Versions Compared

Old Version 59

changes.mady.by.user Matt Denninghoff

Saved on

compared with

New Version 60

changes.mady.by.user Matt Denninghoff

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The “security” object inside of the openapi.json file determines which security schemes are used for requests, and whether one or all must be valid before a request is authorized. (See OpenAPI Configuration under “Multiple Security Schemes” for more information.)

Example Excerpt excerpt where requests matching EITHER “OAuth2_MS_Entra_Identity” OR “ApiKeyAuth” are permitted.

Code Block
languagejson
  "security": [
    {
      "OAuth2_MS_Entra_Identity": []
    },
    {
      "ApiKeyAuth":  []
    }

Example excerpt where requests must match BOTH OAuth2_MS_Entra_Identity and ApiKeyAuth , or else the API returns a Not validated response:

Code Block
"security": [
  {
    "OAuth2_MS_Entra_Identity": [],
    "ApiKeyAuth": []
  }
]

Complete Example openapi.json

Code Block
languagejson
{
  "openapi": "3.0.3",
  "info": {
    "title": "APIs",
    "version": "1.0.0"
  },
  "components": {
    "securitySchemes": {
      "ApiKeyAuth": {
        "type": "apiKey",
        "in": "header",
        "name": "X-API-Key"
      },
      "OAuth2_MS_Entra_Identity": {
        "type": "oauth2",
        "description": "Microsoft Azure Active Directory (Entra)",
        "flows": {
          "authorizationCode": {
            "x-userinfoUrl": "https://graph.microsoft.com/v1.0/me",
            "x-userinfoField": "userPrincipalName"
          }
        }
      }
    }
  },
  "x-allowAnonymous": false,
  "security": [
    {
      "OAuth2_MS_Entra_Identity": []
    },
    {
      "ApiKeyAuth": []
    }
  ]
}

Note: the x-allowAnonymous property must be false in order for API security to function properly.

Conventions

By default, Profound API expects certain conventions with OAuth2:

...