REST APIs support multiple authentication types. Each operation can include different combinations of security schemes. The security section in the OAS allows you to combine the security requirements using logical OR and AND to achieve the desired result. Security defined at an operation level takes precedence over global security in an OpenAPI Specification.

By default, the Outbound Web Service project generates all possible security combinations in the Proxy controller class. To ensure that only desired combinations are supported, you should configure values in the configuration file only for security schemes that a particular operation(s) requires. The rest of the security scheme values can be left empty in the configuration file and are not used by the Outbound Service.