My feedback

  1. 1 vote
    Sign in
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Developers » API  ·  Flag idea as inappropriate…  ·  Admin →

    I have to admit, authorization with login/password through swaggerhub stopped working. Authorization with API key (2-nd in a list) still works.

    I can recommend to use one of these options:
    1 POSTMAN – is a great tool to work with API. It is possible to import swagger description.

    2 Use our test tool at API browser. It is a web application located at

    An error occurred while saving the comment
    Stu commented  · 

    Hi Dmitry,
    I did try the OAuth with password method too, but just to be sure I tried again. Firstly, I assume I use pwd/user of an admin of the WA site (I've tried two valid admin details). I added clientID and secret that I know to work already. Continually get a popup asking for user/pwd.

    I then tried with asking for "type: basic auth" which only needs user/pwd and I find out that my admin users are seen as invalid: "auth errorError: Unauthorized, error: invalid_client" so I'm not able to pass the Auth stage with those user details.
    Finally I tried OAuth with clientCredentials, using clientId and secret that I am already able to pull data with in my actual app. I get error: "auth errorError: Bad Request, error: unauthorized_client, description: Client is not authorized to use this grant type."

    What in fact is the 'client' in this case? Is it the WA account? Or is it something to do with how swaggerhub attempts to validate? It seems the problem is in this (unless I totally have overlooked something)

    An error occurred while saving the comment
    Stu commented  · 

    Thanks Dmitry, this is where I am having the problems - when I use the auth button, it asks for client ID and secret only. I enter valid data for these and select scope, click 'authorise' and a new page opens to:

    Obviously this fails (with "website not found" because it is pointing to "your_organisation" but it is not clear how I can change this. That is why I mentioned that the API was read-only. Is there another way to point this authentication to the actual client site?

    Stu shared this idea  · 

Feedback and Knowledge Base