Published Rest Service: Documentation of authentication process in Swagger ?

0
We are developing a Rest service and want to provide the Swagger output to external parties for  documentation and testing purpose. The rest service user either username/password or active session authentication.  We like to have the authentication process also documented in the swagger file.  Although the generated swagger document has an authorize button and generated a key for the basis authorization, it is not documented how an external partner can generate this key.     Is there a way to add documentation / rest call description on how the authorization process work to the generated Swagger documentation ? How is this done ?  Or is there other documentation that describes how an external partner can generate the basic authorization key from an external system based on the username/password provided ?
asked
2 answers
0

The value that comes after Basic in the authorization header is username:password base64-encoded.

See for instance https://en.wikipedia.org/wiki/Basic_access_authentication on how this works

From your screenshot, I can easily see your username and password (good thing that you posted dummy values), for instance by putting them into this decoder: https://www.base64decode.org/

answered
0

How the authorization process works is not added in Mendix to the generation of the swagger file.

You can manually change the swagger file and add an authorization-description. Of course this will get overwritten every time you regenerate the swagger file.

You can also add it to the description of the specific service. That will get added to the swagger file upon generation.

As description there is only this https://docs.mendix.com/refguide/published-rest-service#3-2-authentication-methods

answered