How to handle authentication?


#1

My API is using simple http authentication.
Where do I put that in my RAML file? Will the console ask for username/password and send it with the request?


#2

At the top of your RAML file, you should add:

securitySchemes:
  - basic:
    type: Basic Authentication

Then, in your methods that need to be secured, add:

securedBy: [basic]

When using Try It, the console will allow you to provide credentials to authenticate the request. For more information see the Security section of the RAML spec.


#3

Thanks for the info!

I was expecting that kind of information to be available on this site.
I was using www.apihub.com/raml/api-designer and didn’t think-of/want-to dig through github code/docs.


#4

You’re right, we need something beyond the tutorial and more approachable than the official spec. I know we started work on this, and I’ll follow up on where those efforts are. Thanks!


#5

Hello,

I am working on some API with some custom authentication (basically it is OAuth 2.0, but it needs additional query parameter). Trying to model it with API Designer. What is the way to specify some default authentication parameter, which would be allways included (currently I am getting repsonse that this query parameter is not included). I am specifying default and example values for that paramter - but it does not provide any effect.

Additionaly, what method would you propose to use in order to debug authentication. I was trying to use Chrome tools, but it does not capture any requets to my API.

Than you for any help.
Cheers!


#6

I am getting error while adding basic authentication attributes. BTW, where can I add keystore.jks file?Any samples on this?


#7

Can you provide some example of what you’re trying to do – what’s the RAML, or screenshots if necessary, etc? I’m trying to understand how the custom authentication work for you is different than any other API work. For example, are you trying to wrap it into securitySchemes?


#8

Are you asking about .jks in the context of RAML or in the context of a specific tool? Java Keystore files don’t feel like they’re in the context of the API. Can you provide an example of the basic auth you’re trying to do?


#9

Yes, I tried using securitySchemas. I am not sure if it is correct. Is there any sample RAML that has role based access to operations and primarily that supports basic authentication?

Thanks.