Missing header entries in Postman collection

[nikschul]

Bug Report

Describe the Bug

Some requests inside the Postman collection are missing the required X-Api-Key header entry and therefore get a 401 Unauthorized response.

Expected Behavior

A 200 OK response.

Observed Behavior

A response with 401 Unauthorized on requests "Get Cached Catalogs", "Initiate Transfer" or "Get Transfer Process".

Steps to Reproduce

Steps to reproduce the behavior:

1. Execute the REST requests "Get Cached Catalogs", "Initiate Transfer" or "Get Transfer Process" from step 7) of the README.md

Context Information

• Used version: EDC 0.10.0-SNAPSHOT

• OS: Ubuntu using Bruno for REST requests

Detailed Description

Possible Implementation

The requests "Get Cached Catalogs", "Initiate Transfer" und "Get Transfer Process" don't have any headers at all. Adding the header X-Api-Key: password fixed the problem. The request "Initiate Negotiation" is missing the header Content-Type: application/json which would also be meaningful as the request body contains a JSON like the other requests, but is not strictly necessary.

[nikschul]

I could provide a fix for the issue by opening a PR.

[paullatzelsperger]

The "Authorization" configuration is done on collection level, which is was causes the X-API-Key header to be added to all requests. I saw that some requests also have the X-Api-Key header defined explicitly, which is incorrect, because it overrides the collection-level config.

I think authorization should be defined at collection level, not individually per request.

Similarly, the Content-Type header could be configured with a collection-level pre-request script.