Postman is unable to import OpenApi 3 with multiple API keys #465
Comments
|
@mastazi Thank you for reaching out. This is a known limitation and we are aware the behavior. The issue with having multiple API Key is that Postman Collection doesn't support having multiple authorization for a Request or even for the entire collection. If things are added on the global level those are added to the collection level auth and if it is present at the path level it is added to the request. But if there are multiple we pick the first one only. One possible workaround we could do is add the other API key in your case as a separate header but that will be a temporary fix. Would love to hear your thoughts around this and if you have any suggestions on how this can be handled? |
VShingala
added
the
auth
Hi @umeshp7 thank you for your response. My initial instinct (and I say that as someone who is not familiar with this codebase) is that the problem could be resolved by parsing The docs at https://swagger.io/docs/specification/authentication/api-keys/ even make the difference clear by saying that this is the correct form: security:
- apiKey: []
appId: [] # <-- no leading dash (-)while this is incorrect: security:
- apiKey: []
- appId: []or in case you prefer JSON, this is correct (note how the array has one element only): "security": [
{
"apiKey": [],
"appId": []
}
]and this is incorrect (note that the array has two elements in this incorrect version) "security": [
"apiKey": [],
"appId": []
] |
Is not incorrect, it just means you as a client can choose which one you want to use. |
|
@AlexKotsc yeah, I meant incorrect from the point of view of achieving an AND as opposed to an OR. The example you made is an OR but in our case we need an AND. Thank you for clarifying. |
|
@umeshp7 is there any timeline on support for multiple API keys? |
|
Hello here, any news about this support ? |
|
@umeshp7 Is there any further update on support for multiple AND keys in Postman? It's critical for a project I'm currently working on, and will have to look into different tooling if this is the case. Thanks. |
|
@tuftii FYI Insomnia version 2022.6.0 or newer supports it. |
|
We are looking to ship this improvement by the end of Feb 2023. I will keep this ticket updated 🙇♂ |
Amazing! Thank you so much. |
|
@akshaydeo - do you have an update on when this will be released? Thanks |
|
@md250721 we are still working on this change. The tentative timeline for this fix to land is April 2023 end. I will keep this thread update 🙇♂️ |
|
@akshaydeo any update on the release of this? Thanks! |
|
@akshaydeo Do you have any update? Thank you! |
|
Hi @akshaydeo, I see this was being implemented earlier this year, are there any updates as it seems to still be an issue |
|
Hi all, with a few high-priority changes, we de-prioritised this change. We will pick it up again and plan for Nov 2023 release. I will keep this thread updated. Apologies for the delay 🙇♂️ |
We have an OpenApi 3 collection with multiple API keys, as described at the following link under the paragraph "multiple API keys": https://swagger.io/docs/specification/authentication/api-keys/
When importing this, it is expected that the various endpoints will have both headers (in our case,
x-api-keyandx-api-secret).Feeding the same OpenApi file to ReDoc, both authentication headers are correctly recognised:
However, when importing into Postman, only
x-api-keyis present in the imported collection, while the headerx-api-secrethas to be created manually.So it seems that the feature "Multiple API Keys" that is part of the OpenAPI 3 spec, is not implemented yet in Postman https://swagger.io/docs/specification/authentication/api-keys/
Using Postman Version 9.12.2 (9.12.2) for MacOS Arm64
On Mac OS Monterey
On MacBook Air M1
(my colleagues reproduced the same issue on Monterey on Mac Intel, on Win 10 and on Win 11)
The text was updated successfully, but these errors were encountered: