Authentication
Every non-public endpoint requires an authenticated caller. Send a bearer token issued by the identity provider (Keycloak / OIDC) on each request.
Bearer token
Attach the access token in the Authorization header:
Authorization: Bearer <access_token>
Tip. Obtain a token via the OAuth2 authorization-code flow (interactive apps) or client-credentials / direct-grant (service-to-service). The interactive reference has an Authorize control that stores your token for try-it-out calls.
Where the spec lives
The machine-readable contract is served at /swagger/v1/swagger.json.
built by dloizides.com