When I try this RAML in the mocking service, I get a 200 success response back even when I don't include a client_id and client_secret. Is that normal? Shouldn't I get a 401 response if I leave the headers empty, as I've defined them to be required?
#%RAML 1.0
title: Test
description: testing cloudhub
traits:
client-id-required:
headers:
client_id:
type: string
required: true
client_secret:
type: string
required: true
responses:
401:
description: Unauthorized or invalid client application credentials
500:
description: Bad response from authorization server, or WSDL SOAP Fault error
/something:
is: [client-id-required]
get:
responses:
200:
body:
application/json:
example:
{
"hello" : "goodbye"
}
The Mocking Service should validate the missing headers. It is not clear why it is not. But I don't see any reason for it to respond with a 401. It is mocking a response, not trying to authenticate. It doesn't really implement the API after all. There is no reason for it to assume these headers are for authentication, just that they are required headers for your API.
Have you defined the headers but with an empty value? That may match the definition of required so they pass validation.