templates/openapi/security.yaml

AWS4-HMAC-SHA256:
  type: apiKey
  description: |
    AWS Signature Version 4 authentication for S3 API endpoints.
    
    ## Authentication Process
    1. Create a canonical request
    2. Create a string to sign
    3. Calculate the signature using HMAC-SHA256
    4. Add the authorization header or query parameters
    
    ## Authorization Header Format
    ```
    Authorization: AWS4-HMAC-SHA256 Credential=<AccessKey>/<Date>/<Region>/s3/aws4_request,SignedHeaders=<SignedHeaders>,Signature=<Signature>
    ```
    
    ## Query String Format (for presigned URLs)
    ```
    ?X-Amz-Algorithm=AWS4-HMAC-SHA256
    &X-Amz-Credential=<AccessKey>/<Date>/<Region>/s3/aws4_request
    &X-Amz-Date=<Timestamp>
    &X-Amz-Expires=<ExpirationTime>
    &X-Amz-SignedHeaders=<SignedHeaders>
    &X-Amz-Signature=<Signature>
    ```
    
    ## Required Headers
    - `Authorization`: The calculated authorization value
    - `x-amz-date`: Timestamp in ISO 8601 format (YYYYMMDDTHHMMSSZ)
    - `x-amz-content-sha256`: SHA256 hash of the request payload
    
    ## Example
    ```
    Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20230115/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-date,Signature=fe5f80f77d5fa3beca038a248ff027d0445342fe2855ddc963176630326f1024
    x-amz-date: 20230115T103000Z
    x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
    ```
  name: Authorization
  in: header

ApiKey:
  type: apiKey
  description: |
    API key authentication for management console endpoints.
    
    ## Usage
    Include your API key in the `X-API-Key` header for all management API requests.
    
    ## Example
    ```
    X-API-Key: your-api-key-here
    ```
    
    ## Obtaining an API Key
    API keys can be generated through the management console or by contacting your administrator.
    
    ## Permissions
    API keys have full access to the management API and should be kept secure.
  name: X-API-Key
  in: header

BearerAuth:
  type: http
  scheme: bearer
  bearerFormat: JWT
  description: |
    JWT Bearer token authentication (optional alternative for management API).
    
    ## Usage
    Include the JWT token in the Authorization header:
    ```
    Authorization: Bearer <jwt-token>
    ```
    
    ## Token Structure
    The JWT token contains claims about the user's permissions and expires after a set period.
    
    ## Example
    ```
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
    ```

BasicAuth:
  type: http
  scheme: basic
  description: |
    HTTP Basic authentication (for simple setups).
    
    ## Usage
    Encode username:password in Base64 and include in Authorization header:
    ```
    Authorization: Basic <base64-encoded-credentials>
    ```
    
    ## Example
    ```
    Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
    ```
    
    ## Note
    Basic auth should only be used over HTTPS in production environments.
init commit 2025-06-05 09:17:47 -04:00			`AWS4-HMAC-SHA256:`
			`type: apiKey`
			`description: \|`
			`AWS Signature Version 4 authentication for S3 API endpoints.`

			`## Authentication Process`
			`1. Create a canonical request`
			`2. Create a string to sign`
			`3. Calculate the signature using HMAC-SHA256`
			`4. Add the authorization header or query parameters`

			`## Authorization Header Format`
			```
			`Authorization: AWS4-HMAC-SHA256 Credential=<AccessKey>/<Date>/<Region>/s3/aws4_request,SignedHeaders=<SignedHeaders>,Signature=<Signature>`
			```

			`## Query String Format (for presigned URLs)`
			```
			`?X-Amz-Algorithm=AWS4-HMAC-SHA256`
			`&X-Amz-Credential=<AccessKey>/<Date>/<Region>/s3/aws4_request`
			`&X-Amz-Date=<Timestamp>`
			`&X-Amz-Expires=<ExpirationTime>`
			`&X-Amz-SignedHeaders=<SignedHeaders>`
			`&X-Amz-Signature=<Signature>`
			```

			`## Required Headers`
			- `Authorization`: The calculated authorization value
			- `x-amz-date`: Timestamp in ISO 8601 format (YYYYMMDDTHHMMSSZ)
			- `x-amz-content-sha256`: SHA256 hash of the request payload

			`## Example`
			```
			`Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20230115/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-date,Signature=fe5f80f77d5fa3beca038a248ff027d0445342fe2855ddc963176630326f1024`
			`x-amz-date: 20230115T103000Z`
			`x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
			```
			`name: Authorization`
			`in: header`

			`ApiKey:`
			`type: apiKey`
			`description: \|`
			`API key authentication for management console endpoints.`

			`## Usage`
			Include your API key in the `X-API-Key` header for all management API requests.

			`## Example`
			```
			`X-API-Key: your-api-key-here`
			```

			`## Obtaining an API Key`
			`API keys can be generated through the management console or by contacting your administrator.`

			`## Permissions`
			`API keys have full access to the management API and should be kept secure.`
			`name: X-API-Key`
			`in: header`

			`BearerAuth:`
			`type: http`
			`scheme: bearer`
			`bearerFormat: JWT`
			`description: \|`
			`JWT Bearer token authentication (optional alternative for management API).`

			`## Usage`
			`Include the JWT token in the Authorization header:`
			```
			`Authorization: Bearer <jwt-token>`
			```

			`## Token Structure`
			`The JWT token contains claims about the user's permissions and expires after a set period.`

			`## Example`
			```
			`Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...`
			```

			`BasicAuth:`
			`type: http`
			`scheme: basic`
			`description: \|`
			`HTTP Basic authentication (for simple setups).`

			`## Usage`
			`Encode username:password in Base64 and include in Authorization header:`
			```
			`Authorization: Basic <base64-encoded-credentials>`
			```

			`## Example`
			```
			`Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=`
			```

			`## Note`
			`Basic auth should only be used over HTTPS in production environments.`