This lesson talks about how the Open API Specification handles: security, error, conditions, content type -- meaning the API accepts or returns JSON or JPEG files and so on, and operation IDs.
Security
Security basically means what kind of authentication or authorization is required to be able to access the API
OAS handles four security types.
No security
This is usually reserved for getting information that's easily publicly available.
API key
This means that when you make a request you're sending a key that indicates that the app has permissions to use the API
Basic authentication
It is a standard way of sending the username and password in a header
Although in theory if you're using HTTPS, then the credentials are encrypted
It's generally considered not very secure to be sending the username and password with every request
So people invented a OAuth. OAuth is a complex way of using the username and password to generate a temporary token that indicates that you have authorization to use the API.
The request then uses this token.
And if it gets stolen, it's not a big deal because it expires fairly quickly.
So how do you indicate what kind of security your API uses? Each operation definition has a security key which contains an array of security definition objects.
Usually there's just one element in the array. Then in another part of the file, you have security definitions.
The file contains a security definitions key.
Typically at the end of the file whose value is an array of security objects.
Each security object contains information needed for that type of security.
When you don't have security then you don't need to add anything to the file.
That's easy. To indicate that the API uses an API key you would add a security key to each operation.
This lesson talks about how the Open API Specification handles: security, error, conditions, content type -- meaning the API accepts or returns JSON or JPEG files and so on, and operation IDs.
Security
Security basically means what kind of authentication or authorization is required to be able to access the API
OAS handles four security types.
No security
This is usually reserved for getting information that's easily publicly available.
API key
This means that when you make a request you're sending a key that indicates that the app has permissions to use the API
Basic authentication
It is a standard way of sending the username and password in a header
Although in theory if you're using HTTPS, then the credentials are encrypted
It's generally considered not very secure to be sending the username and password with every request
So people invented a OAuth. OAuth is a complex way of using the username and password to generate a temporary token that indicates that you have authorization to use the API.
The request then uses this token.
And if it gets stolen, it's not a big deal because it expires fairly quickly.
So how do you indicate what kind of security your API uses? Each operation definition has a security key which contains an array of security definition objects.
Usually there's just one element in the array. Then in another part of the file, you have security definitions.
The file contains a security definitions key.
Typically at the end of the file whose value is an array of security objects.
Each security object contains information needed for that type of security.
When you don't have security then you don't need to add anything to the file.
That's easy. To indicate that the API uses an API key you would add a security key to each operation.