Swagger OpenApi 3.0 JSON spec for Authorization Bearer

OpenApi 30 swaggerJSON example

Today in this article, we shall see an example of Swagger OpenApi 3.0 JSON spec for Authorization Bearer within OpenAPI( Swagger V3.0) specification.

Today in this article, we will cover below aspects,

If you need to verify Swagger v2.0 then we will also see corresponding JSON files.

Bearer authentication is an HTTP authentication scheme where the client must send the security tokens called bearer tokens within the Authorization header when making requests to restricted resources.

Authorization: Bearer <token>

Understanding Global Vs Operation level security scheme

  • Global Authentication scheme

Global authentication scheme gets applied to all REST API within API/Controllers and can be executed on all API decorated. That means every API with a secured header needs to provide a secured header before accessing restricted resources.

  • Operation level Authentication scheme

Operation level authentication scheme gets applied to on specific REST API within API/Controllers.

Swagger JSON OpenApi 3.0 spec – Global security scheme

Below is a sample example for OpenAPI 3.0 swagger spec, which details how to represents the details for global level security scheme,

represent authorization bearer token in a swagger spec json Swagger JSON OpenApi 30 spec

In OpenAPI 3.0 above specification is explained as below,

  • Define the security scheme under components/securitySchemes
  • Define type as “http” and schema as “bearer
  • Define the security attribute keyword to apply this scheme to the desired scope – global level

Swagger JSON OpenApi 3.0 spec – Operation security scheme

Below is a sample example for OpenAPI 3.0 swagger spec, which details how to represents the JSON for operation level security scheme,

Swagger OpenApi 30 JSON spec for Authorization Bearer

Sample example,

{
  "openapi": "3.0.1",
  "info": {
    "title": "TheCodeBuzz-Service",
    "version": "v1"
  },
  "paths": {
    "/api/Pay": {
      "get": {
        "tags": [
          "Pay"
        ],
        "responses": {
          "200": {
            "description": "Success",
            "content": {
              "text/plain": {
                "schema": {
                  "$ref": "#/components/schemas/Employee"
                }
              },
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/Employee"
                }
              },
              "text/json": {
                "schema": {
                  "$ref": "#/components/schemas/Employee"
                }
              }
            }
          },
          "401": {
            "description": "Unauthorized"
          },
          "403": {
            "description": "Forbidden"
          }
        },
        "security": [
          {
            "bearerAuth": []
          }
        ]
      }
    }
  },
  "components": {
    "schemas": {
      "Employee": {
        "type": "object",
        "properties": {
          "id": {
            "type": "string",
            "nullable": true,
            "readOnly": true
          },
          "name": {
            "type": "string",
            "nullable": true,
            "readOnly": true
          }
        },
        "additionalProperties": false
      }
    },
    "securitySchemes": {
      "bearerAuth": {
        "type": "http",
        "description": "JWT Authorization header using the Bearer scheme.",
        "scheme": "bearer",
        "bearerFormat": "JWT"
      }
    }
  }
}

In OpenAPI 3.0 above specification is explained as below,

  • Security scheme is defined under components/securitySchemes
  • Define type as “http” and schema as “bearer
  • Define the security attribute keyword to apply this scheme to the desired operation i.e at operation level.

References:

Do you have any comments or ideas or any better suggestions to share?

Please sound off your comments below.

Happy Coding !!



Please bookmark this page and share it with your friends. Please Subscribe to the blog to receive notifications on freshly published(2024) best practices and guidelines for software design and development.



Leave a Reply

Your email address will not be published. Required fields are marked *