3

I have added Bearer token authorization to my Swagger (created with Plumber), using the solution here.

Now I would like to add arbitrary headers that are a part of the request. My plumber deployment is used by a React dashboard, where parsing req$HTTP_TENANT gives me the desired value. And it is this I would like to recreate in Swagger.

Consider this example:

library(plumber)

r <- plumber::pr("plumber.R") %>%
  plumber::pr_set_docs("swagger") %>%
  plumber::pr_set_api_spec(function(spec) {
    spec$components$securitySchemes$bearerAuth$type <- "http"
    spec$components$securitySchemes$bearerAuth$scheme <- "bearer"
    spec$components$securitySchemes$bearerAuth$bearerFormat <- "JWT"
    spec$security[[1]]$bearerAuth <- ""
    
    spec$components$parameters$HTTP_TENANT <- "HTTP_TENANT"
    spec$parameters[[1]]$HTTP_TENANT <- "Customer name"
    
    spec
  })

r %>% plumber::pr_run(port = 8000, host = '0.0.0.0')

This gives the following result:

Working authorization in Plumber's Swagger

  1. How can arbitrary headers be requested, for example HTTP_TENANT, maybe typed below the Bearer token input? It could also be somewhere else at the top of Swagger.
  2. How can default values be provided for the headers, e.g. Customer name, but also the Bearer token (i.e. it could be programmatically entered from R)?
fifthace
  • 506
  • 1
  • 10
  • 33

1 Answers1

0

In Swagger, you can add a parameter to the API endpoint and change the "in" property to "header" to request any header, such as HTTP_TENANT. For instance:

spec$paths$"/endpoint"$get$parameters[[1]]$name <- "HTTP_TENANT"
spec$paths$"/endpoint"$get$parameters[[1]]$in <- "header"
spec$paths$"/endpoint"$get$parameters[[1]]$description <- "Customer name"

Under the "parameters" section of the Swagger UI, an input field for the "HTTP_TENANT" header will be added as a result of this.

A "default" property on the parameter object can be added to headers to provide default values. For instance:

spec$paths$"/endpoint"$get$parameters[[1]]$default <- "customer1"

The default values could also be set programmatically by reading them from an external source (like a configuration file) or by using an R package that handles authentication (like httr) to handle the bearer token automatically.

Talha Asif
  • 349
  • 1
  • 9
  • So it turns out that OpenAPI 2.0 and 3.0 do not have a concept of global parameters. There are existing feature requests: https://github.com/OAI/OpenAPI-Specification/issues/1577 – fifthace Feb 17 '23 at 14:38