Apidog Docs
πŸ‡ΊπŸ‡Έ English
  • πŸ‡ΊπŸ‡Έ English
  • πŸ‡―πŸ‡΅ ζ—₯本θͺž
HomeLearning Center
Support CenterAPI ReferencesDownloadChangelog
HomeLearning Center
Support CenterAPI ReferencesDownloadChangelog
Discord Community
Slack Community
X / Twitter
πŸ‡ΊπŸ‡Έ English
  • πŸ‡ΊπŸ‡Έ English
  • πŸ‡―πŸ‡΅ ζ—₯本θͺž
πŸ‡ΊπŸ‡Έ English
  • πŸ‡ΊπŸ‡Έ English
  • πŸ‡―πŸ‡΅ ζ—₯本θͺž
  1. Security Schemes
  • Apidog Learning Center
  • Getting Started
    • Introduction to Apidog
    • Basic Concepts in Apidog
    • Navigating Apidog
    • Quick Start
      • Overview
      • Creating an Endpoint
      • Making a Request
      • Adding an Assertion
      • Creating Test Scenarios
      • Sharing API Documentation
      • Explore More
    • Migration to Apidog
      • Overview
      • Manual Import
      • Scheduled Import (Bind Data Sources)
      • Import Options
      • Export Data
      • Import From
        • Import from Postman
        • Import OpenAPI Spec
        • Import cURL
        • Import Markdowns
        • Import from Insomnia
        • Import from apiDoc
        • Import .har File
        • Import WSDL
  • Design APIs
    • Overview
    • Create a New API Project
    • Endpoint Basics
    • APl Design Guidelines
    • Module
    • Configure Multiple Request Body Examples
    • Components
    • Common Fields
    • Global Parameters
    • Endpoint Change History
    • Comments
    • Batch Endpoint Management
    • Custom Protocol API
    • Schemas
      • Overview
      • Create a New Schema
      • Build a Schema
      • Generate Schemas from JSON Etc
      • oneOf, allOf, anyOf
      • Using Discriminator
    • Security Schemes
      • Overview
      • Create a Security Scheme
      • Use the Security Scheme
      • Security Scheme in Online Documentation
    • Advanced Features
      • Custom Endpoint Fields
      • Associated Test Scenarios
      • Endpoint Status
      • Appearance of Parameter Lists
      • Endpoint Unique Identification
  • Develop and Debug APIs
    • Overview
    • Generating Requests
    • Sending Requests
    • Debugging Cases
    • Test Cases
    • Dynamic Values
    • Validating Responses
    • Design-First vs Request-First
    • Generating Code
    • Environments & Variables
      • Overview
      • Environment Management
      • Using Variables
    • Vault Secrets
      • Overview
      • HashiCorp Vault
      • Azure Key Vault
      • AWS Secrets Manager
    • Pre and Post Processors
      • Assertion
      • Extract Variable
      • Wait
      • Overview
      • Database Operations
        • Overview
        • MySQL
        • MongoDB
        • Redis
        • Oracle Client
      • Using Scripts
        • Overview
        • Pre Processor Scripts
        • Post Processor Scripts
        • Public Scripts
        • Postman Scripts Reference
        • Calling Other Programming Languages
        • Using JS Libraries
        • Visualizing Responses
        • Script Examples
          • Assertion Scripts
          • Using Variables
          • Modifying Requests
          • Other Examples
    • Dynamic Values Modules
  • Mock API Data
    • Overview
    • Smart Mock
    • Custom Mock
    • Mock Priority Sequence
    • Mock Scripts
    • Cloud Mock
    • Self-Hosted Runner Mock
    • Mock Language (Locales)
  • API Testing
    • Overview
    • Test Scenarios
      • Create a Test Scenario
      • Pass Data Between Requests
      • Flow Control Conditions
      • Sync Data from Endpoints and Endpoint Cases
      • Import Endpoints and Endpoint Cases from Other Projects
      • Export Test Scenarios
    • Run Test Scenarios
      • Run a Test Scenario
      • Run Test Scenarios in Batch
      • Manage Runtime Environment of APIs from Other Projects
      • Data-Driven Testing
      • Scheduled Tasks
    • Test Suite
      • Overview
      • Create A Test Suite
      • Orchestrate Test Suite
      • Run Test Suites Locally
      • Run Test Suites Via CLI
      • Scheduled tasks
    • Test Reports
      • Test Reports
    • Test APIs
      • Integration Testing
      • Performance Testing
      • End-to-End Testing
      • Regression Testing
      • Contract Testing
    • Apidog CLI
      • Overview
      • Installing and Running Apidog CLI
      • Apidog CLI Options
    • CI CD
      • Overview
      • Integrate with Gitlab
      • Integrate with Jenkins
      • Trigger Test by Git Commit
      • Integrate with Github Actions
  • Publish API Docs
    • Overview
    • API Technologies Supported
    • Quick Share
    • Viewing API Documentation
    • Markdown Documentation
    • Publishing Documentation Sites
    • Custom Layouts
    • Custom CSS, JavaScript, HTML
    • Custom Domain
    • LLM-Friendly Features
    • SEO Settings
    • Advanced Settings
      • Documentation Search
      • CORS Proxy
      • Integrating Google Analytics with Doc Sites
      • Folder Tree Settings
      • Visibility Settings
      • Embedding Values in Document URLs
    • API Versions
      • Overview
      • Creating API Versions
      • Publishing API Versions
      • Sharing Endpoints with API Versions
  • Send Requests
    • Overview
    • SSE Debugging
    • MCP Client
    • Socket.IO
    • WebSocket
    • Webhook
    • SOAP or WebService
    • GraphQL
    • gRPC
    • Use Request Proxy Agents for Debugging
    • Create Requests
      • Request History
      • Request Basics
      • Parameters and Body
      • Request Headers
      • Request Settings
      • Debug Requests
      • Saving Requests as Endpoints
      • HTTP/2
    • Response and Cookies
      • Viewing API Responses
      • Managing Cookies
      • Overview
    • Authentication and Authorization
      • Overview
      • CA and Client Certificates
      • Authorization Types
      • Digest Auth
      • OAuth 1.0
      • OAuth 2.0
      • Hawk Authentication
      • Kerberos
      • NTLM
      • Akamai EdgeGrid
  • Branches
    • Overview
    • Creating a Sprint Branch
    • Testing APIs in a Branch
    • Designing APIs in a Branch
    • Merging Sprint Branches
    • Managing Sprint Branches
  • AI Features
    • Overview
    • Enabling AI Features
    • Generating Test Cases
    • Modifying Schemas with AI
    • Endpoint Compliance Check
    • API Documentation Completeness Check
    • AI-Powered Field Naming
    • FAQs
  • Apidog MCP Server
    • Overview
    • Connect Apidog Project to AI
    • Connect Published Documentation to AI
    • Connect OpenAPI Files to AI
  • Best Practices
    • Handling API Signatures
    • Accessing OAuth 2.0 Protected APIs
    • Collaboration Workflow
    • Managing Authentication State
  • Offline Space
    • Overview
  • Administration
    • Managing Teams
      • Managing Teams
      • Managing Team Members
      • Member Roles & Permission Settings
      • Team Activities
      • Team Resources
        • General Runner
        • Team Variables
        • Request Proxy Agent
      • Real-time Collaborations
        • Team Collaboration
    • Onboarding Checklist
      • Basic Concepts
      • Onboarding Guide
    • Managing Projects
      • Managing Projects
      • Managing Project Members
      • Notification Settings
      • Project Resources
        • Database Connection
        • Git Connection
    • Managing Organization
      • Managing Organization
      • Single Sign-On (SSO)
        • SSO Overview
        • Configuring Microsoft Entra ID
        • Configuring Okta
        • Configuring SSO for an Organization
        • Managing User Accounts
        • Mapping Groups to Teams
      • SCIM Provisioning
        • Introduction to SCIM Provisioning
        • Microsoft Entra ID
        • Okta
      • Plans Management
        • Billing Managers in Organizations
      • Organization Resources
        • Self-Hosted Runner
  • Billing
    • Overview
    • Credits
    • Unable to use credit cards
    • Managing subscriptions
    • Upgrade plan
    • How to move a paid team to a organization
  • Data & Security
    • Apidog data storage location and security
    • User data privacy and storage location
    • Request routing and data security
  • Add-ons
    • API Hub
    • Apidog Intellij IDEA plugin
    • Browser Extension
      • Chrome
      • Microsoft Edge
    • Request Proxy
      • Request proxy in Apidog web
      • Request proxy in shared docs
      • Request proxy in Apidog client
  • Account & preferences
    • Account settings
    • Generate OpenAPI access token
    • Notification
    • Language settings
    • Hot keys
    • Network proxy configuration
    • Data backup
    • Updating Apidog
    • Deleting account
    • Experimental Features
  • References
    • API-Design First Approach
    • Apidog OpenAPI Specificaiton Extensions
    • JSONPath
    • XPath
    • Regular Expressions
    • JSON Schema
    • CSV File Format
    • Install Java Environment
    • Runner deployment environment
    • Apidog flavored Markdown
  • Apidog Europe
    • Apidog Europe
  • Support Center
HomeLearning Center
Support CenterAPI ReferencesDownloadChangelog
HomeLearning Center
Support CenterAPI ReferencesDownloadChangelog
Discord Community
Slack Community
X / Twitter
πŸ‡ΊπŸ‡Έ English
  • πŸ‡ΊπŸ‡Έ English
  • πŸ‡―πŸ‡΅ ζ—₯本θͺž
πŸ‡ΊπŸ‡Έ English
  • πŸ‡ΊπŸ‡Έ English
  • πŸ‡―πŸ‡΅ ζ—₯本θͺž
  1. Security Schemes

Use the Security Scheme

Configuring Security Schemes at the Folder Level#

1
Select any folder, click the Auth tab on the right, and choose Security Scheme as the authentication type.
Choosing security scheme auth type
2
Select the desired Security Scheme from the dropdown menu.
Selecting desired security scheme
3
If you choose OAuth 2.0 as the security scheme, you can further select the required Scopes.
Selecting security scheme scope
Security schemes configured at the folder level will apply to all subfolders and endpoints under that folder, unless they have their own auth configuration.

Configuring Security Schemes at the Endpoint Level#

1
Select any endpoint and go to the Edit tab on the right. At the Request section, choose Security Scheme as the authorization type.
Configuring security scheme at endpoint level
2
Select the desired Security Scheme from the dropdown menu.
Selecting desired security scheme for endpoint
3
If you choose OAuth 2.0 as the security scheme, you can further select the required Scopes.
Selecting endpoint security scheme scope
Auth settings configured at the endpoint level will override those at the folder level.

Setting Default Values for Security Scheme#

Security scheme only define the auth method. You still need to provide actual auth values when debugging endpoints.
To avoid repeatedly filling in auth values during endpoint debugging, Apidog allows you to set default auth values. Once set, these defaults are used automatically during debugging, unless manually overridden. If a folder has default auth values configured, all endpoints under it can use them.
1
Choose a security scheme from the list and set a Default Auth Values.
Default auth value
2
Fill in values based on the authentication type:
API Key: Enter your key
Basic Auth: Enter username and password
Bearer Token: Enter the token
OAuth 2.0: Enter client ID, client secret, etc.
Other methods: Fill in corresponding values

Inheriting & Customizing Auth Values#

When using security scheme, you can either:

1. Inherit from Parent Folder#

Use the security scheme and default values defined in the parent or root folder.
Inherit security scheme

2. Customize Auth Values#

Keep the same security scheme, but override its default values.
Customize security scheme

Using Multiple Security Schemes#

Apidog supports configuring multiple security schemes for a single endpoint, which aligns with the multiple authentication types mechanisms defined in the OpenAPI spec:
AND: Security schemes combined via AND must be used simultaneously in the same request (coming soon).
OR: Security schemes combined via OR are alternatives – any one can be used in the given context.
Use the + button in the Auth settings to add more security schemes.
Add multiple security schemes

Choosing Scopes for OAuth 2.0 Security Scheme#

According to the OpenAPI spec, when creating an OAuth 2.0 security scheme, all possible Scopes should be defined. When using it in an endpoint, you must select the required scopes.
To make things easier, Apidog allows you to set default scopes at the folder level. These defaults will apply to all endpoints in the folder β€” unless you manually set different scopes at the endpoint level.
1
In the endpoint's Auth settings, select OAuth 2.0.
2
Under the Scopes section, you can view all available scopes defined by the security scheme and select the ones needed.
Choose auth scopes at endpoint level
3
If the endpoint inherits scopes from a parent folder, you can click Reset the scopes to the configuration of the parent folder to revert to the parent configuration.
Reset scope settings

Debugging Endpoints with OAuth 2.0 Security Scheme#

You can pre-configure a token as the default value for OAuth 2.0 security scheme, so you don't need to obtain a new token every time you debug an API.

Getting Token at the Folder Level as the Default Auth Value#

1
Select a folder, go to the Auth tab, choose an OAuth 2.0 security scheme, select scopes and grant type, then click Get Token.
Get OAuth 2.0 token at folder level
2
In the pop-up panel:
Enter the client ID, client secret, etc.
Click Continue
Test OAuth 2.0 token security scheme
3
After getting the token, you can view its details, including when it expires. This token can be used across all endpoints in the folder.
View token details in folder

Getting Token at the Endpoint Level as the Default Auth Value#

1
Select the desired endpoint, go to Edit, choose an OAuth 2.0 security scheme, and click Get Token.
Get token at endpoint level
2
In the pop-up panel:
Enter the client ID, client secret, etc.
Click Continue
Test OAuth 2.0 token security scheme at endpoint level
3
Complete the authorization to get a token
The token will be used for debugging this endpoint
View token details

Using a Default Token or Generating a New One for Endpoint Debugging#

When debugging an endpoint in Apidog, you have two options to apply an auth token:

Method 1: Use a Default Auth Token#

When running an endpoint, go to the Auth tab under the Run panel. Select Use Parent Default Auth Values. The default auth token configured in the parent folder will be automatically applied to the endpoint request.
Use a default auth token for endpoint debugging

Method 2: Generate a New Token#

1
When running an endpoint, go to the Auth tab under the Run panel. Select Set Manually. Click Get Token to open the token generation panel.
Generate a new token for endpoint debugging
2
In the pop-up panel:
Enter the client ID, client secret, etc.
Click Continue
Fill information for generating new token
3
Complete the authorization to get a token
The token will be used for debugging the current endpoint
Modified atΒ 2026-01-13 03:13:43
Previous
Create a Security Scheme
Next
Security Scheme in Online Documentation
Built with