Passing previously obtained authentication token


#1

I’m new to RAML (1.0) and I’m having difficulty understanding how tokens can be stored and forwarded to successive requests.

I’ve been able to do this in Swagger 2.0 using the api_key, but can’t figure out whether this feature is available within the API Console.

My requirements are as follows:

Authenticate a user and store the token returned (this is in the response payload):

{
  "user": {
    "id": 1,
    "name": "admin"
  },
  "secret": "asddEYbBGYo33wCUoTof54OUnNHWnYxAZspn2EOwDqDx3wkazCzxE/zT2meK/Ye2il7JGTwwUxFiYpX9YkNrqKA=="
}

Then I’d like to be able to issue an authenticated request to DELETE the token. The token will need to be passed in the header (Authentication-Token)

Now, I can do this manually by pasting in the token that’s returned in the /api/authenticate POST request. Question is, how do I get it into the header of the DELETE request?

Here’s my RAML:

#%RAML 1.0
title: My API
description: |
  The API provides ....
baseUri: http://localhost:29003/api
protocols: [HTTP]
mediaType: application/json

version: 1

securitySchemes:
  - passthrough:
        description: |
            This API supports PassThroughSecurityScheme Authentication.

        type: Pass Through

        describedBy:
          headers:
            authentication-token:
              type: string
            Content-Type:
              type: string
              default: application/json
          responses:
            401:
              description: |
                Bad Token.
            403:
              description: |
                Bad authentication request.

/authenticate:
  post:
    description: Authenticate a User

    body:
      application/json:
        properties:
          roles:
            type: string[]
            required: true
            uniqueItems: true
            minItems: 1
          username:
            type: string
            default: admin
          password:
            type: string
            default: admin

  delete:
    description: |
      Deletes the token specified in the authenication-token header
    securedBy: passthrough
    headers:
      Content-Type:
      Authentication-Token:
    responses:
      200:
        description: |
          Success

UPDATE: I’ve now seen that once you’ve pasted in the authentication token (acquired from /api/authenticate POST) to an authenticated query it retains that value so you don’t have to enter it in other authenticated queries. That’s seems to be good enough for my case. However, if there’s a way to set the Authentication-Token following a successful authentication call then I’d be interested to read the details on this.