4

OpenApi allows to define cookies in request parameters. But for response all I could find is either custom headers (signal general presence of Set-Cookie, but no clue about particular cookie) or rolling custom extension (which is also very limiting, eg. lacks type and description).

How to define response cookies?

Agent_L
  • 4,960
  • 28
  • 30

1 Answers1

1

The OAS does not mention anything special for cookies in responses.

The swagger docs are providing an example how to define the cookies for authentication. But it is generally usable for all kind of cookies.

  responses:
    '200':
      description: >
        Successfully authenticated.
        The session ID is returned in a cookie named `JSESSIONID`. You need to include this cookie in subsequent requests.
      headers: 
        Set-Cookie:
          schema: 
            type: string
            example: JSESSIONID=abcde12345; Path=/; HttpOnly
stollr
  • 6,534
  • 4
  • 43
  • 59
  • Yep, that's what I've meant by "signaling general presence of Set-Cookie, but no clue about particular cookie". – Agent_L Mar 22 '23 at 09:24
  • Also, I wouldn't call it "defining" - it's more of a guideline than actual rule. Which is the opposite of the goal of OAS: "allows both humans and computers to (...) understand". – Agent_L Mar 22 '23 at 09:43
  • I understand that my answer is not satisfying, but there is no way to define a particular cookie (at least until today). I had the same question like you and that's what I found. So I thought it would help others with the same question. – stollr Mar 22 '23 at 13:57