Operation level security in conjunction with root level security?
Hello Swagger Community!
Ref: https://swagger.io/docs/specification/authentication/
I have an API which requires authorization via an API key for every operation. (Api key security defined on the api root definition).
For specific operations which require authentication, a Bearer Token is required (In conjunction with the aforementioned api key).
I understand that I can define both security schemes within a security requirements object on operations that require them - which yeilds a working result, and I understand that the documented logic of defining an explicit security requirement at the operation level overrides the securty requirement defined at the root level, however I was wondering if it is possible to have requirements defined this way work in conjunction with each other, rather than be overridden.
It seems odd to me that there is a specific syntax in the documentation for defining multiple security schemes within a requirement using logical AND or OR operators (https://swagger.io/docs/specification/authentication/#multiple) but there is no documented way of doing this extensibly. It seems the only way to achieve this behaviour is by overriding the root security requirements with an operation security requirement referencing what would already be defined in the root scheme as well as the required additional scheme.
I hope my explaination of the problem makes sense, and thanks for your time spent trying to understand it!