Forum Discussion

cutups's avatar
New Member
2 years ago

How to indicate required authorization in the OPENAPI spec?

Not new to APIs, but fairly new to creating OpenAPI specs from the ground up.


I'm curious if there is a way to indicate what authorization my app requires for specific endpoints in the spec.

GET /products   - this requires the user to have 'read products' permission

POST /product   - this requires the user to have 'write products' permission

Is there any good strategy to expose this info to the user in the spec?

1 Reply

  • chichepo's avatar
    Champion Level 3

    It's a quite "wide question" ๐Ÿ˜‰

    Users or business analysts are obviously using the SwaggerHub page as a documentation source and can easily get endpoints requirements (Authorizations, method type etc.).

    Since the endpoint is a reflection of the server request specifications, all kind of access prerequisites are supposed to be known by the user.
    Additionally, you can restrict the Client actions on properties with readOnly property for example.

    Anyway, maybe you can provide more specific use case that we can discuss about