0

When using in parameter in the securitySchemes, 

openapi: 3.0.0
servers:
  - url: http://hello-world.com
info:
  description: |-
    Hello World!
  version: "4"
  title: Hello World

components:
  securitySchemes:
    Token:
      description: Secret Token
      type: http
      name: Token
      in: header
      scheme: Token

    Tenant:
      description: Tenant ID
      type: http
      name: Tenant
      in: header
      scheme: Tenant

The editor.swagger.io throws a structural error:

Structural error at components.securitySchemes.Token should NOT have additional properties additionalProperty: name, in

How to use "in" for securitySchemes for OpenAPI 3.0.0?

The structural error would be there if I changed the definition to openapi: 2.0.0.

alvas
  • 115,346
  • 109
  • 446
  • 738
  • How is your auth header supposed to look like - `Tenant: value` or `Token: value` or something else? – Helen Jun 10 '19 at 08:47
  • Something like `-H 'Tenant: value' -H 'Token: value'` – alvas Jun 10 '19 at 08:57
  • Both headers used at the same time? – Helen Jun 10 '19 at 09:04
  • Yes, it should be used at the same time. – alvas Jun 10 '19 at 09:05
  • Possible duplicate of [Using an API Key & Secret for Swagger Security Scheme](https://stackoverflow.com/questions/29817270/using-an-api-key-secret-for-swagger-security-scheme) – Helen Jun 10 '19 at 10:53
  • Hi @Helen, it's not an API key because there's no real authentication there, so it must be a value sent through `type: http`, unlike the question you've linked. – alvas Jun 11 '19 at 01:03
  • `type: http` corresponds to the `Authorization` header specifically, i.e. `Authorization: Basic ...`, `Authorization: Bearer ...` etc. Any other security headers are defined as API keys. If your headers are not security-related, they should be defined as header parameters instead - see [How to define global parameters that will apply to all paths?](https://stackoverflow.com/q/39791491/113116) – Helen Jun 11 '19 at 08:26

0 Answers0