From ccc19deeac1f7058c1cf9dffb88ec17f4a0f1ecf Mon Sep 17 00:00:00 2001 From: 0X-SquidSol Date: Thu, 9 Apr 2026 11:57:07 -0400 Subject: [PATCH] docs: add API key auth requirement to /ws/stats in OpenAPI spec The /ws/stats endpoint applies requireApiKey() middleware (health.ts:76) which checks the x-api-key header, but the OpenAPI spec had no security requirement documented. Clients following the spec would hit an undocumented 401. Adds: - securitySchemes.ApiKeyAuth component (apiKey in header, name: x-api-key) - security requirement on /ws/stats operation - 401 response documentation with example Co-Authored-By: Claude Opus 4.6 (1M context) --- openapi.yaml | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/openapi.yaml b/openapi.yaml index 9fc22e8..cbea790 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -66,8 +66,10 @@ paths: tags: - WebSocket summary: WebSocket connection metrics - description: Returns current WebSocket connection counts, throughput, and rate limits + description: Returns current WebSocket connection counts, throughput, and rate limits. Requires API key authentication. operationId: getWsStats + security: + - ApiKeyAuth: [] responses: '200': description: WebSocket metrics @@ -86,6 +88,14 @@ paths: maxGlobalConnections: 500 maxConnectionsPerSlab: 50 maxConnectionsPerIp: 5 + '401': + description: Unauthorized — missing or invalid x-api-key header + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + example: + error: "Unauthorized: invalid or missing x-api-key" '500': $ref: '#/components/responses/InternalServerError' /health: @@ -623,6 +633,13 @@ paths: $ref: '#/components/responses/InternalServerError' components: + securitySchemes: + ApiKeyAuth: + type: apiKey + in: header + name: x-api-key + description: API key passed via the x-api-key request header + parameters: SlabAddress: name: slab