Swagger supports security of api key, but that seems to be limited to a single parameter.
Is there a way to define a set of parameters (key and secret) that are expected as parameters in a request?
Or is the only way just to skip the security scheme, and just add those parameters to every request?
API keys provide project authorization By identifying the calling project, you can use API keys to associate usage information with that project. API keys allow the Extensible Service Proxy (ESP) to reject calls from projects that haven't been granted access or enabled in the API.
A better approach is to pass it in header of request url. you can set user-key header in your code . For testing your request Url you can use Postman app in google chrome by setting user-key header to your api-key.
API Key Generation Since the API key itself is an identity by which to identify the application or the user, it needs to be unique, random and non-guessable. API keys that are generated must also use Alphanumeric and special characters. An example of such an API key is zaCELgL. 0imfnc8mVLWwsAawjYr4Rx-Af50DDqtlx .
Yes, OpenAPI (Swagger) 2.0 and 3.0 let you define multiple security definitions and mark an operation as requiring multiple securities, such as a pair of API keys.
In the following example, I'm defining two API keys, Key and SecretKey, both of which should be present in the headers of each request in order to get authenticated.
swagger: '2.0'
info:
  version: 0.0.0
  title: Simple API
securityDefinitions:
  key:
    type: apiKey
    in: header
    name: Key
  secret_key:
    type: apiKey
    in: header
    name: SecretKey
# Or if you use OpenAPI 3.0:
# components:
#   securitySchemes:
#     key:
#       type: apiKey
#       in: header
#       name: Key
#     secret_key:
#       type: apiKey
#       in: header
#       name: SecretKey
paths:
  /:
    get:
      # Both 'Key' and 'SecretKey' must be used together
      security:
        - key: []
          secret_key: []
      responses:
        200:
          description: OK
Note that this is different from
      security:
        - key: []
        - secret_key: []  # <-- Note the leading dash here
which means the endpoint expects either Key or SecretKey, but not both.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With