I was given a test task to make an OpenAPI specification for a network-connected thermopot.
This "iPot" must provide authorized and authenticated devices (on the local network) with its status info (volume of it's contents, temperature, etc.). It must accept commands (from authed&authed devices) to set a desired temperature and asynchronously report of the command completion.
Since Authorization, Authentication and HTTP (no HTTPS in a sensible way for IoT LAN devices) are strict requirements, the only authentication scheme that is tolerant to HTTP is HOBA https://tools.ietf.org/html/rfc7486
How can I describe HOBA authentication with Swagger/OpenAPI?