Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Minor Typo corrections and slight wording adjustments.

...

This will open a new designer tab where you can configure several thingsoptions, such as your API Explorer title bar information and API Security configuration.

To learn much more details into about OpenAPI, see their documentation page for version 3.0.3.


There We are concerned with the following 2 sections of this json file are what we are concerned with.:

  • The "security" section.  This section is where you define what security schema are to be checked when an API is called.
    • These securities are applied to all APIs .  A however a specific API route can override these securities.
    • Advanced: Notice that this section is an array of objects.  It does allow for configuring multiple schemas within each array element
    • See here for even more information.

...

The API Framework will attempt to authenticate to one and only one a single user with that "X-API-KEY" value.

...

  • The "name" of the security scheme can be anything, below the name this one "User".
  • Notice that "User" is defined as a "http" type with scheme basic.  This means it requires the caller to send a an encoded basic User/Password value for "Authorization" in the header.
  • Also, to enable this scheme authentication, it must be included in the "security" section and the name must exactly match.

With this configuration, this means that when an API is called the caller must send include a header with a property called "Authorization" that contain an contains a standard encoding of basic user:password.

The API Framework will then attempt authenticate to one and only one user with those matching a single user profile that matches the encoded credentials.

Code Block
languagejs
title An example of a configuration that secures all APIs to require User/Password credentials
{
  "openapi": "3.0.3",
  "info": {
    "title": "My Company APIs",
    "version": "2.1.6"
  },
  "components": {
    "securitySchemes": {
      "User": {
        "type": "http",
        "scheme": "basic"
      }
    }
  },
  "security": [
    {
      "User": []
    }
  ]
}

...

The API Framework will attempt to authenticate to one and only one a single user with both the "AppKey" and "ClientID" values.

...

  • In the "security" section, there are now three array elementelements.


With this configuration, this means when an API is called the caller must send one of the below combinations:

  • For the "User" security:
    •  A Header with property name "Authorization" with

...

    • a basic encoded user:password
  • For the "APIKey" and "AuthToken":
    • A Header with property name "X-API-KEY" and cookie with a name of AuthToken
  • For the "AppKey" and "ClientID":
    • A Header with a property called "AppKey" and another property called "ClientID"

The API Framework will go through each of these array elements and attempt to authenticated authenticate to a one and only one single user with those matching credentials.

...