The following defines the different security policies you can enforce on your APIs.
apiKey
oauth2
apiKey
)Enforce API calls to include an API Key.
apiKey
api
, tenant
, resource
x-api-key
)true
, false
Example:
"security":[ { "type":"apiKey", "scope":"api", "header":"test" }, { "type":"apiKey", "scope":"resource" "header":"secret", "hashed":true } ]
This will create two API keys for the API, which will need to be supplied in the test
and secret
headers, respectively.
oauth2
)Perform token introspection for various social login providers and enforce token validation on that basis.
oauth2
api
, tenant
, resource
Example:
"security":[ { "type":"apiKey", "scope":"api", "header":"test" }, { "type":"oauth2", "scope":"api", "provider":"google" } ]
This will require that an apikey is supplied in the test
header, and a valid google OAuth token must be specified in the authorization
header.