[Help] Clarify how to use custom apiKey security definition
See original GitHub issueHi all! I am trying to generate documentation for my API routes which require HMAC-SHA256 authentication. This means that I have to include Authorization
header for every request which consists of API key and generated HMAC signature separated by colon (e.g. Authorization: API_KEY:GENERATED_SIGNATURE
).
I can easily generate the needed signature with JavaScript, but I cannot figure out how to add “key” and “secret” input fields in Swagger-UI “Authorize” pop-up and how to finally add it to Authorization
header in each request.
Is something like this possible with OpenAPI Specification v3 at all? Any help/tip/link is extremely appreciated!
Issue Analytics
- State:
- Created 6 years ago
- Reactions:2
- Comments:9 (5 by maintainers)
Top Results From Across the Web
What is an API Key? (And Are They Secure?)
An API key is an identifier assigned to an API client, used to authenticate an application calling the API. It is typically a...
Read more >API Keys: API Authentication Methods & Examples
Let's learn when and where to use API Keys and look at some authentication methods and API authentication best practices.
Read more >Why and when to use API keys
API keys aren't as secure as authentication tokens (see Security of API keys), but they identify the application or project that's calling an...
Read more >What is API security?
API management and security · An API key that is a single token string (i.e. a small hardware device that provides unique authentication ......
Read more >Create a custom connector from an OpenAPI definition
The Cognitive Services APIs use API key authentication, so that's what's specified in the OpenAPI definition. On the Security page, review the ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@skt44 Either tooling decides to support a commonly used but non-registered scheme, or it implements a plug-in mechanism in the case of client codegen, or it is simply a documentation hint to API consumers.
@darrelmiller thanks - in your hmac example, where would the function that calculates the hash be defined (since it isn’t a registered scheme)?