Bug: Swagger UI X-API-Key authorization is not sent in request headers

[dipesh-leapfrog]

Bug: Swagger UI X-API-Key authorization is not sent in request headers

Description:
Swagger UI does not include the X-API-Key header in outgoing requests after setting the API key in the Authorize dialog. As a result, protected API endpoints fail authentication even though a key was provided in Swagger UI.

Steps to Reproduce:

1. Run the OpenWA backend locally.
2. Open Swagger at http://localhost:2785/api/docs.
3. Click Authorize and enter a valid API key for X-API-Key.
4. Execute a protected endpoint request (for example, sessions/messages endpoints).
5. Check the request headers in browser DevTools (Network tab) and API response.

Expected Behavior:
Requests executed from Swagger UI should include X-API-Key: <api_key> in headers, and valid keys should pass the auth guard.

Actual Behavior:
X-API-Key is not sent in request headers from Swagger UI, and the backend responds with 401 Unauthorized.

Environment:

• Node version: 22 LTS (project target; please replace with exact local version from node -v)
• OS: Linux (6.17.0-29-generic)
• Docker version: Please replace with exact local version from docker --version

Logs:
Relevant backend response/error:

401 Unauthorized
API key is required

Optional guard debug output (if enabled in local branch):

xApiKey undefined
authHeader undefined

[dipesh-leapfrog]

@rmyndharis I have resolve this bug locally. Please assign me this bug issue, so that i can raise hotfix PR.

I confirmed this locally on /api/docs:

• API key entered in Swagger Authorize
• Protected endpoint called from Swagger UI
• Request is sent without X-API-Key header
• Backend returns 401 Unauthorized (API key is required)

Cause: OpenAPI security scheme is defined but not applied as a requirement, so Swagger UI does not consistently attach the header.