Using OpenAPI proxy

GitBook can proxy Test It requests so they work even when your API server doesn't support CORS.

Why this exists

Browsers block cross-origin requests unless the API server opts in with CORS headers. Without CORS configured, Test It requests fail in the browser. The proxy routes those requests server-side through GitBook, bypassing that restriction.

Enable the proxy for your whole spec

Add x-enable-proxy: true at the root of your OpenAPI spec.

openapi: '3.0.3'
x-enable-proxy: true
info:
  title: Example API
  version: '1.0.0'
servers:
  - url: https://api.example.com

Enable or disable for a specific operation

Add x-enable-proxy on an operation.

openapi: '3.0.3'
info:
  title: Example API
  version: '1.0.0'
servers:
  - url: https://api.example.com
paths:
  /reports:
    get:
      summary: List reports
      x-enable-proxy: true
      responses:
        '200':
          description: OK
    post:
      summary: Create report
      x-enable-proxy: false
      responses:
        '201':
          description: Created

Operation-level x-enable-proxy takes precedence over the root-level value.

What the proxy supports

GitBook forwards all HTTP methods (GET, POST, PUT, DELETE, PATCH), headers, cookies, and request bodies.

Security

The proxy only forwards requests to the URLs listed in your spec’s servers array. It can’t be used to reach arbitrary URLs.

Make sure your servers array includes every base URL you want to test against. If a URL isn't listed, Test It requests to that host will bypass the proxy.

Last updated 11 days ago

Was this helpful?