使用 API 密钥和Swagger 安全方案的秘密 [英] Using an API Key & Secret for Swagger Security Scheme
问题描述
Swagger 支持 api key 的安全性,但是似乎仅限于单个参数.
Swagger supports security of api key, but that seems to be limited to a single parameter.
有没有办法在请求中定义一组参数(密钥和秘密)?
Is there a way to define a set of parameters (key and secret) that are expected as parameters in a request?
或者是跳过安全方案的唯一方法,只是将这些参数添加到每个请求中?
Or is the only way just to skip the security scheme, and just add those parameters to every request?
推荐答案
是的,OpenAPI (Swagger) 2.0 和 3.0 允许您定义多个安全性定义并将一个操作标记为需要多个安全性,例如一对 API 密钥.
Yes, OpenAPI (Swagger) 2.0 and 3.0 let you define multiple security definitions and mark an operation as requiring multiple securities, such as a pair of API keys.
在以下示例中,我定义了两个 API 密钥,Key
和 SecretKey
,它们都应该出现在每个请求的标头中,以便获取已通过身份验证.
In the following example, I'm defining two API keys, Key
and SecretKey
, both of which should be present in the headers of each request in order to get authenticated.
swagger: '2.0'
info:
version: 0.0.0
title: Simple API
securityDefinitions:
key:
type: apiKey
in: header
name: Key
secret_key:
type: apiKey
in: header
name: SecretKey
# Or if you use OpenAPI 3.0:
# components:
# securitySchemes:
# key:
# type: apiKey
# in: header
# name: Key
# secret_key:
# type: apiKey
# in: header
# name: SecretKey
paths:
/:
get:
# Both 'Key' and 'SecretKey' must be used together
security:
- key: []
secret_key: []
responses:
200:
description: OK
请注意,这与
security:
- key: []
- secret_key: [] # <-- Note the leading dash here
这意味着端点需要 Key
或 SecretKey
,但不能同时使用.
which means the endpoint expects either Key
or SecretKey
, but not both.
这篇关于使用 API 密钥和Swagger 安全方案的秘密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!