Authentication and Authorization[edit]

This tab helps you manage API authentication and authorization using security schemes. Security can be defined globally then inherited by all operations. An operation can override inherited global security.


Open api editor security.png


Add Security Scheme[edit]

To add a security scheme, either select the + button from the local toolbar or right-click the Security Schemes node then select New Security Scheme from the popup menu.


Openapi add security scheme.png


Fill in the security name and type in the wizard then hit Finish.


Openapi security new scheme wizard.png


The newly created security scheme appears in the left and its content in the right editor.


Openapi security new scheme editor.png

Delete Security Scheme[edit]

Select the security scheme you want to delete then click the X button from the local toolbar. Or right-click the scheme to delete then select Delete from the popup menu.


Openapi security delete.png

Update Security Scheme[edit]

Select the security scheme to update. Its content shows up in the right-side editor where you can update it.


Openapi security scheme editor.png

Add OAuth Flow[edit]

To add an OAuth flow, right-click the OAuth security scheme or Flows node (under the security scheme if it already has one), then select New Flow from the popup menu.


Openapi security new flow.png Openapi security new flow2.png


Select a flow type in the wizard then hit Finish;


Openapi security new flow wizard.png


The newly created flow appears selected on the left side and its content in the right-side editor where you can proceed with editing.


Openapi security new flow editor.png

Update OAuth Flow[edit]

Select the OAuth flow to update. Its content which depends on the flow type shows up in the right-side editor where you can update it. The editor also allows you to add/update/remove flow scopes.


Openapi security edit flow.png

Delete OAuth Flow[edit]

Select the OAuth flow you want to delete then click the X button from the local toolbar. Or right-click the OAuth flow to delete then select Delete from the popup menu.


Openapi security delete flow.png

Define Global Security[edit]

Security may be defined globally. That is, on API level, and will apply to all operations/calls. Security can be overridden on operation level, though.

To define security globally, select the bottom Security tab, then select the tab titled: Define Global Security


Openapi security define global editor.png


If you want to you use, in one go, all available security schemes in your global security, check then the check-box beside the root Security Requirements. Uncheck it if you want to use no security at all on a global level.


Openapi security define global checkall.png.png


Otherwise to select-add a security scheme, right-click the root node Security Requirements, then Add Security Scheme (OR) then select the scheme you want.

Note: All security schemes on root level (Security Requirements) are logically OR-ed when evaluated.

If a security scheme has scopes, then check/uncheck the box beside each scope to add/remove it


Openapi security define global add scheme.png


To group a security scheme with another one making a list of them, right-click a security scheme, then select from the AND menu the scheme to add.

Note: All security schemes within a list/group are logically AND-ed when evaluated.


Openapi security define global add and scheme.png

No Global Security Usage[edit]

You can opt for not defining any global security at all. Operations may still have their own security defined locally.

To disable any global security, uncheck the box next to the root node: Security Requirements


Openapi security define global no security.png

Define Operation Security[edit]

You can override global security on the operation level. To do so, go to the Paths tab (at the bottom) then select the operation you want. Select the Security tab where you can define security on the selected operation level.


Openapi security define operation.png


If you want to you use, in one go, all available security schemes in your global security, check then the check-box beside the root Security Requirements. Or uncheck it so that no security will be used on this operation level.


Openapi security define operation or.png


Note: All security schemes on root level (Security Requirements) are logically OR-ed when evaluated.

If a security scheme has scopes, then check/uncheck the box beside each scope to add/remove it


To group a security scheme with another one making a list of them, right-click a security scheme (not the root), then select from the AND menu the scheme to add.

Note: All security schemes within a list/group are logically AND-ed when evaluated.


Openapi security define operation and.png

Inherit Global Security[edit]

Globally defined security is inherited automatically by all operations unless overridden by individual operations. An operation may choose to use less, more, or no security at all.

If you want to restore operation security back to default global security. Then, select the operation from the left view, right-click the root node: Security Requirements (in the right editor), and select Inherit Global Security from the pop-up menu.


Openapi security define operation inherit.png

No Security On Operation Level[edit]

An operation may opt for not using any security at all by overriding the globally defined security.

Select the operation from the left view, right-click the root node: Security Requirements (in the right editor) and select Don't Use Any Security from the pop-up menu.


Openapi security define operation no security.png