystem' which is mandatory and also 'MyKey' which is of type 'apiKey'
The above spec is being developed as a Open API spec 3.0 as a YAML file and then I am importing it into Anypoint Studio ( Mule 4.4 runtime )
When I am running the API locally , 'sourceSystem' is being mandated by mule BUT 'MyKey' is NOT .
So I am wondering why ?
In the real world - this API will be deployed behind a gateway so all incoming requests will first hit the gateway and then request will hit our api .
So I think the API key check will happen in gateway and if all good only then will the request get forwarded by gateway to API
This is an educated guess , not sure if this is why mule is not enforcing apikey though it is defined in the specification ?
why is mule ONLY enforcing 'sourceSystem' and not 'MyKey' authorization ?
Thanks
Related
I have a local Fauna DB and I can interact it with it using Fauna shell and using my own programmatic interface
However I am trying to use the Insomnia GUI and I cannot work out how to connect
This is my Fauna endpoint information
Admin endpoint: 127.0.0.1:8444
Replica name: NoDC
FaunaDB is ready.
Network Host ID: 172.17.0.2
Cluster name: fauna
API endpoint: 0.0.0.0:8443
API(plain) endpoint: 0.0.0.0:8445
And my Insomnia query
This gives an Unauthorized error
What should I do?
Fauna uses Bearer token authorization. You can either set the Authorization header to Bearer YOUR_SECRET or set the secret in Insomnia's Auth tab.
I also recommend setting the header X-FaunaDB-API-Version: 4, which is the latest. Otherwise, the API will default to v2.
The Serverless framework has made it very easy for developers to create an API gateway connected to a lambda function. like this
hello:
name: hello-handler
description: blablabla
handler: /lambda-functions/hello-handler.handler
role: HelloRole
package:
include:
- lambda-functions/hello-handler.js
events:
- http: GET hello
My question is how can I change the name of the API gateway that is going to be created?
Based on the doc, this should do the trick.
provider:
...
apiName: custom-api-name # Use a custom name for the API Gateway API
I understand that I need to specify a request template for the API gateway in order to gain access to the request headers. The Serverless docs say:
"Serverless ships with the following default request templates you can use out of the box:"
The default templates look like they provide access to what I want (i.e. request headers), but how do you tell Serverless to use them?
The "default request templates you can use out of the box" are referring to a lambda integration, not a "default" integration, where you leave the parameter blank. If no integration is defined, then it is the default integration. So, under http, add "integration: lambda".
However, that being said, you should still have access to the headers when you do not specify the integration.
Lambda Integration
https://serverless.com/framework/docs/providers/aws/events/apigateway/#example-lambda-event-before-customization
functions:
create:
handler: posts.create
events:
- http:
path: posts/create
method: post
integration: lambda
Default Integration
https://serverless.com/framework/docs/providers/aws/events/apigateway/#example-lambda-proxy-event-default
functions:
index:
handler: handler.hello
events:
- http: GET hello
It is said that "To define cookie authentication, use API keys instead." in the official documentation
https://swagger.io/docs/specification/describing-parameters/#cookie-parameters
The fact is we tried with
components:
securitySchemes:
cookieAuth:
type: apiKey
in: cookie
name: sessionId
...
security:
- cookieAuth: []
Using the above code, in Swagger UI we are able to click on the padlock to set the value of the sessionId. But when we execute the method, the value of the cookie is NULL and we don't see the cookie sent in the Headers (Chrome Developer tool)
I tried also to put that in cookie parameter like this:
parameters:
- in: cookie
name: sessionId
required: true
schema:
type: string
But there again, same result (arrive null, and nothing in the debugger tool.
We use Swagger with openApi 3.0, other parameters, requestBody is working well, but not this cookie transmission.
Thx for anything that can have an idea.
Swagger UI and Swagger Editor currently do not support sending cookies in "try it out" requests:
https://github.com/swagger-api/swagger-js/issues/1163
As the developers explain, the issue is that it's almost impossible to send arbitrary cookie data to a different origin from within the browser.
SwaggerHub supports cookie auth and cookie parameters though. SwaggerHub sends "try it out" requests from its servers rather than from your browser, which makes it possible to send requests with a user-defined Cookie header.
Disclosure: I work for the company that makes SwaggerHub.
Our service provides a simple test API:
GET /api/test/v1 which simply returns "Test Success"
Trying to add this to the WSO2 API Manager version 1.8.
Name: test
Context: test
Version: v1
Visibility: Public
Now what should be added under Resources? As the API does not have any sub-resources, tried adding as:
URL Pattern: /
Resource Name: /
When clicked "Implement", got the error "Error while adding Swagger Definition for test-v1"
Please suggest what is the right input for "Resources" in this case (where API has only a root context)
Leave for default resource pattern. This will enable all HTTP verbs (ie: GET/PUT/POST/DELETE/OPTIONS) to accept all resource patterns.
Eg: URL Pattern: /*