Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Using an API Key & Secret for Swagger Security Scheme

Tags:

swagger

Swagger supports security of api key, but that seems to be limited to a single parameter.

Is there a way to define a set of parameters (key and secret) that are expected as parameters in a request?

Or is the only way just to skip the security scheme, and just add those parameters to every request?

like image 958
Tim Lytle Avatar asked Apr 23 '15 08:04

Tim Lytle

People also ask

What does an API key allow you to do?

API keys provide project authorization By identifying the calling project, you can use API keys to associate usage information with that project. API keys allow the Extensible Service Proxy (ESP) to reject calls from projects that haven't been granted access or enabled in the API.

Where do I put API key in URL?

A better approach is to pass it in header of request url. you can set user-key header in your code . For testing your request Url you can use Postman app in google chrome by setting user-key header to your api-key.

What is an API key example?

API Key Generation Since the API key itself is an identity by which to identify the application or the user, it needs to be unique, random and non-guessable. API keys that are generated must also use Alphanumeric and special characters. An example of such an API key is zaCELgL. 0imfnc8mVLWwsAawjYr4Rx-Af50DDqtlx .

1 Answers

Yes, OpenAPI (Swagger) 2.0 and 3.0 let you define multiple security definitions and mark an operation as requiring multiple securities, such as a pair of API keys.

In the following example, I'm defining two API keys, Key and SecretKey, both of which should be present in the headers of each request in order to get authenticated.

swagger: '2.0'
info:
  version: 0.0.0
  title: Simple API
securityDefinitions:
  key:
    type: apiKey
    in: header
    name: Key
  secret_key:
    type: apiKey
    in: header
    name: SecretKey

# Or if you use OpenAPI 3.0:
# components:
#   securitySchemes:
#     key:
#       type: apiKey
#       in: header
#       name: Key
#     secret_key:
#       type: apiKey
#       in: header
#       name: SecretKey

paths:
  /:
    get:
      # Both 'Key' and 'SecretKey' must be used together
      security:
        - key: []
          secret_key: []
      responses:
        200:
          description: OK

Note that this is different from

      security:
        - key: []
        - secret_key: []  # <-- Note the leading dash here

which means the endpoint expects either Key or SecretKey, but not both.

like image 151
Mohsen Avatar answered Sep 18 '22 20:09

Mohsen
Sign in to Comment

Related questions

How to remove swagger production .net core 2.1
How to generate a PDF or markup from OpenAPI 3.0?
Restrict access to certain API controllers in Swagger using Swashbuckle and ASP.NET Identity
Unable to resolve service for type 'Swashbuckle.AspNetCore.Swagger.ISwaggerProvider'
oneOf in Swagger schema does not work
How to hide a parameter in swagger?
Convert JSON to JSON Schema draft 4 compatible with Swagger 2.0
What is causing the error that swagger is already in the route collection for Web API 2?
Swagger: wildcard path parameters
How to set @ApiModelProperty dataType to String for Swagger documentation
Defining enum for array in Swagger 2.0
How to describe WebSocket interface?
How to run swagger-codegen for OpenAPI 3.0.0
Swagger not detecting Spring Data Rest APIs with Spring Boot
Django Rest Framework: How to enable swagger docs for function based views
Is there a way to indicate that a string model property has a maximum length in Swagger?
How to use Swagger @ApiResponses annotation in Kotlin?
JSON Schema to GraphQL schema converters [closed]
Documenting Spring's login/logout API in Swagger
REST API Versioning with Swagger 2.0

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!