Custom security scheme not showing up?


#1

I’m trying to create a custom security scheme to authenticate users via a request header, however I can’t seem to get it to show up in API Designer. Here is the RAML code I’m using:

securitySchemes:
  My_Auth:
    type: x-session-token
    describedBy: 
      headers:
        x-session-token:
          description: The current user's session token
          type: string

Only Anonymous shows up as a security option. Am I missing something, or have I done something wrong?


#2

More info, the following example from the RAML 1.0 Documentation also does not seem to show up in API Designer:

  oauth_2_0:
    description: |
      Dropbox supports OAuth 2.0 for authenticating all API requests.
    type: OAuth 2.0
    describedBy:
      headers:
        Authorization:
          description: |
             Used to send a valid OAuth 2 access token. Do not use
             with the "access_token" query string parameter.
          type: string
      queryParameters:
        access_token:
          description: |
             Used to send a valid OAuth 2 access token. Do not use with
             the "Authorization" header.
          type: string
      responses:
        401:
          description: |
              Bad or expired token. This can happen if the user or Dropbox
              revoked or expired an access token. To fix, re-authenticate
              the user.
        403:
          description: |
              Bad OAuth request (wrong consumer key, bad nonce, expired
              timestamp...). Unfortunately, re-authenticating the user won't help here.
    settings:
      authorizationUri: https://www.dropbox.com/1/oauth2/authorize
      accessTokenUri: https://api.dropbox.com/1/oauth2/token
      authorizationGrants: [ authorization_code, implicit ]

So could this be an API Designer issue?


#3

I’m dumb. Upon reading further in the doc, I realized I have to specify in the API call what it is secured by. So it works now.


#4

@nwelna, good you find out that by yourself :wink: