Authentication Security Best Practices
api-keys-in-cookie
general > api-keys-in-cookie
Guidance
Your API accepts API keys that are transported in a header over the network. Because the credentials are sent over
the network on each API call, they are repeatedly exposed to unauthorized attempts to retrieve them.
Applies to SecurityScheme