Add example(s) to securitySchemes: #4756
kentbulza
started this conversation in
Enhancements
Replies: 1 comment
-
|
@kentbulza I suspect the reason is more that the relationship between the Security Scheme and what you would put in an example is less direct than in other places. API keys like this can basically be treated like a header parameter, but other schemes don't map as cleanly to something like a single header. But I'm speculating here. We're likely to do more security improvements for 3.3 so we should consider this then. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
To help convey how an
apikeymight look (an UUID, an object Key, a ULID, a base64 string), I believeexampleorexamplesshould be added tosecuritySchemes. Presumably the idea of not having it was due to security concerns someone would put in an actual key instead of an example. But a careless spec author could just as easily inadvertently expose a key in thedescriptionas in anexample.components:
securitySchemes:
ApiKeyAuth:
type: apiKey
in: header
name: X-API-Key
description: Use your provided key like ABC123.
example: ABC123
Beta Was this translation helpful? Give feedback.
All reactions