Forum Discussion

switzer's avatar
Occasional Contributor
9 years ago

Can I use my existing session cookie authentication for my API when testing on swaggerhub?

When I send API requests from SwaggerHub to my API, it seems like the cookie that gets set when I log into my app is not sent.  I tried setting "enableCookies: true" in my swagger.yaml API definition - no luck.


What is the best way to do this?  FWIW my API spec is here:

6 Replies

  • Hi, can you describe what you're trying to do a bit more?  How are you logging into your app to get a cookie, and how is SwaggerHub supposed to pass it?  If you can explain, we may be able to help.

    • switzer's avatar
      Occasional Contributor

      Here are some details:


      We have a relatively simple Rails application that powers an analytics dashboard.  In order to log into the application, a user goes through a login process, and a session cookie is set for this user.


      When the user requests a dashboard screen, the API is called to get time series data about a given object.  This session cookie is passed, and a JSON result is returned.  Here is an example of a working script (with the session cookie values modified):


      curl '' -H 'Accept-Encoding: gzip, deflate, sdch, br' -H 'Accept-Language: en-US,en;q=0.8' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.84 Safari/537.36' -H 'Accept: application/json' -H 'Referer:' -H 'Cookie: remember_user_token=fjsdlkfjsdlkfjsdlkfjsldkfjsldkfj--dlsdjflsdifjlsdkfjdslkfjsdlf; _admin_session=flkjsdflksdjflksdjflksdjflksdjfldksfjsldkfj--dfkjsdlfkjdsflksdjflksdjfd' -H 'Connection: keep-alive' -H 'Cache-Control: max-age=0' --compressed


      When SwaggerHub uses XHR to pass in the request, the cookies are not passed, so I receive a 401 not authorized error.


      I have read in the forums that there may be the ability to pass cookies (e.g. with-credentials: true) by passing in "enableCookies: true" in the Swagger definition file.  This does not seem to work.


      I'd like to be able to set a flag somewhere in the Swagger definition file to instruct XHR to pass cookies with the JSON request.




      P.S. I know that using cookie based authentication is not the preferred method of auth, but one FANTASTIC application of Swagger is to document existing API that may have been written in this way - and I would imagine that a large percentage of API's implement authentication this way.  Two popular examples are JIRA and Wordpress.


      • fehguy's avatar

        OK I think I get it--but how are you entering your cookie values from the UI (assuming the interactive UI in swaggerhub)?