Security

To define which security mechanisms should be used for a specific operation, use the @ApiSecurity() decorator.

  1. @ApiSecurity('basic')
  2. @Controller('cats')
  3. export class CatsController {}

Before you run your application, remember to add the security definition to your base document using DocumentBuilder:

  1. const options = new DocumentBuilder().addSecurity('basic', {
  2. type: 'http',
  3. scheme: 'basic',
  4. });

Some of the most popular authentication techniques are built-in (e.g., basic and bearer) and therefore you don’t have to define security mechanisms manually as shown above.

Basic authentication

To enable basic authentication, use @ApiBasicAuth().

  1. @ApiBasicAuth()
  2. @Controller('cats')
  3. export class CatsController {}

Before you run your application, remember to add the security definition to your base document using DocumentBuilder:

  1. const options = new DocumentBuilder().addBasicAuth();

Bearer authentication

To enable bearer authentication, use @ApiBearerAuth().

  1. @ApiBearerAuth()
  2. @Controller('cats')
  3. export class CatsController {}

Before you run your application, remember to add the security definition to your base document using DocumentBuilder:

  1. const options = new DocumentBuilder().addBearerAuth();

OAuth2 authentication

To enable OAuth2, use @ApiOAuth2().

  1. @ApiOAuth2(['pets:write'])
  2. @Controller('cats')
  3. export class CatsController {}

Before you run your application, remember to add the security definition to your base document using DocumentBuilder:

  1. const options = new DocumentBuilder().addOAuth2();

To enable cookie authentication, use @ApiCookieAuth().

  1. @ApiCookieAuth()
  2. @Controller('cats')
  3. export class CatsController {}

Before you run your application, remember to add the security definition to your base document using DocumentBuilder:

  1. const options = new DocumentBuilder().addCookieAuth('optional-session-id');