Swashbuckle.webapi: How do I tell swashbuckle to add a required header
I have one of my API controller that requires a header to be present (this is not a security header).
From what I've found on the internet (http://stackoverflow.com/questions/26742521/sending-dynamic-custom-headers-in-swagger-ui-try-outs), in java you can use http://docs.swagger.io/swagger-core/apidocs/com/wordnik/swagger/annotations/ApiImplicitParam.html with a paramType="header"
@ApiImplicitParams(
{ @ApiImplicitParam(paramType="header", name="X-CurrentLocale", dataType="string") }
)
How do I do the same in Swashbuckle ?
christopheblin
All 18 comments
HI there, If you are customizing the index.html page then you can add your own header by changing the addApiKeyAuthorization javascript function in the index.html page and by adding below properties in the SwaggerConfig.cs class.
SwaggerConfig.cs
config.EnableSwagger(
c =>
{
c.ApiKey("apiKey")
.Description("API Key Authentication")
.Name("apiKey")
.In("header");
})
function addApiKeyAuthorization() {
var key = encodeURIComponent($('#input_apiKey')[0].value);
if (key && key.trim() != "") {
key = "Bearer " + key;
var apiKeyAuth = new SwaggerClient.ApiKeyAuthorization("Authorization", key, "header");
window.swaggerUi.api.clientAuthorizations.add("key", apiKeyAuth);
log("added key " + key);
}
}
bhupinder7
on 23 Sep 2015
In addition, if you'd like to list the header as a parameter with each operation description, you can just wire it up via an IOperationFilter (see readme). Here's some sample code to get you started:
public class AddRequiredHeaderParameter : IOperationFilter
{
public void Apply(Operation operation, SchemaRegistry schemaRegistry, ApiDescription apiDescription)
{
if (operation.parameters == null)
operation.parameters = new List<Parameter>();
operation.parameters.Add(new Parameter
{
name = "Foo-Header",
@in = "header",
type = "string",
required = true
});
}
}
domaindrivendev
on 25 Sep 2015
it does not close all use cases at all.
For exampel i Want to document Requested with and __CSRFToken headers.
NMote that CSRF token will be necesary only for "POST LIKE" actions - not for "GET"
How could i do it ?
bunny1985
on 10 Oct 2015
I know this is sort of old, but I will respond anyway, as I was led here by some google-fu
it does not close all use cases at all.
For exampel i Want to document Requested with and __CSRFToken headers.
NMote that CSRF token will be necesary only for "POST LIKE" actions - not for "GET"
How could i do it ?
If you document your actions with [HttpGet], [HttpPut], [HttpPost] etc.
you can quite easily create an operationsfilter to find all Post actions
var filterPipeline = apiDescription.ActionDescriptor.GetFilterPipeline().Where( f => f.Scope == FilterScope.Action );
var isPostOperation = filterPipeline.Select(f => f.Instance).OfType<HttpPostAttribute>().FirstOrDefault() !=
null;
VisualBean
on 13 Jun 2016
My swagger UI is generated automatically.
I am trying to add apikey to each request header. But some reason how its not added to each header.
For example its not added to http://localhost/swagger/ui/index
My config looks like following. (C#)
GlobalConfiguration.Configuration
.EnableSwagger(c =>
{
c.SingleApiVersion("Version1", "API");
// NOTE: You must also configure 'EnableApiKeySupport' below in the SwaggerUI section
c.ApiKey("apiKey")
.Description("API Key Authentication")
.Name("Token")
.In("header");
c.IncludeXmlComments(GetXmlCommentsPath());
c.UseFullTypeNameInSchemaIds();
c.OperationFilter<AddDefaultHeader>();
c.ResolveConflictingActions(apiDescriptions => apiDescriptions.FirstOrDefault());
})
.EnableSwaggerUi(c =>
{
c.InjectStylesheet(thisAssembly, "API.Content.SwaggerStyle.css");
// If your API supports ApiKey, you can override the default values.
// "apiKeyIn" can either be "query" or "header"
//
c.EnableApiKeySupport("apiKey", "header");
});
mrugeshparekh
on 7 Jul 2017
Following upon @VisualBean 's example, I created this special header for my OData V4 patch requests.
FWIW - scaffolded OData controllers don't decorate "Patch" actions with the HttpPatchAttribute, so, I modified this look either for the attribute, or for simply the action name "Patch"
public class AssignReturnRepresentationHeader : IOperationFilter
{
public void Apply(Operation operation, SchemaRegistry schemaRegistry, ApiDescription apiDescription)
{
var filterPipeline = apiDescription.ActionDescriptor.GetFilterPipeline().Where(f => f.Scope == FilterScope.Action);
var isNamedPatch = apiDescription.ActionDescriptor.ActionName == "Patch";
var isPatchOperation = filterPipeline.Select(f => f.Instance).OfType<HttpPatchAttribute>().FirstOrDefault() != null || isNamedPatch;
if (!isPatchOperation)
return;
if (operation.parameters == null)
operation.parameters = new List<Parameter>();
operation.parameters.Add(new Parameter
{
name = "Prefer",
@in = "header",
type = "string",
@default = "return=representation",
description = "For OData V4 this header is needed if you want to return a representation of the changed entity.",
required = true
});
}
}
bkwdesign
on 4 Aug 2017
If you copy and paste below code SwaggerConfig.cs, it will work.
using System.Web.Http;
using WebActivatorEx;
using OAuthTokenBasedRestService;
using Swashbuckle.Application;
using Swashbuckle.Swagger;
using System.Web.Http.Description;
using System.Collections.Generic;
[assembly: PreApplicationStartMethod(typeof(SwaggerConfig), "Register")]
namespace OAuthTokenBasedRestService
{
public class SwaggerConfig
{
public static void Register()
{
var thisAssembly = typeof(SwaggerConfig).Assembly;
GlobalConfiguration.Configuration
.EnableSwagger(c =>
{
c.SingleApiVersion("v1", "OAuthTokenBasedRestService");
c.OperationFilter<AddRequiredAuthorizationHeaderParameter>();
})
.EnableSwaggerUi(c =>
{
c.EnableApiKeySupport("apiKey", "header");
});
}
}
public class AddRequiredAuthorizationHeaderParameter : IOperationFilter
{
public void Apply(Operation operation, SchemaRegistry schemaRegistry, ApiDescription apiDescription)
{
if (operation.parameters == null)
operation.parameters = new List<Parameter>();
operation.parameters.Add(new Parameter
{
name = "Authorization",
@in = "header",
type = "string",
required = true,
description = "access token"
});
}
}
}
abhargavasharma
on 14 May 2018
@abhargavasharma it is not coming on the UI. I have tried all the above solutions.
Can anyone provide the screenshot and any test urls for auth and token.
ayeshathecoder
on 21 Jun 2018
@ayeshathecoder
Create a new Class named CustomFilters in the namespaceFooSpace.Filters and add the following code.
using Swashbuckle.AspNetCore.Swagger;
using Swashbuckle.AspNetCore.SwaggerGen;
using System.Collections.Generic;
namespace FooSpace.Filters
{
public class CustomFilters
{
public class AuthHeaderFilter : IOperationFilter
{
public void Apply(Operation operation, OperationFilterContext context)
{
if (operation.Parameters == null)
operation.Parameters = new List<IParameter>();
operation.Parameters.Add(new NonBodyParameter
{
Name = "Authorization",
In = "header",
Type = "string",
Required = false,
Default = "Bearer "
});
}
}
}
}
In Startup.cs, in the ConfigureServices()method add the following lines of code after services.AddMvc();:
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info { Title = "API", Version = "v1" });
c.OperationFilter<Filters.CustomFilters.AuthHeaderFilter>();
});
i7657043
on 27 Aug 2018
Actually I am using oAuth2 with password flow. It will be helpful , if you
can provide the example for same.
Currently no value is passed in header i.e. username and password.
public static void Register()
{
var thisAssembly = typeof(SwaggerConfig).Assembly;
GlobalConfiguration.Configuration
.EnableSwagger(c =>
{
c.SingleApiVersion("v1",
"Misys.OpicsPlus.Framework.Rest.ApplicationService");
c.UseFullTypeNameInSchemaIds();
c.BasicAuth("basic").Description("HTTP Authentication
Method");
c.OAuth2("oauth2")
.Description("OAuth2 Grant")
.Flow("password")
.TokenUrl("
https://BLR2TCM29.misys.global.ad/SecureTokenServiceRestV4.0/api/authorization/requestaccesstoken
")
.Scopes(scopes =>
{
scopes.Add("acccess", "try out the sample
api");
}
);
c.OperationFilter
})
.EnableSwaggerUi(c =>
{
c.EnableOAuth2Support(
clientId: "Sample_App",
clientSecret: "xxxxx",
realm: "test-realm",
appName: "Swagger UI");
});
}
public class AddRequiredAuthorizationHeaderParameter : IOperationFilter
{
public void Apply(Swashbuckle.Swagger.Operation operation,
SchemaRegistry schemaRegistry, ApiDescription apiDescription)
{
var actFilters =
apiDescription.ActionDescriptor.GetFilterPipeline();
var allowsAnonymous = actFilters.Select(f =>
f.Instance).OfType
if (allowsAnonymous)
return; // must be an anonymous method
//var scopes =
apiDescription.ActionDescriptor.GetFilterPipeline()
// .Select(filterInfo => filterInfo.Instance)
// .OfType
// .SelectMany(attr => attr.Roles.Split(','))
// .Distinct();
if (operation.security == null)
operation.security = new List<IDictionary<string,
IEnumerable
var oAuthRequirements = new Dictionary<string,
IEnumerable
{
{"oauth2", Enumerable.Empty
};
operation.security.Add(oAuthRequirements);
}
}
Any help is highly appreciated.
Regards,
Ayesha
On Mon, Aug 27, 2018 at 9:37 PM Jordan Griffiths notifications@github.com
wrote:
@ayeshathecoder https://github.com/ayeshathecoder
Create a new Class named CustomFilters in the namespaceFooSpace.Filters
and add the following code.using Swashbuckle.AspNetCore.Swagger;
using Swashbuckle.AspNetCore.SwaggerGen;
using System.Collections.Generic;namespace FooSpace.Filters
{
public class CustomFilters
{
public class AuthHeaderFilter : IOperationFilter
{
public void Apply(Operation operation, OperationFilterContext context)
{
if (operation.Parameters == null)
operation.Parameters = new List(); operation.Parameters.Add(new NonBodyParameter { Name = "Authorization", In = "header", Type = "string", Required = false, Default = "Bearer " }); } } }}
In Startup.cs, in the ConfigureServices()method add the following lines
of code after services.AddMvc();:services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info { Title = "API", Version = "v1" });
c.OperationFilter();
});—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/domaindrivendev/Swashbuckle/issues/501#issuecomment-416278122,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ANF9IHPQzBRIQ4Ma7CSCp2Sysql88oZYks5uVBlQgaJpZM4F--5R
.
ayeshathecoder
on 30 Aug 2018
In addition, if you'd like to list the header as a parameter with each operation description, you can just wire it up via an IOperationFilter (see readme). Here's some sample code to get you started:
public class AddRequiredHeaderParameter : IOperationFilter { public void Apply(Operation operation, SchemaRegistry schemaRegistry, ApiDescription apiDescription) { if (operation.parameters == null) operation.parameters = new List<Parameter>(); operation.parameters.Add(new Parameter { name = "Foo-Header", @in = "header", type = "string", required = true }); } }
This works great but is there a way to do this and then exclude it from one or two places?
cward-ADC
on 10 Oct 2018
Can anyone suggest me how to add token parameter to get method?
javafun
on 5 Mar 2019
@cward-ADC is what i used to do add a token parameter.
iby-dev
on 5 Mar 2019
AddDefaultHeader
Can I add a required parameter without generics?
I'm trying to add them dynamically using reflection.
rohanaceres
on 15 Aug 2019
In addition, if you'd like to list the header as a parameter with each operation description, you can just wire it up via an IOperationFilter (see readme). Here's some sample code to get you started:
public class AddRequiredHeaderParameter : IOperationFilter { public void Apply(Operation operation, SchemaRegistry schemaRegistry, ApiDescription apiDescription) { if (operation.parameters == null) operation.parameters = new List<Parameter>(); operation.parameters.Add(new Parameter { name = "Foo-Header", @in = "header", type = "string", required = true }); } }This works great but is there a way to do this and then exclude it from one or two places?
It works only for post method, how about get ?
tojoirinah
on 18 Dec 2019
In addition, if you'd like to list the header as a parameter with each operation description, you can just wire it up via an IOperationFilter (see readme). Here's some sample code to get you started:
public class AddRequiredHeaderParameter : IOperationFilter { public void Apply(Operation operation, SchemaRegistry schemaRegistry, ApiDescription apiDescription) { if (operation.parameters == null) operation.parameters = new List<Parameter>(); operation.parameters.Add(new Parameter { name = "Foo-Header", @in = "header", type = "string", required = true }); } }This works great but is there a way to do this and then exclude it from one or two places?
It works only for post method, how about get ?
[HttpGet]
public IActionResult Get([FromHeader(Name = "Foo-Header")] string mediaType)
{
// TODO: something
}
celsojr
on 10 Apr 2020
I don't know how this works for you guys, but my OperationFilter is applied AFTER the request, which means first my Web API Controller is called and THEN this operation filter runs. Actually I wanted to have swagger add some custom headers to the request. Everyone says IOperationFilter is the answer, but I'm pretty sure it's not.
Thaval
on 22 Sep 2020
Got it, know how it is intended to work now.
Thaval
on 30 Sep 2020
Related issues
jaxidian
·
4Comments
thj-dk
·
5Comments
niemyjski
·
3Comments
joseph-ortiz
·
4Comments
qwertykeith
·
5Comments
Most helpful comment
In addition, if you'd like to list the header as a parameter with each operation description, you can just wire it up via an IOperationFilter (see readme). Here's some sample code to get you started: