Is there a way to force API Console to render a "password" input type

[monikma]

Hello

Down to the point:) Take a look here: http://www.w3schools.com/TAGS/att_input_type.asp at the "password" type description:

password - Defines a password field (characters are masked)

Is there any way to tell API Console that a field should be rendered as input of type "password" ? For example in this snippet:

/bla:
  post:
    body:
      application/x-www-form-urlencoded:
        formParameters:
          password:
            required: false
            type: string
            displayName: password

We need a way to mask the password field.

I could not find any property present in RAML specification that would say that the parameter should be of type "password". Are you maybe aware of any workaround to make it appear masked in API Console? Do you see a way of implementing it?

For us it is currently a security issue. I wonder if others stumbled upon similar issues.

Regards,
Monika Machunik

[monikma]

In other words, we need a mechanism to be able to mark an arbitrary field in RAML as "sensitive", so that it will be rendered masked in API Console.

Since there is no such keyword in RAML, do you see any possibility of adding such feature in API Console? For example someone could add a configuration to their API Console instance, where they would specify a naming convention for sensitive fields.

Do you maybe have similar configuration mechanism for any other features where we could have a look at, and perhaps try to extend it?

[sichvoge]

MH; maybe in the future we can introduce some annotations that are specific for rendering fields, something like:

/bla:
  post:
    body:
      application/x-www-form-urlencoded:
        properties:
          password:
            (field.type): password
            required: false
            type: string
            displayName: password

Just an idea though! :) We can leave that issue open and discuss ideas.

[jarrodek]

I support @sichvoge here. The only way to introduce different input types is to use annotations.

How definition for annotation would look like for (field.type)? Or maybe it should be:

(field):
  type: password

?

[sichvoge]

Sounds reasonable for me, but maybe we should just have (field.type): password which can be applied to any properties. What do you think?

An example:

application/json:
  type: object
  properties:
    password:
      type: string
      (field.type): password

[jarrodek]

Sorry for my previous comment. Wrong tab :)
I've deleted my post.

[jarrodek]

I am against using annotations to control the view. This is not scalable as the only application that uses this information would be API Console. There is no corresponding mechanism for OAS which is also supported.
This should be incorporated into RAML and OAS specs.