Apidog Docs
πŸ‡ΊπŸ‡Έ English
  • πŸ‡ΊπŸ‡Έ English
  • πŸ‡―πŸ‡΅ ζ—₯本θͺž
HomeLearning Center
Support CenterAPI ReferencesDownloadChangelog
HomeLearning Center
Support CenterAPI ReferencesDownloadChangelog
Discord Community
Slack Community
X / Twitter
πŸ‡ΊπŸ‡Έ English
  • πŸ‡ΊπŸ‡Έ English
  • πŸ‡―πŸ‡΅ ζ—₯本θͺž
πŸ‡ΊπŸ‡Έ English
  • πŸ‡ΊπŸ‡Έ English
  • πŸ‡―πŸ‡΅ ζ—₯本θͺž
  1. Security Schemes
  • Apidog Learning Center
  • Getting Started
    • Introduction to Apidog
    • Basic Concepts in Apidog
    • Navigating Apidog
    • Quick Start
      • Overview
      • Creating an Endpoint
      • Making a Request
      • Adding an Assertion
      • Creating Test Scenarios
      • Sharing API Documentation
      • Explore More
    • Migration to Apidog
      • Overview
      • Manual Import
      • Scheduled Import (Bind Data Sources)
      • Import Options
      • Export Data
      • Import From
        • Import from Postman
        • Import OpenAPI Spec
        • Import cURL
        • Import Markdowns
        • Import from Insomnia
        • Import from apiDoc
        • Import .har File
        • Import WSDL
  • Design APIs
    • Overview
    • Create a New API Project
    • Endpoint Basics
    • APl Design Guidelines
    • Module
    • Configure Multiple Request Body Examples
    • Components
    • Common Fields
    • Global Parameters
    • Endpoint Change History
    • Comments
    • Batch Endpoint Management
    • Custom Protocol API
    • Schemas
      • Overview
      • Create a New Schema
      • Build a Schema
      • Generate Schemas from JSON Etc
      • oneOf, allOf, anyOf
      • Using Discriminator
    • Security Schemes
      • Overview
      • Create a Security Scheme
      • Use the Security Scheme
      • Security Scheme in Online Documentation
    • Advanced Features
      • Custom Endpoint Fields
      • Associated Test Scenarios
      • Endpoint Status
      • Appearance of Parameter Lists
      • Endpoint Unique Identification
  • Develop and Debug APIs
    • Overview
    • Generating Requests
    • Sending Requests
    • Debugging Cases
    • Test Cases
    • Dynamic Values
    • Validating Responses
    • Design-First vs Request-First
    • Generating Code
    • Environments & Variables
      • Overview
      • Environment Management
      • Using Variables
    • Vault Secrets
      • Overview
      • HashiCorp Vault
      • Azure Key Vault
      • AWS Secrets Manager
    • Pre and Post Processors
      • Assertion
      • Extract Variable
      • Wait
      • Overview
      • Using Scripts
        • Overview
        • Pre Processor Scripts
        • Post Processor Scripts
        • Public Scripts
        • Postman Scripts Reference
        • Calling Other Programming Languages
        • Using JS Libraries
        • Visualizing Responses
        • Script Examples
          • Assertion Scripts
          • Using Variables
          • Modifying Requests
          • Other Examples
      • Database Operations
        • Overview
        • MySQL
        • MongoDB
        • Redis
        • Oracle Client
    • Dynamic Values Modules
  • Mock API Data
    • Overview
    • Smart Mock
    • Custom Mock
    • Mock Priority Sequence
    • Mock Scripts
    • Cloud Mock
    • Self-Hosted Runner Mock
    • Mock Language (Locales)
  • API Testing
    • Overview
    • Test Scenarios
      • Create a Test Scenario
      • Pass Data Between Requests
      • Flow Control Conditions
      • Sync Data from Endpoints and Endpoint Cases
      • Import Endpoints and Endpoint Cases from Other Projects
      • Export Test Scenarios
    • Run Test Scenarios
      • Run a Test Scenario
      • Run Test Scenarios in Batch
      • Manage Runtime Environment of APIs from Other Projects
      • Data-Driven Testing
      • Scheduled Tasks
    • Test Suite
      • Overview
      • Create A Test Suite
      • Orchestrate Test Suite
      • Run Test Suites Locally
      • Run Test Suites Via CLI
      • Scheduled tasks
    • Test Reports
      • Test Reports
    • Test APIs
      • Integration Testing
      • Performance Testing
      • End-to-End Testing
      • Regression Testing
      • Contract Testing
    • Apidog CLI
      • Overview
      • Installing and Running Apidog CLI
      • Apidog CLI Options
    • CI CD
      • Overview
      • Integrate with Gitlab
      • Integrate with Jenkins
      • Trigger Test by Git Commit
      • Integrate with Github Actions
  • Publish API Docs
    • Overview
    • API Technologies Supported
    • Quick Share
    • Viewing API Documentation
    • Markdown Documentation
    • Publishing Documentation Sites
    • Custom Login Page
    • Custom Layouts
    • Custom CSS, JavaScript, HTML
    • Custom Domain
    • LLM-Friendly Features
    • SEO Settings
    • Advanced Settings
      • Documentation Search
      • CORS Proxy
      • Integrating Google Analytics with Doc Sites
      • Folder Tree Settings
      • Visibility Settings
      • Embedding Values in Document URLs
    • API Versions
      • Overview
      • Creating API Versions
      • Publishing API Versions
      • Sharing Endpoints with API Versions
  • Send Requests
    • Overview
    • SSE Debugging
    • MCP Client
    • Socket.IO
    • WebSocket
    • Webhook
    • SOAP or WebService
    • GraphQL
    • gRPC
    • Use Request Proxy Agents for Debugging
    • Create Requests
      • Request History
      • Request Basics
      • Parameters and Body
      • Request Headers
      • Request Settings
      • Debug Requests
      • Saving Requests as Endpoints
      • HTTP/2
    • Response and Cookies
      • Viewing API Responses
      • Managing Cookies
      • Overview
    • Authentication and Authorization
      • Overview
      • CA and Client Certificates
      • Authorization Types
      • Digest Auth
      • OAuth 1.0
      • OAuth 2.0
      • Hawk Authentication
      • Kerberos
      • NTLM
      • Akamai EdgeGrid
  • Branches
    • Overview
    • Creating a Sprint Branch
    • Testing APIs in a Branch
    • Designing APIs in a Branch
    • Merging Sprint Branches
    • Managing Sprint Branches
  • AI Features
    • Overview
    • Enabling AI Features
    • Generating Test Cases
    • Modifying Schemas with AI
    • Endpoint Compliance Check
    • API Documentation Completeness Check
    • AI-Powered Field Naming
    • FAQs
  • Apidog MCP Server
    • Overview
    • Connect Apidog Project to AI
    • Connect Published Documentation to AI
    • Connect OpenAPI Files to AI
  • Best Practices
    • Handling API Signatures
    • Accessing OAuth 2.0 Protected APIs
    • Collaboration Workflow
    • Managing Authentication State
  • Offline Space
    • Overview
  • Administration
    • Managing Teams
      • Managing Teams
      • Managing Team Members
      • Member Roles & Permission Settings
      • Team Activities
      • Team Resources
        • General Runner
        • Team Variables
        • Request Proxy Agent
      • Real-time Collaborations
        • Team Collaboration
    • Onboarding Checklist
      • Basic Concepts
      • Onboarding Guide
    • Managing Projects
      • Managing Projects
      • Managing Project Members
      • Notification Settings
      • Project Resources
        • Database Connection
        • Git Connection
    • Managing Organization
      • Managing Organization
      • Single Sign-On (SSO)
        • SSO Overview
        • Configuring Microsoft Entra ID
        • Configuring Okta
        • Configuring SSO for an Organization
        • Managing User Accounts
        • Mapping Groups to Teams
      • SCIM Provisioning
        • Introduction to SCIM Provisioning
        • Microsoft Entra ID
        • Okta
      • Plans Management
        • Billing Managers in Organizations
      • Organization Resources
        • Self-Hosted Runner
  • Billing
    • Overview
    • Credits
    • Alternative Payment Methods
    • Managing Subscriptions
    • Upgrading Your Plan
    • Moving Paid Teams to Organizations
  • Data & Security
    • Data Storage and Security
    • User Data Privacy and Security
    • Request Routing and Data Security
  • Add-ons
    • API Hub
    • Apidog Intellij IDEA Plugin
    • Browser Extension
      • Chrome
      • Microsoft Edge
    • Request Proxy
      • Request Proxy in Web
      • Request Proxy in Shared Docs
      • Request Proxy in Client
  • Account & Preferences
    • Account Settings
    • Generating OpenAPI Access Token
    • Notification
    • Language Settings
    • Hot Keys
    • Network Proxy Configuration
    • Backing Up Data
    • Updating Apidog
    • Deleting Account
    • Experimental Features
  • References
    • API Design-First Approach
    • Apidog OpenAPI Specificaiton Extensions
    • JSONPath
    • XPath
    • Regular Expressions
    • JSON Schema
    • CSV File Format
    • Installing Java Environment
    • Runner Deployment Environment
    • Apidog flavored Markdown
  • Apidog Europe
    • Apidog Europe
  • Support Center
HomeLearning Center
Support CenterAPI ReferencesDownloadChangelog
HomeLearning Center
Support CenterAPI ReferencesDownloadChangelog
Discord Community
Slack Community
X / Twitter
πŸ‡ΊπŸ‡Έ English
  • πŸ‡ΊπŸ‡Έ English
  • πŸ‡―πŸ‡΅ ζ—₯本θͺž
πŸ‡ΊπŸ‡Έ English
  • πŸ‡ΊπŸ‡Έ English
  • πŸ‡―πŸ‡΅ ζ—₯本θͺž
  1. Security Schemes

Create a Security Scheme

Apidog offers a wide range of security scheme types, supporting various authentication methods, including:
1.
API Key – Authenticate using a key passed via Header, Query, or Cookie.
2.
Bearer Token – Authenticate using the Authorization: Bearer header.
3.
JWT – Authenticate with tokens in JSON Web Token format.
4.
Basic Auth – Use a username and password for basic authentication.
5.
Digest Auth – More secure than basic auth.
6.
OAuth 2.0 – A widely adopted authorization standard supporting multiple grant types.
7.
OAuth 1.0 – An earlier version of OAuth with a different signature mechanism.
8.
Hawk Authentication – HMAC-based authentication protocol.
9.
AWS Signature – Signature-based authentication used for Amazon AWS services.
10.
Kerberos – Ticket-based network authentication protocol.
11.
NTLM Authentication – Authentication protocol developed by Microsoft.
12.
Akamai EdgeGrid – Authentication method used by the Akamai API platform.
13.
Customize – Allows you to define and use authentication methods that aren't natively supported by Apidog.
Security scheme types in Apidog

Creating Security Schemes Manually#

1
In your project, navigate to Components > Security Schemes at the left sidebar, then click New Security Scheme.
Creating new security scheme
2
Select the security scheme type and fill in the name and relevant configuration.
Configuring security scheme
3
Click Save to complete the creation process.
Saving new security scheme
4
In the editing view of the security scheme, click Advanced Configuration at the bottom of the page.
Security scheme advanced configuration
The system will display the OAS (OpenAPI Specification) code for the current security scheme, available in both JSON and YAML formats.
Security scheme OAS code
You can directly edit here to define more complex specifications. The system will update the security scheme settings based on your changes.

Creating Security Schemes via OAS Import#

When importing an OpenAPI file that includes security schemes, Apidog will automatically detect and create corresponding security schemes. These will appear in the project's Security Schemes list.
You can configure the mapping between Security and Auth when importing OAS files.
Security scheme mapping during OAS import

Creating OAuth 2.0 Security Scheme#

OAuth 2.0 is a widely used authorization framework, and Apidog offers full support for it. To create an OAuth 2.0 security scheme, configure the following:
1.
Grant Type: Choose from Authorization Code, Client Credentials, Implicit, or Password.
2.
URL Settings: Based on the selected grant type, configure the relevant URLs:
Auth URL
Access Token URL
Refresh URL (optional)
Callback URL (also known as Redirect URL)
3.
Scope Settings (Define the permission scopes your app can request):
Add scope names and descriptions
Configure different sets of scopes for each grant type
OAuth 2.0 settings
4.
Click the Test button to open the test panel. Fill in the Client ID, Client Secret, and other required fields to test and verify your OAuth 2.0 configuration.
Testing OAuth 2.0 security scheme
Modified atΒ 2026-01-13 03:13:43
Previous
Overview
Next
Use the Security Scheme
Built with