using the Swagger-UI adds an additional "/api" to the request URL and is missing auth type in header #7969

New Issue

Closed

opened 2025-12-29 20:30:37 +01:00 by adam · 3 comments

adam commented 2025-12-29 20:30:37 +01:00

Owner

Copy Link

Originally created by @zeddD1abl0 on GitHub (May 1, 2023).

Originally assigned to: @arthanson, @jeremystretch on GitHub.

NetBox version

v3.5.0

Python version

3.9

Steps to Reproduce

1. Go to the Swagger UI for the API (https:///api/schema/swagger-ui/)
2. Authorize using token to activate testing with Swagger UI
3. On any resource, attempt to use the Swagger UI

Expected Behavior

Swagger should be able to perform the action as expected by the API request used. It should be able to display the response from the request made.

Observed Behavior

The URL for the request that Swagger generates has another "/api" in the path. Also, the "Authentication" header is missing the "Token " preceding the token string itself.

For Example:

curl -X 'GET' \
  'https://netbox/api/api/dcim/devices/?id=1' \
  -H 'accept: application/json' \
  -H 'Authorization: <token>'

Results in the default "Page not Found" error page

The following does work

curl -X 'GET' \
  'https://netbox/api/dcim/devices/?id=1' \
  -H 'accept: application/json' \
  -H 'Authorization: Token <token>'

Originally created by @zeddD1abl0 on GitHub (May 1, 2023). Originally assigned to: @arthanson, @jeremystretch on GitHub. ### NetBox version v3.5.0 ### Python version 3.9 ### Steps to Reproduce 1. Go to the Swagger UI for the API (https://<yournetboxurl>/api/schema/swagger-ui/) 2. Authorize using token to activate testing with Swagger UI 3. On any resource, attempt to use the Swagger UI ### Expected Behavior Swagger should be able to perform the action as expected by the API request used. It should be able to display the response from the request made. ### Observed Behavior The URL for the request that Swagger generates has another "/api" in the path. Also, the "Authentication" header is missing the "Token " preceding the token string itself. For Example:  ```bash curl -X 'GET' \ 'https://netbox/api/api/dcim/devices/?id=1' \ -H 'accept: application/json' \ -H 'Authorization: <token>' ``` Results in the default "Page not Found" error page  The following does work ```bash curl -X 'GET' \ 'https://netbox/api/dcim/devices/?id=1' \ -H 'accept: application/json' \ -H 'Authorization: Token <token>' ```

adam added the type: bugstatus: acceptedtopic: OpenAPI labels 2025-12-29 20:30:37 +01:00

adam closed this issue 2025-12-29 20:30:37 +01:00

adam commented 2025-12-29 20:30:38 +01:00

Author

Owner

Copy Link

@jeremystretch commented on GitHub (May 1, 2023):

I was able to correct the base path in the 12410-openapi-fixes branch, however I'll need to dig more into resolving the missing token prefix for the authorization header. The drf-spectacular documentation suggests using OpenApiAuthenticationExtension to override the header, however this is the default format employed by DRF so I'm surprised it doesn't work out of the box.

@jeremystretch commented on GitHub (May 1, 2023): I was able to correct the base path in the `12410-openapi-fixes` branch, however I'll need to dig more into resolving the missing token prefix for the authorization header. The `drf-spectacular` documentation suggests using [`OpenApiAuthenticationExtension`](https://drf-spectacular.readthedocs.io/en/latest/customization.html#specify-authentication-with-openapiauthenticationextension) to override the header, however this is the default format employed by DRF so I'm surprised it doesn't work out of the box.

adam commented 2025-12-29 20:30:38 +01:00

Author

Owner

Copy Link

@arthanson commented on GitHub (May 1, 2023):

"Token" needs to be added when you enter the authentication details in the api/schema Authorize dialog (see screenshot below) if you do enter "Token xxx..." it works correctly. Not sure why spectacular does it this way, seems like they should be able to auto-generate that, but it is by design in spectacular.

@arthanson commented on GitHub (May 1, 2023): "Token" needs to be added when you enter the authentication details in the api/schema Authorize dialog (see screenshot below) if you do enter "Token xxx..." it works correctly. Not sure why spectacular does it this way, seems like they should be able to auto-generate that, but it is by design in spectacular. 

adam commented 2025-12-29 20:30:38 +01:00

Author

Owner

Copy Link

@jeremystretch commented on GitHub (May 1, 2023):

Given that this isn't technically a bug, and that it's a separate issue from the base path problem, I'm going to close this as resolved by my work in the 12410-openapi-fixes branch. That said, I'm happy to entertain a separate FR with a proposal to improve the Swagger UI to make the authorization process more intuitive.

@jeremystretch commented on GitHub (May 1, 2023): Given that this isn't technically a bug, and that it's a separate issue from the base path problem, I'm going to close this as resolved by my work in the `12410-openapi-fixes` branch. That said, I'm happy to entertain a separate FR with a proposal to improve the Swagger UI to make the authorization process more intuitive.

adam referenced this issue 2025-12-29 22:26:39 +01:00

[PR #7969] [CLOSED] Fix #6905: Assign existing prefix to VLAN from VLAN view #13305

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

update-changelog-comments-docs

feature-removal-issue-type

20911-dropdown

20239-plugin-menu-classes-mutable-state

21097-graphql-id-lookups

feature

fix_module_substitution

20923-dcim-templates

20044-elevation-stuck-lightmode

feature-ip-prefix-link

v4.5-beta1-release

20068-import-moduletype-attrs

20766-fix-german-translation-code-literals

20378-del-script

7604-filter-modifiers-v3

circuit-swap

12318-case-insensitive-uniqueness

20637-improve-device-q-filter

20660-script-load

19724-graphql

20614-update-ruff

14884-script

02496-max-page

19720-macaddress-interface-generic-relation

19408-circuit-terminations-export-templates

20203-openapi-check

fix-19669-api-image-download

7604-filter-modifiers

19275-fixes-interface-bulk-edit

fix-17794-get_field_value_return_list

11507-show-aggregate-and-rir-on-api

9583-add_column_specific_search_field_to_tables

v4.5.0

v4.4.10

v4.4.9

v4.5.0-beta1

v4.4.8

v4.4.7

v4.4.6

v4.4.5

v4.4.4

v4.4.3

v4.4.2

v4.4.1

v4.4.0

v4.3.7

v4.4.0-beta1

v4.3.6

v4.3.5

v4.3.4

v4.3.3

v4.3.2

v4.3.1

v4.3.0

v4.2.9

v4.3.0-beta2

v4.2.8

v4.3.0-beta1

v4.2.7

v4.2.6

v4.2.5

v4.2.4

v4.2.3

v4.2.2

v4.2.1

v4.2.0

v4.1.11

v4.1.10

v4.1.9

v4.1.8

v4.2-beta1

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.11

v4.0.10

v4.0.9

v4.1-beta1

v4.0.8

v4.0.7

v4.0.6

v4.0.5

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v3.7.8

v3.7.7

v4.0-beta2

v3.7.6

v3.7.5

v4.0-beta1

v3.7.4

v3.7.3

v3.7.2

v3.7.1

v3.7.0

v3.6.9

v3.6.8

v3.6.7

v3.7-beta1

v3.6.6

v3.6.5

v3.6.4

v3.6.3

v3.6.2

v3.6.1

v3.6.0

v3.5.9

v3.6-beta2

v3.5.8

v3.6-beta1

v3.5.7

v3.5.6

v3.5.5

v3.5.4

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.10

v3.4.9

v3.5-beta2

v3.4.8

v3.5-beta1

v3.4.7

v3.4.6

v3.4.5

v3.4.4

v3.4.3

v3.4.2

v3.4.1

v3.4.0

v3.3.10

v3.3.9

v3.4-beta1

v3.3.8

v3.3.7

v3.3.6

v3.3.5

v3.3.4

v3.3.3

v3.3.2

v3.3.1

v3.3.0

v3.2.9

v3.2.8

v3.3-beta2

v3.2.7

v3.3-beta1

v3.2.6

v3.2.5

v3.2.4

v3.2.3

v3.2.2

v3.2.1

v3.2.0

v3.1.11

v3.1.10

v3.2-beta2

v3.1.9

v3.2-beta1

v3.1.8

v3.1.7

v3.1.6

v3.1.5

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.0.12

v3.0.11

v3.0.10

v3.1-beta1

v3.0.9

v3.0.8

v3.0.7

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.11.12

v3.0-beta2

v2.11.11

v2.11.10

v3.0-beta1

v2.11.9

v2.11.8

v2.11.7

v2.11.6

v2.11.5

v2.11.4

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.10

v2.10.9

v2.11-beta1

v2.10.8

v2.10.7

v2.10.6

v2.10.5

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.11

v2.10-beta2

v2.9.10

v2.10-beta1

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.9-beta2

v2.8.9

v2.9-beta1

v2.8.8

v2.8.7

v2.8.6

v2.8.5

v2.8.4

v2.8.3

v2.8.2

v2.8.1

v2.8.0

v2.7.12

v2.7.11

v2.7.10

v2.7.9

v2.7.8

v2.7.7

v2.7.6

v2.7.5

v2.7.4

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.12

v2.6.11

v2.6.10

v2.6.9

v2.7-beta1

Solcon-2020-01-06

v2.6.8

v2.6.7

v2.6.6

v2.6.5

v2.6.4

v2.6.3

v2.6.2

v2.6.1

v2.6.0

v2.5.13

v2.5.12

v2.6-beta1

v2.5.11

v2.5.10

v2.5.9

v2.5.8

v2.5.7

v2.5.6

v2.5.5

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.9

v2.5-beta2

v2.4.8

v2.5-beta1

v2.4.7

v2.4.6

v2.4.5

v2.4.4

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.7

v2.4-beta1

v2.3.6

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.10

v2.3-beta2

v2.2.9

v2.3-beta1

v2.2.8

v2.2.7

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.6

v2.2-beta2

v2.1.5

v2.2-beta1

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.10

v2.1-beta1

v2.0.9

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v2.0-beta3

v1.9.6

v1.9.5

v2.0-beta2

v1.9.4-r1

v1.9.3

v2.0-beta1

v1.9.2

v1.9.1

v1.9.0-r1

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.3

v1.7.2-r1

v1.7.1

v1.7.0

v1.6.3

v1.6.2-r1

v1.6.1-r1

1.6.1

v1.6.0

v1.5.2

v1.5.1

v1.5.0

v1.4.2

v1.4.1

v1.4.0

v1.3.2

v1.3.1

v1.3.0

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.7-r1

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3-r1

v1.0.3

1.0.0

Labels

Clear labels

beta

breaking change

complexity: high

complexity: low

complexity: medium

needs milestone

netbox

pending closure

plugin candidate

pull-request

Mirrored from GitHub Pull Request

severity: high

severity: low

severity: medium

status: accepted

status: backlog

status: blocked

status: duplicate

status: needs owner

status: needs triage

status: revisions needed

status: under review

topic: GraphQL

topic: Internationalization

topic: OpenAPI

topic: UI/UX

topic: cabling

topic: event rules

topic: htmx navigation

topic: industrialization

topic: migrations

topic: plugins

topic: scripts

topic: templating

topic: testing

type: bug

type: deprecation

type: documentation

type: feature

type: housekeeping

type: translation

No Label status: accepted topic: OpenAPI type: bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/netbox#7969