Spec for token as parameter? Everywhere or single place?


#1

Regarding the RAML doc site http://raml.org/docs.html

Here are two questions regarding that:

If I want to require valid token for each API request to my resources, i.e., regardless it’s ‘books’ or ‘users’ or ‘authors’, how should I describe such a requirement? I have to copy&paste the token parameter all around the place?

Thanks,
Sean


#2

Hi Sean,
In general, if you just want to add parameters to a set of resources/methods (actually, methods), you can make use of traits.
But, before going for this option, please, make sure you aren’t trying to “secure” your API. You could use a trait for that too, but it’s usually recommended to go for securitySchemes. The last ones are more specific for what it seems you are trying to do.
Let me know if that helps.

Regards,
Norberto.


#3

Hi Sean,

I want to add something to @nohorbee answer. The good thing about using securitySchemes is that you can actually use them at global/root level to apply them automatically to all resources.

But this really depends on your use case, but it seems that you want to secure your resources, right?

Cheers