OpenAPI Authentication and Authorization

From NovaOrdis Knowledge Base
Revision as of 17:07, 2 November 2023 by Ovidiu (talk | contribs) (→‎Overview)
Jump to navigation Jump to search

External

Internal

Overview

This applies to OpenAPI 3.0.

OpenAPI uses the term security scheme for authentication and authorization schemes. OpenAPI 3.0 supports the following security schemes:

  • HTTP authentication schemes, based on the Authorization header.
    • Basic
    • Bearer token
    • Other schemes defined by RFC7245.
  • API keys in headers, query strings and cookies.
    • Cookie authentication.
  • OAuth 2
  • OpenID Connect Discovery.

HTTP Authentication

Bearer