The OpenAPI 3 specification of the REST endpoints are exposed at /api/swagger/json
for admin role only. We want that API to be exposed to different roles too. So different roles will be able to access different schemas (as per the permission level defined in hasura).
Let me explain this with an example:
For eg., I have a book
table and an author
table. And I make a mutation to insert a book, and create a RESTified endpoint from it (as an admin).
I create a role named "editor". This editor role may have permissions to run the mutation to insert a book, but nothing else. But the admin role will be able to insert the book, and also the author through the relationship.
Attaching docs here for reference - https://hasura.io/docs/latest/api-reference/restified/#openapi-3-specification
Currently, you can only pass
X-Hasura-Admin-Secret: <secret>
X-Hasura-Role: admin
If I try to pass role different than "admin" role, then I get following error
{
"code": "access-denied",
"error": "You have to be an admin to access this endpoint",
"path": "$"
}
To allow non-admin role users to access this API. So it means different roles having different schemas.
So non-admin role users can also access that endpoint and pass headers with their role like this
X-Hasura-Admin-Secret: <secret>
X-Hasura-Role: editor
--
No as I am unfamiliar with the codebase