OpenAPI Authentication and Authorization: Difference between revisions
Jump to navigation
Jump to search
(Created page with "=External= * https://swagger.io/docs/specification/authentication =Internal= * Open API =Overview= This applies to OpenAPI 3.0. O...") |
|||
| Line 10: | Line 10: | ||
* HTTP authentication schemes, based on the <code>Authorization</code> header. | * HTTP authentication schemes, based on the <code>Authorization</code> header. | ||
** Basic | ** Basic | ||
** Bearer | ** Bearer token | ||
** Other schemes defined by RFC7245. | ** Other schemes defined by RFC7245. | ||
* API keys in headers, query strings and cookies. | * API keys in headers, query strings and cookies. | ||
Revision as of 16:58, 2 November 2023
External
Internal
Overview
This applies to OpenAPI 3.0.
OpenAPI uses the term security scheme for authentication and authorization schemes. OpenAPI 3.0 supports the following security schemes:
- HTTP authentication schemes, based on the
Authorizationheader.- Basic
- Bearer token
- Other schemes defined by RFC7245.
- API keys in headers, query strings and cookies.
- Cookie authentication.
- OAuth 2
- OpenID Connect Discovery.