Feb 4, 2026

SDKs

Codegen support for per-endpoint security

Robert Craigie

Software Engineer

If your OpenAPI spec looks like this:

security:
  - BearerAuth: []
  - ApiKeyAuth: []

securitySchemes:
  BearerAuth:
    type: http
    scheme: bearer
  ApiKeyAuth:
    type: apiKey
    name: api-key
    in: header

paths:
  /cards:
    post:
      security:
        - BearerAuth: []
      # ... responses omitted
security:
  - BearerAuth: []
  - ApiKeyAuth: []

securitySchemes:
  BearerAuth:
    type: http
    scheme: bearer
  ApiKeyAuth:
    type: apiKey
    name: api-key
    in: header

paths:
  /cards:
    post:
      security:
        - BearerAuth: []
      # ... responses omitted
security:
  - BearerAuth: []
  - ApiKeyAuth: []

securitySchemes:
  BearerAuth:
    type: http
    scheme: bearer
  ApiKeyAuth:
    type: apiKey
    name: api-key
    in: header

paths:
  /cards:
    post:
      security:
        - BearerAuth: []
      # ... responses omitted

And your stainless config looks like this:

settings:
  client_opts:
    bearer_token:
      type: string
      nullable: true
      auth:
        security_scheme: BearerAuth
    api_key:
      type: string
      nullable: true
      auth:
        security_scheme: ApiKeyAuth

resources:
  cards:
    methods:
      create


settings:
  client_opts:
    bearer_token:
      type: string
      nullable: true
      auth:
        security_scheme: BearerAuth
    api_key:
      type: string
      nullable: true
      auth:
        security_scheme: ApiKeyAuth

resources:
  cards:
    methods:
      create


settings:
  client_opts:
    bearer_token:
      type: string
      nullable: true
      auth:
        security_scheme: BearerAuth
    api_key:
      type: string
      nullable: true
      auth:
        security_scheme: ApiKeyAuth

resources:
  cards:
    methods:
      create

When instantiating the SDK with both options:

from acme import Acme

client = Acme(
  api_key="my-api-key",
  bearer_token="my-bearer-token",
)

client.cards.create()
from acme import Acme

client = Acme(
  api_key="my-api-key",
  bearer_token="my-bearer-token",
)

client.cards.create()
from acme import Acme

client = Acme(
  api_key="my-api-key",
  bearer_token="my-bearer-token",
)

client.cards.create()

Previously, the SDK sent both the api-key and Authorization headers, which could cause authentication errors depending on how your API handles multiple authentication schemes.

Now the SDK will only send the Authorization header, as that is the only scheme configured for that endpoint in security.

This is enabled by default for new projects, to enable this for existing projects update the edition in your config to 2026-01-30 or higher:

edition: "2026-01-30"
edition: "2026-01-30"
edition: "2026-01-30"

PyPI Trusted Publishing Support via OIDC

Staging Maven repos for Java builds