Forum Discussion

AndyTGardner's avatar
AndyTGardner
New Contributor
6 years ago

Cookie Authentication

As per the SwaggerHub documentation, I have created a login API which sends back a Session Id by setting a cookie. The YAML is as follows

      responses:
        '200':
          description: >
            Successfully authenticated.
            The session ID is returned in a cookie named `IPPE_SESSION_ID`. You need to include this cookie in subsequent requests.
          headers: 
            Set-Cookie:
              schema: 
                type: string
                example: IPPE_SESSION_ID=abcdef12345abcdef12345

On line 4 it says you need to include this cookie in subsequent requests. Does this mean I have to define a cookie parameter in my other API calls or is this automatically sent through being in the cookie and having an apiKey authentication set up as follows

components:
  securitySchemes:
    SessionAuth:            # arbitrary name for the security scheme
      type: apiKey
      in: cookie
      name: IPPE_SESSION_ID  # name of the cookie

And I have a global security statement for the SessionAuth.

 

So, for all the other API calls listed under the different paths/actions, do I need to have a parameter declaration for the session id cookie or is this automatic? And what if I want to define more API's - can I refer back to the authentication defined under this API?

 

TIA

 

Andy