jonthegeek
commented
11 months ago Note: appwrite.io:server has 4 apiKey schemes, but 2 of them are really just universal parameters (locale and "Your Project ID"), so they aren't redundant. They're only redundant if they're in the same location and have the same name (eg, two fields named "api_key" in "query"), and even then be careful to make sure!
I also just saw one that's secretly a bearer token but they tell you that in the description (apideck.com:crm), so also watch out for those!
FEC has 3 security schemes, each of which is included in the default options, and none of which are referenced anywhere else. They're all api_key schemes. They can be whittled down to the first, most-secure one (the one that passes in header).
Definitely get rid of schemes that aren't referenced in
pathsnor inrapid::security_requirements. Try to also eliminate redundant ones.