openapi-to-postman icon indicating copy to clipboard operation
openapi-to-postman copied to clipboard

Published 20 hours ago verified publisher icon postmanlabs

API Key should be allowed in cookie

Open JaredAAT opened this issue 2 years ago • 1 comments

According to the Security Scheme Object for OpenAPI 3.0.3, the API key security scheme is allowed the following values for the in field: "query", "header" or "cookie".

It seems though that you're currently limiting this to 'query' and 'header': https://github.com/postmanlabs/openapi-to-postman/blob/develop/lib/schemaUtils.js#L1205

Is there a particular reason for that?

JaredAAT avatar Dec 12 '22 14:12 JaredAAT

@JaredAAT Main reason for this is due to postman-collection only having query and header values for API key type of authorization. So even if the module supports cookie, the target converted protocol being collection doesn't have support for it.

image

We'll take a look at this in postman and see if collections can support the same and work on it.

VShingala avatar Jan 13 '23 09:01 VShingala