Christian (N0_L0gic)
BABetter Auth
•Created by Christian (N0_L0gic) on 3/2/2025 in #help
How to specify auth method in OpenAPI specification
How do I specify my securitySchema in my OpenAPI specification when using better-auth? Specifically if I'm using the standard session-based auth and/or JWT tokens? I assume that I should use something here: https://swagger.io/docs/specification/v3_0/authentication/cookie-authentication/, but I don't know what to specify in the cookie name.
4 replies
BABetter Auth
•Created by Christian (N0_L0gic) on 3/2/2025 in #help
Best practises regarding api key authentication
Hello! I'm working on an api for an app for which I'm using better-auth for authentication. This question isn't really a better-auth specific question, but I figured I'd ask here as it's the right context.
In my api I want to enable authentication through the use of API keys (in addition to the normal session authentication) so that clients easier can authenticate from code. However, I'm a bit stumped on whether to use Bearer tokens (https://swagger.io/docs/specification/v3_0/authentication/bearer-authentication/) or API keys (https://swagger.io/docs/specification/v3_0/authentication/api-keys/). What really is the difference? I've also heard a lot about JWT tokens; can they be used with API keys or are they locked in to Bearer tokens? I don't really understand the difference as both are sent in a header.
3 replies