Describing authentication schemes

When using the swagger-ui frontend, it is possible to interact with the API described by your Swagger document. This interaction might require authentication, which you will have to describe in order to make swagger-ui work with it.

Security definitions

The first step that you have to do is add a SECURITY_DEFINITIONS setting to declare all authentication schemes supported by your API.

For example, the definition for a simple API accepting HTTP basic auth and Authorization header API tokens would be:

      'Basic': {
            'type': 'basic'
      'Bearer': {
            'type': 'apiKey',
            'name': 'Authorization',
            'in': 'header'

Security requirements

The second step is specifying, for each endpoint, which authentication mechanism can be used for interacting with it. See for details.

By default, a top-level security that accepts all the declared security definitions is generated. For the example above, that would be [{'Basic': []}, {'Bearer': []}]. This can be overriden using the SECURITY_REQUIREMENTS setting.

Operation-level overrides can be added using the security parameter of @swagger_auto_schema.