locked
Is there a tool like Swagger for non API methods? RRS feed

  • Question

  • User-251496785 posted

    I have a project that consists of Web API methods that are on Swagger and that is fine. The problem is that my login methods went from being in API Controller to classic MVC Controller. I can call my method from a tool like Postman and it works. The thing is that I want the cookie that is created on the login method to be seen in the browser, when I call my API methods. How can I do this? Is there some tool like Swagger for MVC Controller methods?

    I need this for a purpose of testing the methods without frontend part. So, I would call my method from MVC controller, it would set a cookie in a browser and then I would continue with my Swagger API

    Saturday, May 2, 2020 9:01 PM

Answers

  • User475983607 posted

    Because of this, my API methods are now receiving as a parameter my access token.

    If your code can pass an access token to an API Action, then why are you unable to get to the access token to the testers or testing application?  

    Secondly, you created custom code and you're posting question as if the community knows how your code works.  

    My best guess is you need to fix the design.  Your token service needs the ability return access tokens not only for web applications but also code based applications.  

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, May 3, 2020 12:19 PM

All replies

  • User475983607 posted

    The cookie is in the HTTP header.  You can just copy it using the browser's dev tools or PostMan or a proxy utility.

    https://learning.postman.com/docs/postman/sending-api-requests/cookies/

    Saturday, May 2, 2020 9:18 PM
  • User-474980206 posted

    a cookie is typically a bad choice for an api method. if the cookie is missing, invalid or expired, standard cookie processing is to redirect to the login page. be sure to override  the standard cookie processing and return a 401 status, so the caller knows to call the login api and get a new cookie.

     

    Saturday, May 2, 2020 10:04 PM
  • User-251496785 posted

    I have that 401 mechanisam. API method know nothing of the cookie, they do not read it or create it. The receive only as a parameter a access token value with what they work. I just tought to ask if there is some tool like swagger for this method so that the job of a QA would be easier and that they would have no need to use Postman.

    Sunday, May 3, 2020 9:03 AM
  • User475983607 posted

    I have that 401 mechanisam. API method know nothing of the cookie, they do not read it or create it. The receive only as a parameter a access token value with what they work. I just tought to ask if there is some tool like swagger for this method so that the job of a QA would be easier and that they would have no need to use Postman.

    Your question has nothing to do with a cookie?  You are asking how to get an access token from your unknown token service?

    Sunday, May 3, 2020 9:26 AM
  • User-251496785 posted

    No. In first, I have had a API method that was doing the login process and it has creating the cookie and  the rest of API methods were extending the cookie and reading data from it.
    Now, because it is best practise, API methods need to be stateless. So, my login logic is transfered to MVC controller.
    Because of this, my API methods are now receiving as a parameter my access token.
    So, I am looking for the cleanest way for my QA people. They need to call the login method first(for now via Postman) and after that they need to copy the access token value to every method that they call on Swagger. 
    I was just looking if there is a way to do this calls on the same place, in a browser.
    Maybe I mislead with the way my question was written.
    Sorry about that.

    Sunday, May 3, 2020 12:08 PM
  • User475983607 posted

    Because of this, my API methods are now receiving as a parameter my access token.

    If your code can pass an access token to an API Action, then why are you unable to get to the access token to the testers or testing application?  

    Secondly, you created custom code and you're posting question as if the community knows how your code works.  

    My best guess is you need to fix the design.  Your token service needs the ability return access tokens not only for web applications but also code based applications.  

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, May 3, 2020 12:19 PM