Forum Discussion

KF4UYC's avatar
KF4UYC
New Contributor
7 months ago

Authorization Tag For Basic BASE64 Encoding

According to the 3.x documentation, I should be able to set global security authentication using the Authorization Object:

Basic authentication is a simple authentication scheme built into the HTTP protocol. The client sends HTTP requests with the Authorization header that contains the word Basic word followed by a space and a base64-encoded string username:password. For example, to authorize as demo / p@55w0rd the client would send

Authorization: Basic ZGVtbzpwQDU1dzByZA==

I have a vendor API that requires BASE64 authentication encoding but I cannot figure out where this object would be inserted.  After reading the above Swagger documentation excerpt, I have tried in the security section for each path, tried building a security schema setting the type to http and scheme to basic, tried inserting it at the top but everything I tried has been found to be unacceptable.  The examples show how to do http/basic authentication but no where does it show the actual implementation of the object in the above example from the Swagger documentation.

Trying through the 3.0.3 version.  Any help is most appreciated!

  • Hi KF4UYC

    You can indeed configure an OpenAPI description to mandate BASE64 auth.

    First, add a `basic` security scheme to the components object

    components:
      securitySchemes:
        basicAuth:
          type: http
          scheme: basic

    Next, add a security section to apply the scheme to all API paths

    security:
      - basicAuth: []

    Once done, if you you can 'authorize' (enter username / pw) via Swagger UI

    I've put together a very simple API to showcase at: Simple API with Basic Auth

    If possible, I'd move onto something more robust that basic auth, but I'm assuming your constrained by the vendor in this case.

  • Hi KF4UYC

    You can indeed configure an OpenAPI description to mandate BASE64 auth.

    First, add a `basic` security scheme to the components object

    components:
      securitySchemes:
        basicAuth:
          type: http
          scheme: basic

    Next, add a security section to apply the scheme to all API paths

    security:
      - basicAuth: []

    Once done, if you you can 'authorize' (enter username / pw) via Swagger UI

    I've put together a very simple API to showcase at: Simple API with Basic Auth

    If possible, I'd move onto something more robust that basic auth, but I'm assuming your constrained by the vendor in this case.