How to indicate required authorization in the OPENAPI spec?

Question

Not new to APIs, but fairly new to creating OpenAPI specs from the ground up.

I'm curious if there is a way to indicate what authorization my app requires for specific endpoints in the spec.

Example:
GET /products - this requires the user to have 'read products' permission

POST /product - this requires the user to have 'write products' permission

Is there any good strategy to expose this info to the user in the spec?

chichepo · Answer

cutups&nbsp;It's a quite "wide question"&nbsp;😉Users or business analysts are obviously using the SwaggerHub page as a documentation source and can easily get endpoints requirements (Authorizations, method type etc.).Since the endpoint is a reflection of the server request specifications, all kind of access prerequisites are supposed to be known by the user.Additionally, you can restrict the Client actions on properties with readOnly property for example.Anyway, maybe you can provide more specific use case that we can discuss about&nbsp;

Forum Discussion

How to indicate required authorization in the OPENAPI spec?

1 Reply

Related Content

JDBC connection error indicating SSL issue

How to activate indicator

Authorization

Rest API Authorization

Authorization Tag For Basic BASE64 Encoding

Recent Discussions

Help me solve this error

Adding Processing attribute to an XML spec

return multiple listings based on the criteria

How do I bypass the Available authorizations dialog?

Last-Modified header is invalid: api.swaggerhub.com