How can I represent 'Authorization: Bearer <token>' in a Swagger Spec (swagger.json)

3,299 views
Skip to first unread message

Elmer Thomas SendGrid

unread,
Oct 2, 2015, 11:00:08 AM10/2/15
to Swagger
I am trying to convey that the authentication/security scheme requires setting a header as follows:

Authorization: Bearer <token>

This is what I have based on the swagger documentation:

securityDefinitions:
  APIKey:
    type: apiKey
    name: Authorization
    in: header
security:
  - APIKey: []


Thanks in advance!

Ron Ratovsky

unread,
Oct 2, 2015, 1:54:41 PM10/2/15
to Swagger
Hi there Elmer,

So I assume this is part an OAuth2 flow. Now, the only way to actually fully represent it is by describing the OAuth2 flow you use and then the Bearer would be assumed.
However, if you're only describing a single leg in the process, you can't explicitly say that you need the 'Bearer' part of the string in the value.
What you can do though is use a vendor extension expressing the need for it (for example, by defining a regex pattern).

Hope this helps.

--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--
-----------------------------------------
http://swagger.io
https://twitter.com/SwaggerApi
-----------------------------------------

Elmer Thomas SendGrid

unread,
Oct 2, 2015, 3:17:50 PM10/2/15
to swagger-sw...@googlegroups.com
Thanks for the quick response! 

It is not part of an OAuth2 flow, here is the full API call I'm trying to replicate:

curl --request GET \ --url https://api.sendgrid.com/v3/api_keys \ --header 'authorization: Bearer <my-api-key>'

--
You received this message because you are subscribed to a topic in the Google Groups "Swagger" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/swagger-swaggersocket/3ZWiAr30wN0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to swagger-swaggers...@googlegroups.com.

Ron Ratovsky

unread,
Oct 2, 2015, 3:20:50 PM10/2/15
to Swagger
Is there any other common authorization scheme today that requires the 'Bearer' part of the Authorization key or is that a custom solution you created?

Elmer Thomas SendGrid

unread,
Oct 2, 2015, 3:51:50 PM10/2/15
to swagger-sw...@googlegroups.com
I'm not sure, here is the description in the documentation: https://sendgrid.com/docs/API_Reference/Web_API_v3/index.html


Elmer Thomas
Developer Experience Engineer | Product

Ron Ratovsky

unread,
Oct 2, 2015, 5:15:57 PM10/2/15
to Swagger
I see. For now, you have the options as previously mentioned.
Reply all
Reply to author
Forward
0 new messages