OAS 2 This page applies to OpenAPI Specification ver. 2 (fka Swagger).
To learn about the latest version, visit OpenAPI 3 pages.
is a very simple authentication scheme that is built into the HTTP protocol. The client sends HTTP requests with the Authorization header that contains the
word followed by a space and a base64-encoded
string. For example, a header containing the
credentials would be encoded as:
Authorization: Basic ZGVtbzpwQDU1dzByZA==
Note: Because base64 is easily decoded, Basic authentication should only be used together with other security mechanisms such as HTTPS/SSL.
Basic authentication is easy to define. In the global
securityDefinitions section, add an entry with
type: basic and an arbitrary name (in this example - basicAuth). Then, apply security to the whole API or specific operations by using the
# To apply Basic auth to the whole API:
- basicAuth: 
# To apply Basic auth to an individual operation:
- basicAuth: 
description: OK (successfully authenticated)
You can also define the 401 "Unauthorized" response returned for requests with missing or incorrect credentials. This response includes the
header, which you may want to mention. As with other common responses, the 401 response can be defined in the global
section and referenced from multiple operations.
description: Authentication information is missing or invalid
Did not find what you were looking for? Ask the community
Found a mistake? Let us know