Security > Authentication
Most of the security measures defined in the security section of the API definition are to do with authenticating the API consumer one way or another. This is only natural because knowing who accesses your API creates the basis of additional security, such as authorization or non-repudiation.
API definitions have security components on both global and operation level. Global components are at the top level and apply to the whole API. Operation-level components apply only to the individual API operations in question.
Most of the global components are only available at the global level. Some, like the
security component, can also exist on the operation level. The global level component provides the default behavior. On the operation level, you can override the global component and provide a specific exception to the behavior.
Contents in this section:
- Credentials transported over the network
- Access tokens transported as cleartext
- Credentials sent as cleartext
- The ‘security’ section contains an empty security requirement
- The ‘security’ section contains an empty array
- Transporting credentials over the network allowed
- Transporting access tokens as cleartext allowed
- The ‘security’ section is undefined
- The ‘securityDefinitions’ section is not defined
- Sending credentials as cleartext allowed