Basic Authentication
Basic authentication is a very simple authentication scheme that is built into the HTTP protocol. The client sends HTTP requests with the Authorization header that contains the Basic word followed by a space and a base64-encoded username:password string. For example, a header containing the demo / p@55w0rd credentials would be encoded as:
1Authorization: Basic ZGVtbzpwQDU1dzByZA==Note: Because base64 is easily decoded, Basic authentication should only be used together with other security mechanisms such as HTTPS/SSL.
Basic authentication is easy to define. In the global securityDefinitions section, add an entry with type: basic and an arbitrary name (in this example - basicAuth). Then, apply security to the whole API or specific operations by using the security section.
1securityDefinitions:2 basicAuth:3 type: basic4
5# To apply Basic auth to the whole API:6security:7 - basicAuth: []8
9paths:10 /something:11 get:12 # To apply Basic auth to an individual operation:13 security:14 - basicAuth: []15 responses:16 200:17 description: OK (successfully authenticated)401 Response
You can also define the 401 “Unauthorized” response returned for requests with missing or incorrect credentials. This response includes the WWW-Authenticate header, which you may want to mention. As with other common responses, the 401 response can be defined in the global responses section and referenced from multiple operations.
1paths:2 /something:3 get:4 ...5 responses:6 ...7 401:8 $ref: '#/responses/UnauthorizedError'9 post:10 ...11 responses:12 ...13 401:14 $ref: '#/responses/UnauthorizedError'15responses:16 UnauthorizedError:17 description: Authentication information is missing or invalid18 headers:19 WWW_Authenticate:20 type: stringDid not find what you were looking for? Ask the community
Found a mistake? Let us know