Skip to main content

OpenAPI Fix for HTTP Bearer Authentication

· One min read

We have released a fix for HTTP Bearer authentication type in our OpenAPI import/transformation which was previously treating JWT as the default bearer authentication type. However, this will no longer be the case unless the bearerFormat in OpenAPI explicitly declares the format to be JWT.


Previously, OpenAPI v3.0 specification files using the http bearer security scheme were all imported in APIMatic with the JWT bearer authentication type regardless of the bearerFormat. However, we are now changing the behaviour to be such that a HTTP Bearer authentication would be considered of JWT type only if its bearerFormat is set to JWT otherwise it would be treated as a normal HTTP Bearer authentication.


This is a breaking change as re-importing or re-transforming your OpenAPI files will change the bearer authentication type unless your file explicitly states the bearerFormat as JWT.

How Can I Avoid This Change?

If you want to retain JWT as the bearer token type upon import/tranformation, you need to explicitly set bearerFormat as JWT in your OpenAPI file security scheme configuration as shown below:

"type": "http",
"scheme": "bearer",
"bearerFormat": "JWT",