You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwhisk.apache.org by mh...@apache.org on 2017/06/09 20:51:42 UTC

[incubator-openwhisk-apigateway] branch master updated: Update security.md (#223)

This is an automated email from the ASF dual-hosted git repository.

mhamann pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk-apigateway.git


The following commit(s) were added to refs/heads/master by this push:
     new a868726  Update security.md (#223)
a868726 is described below

commit a868726ee9e043aeefd5d1124535fb85f52b3610
Author: Luke Farrell <lm...@duke.edu>
AuthorDate: Fri Jun 9 16:51:40 2017 -0400

    Update security.md (#223)
---
 doc/v1/security.md | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/doc/v1/security.md b/doc/v1/security.md
index 74e2b9f..2d25779 100644
--- a/doc/v1/security.md
+++ b/doc/v1/security.md
@@ -13,7 +13,8 @@ Enforces API Key authorization to secure api calls.
 
 - **type**: `apiKey`
 - **scope**: `api`, `tenant`, `resource`
-- **header** (optional): custom name of auth header (default is `x-api-key`)
+- **name** (optional): custom name of auth header (default is `x-api-key`)
+- **location** (optional): location where the apiKey is passed, either as a header ('header') or query string ('query') (default is `header`)
 
 Example:
 ```
@@ -21,7 +22,8 @@ Example:
   {
     "type":"apiKey",
     "scope":"api",
-    "header":"test"
+    "name":"test",
+    "location":"header"
   }
 ]
 ```
@@ -33,6 +35,7 @@ Enforces Client ID / Client Secret pair authorization to secure api calls.
 - **scope**: `api`, `tenant`, `resource`
 - **idFieldName** (optional): custom name of the client id header (default is `x-client-id`)
 - **secretFieldName** (optional): custom name of the client secret header (default is `x-client-secret`) 
+- **location** (optional): location where the clientId and clientSecret are passed, either as a header ('header') or query string ('query') (default is `header`)
 
 Example: 
 ```
@@ -41,12 +44,13 @@ Example:
     "type":"clientSecret",
     "scope":"api",
     "idFieldName":"X-IBM-ClientId",
-    "secretFieldName":"X-IBM-ClientSecret"
+    "secretFieldName":"X-IBM-ClientSecret",
+    "location": "header"
   }
 ]
 ``` 
 
-This will create two API keys for the API, which will need to be supplied in the `X-IBM-ClientId` and `X-IBM-ClientSecret` headers, respectively.
+This will create two API keys for the API, which will need to be supplied in the `X-IBM-ClientId` and `X-IBM-ClientSecret` headers or query strings, respectively.
 
 ## OAuth 2.0 (`oauth2`)
 

-- 
To stop receiving notification emails like this one, please contact
['"commits@openwhisk.apache.org" <co...@openwhisk.apache.org>'].