How to define a secret key / signature based security scheme?

Skimming the Swagger documentation for authentication / authorization schemes in OAS 3.0, I don't see a clear way to define my API as utilizing signature-based authentication.

I have an API where all requests must be passed two properties: `api_key` (which uniquely defines the user) and `signature` (which is computed using the request path, query string, and a secret key). The server keeps a copy of their secret key and generates the same signature using the same process, then compares the two signatures. This way unlike API key auth (where the full authentication credentials are passed over the internet, hopefully secured by HTTPS) there is never enough information passed for a man-in-the-middle to trivially forge requests (other than replay attacks using the exact same request).

I feel like signature-based authentication isn't so rare as to be excluded from the OpenAPI specification. AWS uses signature-based authentication for almost all of their services! Is there a way to define this as a security scheme? Or is this a missing feature from the spec?

Swagger Core

Swagger Editor

Forum Discussion

How to define a secret key / signature based security scheme?

Related Content

Remove default security scheme description

ERROR:groovy.lang.MissingMethodException: No signature of method

Unable to set the values of a Signature (WS-Security)

log4j security vulnerability

The signature or decryption was invalid

Recent Discussions

Should the Curl command show the path to the file to be uploaded

ID_TOKEN as the header in the Google OAUTH2.0

How to hide an endpoint from openaopi 3.0

I can't see the "add item" button in swagger UI

Swagger Convertor Gateway Time-out