paulbricman
commented
2 years ago Well spotted! Indeed, I moved the token to the headers so that it doesn't show up in the url/history, yet in a way which broke the OpenAPI docs. I'll leave this issue open until I fix the autogenerated docs.
Since you've changed the way the authorization works, the automatically generated API requests at localhost:8000/docs are not correct, because the token is not included anywhere in the output. After some trial and error, I've found out what works now (add
-H 'authorization: Bearer <token>'\to the curl request), but this might be an issue for someone just trying it out and relying on the requests provided by the docs.