Apidog Docs
πŸ‡ΊπŸ‡Έ English
  • πŸ‡ΊπŸ‡Έ English
  • πŸ‡―πŸ‡΅ ζ—₯本θͺž
HomeLearning CenterSupport CenterAPI References
HomeLearning CenterSupport CenterAPI References
Discord Community
Slack Community
X / Twitter
πŸ‡ΊπŸ‡Έ English
  • πŸ‡ΊπŸ‡Έ English
  • πŸ‡―πŸ‡΅ ζ—₯本θͺž
  1. Security schemes
  • Apidog Learning Center
  • Get started
    • Introduce Apidog
    • Navigating Apidog
    • Basic concepts in Apidog
    • Quick Start
      • Overview
      • Specify a new endpoint
      • Make a request to the endpoint
      • Add an assertion
      • Create a test scenario
      • Share your API documentation
      • Explore more
      • Send a request and save as an endpoint
    • Migration to Apidog
      • Overview
      • Manual import
      • Scheduled import
      • Import options
      • Export data
      • Import from...
        • Import from Postman
        • Import OpenAPI (Swagger) spec
        • Import cURL
        • Import Markdowns
        • Import from Insomnia
        • Import from apiDoc
        • Import .har file
        • Import WSDL
  • Design APIs
    • Overview
    • Create a new API project
    • Endpoint basics
    • Components
    • Common fields
    • Global parameters
    • Endpoint change history
    • Batch endpoint management
    • Configure multiple request body examples
    • Schemas
      • Overview
      • Create a new schema
      • Build a schema
      • Generate Schemas from JSON etc.
    • Security schemes
      • Overview
      • Create a security scheme
      • Use the security scheme
      • Security scheme in online documentation
    • Advanced features
      • Custom endpoint fields
      • Import endpoints as test steps
      • Endpoint status
      • Appearance of parameter lists
      • Endpoint unique identification
  • Develop and Debug APIs
    • Overview
    • Generate requests
    • Send requests
    • Endpoint cases
    • Dynamic values
    • Validate responses
    • Design-first Mode & Request-first Mode
    • Generate code
    • Environments & variables
      • Overview
      • Using variables
      • Environments & services
    • Vault secrets
      • Overview
      • HashiCorp Vault
      • Azure Key Vault
      • AWS Secrets Manager
    • Pre/Post processors
      • Overview
      • Assertion
      • Extract variable
      • Wait
      • Database operations
        • Overview
        • MySQL
        • MongoDB
        • Redis
        • Oracle Client
      • Using scripts
        • Overview
        • Pre processor scripts
        • Post processor scripts
        • Public scripts
        • Postman scripts reference
        • Calling other programming languages
        • Using JS libraries
        • Visualizing responses
        • Script examples
          • Assertion scripts
          • Using variables in scripts
          • Using scripts to modify request messages
          • Other examples
    • Dynamic values Modules
  • Mock API data
    • Overview
    • Smart mock
    • Custom mock
    • Mock priority sequence
    • Mock scripts
    • Cloud mock
    • Self-hosted runner mock
    • Mock language (Locales)
  • Automated tests
    • Overview
    • Test reports
    • Test scenarios
      • Create a test scenario
      • Pass data between requests
      • Flow control conditions
      • Sync data from endpoints/endpoint cases
      • Import endpoints/endpoint cases from other projects
      • Export test scenarios
    • Run test scenarios
      • Run a test scenario
      • Data-driven testing
      • Run test scenarios in batch
      • Scheduled tasks
      • Manage the runtime environment of APIs from other projects
    • Test APIs
      • Integration testing
      • Performance testing
      • End-to-end testing
      • Regression testing
    • Apidog CLI
      • Overview
      • Installing and running Apidog CLI
      • Apidog CLI Options
    • CI/CD
      • Overview
      • Integrate with Github Actions
      • Integrate with Jenkins
      • Integrate with Gitlab
      • Trigger Test by Git Commit
  • Publish API Docs
    • Overview
    • API Technologies Supported
    • Quick share
    • View the API documentation
    • Markdown documentations
    • Publish docs sites
    • Custom layouts
    • Custom domain
    • LLM-friendly Features
    • SEO settings
    • Advanced Settings
      • Documentation Search
      • CORS Proxy
      • Integrating Google Analytics with Doc Sites
      • Folder tree settings
      • Visibility settings
      • Embedding values in document URLs
    • API Versions
      • Overview
      • Create API versions
      • Publish API versions
      • Share endpoints with API versions
  • Send requests
    • Overview
    • gRPC
    • Use request proxy agents for debugging
    • SOAP/WebService
    • GraphQL
    • WebSocket
    • SSE debugging
    • Socket.IO
    • Create requests
      • Request History
      • Request basics
      • Parameters and body
      • Request headers
      • Request settings
      • HTTP/2
    • Authentication and authorization
      • Overview
      • CA and client certificates
      • Authorization types supported by Apidog
      • Digest Auth
      • OAuth 1.0
      • OAuth 2.0
      • Hawk Authentication
      • Kerberos
      • NTLM
      • Akamai EdgeGrid
    • Response and cookies
      • Overview
      • API response in Apidog
      • Create and send cookies
      • Debug requests
      • Save the request as an endpoint
  • Branches
    • Overview
    • Create a new sprint branch
    • Test APIs in a branch
    • Design API in a branch
    • Merge sprint branches
    • Manage sprint branches
  • AI Features
    • Overview
    • Enable AI Features
    • Modify Schemas with AI
    • FAQs
  • Apidog MCP Server
    • Overview
    • Connect API Specification within Apidog Project to AI via Apidog MCP Server
    • Connect Online API Documentation Published by Apidog to AI via Apidog MCP Server
    • Connect OpenAPI Files to AI via Apidog MCP Server
  • Best practices
    • How to handle API signatures
    • How to access OAuth 2.0 protected APIs
    • Apidog collaboration workflow
    • Managing authentication state in Apidog
  • Administration
    • Onboarding Checklist
      • Basic Concepts
      • Onboarding Guide
    • Managing Teams
      • Managing Teams
      • Managing Team Members
      • Member Roles & Permission Settings
      • Team Activities
      • Team Resources
        • General Runner
        • Team Variables
        • Request Proxy Agent
      • Real-time Collaborations
        • Team Collaboration
    • Managing Projects
      • Managing Projects
      • Managing Project Members
      • Notification Settings
      • Project Resources
        • Database Connection
    • Managing Organizations
      • Single Sign-On (SSO)
        • SSO Overview
        • Configure Microsoft Entra ID
        • Configure Okta
        • Configure SSO for an Organization
        • Managing user accounts
        • Mapping Groups to Teams
      • SCIM Provisioning
        • Intro to SCIM Provisioning
        • Microsoft Entra ID
        • Okta
      • Organization Resources
        • Self-hosted Runner
  • Billing
    • Overview
    • Credits
    • Unable to use credit cards?
    • Managing subscriptions
    • Upgrade plan
  • Data & Security
    • Where is Apidog's data stored, and how is data security ensured?
    • How is user data stored? Will this data be public? Or will it be private? Will all data be stored in the cloud?
    • When sending requests, do they go through the Apidog server? Is data security ensured?
  • Add-ons
    • API Hub
    • Apidog Intellij IDEA plugin
    • Browser Extension
      • Chrome
      • Microsoft Edge
    • Request Proxy
      • Request proxy in Apidog web
      • Request proxy in shared docs
      • Request proxy in Apidog client
  • Account & preferences
    • Account settings
    • Generate OpenAPI access token
    • Language settings
    • Hot keys
    • Network proxy configuration
    • Data backup
    • Updating Apidog
    • Deleting account
    • Experimental Features
  • References
    • API-Design First Approach
    • Apidog OpenAPI/Swagger Specificaiton Extensions
    • JSONPath
    • XPath
    • Regular Expressions
    • JSON Schema
    • CSV File Format
    • Install Java Environment
    • Runner deployment environment
    • Apidog flavored Markdown
  • Apidog Europe
    • Apidog Europe
  • Support Center
  1. Security schemes

Create a security scheme

Apidog offers a wide range of security scheme types, supporting various authentication methods, including:
1.
API Key – Authenticate using a key passed via Header, Query, or Cookie.
2.
Bearer Token – Authenticate using the Authorization: Bearer header.
3.
JWT – Authenticate with tokens in JSON Web Token format.
4.
Basic Auth – Use a username and password for basic authentication.
5.
Digest Auth – More secure than basic auth.
6.
OAuth 2.0 – A widely adopted authorization standard supporting multiple grant types.
7.
OAuth 1.0 – An earlier version of OAuth with a different signature mechanism.
8.
Hawk Authentication – HMAC-based authentication protocol.
9.
AWS Signature – Signature-based authentication used for Amazon AWS services.
10.
Kerberos – Ticket-based network authentication protocol.
11.
NTLM Authentication – Authentication protocol developed by Microsoft.
12.
Akamai EdgeGrid – Authentication method used by the Akamai API platform.
13.
Customize – Allows you to define and use authentication methods that aren’t natively supported by Apidog.
security-schema-apidog.png

Creating Security Schemes Manually#

1
In your project, navigate to Components β†’ Security Schemes at the left sidebar, then click New Security Scheme.
creating-new-security-scheme-apidog.png
2
Select the security scheme type and fill in the name and relevant configuration.
security-scheme-apidog.png
3
Click Save to complete the creation process.
saving-new-security-scheme-apidog.png
4
In the editing view of the security scheme, click Advanced Configuration at the bottom of the page.
security-scheme-adavanced-configuration.png
The system will display the OAS (OpenAPI Specification) code for the current security scheme, available in both JSON and YAML formats.
security-scheme-oas-code.png
You can directly edit here to define more complex specifications. The system will update the security scheme settings based on your changes.

Creating Security Schemes via OAS Import#

When importing an OpenAPI file that includes security schemes, Apidog will automatically detect and create corresponding security schemes. These will appear in the project’s Security Schemes list.
If security schemes are referenced to specific endpoints or set globally in the OpenAPI file, Apidog will not automatically apply them. After importing the file, you will need to manually assign the security schemes to the relevant endpoints.

Creating OAuth 2.0 Security Scheme#

OAuth 2.0 is a widely used authorization framework, and Apidog offers full support for it. To create an OAuth 2.0 security scheme, configure the following:
1.
Grant Type: Choose from Authorization Code, Client Credentials, Implicit, or Password.
2.
URL Settings: Based on the selected grant type, configure the relevant URLs:
Auth URL
Access Token URL
Refresh URL (optional)
Callback URL (also known as Redirect URL)
3.
Scope Settings (Define the permission scopes your app can request)
Add scope names and descriptions
Configure different sets of scopes for each grant type
oauth-2-0-settings.png
4.
Click the Test button to open the test panel. Fill in the Client ID, Client Secret, and other required fields to test and verify your OAuth 2.0 configuration.
test-oauth-2-0-security-scheme.png
Modified atΒ 2025-04-25 11:25:55
Previous
Overview
Next
Use the security scheme
Built with