
---

# 🏷️ Custom Docs, Tags & Security Schemas

> **Intent** → Make API docs **clear, branded, and secure** by customizing OpenAPI metadata, grouping endpoints, and defining auth flows.

---

## 🧭 Customizing Docs

* **Title, version, description** → align with product branding
* **Contact & license info** → add ownership for support/compliance
* **Servers list** → show staging/prod base URLs
* **Docs URLs** → serve Swagger at `/docs`, ReDoc at `/redoc`, JSON at `/openapi.json`

---

## 🏷️ Tags for Organization

* Group routes under **tags** (e.g., Auth, Users, Orders)
* Add **tag descriptions** (purpose, usage examples)
* Keep tag names **short & consistent**
* Helps clients **scan endpoints quickly**

---

## 🔐 Security Schemas

* Define **auth mechanisms** in OpenAPI:

  * **Bearer JWT** → `Authorization: Bearer <token>`
  * **API Key** → header or query param
  * **OAuth2** → password, client creds, auth code, refresh
* Attach scopes → docs show **which endpoints need which roles**
* Provide **example credentials/tokens** (safe values)

---

## 📊 Enhancing Examples

* Use **requestBody examples** for complex payloads
* Include **response examples** (success + error)
* Show **status codes** (200, 201, 404, 422) with sample JSON
* Use consistent, realistic dummy data

---

## 🎨 Branding & UX

* Add **logo/branding** if hosting docs externally
* Organize endpoints by **business domains** (not just technical grouping)
* Provide **onboarding instructions** at the top of docs

---

## 🧪 Testing & Contract Integrity

* Test that routes appear under the **right tags**
* Verify **security requirements** match enforcement logic
* Keep schema **in sync with code** → contract tests prevent drift

---

## ✅ Outcome

Your API docs feel **professional, organized, and secure**:

* Easy to **navigate by tags**
* Clear **auth flows & scopes**
* Aligned with your **brand & product experience**.

---
