OpenAPI Authentication and Authorization: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
(Created page with "=External= * https://swagger.io/docs/specification/authentication =Internal= * Open API =Overview= This applies to OpenAPI 3.0. O...")
 
Line 10: Line 10:
* HTTP authentication schemes, based on the <code>Authorization</code> header.
* HTTP authentication schemes, based on the <code>Authorization</code> header.
** Basic
** Basic
** Bearer
** Bearer token
** Other schemes defined by RFC7245.
** Other schemes defined by RFC7245.
* API keys in headers, query strings and cookies.
* API keys in headers, query strings and cookies.

Revision as of 16:58, 2 November 2023

External

Internal

Overview

This applies to OpenAPI 3.0.

OpenAPI uses the term security scheme for authentication and authorization schemes. OpenAPI 3.0 supports the following security schemes:

  • HTTP authentication schemes, based on the Authorization header.
    • Basic
    • Bearer token
    • Other schemes defined by RFC7245.
  • API keys in headers, query strings and cookies.
    • Cookie authentication.
  • OAuth 2
  • OpenID Connect Discovery.