API Security


#1

Can somebody please explain how security in RAML works. All of the examples seem to relate to using OAuth. My API simply needs to get a token ensure that the token exists in the header for all subsequent requests. I can’t seem to find anything that covers how to do this.

Regards,

Carl


#2

Hi Carl,

you can define your security schemes globally like that:

securitySchemes:
  - simple_token:
      description: security token which has to be provided in the header
      type: x-simple_token
      describedBy:
        headers:
          Authorization:
            description: |
              the security token you have to provide
            type: string
            
securedBy: [ simple_token ]

/resource1:
/resource2:

In this example you secure both resources by defining securedBy globally with simple_token which is your custom security schema (custom using the type x-{thenameofyourcustomschema}).

Does this answer your question?

Cheers,
Christian


#3

There is another post in the forum talking about custom security schemes. Unfortunately, I was not able to put in the link. :confused:


#4

Just to be clear, the securitySchemes and securedBy is mostly for documentation purposes correct? I am trying to undersand how something like the JAX-RS generator would use it (if it does?), or if this is primarily to help document resources that are implemented with security.


#5

So far is primarily for documentation, indeed!


#6

Hi, I defined the securedBy before the resources as you instructed. Now, how do I skip over a particular method of a resource? Thanks in advance!