How do you add an API key in Swagger

Question

I have tried several methods to add a basic API key authorization to Swagger (express swagger). Below is the relevant info from my manifest.

{
  ...
  "main": "app.js",
  "dependencies": {
    "express": "^4.12.3",
    "swagger-express-mw": "^0.1.0"
  },
  ...
}

I believe I have registered the security definitions in the YAML configuration.

swagger: "2.0"
info:
  ...

# Set up security for the API
securityDefinitions:
  defaultApiKey:
    type: apiKey
    in: header
    name: defaultApiKey

security:
    - defaultApiKey: []

To finish this configuration I thought I would only need to register the middleware in the SwaggerExpress.create() function. Below is my entire app.js as it currently stands.

'use strict';

var SwaggerExpress = require('swagger-express-mw');
var app = require('express')();
module.exports = app; // for testing

var config = {
  appRoot: __dirname // required config
};

SwaggerExpress.create(config, function(err, swaggerExpress) {
  if (err) { throw err; }

  // Serve the Swagger documents and SwaggerUi
  app.use(swaggerExpress.runner.swaggerTools.swaggerUi());

  // Install security
  app.use(swaggerExpress.swaggerSecurity({
    defaultApiKey: function(req, def, scopes, callback) {
      console.log("hit");
    }
  }));

  // install middleware
  swaggerExpress.register(app);

  var port = process.env.PORT || 10010;
  app.listen(port);
});

When I attempt to use this I see the following:

Error initializing middleware
TypeError: swaggerExpress.swaggerSecurity is not a function

I have tried configuring this a few different ways with no success. Did I properly define the API key in YAML and if so what should I do to register the API key handler in my app.js file?

Answer 1

A little bit late, but for future reference. With swagger-express-mw, this is how you can do it (it works for me):

config: {
    appRoot: __dirname,
    swaggerSecurityHandlers: {
        defaultApiKey: function(req, authOrSecDef, scopesOrApiKey, callback) {
        // code here
        }
    }
}

I hope it is helpful for someone.

Answer 2

I was able to overcome this issue by transforming the YAML definitions to the JSON format and loading the API definition this way:

'use strict';

// [INIT PRE-SERVER REQUIREMENTS]
var fs = require('fs');
var os = require('os');
var https = require('https');


var swagger = require('swagger-tools');
var app = require('express')();
var db = require(/* db config path */);
var swaggerObject = require('./api/swagger/swagger.json');

// Configure non-Swagger related middleware and server components prior to Swagger middleware

swagger.initializeMiddleware(swaggerObject, function (middleware) {

  // Intialize middleware
  app.use(middleware.swaggerMetadata());

  // Setup security handlers
  app.use(middleware.swaggerSecurity({
    api_key: function(req, def, scopes, callback) {
      // API KEY LOGIC HERE
      // IF SUCCESSFUL
      callback();
    }
  });

  // Route requests to appropriate controller
  app.use(middleware.swaggerRouter({useStubs: true, controllers: './api/controllers'}));

  // Setup documentation
  app.use(middleware.swaggerUi());

  // Start the server
  var httpsServer = https.createServer({
    // KEY INFO
  }, app);
  httpsServer.listen(443, function() {
    console.log('Server created and listening for requests on port 443.');
  });
});