CODEWITHSUNDEEP
apirestsecuritygoogle-cloud-platformyaml
Eric Donnelly
Eric Donnelly

Reputation: 23

GCP API Gateway / yaml / security definition not working properly

Below is the yaml I used as the config file for a gateway in GCP API Gateway. They short version is it is ignoring the security definitions. I can invoke the API with no security/header information and it works find. I've tried a couple of different tools to make sure there wasn't a cached variable somewhere.

`# openapi2-functions.yaml
swagger: '2.0'
info:
  title: Title API
  description: Front end the an API
  version: 1.0.0
schemes:
  - https
produces:
  - application/json
paths:
  /whocantell:
    post:
      summary: mMy API
      operationId: dl
      x-google-backend:
        address: https://someone.somewhere.whoknows
      security:
        - api_key: []
      responses:
        '200':
          description: A successful response
          schema:
            type: string
securityDefinitions:
  api_key:
    type: "apiKey"
    name: "key"
    in: "header"

Upvotes: 2

Views: 1186

Answers (2)

guillaume blaquiere
guillaume blaquiere

Reputation: 76010

With API Gateway (like with Cloud Endpoint ESPv2 because API Gateway is a managed version of it). Why I'm saying this? Because the constraint and limitation are, most of the time, the same.

If you have a look to the documentation, you can find, lost in it, that if you want to add your security key in the header, you need to name it x-api-key

Upvotes: 3

Alex G
Alex G

Reputation: 1279

As per Swagger documentation, header parameters named Accept, Content-Type and Authorization are not allowed. To describe the Authorization header, the documentation states to use the corresponding OpenAPI keywords: securitySchemes, security

Check this site for more information about securitySchemes

Upvotes: 0

Related Questions