Customize security and authentication

Scope authentication

Global security

Global security allows users to configure the SDK once and then reuse the security configuration for all subsequent calls.

To use global security, define the security configuration in the security block at the root of the SDK:

In the resulting SDK, the user can define the security configuration in the SDK’s instantiation. It will then be automatically applied to all subsequent method calls without needing to be passed in as an argument:

Per-operation security

Operation-specific security configurations override the default authentication settings for an endpoint. Per-operation configurations are commonly used for operations that do not require authentication or that are part of an authentication flow, such as for obtaining a short-lived access token.

Define security within an operation’s scope to apply operation-specific security:

In the resulting SDK, the user can pass in a specific security configuration as an argument to the method call:

Environment variables

The global parameters and security options for an SDK are commonly set using environment variables. Speakeasy supports this pattern with environment variable prefixes. To enable this feature, set the envVarPrefix variable in the language section of the SDK’s gen.yaml file.

You can then provide global parameters via environment variables in the format {PREFIX}_{GLOBALNAME}. The relevant documentation will be automatically included in the README.

Security options can also be set via environment variables if not provided directly to the SDK. For example, a security field like api_key can be set with the variable {PREFIX}_{API_KEY}:

To learn more about enabling this feature during generation, see the language-specific gen.yaml configuration reference.