OpenAPI Authentication and Authorization: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
 
Line 10: Line 10:
* HTTP authentication schemes, based on the <code>Authorization</code> header.
* HTTP authentication schemes, based on the <code>Authorization</code> header.
** Basic
** Basic
** Bearer token
** [[#Bearer|Bearer token]]
** Other schemes defined by RFC7245.
** Other schemes defined by RFC7245.
* API keys in headers, query strings and cookies.
* API keys in headers, query strings and cookies.

Latest revision as of 17:07, 2 November 2023

External

Internal

Overview

This applies to OpenAPI 3.0.

OpenAPI uses the term security scheme for authentication and authorization schemes. OpenAPI 3.0 supports the following security schemes:

  • HTTP authentication schemes, based on the Authorization header.
  • API keys in headers, query strings and cookies.
    • Cookie authentication.
  • OAuth 2
  • OpenID Connect Discovery.

HTTP Authentication

Bearer

Retrieved from "https://kb.novaordis.com/index.php?title=OpenAPI_Authentication_and_Authorization&oldid=103156"