You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwhisk.apache.org by mh...@apache.org on 2017/06/09 20:51:42 UTC
[incubator-openwhisk-apigateway] branch master updated: Update
security.md (#223)
This is an automated email from the ASF dual-hosted git repository.
mhamann pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk-apigateway.git
The following commit(s) were added to refs/heads/master by this push:
new a868726 Update security.md (#223)
a868726 is described below
commit a868726ee9e043aeefd5d1124535fb85f52b3610
Author: Luke Farrell <lm...@duke.edu>
AuthorDate: Fri Jun 9 16:51:40 2017 -0400
Update security.md (#223)
---
doc/v1/security.md | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/doc/v1/security.md b/doc/v1/security.md
index 74e2b9f..2d25779 100644
--- a/doc/v1/security.md
+++ b/doc/v1/security.md
@@ -13,7 +13,8 @@ Enforces API Key authorization to secure api calls.
- **type**: `apiKey`
- **scope**: `api`, `tenant`, `resource`
-- **header** (optional): custom name of auth header (default is `x-api-key`)
+- **name** (optional): custom name of auth header (default is `x-api-key`)
+- **location** (optional): location where the apiKey is passed, either as a header ('header') or query string ('query') (default is `header`)
Example:
```
@@ -21,7 +22,8 @@ Example:
{
"type":"apiKey",
"scope":"api",
- "header":"test"
+ "name":"test",
+ "location":"header"
}
]
```
@@ -33,6 +35,7 @@ Enforces Client ID / Client Secret pair authorization to secure api calls.
- **scope**: `api`, `tenant`, `resource`
- **idFieldName** (optional): custom name of the client id header (default is `x-client-id`)
- **secretFieldName** (optional): custom name of the client secret header (default is `x-client-secret`)
+- **location** (optional): location where the clientId and clientSecret are passed, either as a header ('header') or query string ('query') (default is `header`)
Example:
```
@@ -41,12 +44,13 @@ Example:
"type":"clientSecret",
"scope":"api",
"idFieldName":"X-IBM-ClientId",
- "secretFieldName":"X-IBM-ClientSecret"
+ "secretFieldName":"X-IBM-ClientSecret",
+ "location": "header"
}
]
```
-This will create two API keys for the API, which will need to be supplied in the `X-IBM-ClientId` and `X-IBM-ClientSecret` headers, respectively.
+This will create two API keys for the API, which will need to be supplied in the `X-IBM-ClientId` and `X-IBM-ClientSecret` headers or query strings, respectively.
## OAuth 2.0 (`oauth2`)
--
To stop receiving notification emails like this one, please contact
['"commits@openwhisk.apache.org" <co...@openwhisk.apache.org>'].