Multiple Authentication

APIMatic's SDKs support multiple authentication mechanisms within a single API, enabling different endpoints to use distinct authentication schemes. This capability allows APIs to implement granular access control and security requirements.

Configure multiple Authentication schemes in your OpenAPI Definition

Multiple Authentication schemes can be configured in an OpenAPI definition as follows:

components:
  securitySchemes:
    basicAuth:
      type: http
      scheme: basic
    apiToken:
      type: apiKey
      name: token
      in: header

The above definition specifies two different security schemes. These security schemes can either be applied to the whole API globally or to an individual endpoint. You can follow the OpenApi documentation to learn more about applying security schemes to your OpenAPI definition.

Authentication Scheme Combinations

OpenAPI definitions supports two types of authentication combinations:

OR Case

security:
  - basicAuth: []
    apiToken: []

In this example, a particular endpoint can be accessed using either basicAuth OR apiToken.

AND Case

security:
  - basicAuth: []
  - apiToken: []

In this example, a particular endpoint requires both basicAuth AND apiToken.

SDK Examples

With Multiple Authentication scheme support, SDKs can apply more than one security scheme to any request and distinguish between AND or OR combinations of security definitions. When an endpoint method is invoked, the SDK checks whether the required authentication credentials are present in the client configuration. If credentials are missing, an AuthValidationException is thrown, as shown below:

AuthValidationException: The following authentication credentials were required:
-> Missing required auth credential: token
-> Missing required auth credential: api-key

This validation prevents unnecessary network calls, saving costs, and enables developers to provide relevant error messages to application users.

This is what the client initialization code looks like for an SDK with multiple Authentication schemes defined in the OpenAPI definition.

TypeScript

const client = new Client({
  basicAuthCredentials: {
    username: "Username",
    password: "Password",
  },
  apiKeyCredentials: {
    token: "Token",
  },
});

Java

SdkClient client = new SdkClient.Builder()
    .basicAuthCredentials(
        new BasicAuthModel.Builder(
              "Username",
              "Password"
        )
        .build())
    .apiKeyCredentials(
        new ApiKeyModel.Builder(
            "Token"
        )
        .build())
    .build();

Python

client = SdkClient(
    basic_auth_credentials=BasicAuthCredentials(
        username='Username',
        password='Password'
    ),
    api_key_credentials=ApiKeyCredentials(
        token='Token'
    )
)

PHP

$client = SdkClientBuilder::init()
    ->basicAuthCredentials(
        BasicAuthCredentialsBuilder::init(
            'Username',
            'Password'
        )
    )
    ->apiKeyCredentials(
        ApiKeyCredentialsBuilder::init(
            'Token'
        )
    )
    ->build();

.NET

SdkClient client = new SdkClient.Builder()
    .BasicAuthCredentials(
        new BasicAuthModel.Builder(
            "Username",
            "Password"
        )
        .Build())
    .ApiKeyCredentials(
        new ApiKeyModel.Builder(
            "Token"
        )
        .Build())
    .Build();

Ruby

client = Sdk::Client.new(
  basic_auth_credentials: BasicAuthCredentials.new(
    username: 'Username',
    password: 'Password'
  ),
  api_key_credentials: ApiKeyCredentials.new(
    token: 'Token',
  )
)

Go

config := CreateConfigurationFromEnvironment(
  WithBasicAuthCredentials(
    NewBasicAuthCredentials("Username", "Password"),
  ),
  WithApiKeyCredentials(
    NewApiKeyCredentials("Token", "Key"),
  ),
)

client := NewClient(config)