Apidog Docs
🇺🇸 English
  • 🇺🇸 English
  • 🇯🇵 日本語
HomeLearning CenterSupport CenterAPI ReferencesChangelog
HomeLearning CenterSupport CenterAPI ReferencesChangelog
Discord Community
Slack Community
X / Twitter
🇺🇸 English
  • 🇺🇸 English
  • 🇯🇵 日本語
  1. Security schemes
  • Apidog Learning Center
  • Get started
    • Introduce Apidog
    • Navigating Apidog
    • Basic concepts in Apidog
    • Quick Start
      • Overview
      • Specify a new endpoint
      • Make a request to the endpoint
      • Add an assertion
      • Create a test scenario
      • Share your API documentation
      • Explore more
      • Send a request and save as an endpoint
    • Migration to Apidog
      • Overview
      • Manual import
      • Scheduled import
      • Import options
      • Export data
      • Import from...
        • Import from Postman
        • Import OpenAPI (Swagger) spec
        • Import cURL
        • Import Markdowns
        • Import from Insomnia
        • Import from apiDoc
        • Import .har file
        • Import WSDL
  • Design APIs
    • Overview
    • Organization method of endpoints
    • Endpoint basics
    • Components
    • Common fields
    • Global parameters
    • Endpoint change history
    • Batch endpoint management
    • Configure multiple request body examples
    • Module
    • Schemas
      • Overview
      • Create a new schema
      • Build a schema
      • Generate Schemas from JSON etc.
    • Security schemes
      • Overview
      • Create a security scheme
      • Use the security scheme
      • Security scheme in online documentation
    • Advanced features
      • Custom endpoint fields
      • Import endpoints as test steps
      • Endpoint status
      • Appearance of parameter lists
      • Endpoint unique identification
  • Develop and Debug APIs
    • Overview
    • Generate requests
    • Send requests
    • Endpoint cases
    • Dynamic values
    • Validate responses
    • Design-first Mode & Request-first Mode
    • Generate code
    • Environments & variables
      • Overview
      • Using variables
      • Environment Management
    • Vault secrets
      • Overview
      • HashiCorp Vault
      • Azure Key Vault
      • AWS Secrets Manager
    • Pre/Post processors
      • Overview
      • Assertion
      • Extract variable
      • Wait
      • Database operations
        • Overview
        • MySQL
        • MongoDB
        • Redis
        • Oracle Client
      • Using scripts
        • Overview
        • Pre processor scripts
        • Post processor scripts
        • Public scripts
        • Postman scripts reference
        • Calling other programming languages
        • Using JS libraries
        • Visualizing responses
        • Script examples
          • Assertion scripts
          • Using variables in scripts
          • Using scripts to modify request messages
          • Other examples
    • Dynamic values Modules
  • Mock API data
    • Overview
    • Smart mock
    • Custom mock
    • Mock priority sequence
    • Mock scripts
    • Cloud mock
    • Self-hosted runner mock
    • Mock language (Locales)
  • Automated tests
    • Overview
    • Test reports
    • Test scenarios
      • Create a test scenario
      • Pass data between requests
      • Flow control conditions
      • Sync data from endpoints/endpoint cases
      • Import endpoints/endpoint cases from other projects
      • Export test scenarios
    • Run test scenarios
      • Run a test scenario
      • Data-driven testing
      • Run test scenarios in batch
      • Scheduled tasks
      • Manage the runtime environment of APIs from other projects
    • Test APIs
      • Integration testing
      • Performance testing
      • End-to-end testing
      • Regression testing
    • Apidog CLI
      • Overview
      • Installing and running Apidog CLI
      • Apidog CLI Options
    • CI/CD
      • Overview
      • Integrate with Github Actions
      • Integrate with Jenkins
      • Integrate with Gitlab
      • Trigger Test by Git Commit
  • Publish API Docs
    • Overview
    • API Technologies Supported
    • Quick share
    • View the API documentation
    • Markdown documentations
    • Publish docs sites
    • Custom layouts
    • Custom CSS, JavaScript, HTML
    • Custom domain
    • LLM-friendly Features
    • SEO settings
    • Advanced Settings
      • Documentation Search
      • CORS Proxy
      • Integrating Google Analytics with Doc Sites
      • Folder tree settings
      • Visibility settings
      • Embedding values in document URLs
    • API Versions
      • Overview
      • Create API versions
      • Publish API versions
      • Share endpoints with API versions
  • Send requests
    • Overview
    • SSE debugging
    • Socket.IO
    • WebSocket
    • Webhook
    • SOAP/WebService
    • GraphQL
    • gRPC
    • Use request proxy agents for debugging
    • Create requests
      • Request History
      • Request basics
      • Parameters and body
      • Request headers
      • Request settings
      • HTTP/2
    • Authentication and authorization
      • Overview
      • CA and client certificates
      • Authorization types supported by Apidog
      • Digest Auth
      • OAuth 1.0
      • OAuth 2.0
      • Hawk Authentication
      • Kerberos
      • NTLM
      • Akamai EdgeGrid
    • Response and cookies
      • Overview
      • API response in Apidog
      • Create and send cookies
      • Debug requests
      • Save the request as an endpoint
  • Branches
    • Overview
    • Create a new sprint branch
    • Test APIs in a branch
    • Design API in a branch
    • Merge sprint branches
    • Manage sprint branches
  • AI Features
    • Overview
    • Enable AI Features
    • Modify Schemas with AI
    • FAQs
  • Apidog MCP Server
    • Overview
    • Connect API Specification within Apidog Project to AI via Apidog MCP Server
    • Connect Online API Documentation Published by Apidog to AI via Apidog MCP Server
    • Connect OpenAPI Files to AI via Apidog MCP Server
  • Best practices
    • How to handle API signatures
    • How to access OAuth 2.0 protected APIs
    • Apidog collaboration workflow
    • Managing authentication state in Apidog
  • Offline Space
    • Overview
  • Administration
    • Onboarding Checklist
      • Basic Concepts
      • Onboarding Guide
    • Managing Teams
      • Managing Teams
      • Managing Team Members
      • Member Roles & Permission Settings
      • Team Activities
      • Team Resources
        • General Runner
        • Team Variables
        • Request Proxy Agent
      • Real-time Collaborations
        • Team Collaboration
    • Managing Projects
      • Managing Projects
      • Managing Project Members
      • Notification Settings
      • Project Resources
        • Database Connection
    • Managing Organizations
      • Single Sign-On (SSO)
        • SSO Overview
        • Configure Microsoft Entra ID
        • Configure Okta
        • Configure SSO for an Organization
        • Managing user accounts
        • Mapping Groups to Teams
      • SCIM Provisioning
        • Intro to SCIM Provisioning
        • Microsoft Entra ID
        • Okta
      • Organization Resources
        • Self-hosted Runner
  • Billing
    • Overview
    • Credits
    • Unable to use credit cards?
    • Managing subscriptions
    • Upgrade plan
  • Data & Security
    • Where is Apidog's data stored, and how is data security ensured?
    • How is user data stored? Will this data be public? Or will it be private? Will all data be stored in the cloud?
    • When sending requests, do they go through the Apidog server? Is data security ensured?
  • Add-ons
    • API Hub
    • Apidog Intellij IDEA plugin
    • Browser Extension
      • Chrome
      • Microsoft Edge
    • Request Proxy
      • Request proxy in Apidog web
      • Request proxy in shared docs
      • Request proxy in Apidog client
  • Account & preferences
    • Account settings
    • Generate OpenAPI access token
    • Language settings
    • Hot keys
    • Network proxy configuration
    • Data backup
    • Updating Apidog
    • Deleting account
    • Experimental Features
  • References
    • API-Design First Approach
    • Apidog OpenAPI/Swagger Specificaiton Extensions
    • JSONPath
    • XPath
    • Regular Expressions
    • JSON Schema
    • CSV File Format
    • Install Java Environment
    • Runner deployment environment
    • Apidog flavored Markdown
  • Apidog Europe
    • Apidog Europe
  • Support Center
  1. Security schemes

Use the security scheme

Configure Security Schemes at the Folder Level#

1
Select any folder, click the Auth tab on the right, and choose Security Scheme as the authentication type.
choosing-security-scheme-auth-type.png
2
Select the desired Security Scheme from the dropdown menu.
selecting-desired-security-scheme.png
3
If you choose OAuth 2.0 as the security scheme, you can further select the required Scopes.
selecting-security-scheme-scope.png
Security schemes configured at the folder level will apply to all subfolders and endpoints under that folder, unless they have their own auth configuration.

Configure Security Schemes at the Endpoint Level#

1
Select any endpoint and go to the Edit tab on the right. At the Request section, choose Security Scheme as the authorization type.
configuring-security-scheme-endpoint-level.png
2
Select the desired Security Scheme from the dropdown menu.
selecting-desired-security-scheme-endpoint.png
3
If you choose OAuth 2.0 as the security scheme, you can further select the required Scopes.
selecting-endpoint-security-scheme-scope.png
Auth settings configured at the endpoint level will override those at the folder level.

Set Default Values for Security Scheme#

Security scheme only define the auth method. You still need to provide actual auth values when debugging endpoints.
To avoid repeatedly filling in auth values during endpoint debugging, Apidog allows you to set default auth values. Once set, these defaults are used automatically during debugging, unless manually overridden. If a folder has default auth values configured, all endpoints under it can use them.
1
Choose a security scheme from the list and set a Default Auth Values.
default-auth-value.png
2
Fill in values based on the authentication type:
API Key:Enter your key
Basic Auth:Enter username and password
Bearer Token:Enter the token
OAuth 2.0:Enter client ID, client secret, etc.
Other methods: Fill in corresponding values

Inherit & Customize Auth Values#

When using security scheme, you can either:
1.
Inherit from parent folder: Use the security scheme and default values defined in the parent or root folder.
inherit-security-scheme.png
2.
Customize auth values:Keep the same security scheme, but override its default values.
customize-security-scheme.png

Use Multiple Security Schemes#

Apidog supports configuring multiple security schemes for a single endpoint, which aligns with the multiple authentication types mechanisms defined in the OpenAPI spec:
AND:Security schemes combined via AND must be used simultaneously in the same request(coming soon).
OR: Security schemes combined via OR are alternatives – any one can be used in the given context.
Use the + button in the Auth settings to add more security schemes.
add-multiple-security-schemes.png

Choosing Scopes for OAuth 2.0 Security Scheme#

According to the OpenAPI spec, when creating an OAuth 2.0 security scheme, all possible Scopes should be defined. When using it in an endpoint, you must select the required scopes.
To make things easier, Apidog allows you to set default scopes at the folder level. These defaults will apply to all endpoints in the folder — unless you manually set different scopes at the endpoint level.
1
In the endpoint’s Auth settings, select OAuth 2.0.
2
Under the Scopes section, you can view all available scopes defined by the security scheme and select the ones needed.
choose-auth-scopes-endpoint-level.png
3
If the endpoint inherits scopes from a parent folder, you can click Reset the scopes to the configuration of the parent folder to revert to the parent configuration.
reset-scope-settings.png

Debugging Endpoints with OAuth 2.0 Security Scheme#

You can pre-configure a token as the default value for OAuth 2.0 security scheme, so you don’t need to obtain a new token every time you debug an API.

Get Token at the Folder Level as the Default Auth Value#

1
Select a folder, go to the Auth tab, choose an OAuth 2.0 security scheme, select scopes and grant type, then click Get Token.
get-auth-2-0-token-folder-level.png
2
In the pop-up panel:
Enter the client ID, client secret, etc.
Click Continue
test-oauth-2-0-token-security-scheme.png
3
After getting the token, you can view its details, including when it expires. This token can be used across all endpoints in the folder.
view-token-details-folder.png

Get Token at the Endpoint Level as the Default Auth Value#

1
Select the desired endpoint, go to Edit, choose an OAuth 2.0 security scheme, and click Get Token.
get-token-endpoint-level.png
2
In the pop-up panel:
Enter the client ID, client secret, etc.
Click Continue
test-oauth-2-0-token-security-scheme-endpoint-level.png
3
Complete the authorization to get a token
The token will be used for debugging this endpoint
view-token-details-folder.png

Use a Default Token or Generate a New One for Endpoint Debugging#

When debugging an endpoint in Apidog, you have two options to apply an auth token:
Method 1: Use a Default Auth Token
When running an endpoint, go to the Auth tab under the Run panel. Select Use Parent Default Auth Values. The default auth token configured in the parent folder will be automatically applied to the endpoint request.
use a default auth token for endpoint debugging.png
Method 2: Generate a New Token
1
When running an endpoint, go to the Auth tab under the Run panel. Select Set Manually. Click Get Token to open the token generation panel.
generate a new token for endpoint debugging.png
2
In the pop-up panel:
Enter the client ID, client secret, etc.
Click Continue
fill information for generating new token.png
3
Complete the authorization to get a token
The token will be used for debugging the current endpoint
Modified at 2025-04-25 11:25:55
Previous
Create a security scheme
Next
Security scheme in online documentation
Built with