Swagger - Adding multiple security parameters to the same schema definition -


aim

to include multiple security headers every request made within api

problem

i trying add multiple headers swagger yaml security definitions. have trawled though api not have alot of luck finding when making 'try-this-operation' required select one. rather able use both. correct or doing incorrectly?

snippet

securitydefinitions:   useremail:     type: apikey     name: user email     in: header   clientid:     type: apikey     name: client id     in: header  security: [ { useremail: [], clientid: []  } ] 

alternative?

if trying impossible ... possible specify these parameters default rest paths within swagger document?

i new swagger week have found else without problem ... cannot find example of this.

if guidance given incredibly helpful many

your securitydefintions object looks ok. beware that

security: [ { useremail: [], clientid: []  } ] 

means api client must use useremail authentication , clientid authentication @ once! meant:

security: [ { useremail: [] }, { clientid: []  } ] 

which means api client must use either useremail authentication or clientid authentication.

to avoid repeating definition on , on again can use global security property applies paths without own security object:

security: [ { useremail: [] }, { clientid: []  } ] paths:   "/foo":     get:     post: 

or make use of reference explicitness or multiple common values:

paths:   "/foo":     get:       security:         "$ref": "#/definitions/lowsecurity"     post:       security:         "$ref": "#/definitions/highsecurity" definitions:   lowsecurity:  [ { foo: [] }, { bar: []  } ]   highsecurity: [ { foo: [] } ] 

reference

the swagger2 specification states under operation object:

security: [security requirement object]

a declaration of security schemes applied operation. list of values describes alternative security schemes can used (that is, there logical or between security requirements). definition overrides declared top-level security. remove top-level security declaration, empty array can used.

the security requirement object described this:

lists required security schemes execute operation. object can have multiple security schemes declared in required (that is, there logical , between schemes).

the name used each property must correspond security scheme declared in security definitions.


Comments

Popular posts from this blog

twig - Using Twigbridge in a Laravel 5.1 Package -

jdbc - Not able to establish database connection in eclipse -

Kivy: Swiping (Carousel & ScreenManager) -