Security schemes#

OpenAPI authentication or security schemes can be specified indicating to users how they should authenticate. To do so a security requirement and security scheme should be defined as extension arguments. For example for a security tagged app_id that comprises of an API key passed as a querry arg called appID:

from quart_schema import QuartSchema

    security={"app_id": []},
        "app_id": {"type": "apiKey", "name": "appID", "in": "query"}

This will then apply to all routes unless overridden. For example to remove security from a route:

from quart_schema import security_scheme

async def route():


Security schemes are for documentation only, they do no authentication and should not be relied on for security.