Swagger Spec "Try out" functionality

Report Inappropriate Content · 10-25-2018 08:24 AM

I set up a API proxy and uploaded a Swagger Spec for documenting the proxy.

When I use the "try out" function in the Swagger UI, the request fails with an error returned by one of my proxy's policies since there is no bearer token presented in the request. (The failing policy checks whether there is a bearer token presented or returns a HTTP 401 otherwise)

I used the trace tool to analyse the request from the Swagger UI and figured out that, the request is a HTTP OPTIONS request without a bearer token. This is confuses me, because I setup in the spec the following:

securityDefinitions:
  Bearer:
    type: apiKey
    name: Authorization
    in: header
    description: Access Token

and under the paths definition

      security:
        - Bearer: []

Before "try out" I insert a valid bearer token in the Swagger UI "Authorize" section.

Why is the inserted bearer token not being sent to the proxy in the request?

haziqhaziq

you need to add "OPTIONS" as Access-Control-Allow-Methods in your proxy

Report Inappropriate Content

Thanks for the hint...

I already set up handling for CORS preflights as it's described here:
https://docs.apigee.com/api-platform/develop/adding-cors-support-api-proxy#handlingcorspreflightrequ...

The CORS policy has the following settings, which for my understanding should be fine

<Header name="Access-Control-Allow-Origin">{request.header.origin}</Header>
<Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept, content-type, api_key, Authorization
</Header>
<Header name="Access-Control-Max-Age">3628800</Header>
<Header name="Access-Control-Allow-Methods">GET, OPTIONS</Header>