Cookie Authentication
As per the SwaggerHub documentation, I have created a login API which sends back a Session Id by setting a cookie. The YAML is as follows
responses:
'200':
description: >
Successfully authenticated.
The session ID is returned in a cookie named `IPPE_SESSION_ID`. You need to include this cookie in subsequent requests.
headers:
Set-Cookie:
schema:
type: string
example: IPPE_SESSION_ID=abcdef12345abcdef12345
On line 4 it says you need to include this cookie in subsequent requests. Does this mean I have to define a cookie parameter in my other API calls or is this automatically sent through being in the cookie and having an apiKey authentication set up as follows
components:
securitySchemes:
SessionAuth: # arbitrary name for the security scheme
type: apiKey
in: cookie
name: IPPE_SESSION_ID # name of the cookie
And I have a global security statement for the SessionAuth.
So, for all the other API calls listed under the different paths/actions, do I need to have a parameter declaration for the session id cookie or is this automatic? And what if I want to define more API's - can I refer back to the authentication defined under this API?
TIA
Andy
You don't need to define it as a parameter, but you do need to define the 'security' at the top level or operations to apply the securityScheme. Check out Step 2 in https://swagger.io/docs/specification/authentication/.
