使用 API 密钥 &Swagger 安全计划的秘密 [英] Using an API Key & Secret for Swagger Security Scheme

问题描述

Swagger 支持 api 密钥的安全性，但是似乎仅限于单个参数.

Swagger supports security of api key, but that seems to be limited to a single parameter.

有没有办法定义一组期望作为请求参数的参数(密钥和秘密)?

Is there a way to define a set of parameters (key and secret) that are expected as parameters in a request?

或者只是跳过安全方案，然后将这些参数添加到每个请求中的唯一方法?

Or is the only way just to skip the security scheme, and just add those parameters to every request?

推荐答案

是的，OpenAPI (Swagger) 2.0 和 3.0 允许您定义多个安全定义并将操作标记为需要多个安全，例如一对 API 密钥.

Yes, OpenAPI (Swagger) 2.0 and 3.0 let you define multiple security definitions and mark an operation as requiring multiple securities, such as a pair of API keys.

在下面的示例中，我定义了两个 API 密钥，Key 和 SecretKey，这两个密钥都应该出现在每个请求的标头中，以便获得已通过身份验证.

In the following example, I'm defining two API keys, Key and SecretKey, both of which should be present in the headers of each request in order to get authenticated.

swagger: '2.0'
info:
  version: 0.0.0
  title: Simple API
securityDefinitions:
  key:
    type: apiKey
    in: header
    name: Key
  secret_key:
    type: apiKey
    in: header
    name: SecretKey

# Or if you use OpenAPI 3.0:
# components:
#   securitySchemes:
#     key:
#       type: apiKey
#       in: header
#       name: Key
#     secret_key:
#       type: apiKey
#       in: header
#       name: SecretKey

paths:
  /:
    get:
      # Both 'Key' and 'SecretKey' must be used together
      security:
        - key: []
          secret_key: []
      responses:
        200:
          description: OK

注意这与

      security:
        - key: []
        - secret_key: []  # <-- Note the leading dash here

这意味着端点需要 Key 或 SecretKey，但不能两者都需要.

which means the endpoint expects either Key or SecretKey, but not both.

这篇关于使用 API 密钥 &Swagger 安全计划的秘密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！