Skip to content

Commit 9a7d31a

Browse files
committed
update production api specs authentication
1 parent c4b3bcc commit 9a7d31a

1 file changed

Lines changed: 13 additions & 9 deletions

File tree

static/openapi/superdesk-production-api.yaml

Lines changed: 13 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -5,17 +5,19 @@ info:
55
version: "v1"
66
description: |
77
Production API server provides stable and versioned endpoints for third-party apps to consume news content from Superdesk.
8-
8+
99
Production API uses the same DB and Elasticsearch index as the main Superdesk app, unlike Content API which has a separate DB.
10-
10+
1111
Production API uses versioned endpoints to provide stable, non-breaking changes API for third-party apps.
1212
13+
Authentication is based on OAuth 2.0 and uses the Superdesk Auth Server: https://superdesk.readthedocs.io/en/latest/auth_server.html
14+
1315
servers:
1416
- url: /prodapi/v1
1517
description: Production API v1 Server
1618

1719
security:
18-
- bearerAuth: []
20+
- oauth2Auth: []
1921

2022
paths:
2123
/:
@@ -513,14 +515,16 @@ paths:
513515

514516
components:
515517
securitySchemes:
516-
bearerAuth:
517-
type: http
518-
scheme: bearer
519-
bearerFormat: JWT
518+
oauth2Auth:
519+
type: oauth2
520520
description: |
521-
JWT token authentication. Third-party apps must retrieve token using AuthServer and provide it with every request.
521+
OAuth 2.0 client credentials flow via Superdesk Auth Server.
522522
523-
Example: Authorization: Bearer your.jwt.token
523+
See: https://superdesk.readthedocs.io/en/latest/auth_server.html
524+
flows:
525+
clientCredentials:
526+
tokenUrl: https://<superdesk-url>/api/auth_server/token
527+
scopes: {}
524528

525529
parameters:
526530
guid:

0 commit comments

Comments
 (0)