Swagger - Adding multiple security parameters to the same schema definition -
aim
to include multiple security headers every request made within api
problem
i trying add multiple headers swagger yaml security definitions. have trawled though api not have alot of luck finding when making 'try-this-operation' required select one. rather able use both. correct or doing incorrectly?
snippet
securitydefinitions: useremail: type: apikey name: user email in: header clientid: type: apikey name: client id in: header security: [ { useremail: [], clientid: [] } ]
alternative?
if trying impossible ... possible specify these parameters default rest paths within swagger document?
i new swagger week have found else without problem ... cannot find example of this.
if guidance given incredibly helpful many
your securitydefintions
object looks ok. beware that
security: [ { useremail: [], clientid: [] } ]
means api client must use useremail
authentication , clientid
authentication @ once! meant:
security: [ { useremail: [] }, { clientid: [] } ]
which means api client must use either useremail
authentication or clientid
authentication.
to avoid repeating definition on , on again can use global security
property applies paths without own security
object:
security: [ { useremail: [] }, { clientid: [] } ] paths: "/foo": get: post:
or make use of reference explicitness or multiple common values:
paths: "/foo": get: security: "$ref": "#/definitions/lowsecurity" post: security: "$ref": "#/definitions/highsecurity" definitions: lowsecurity: [ { foo: [] }, { bar: [] } ] highsecurity: [ { foo: [] } ]
reference
the swagger2 specification states under operation object:
security
: [security requirement object]a declaration of security schemes applied operation. list of values describes alternative security schemes can used (that is, there logical or between security requirements). definition overrides declared top-level security. remove top-level security declaration, empty array can used.
the security requirement object described this:
lists required security schemes execute operation. object can have multiple security schemes declared in required (that is, there logical , between schemes).
the name used each property must correspond security scheme declared in security definitions.
Comments
Post a Comment