From c527c4a66c6fc349f970fb0a5758f2a1888e4683 Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Wed, 6 May 2026 18:24:31 +0000 Subject: [PATCH 1/7] docs: document omit option for basic auth credentials Co-Authored-By: Devin Logan --- fern/products/api-def/ferndef/auth.mdx | 24 +++++++++++++++++++ fern/products/api-def/openapi/auth.mdx | 13 ++++++++++ .../sdks/snippets/basic-auth-params.mdx | 3 +++ 3 files changed, 40 insertions(+) diff --git a/fern/products/api-def/ferndef/auth.mdx b/fern/products/api-def/ferndef/auth.mdx index 139484503..7729b137a 100644 --- a/fern/products/api-def/ferndef/auth.mdx +++ b/fern/products/api-def/ferndef/auth.mdx @@ -131,6 +131,30 @@ client = new Client({ }) ``` +### Omit username or password + +If your API only expects one half of a basic auth credential pair (for example, a token in the username and an empty password), set `omit: true` on the field you want to remove from the generated SDK: + +```yaml title="api.yml" {8} +auth: Basic +auth-schemes: + Basic: + scheme: basic + username: + name: apiToken + password: + omit: true +``` + +The omitted field is removed from the SDK's constructor entirely. Internally, an empty string is used to encode the `Authorization` header — omitting `password` produces `base64("apiToken:")`, and omitting `username` produces `base64(":password")`. If both fields are omitted, no `Authorization` header is sent. + +```ts index.ts +// Only the non-omitted field is exposed +const client = new Client({ + apiToken: "ey34..." +}) +``` + ## Custom header (e.g. API key) You can also create your own authentication scheme with customized headers. diff --git a/fern/products/api-def/openapi/auth.mdx b/fern/products/api-def/openapi/auth.mdx index 7aca361ce..662497fe1 100644 --- a/fern/products/api-def/openapi/auth.mdx +++ b/fern/products/api-def/openapi/auth.mdx @@ -218,6 +218,19 @@ auth-schemes: env: MY_CLIENT_SECRET ``` +To remove `username` or `password` from the generated SDK — for example, when your API expects a token in the username and ignores the password — set `omit: true` on the field. The omitted field is treated as an empty string when encoding the `Authorization` header, and is dropped from the SDK's public API. If both fields are omitted, no `Authorization` header is sent. + +```yaml title="generators.yml" {8} +auth-schemes: + BasicAuth: + scheme: basic + username: + name: apiToken + env: MY_API_TOKEN + password: + omit: true +``` + diff --git a/fern/products/sdks/snippets/basic-auth-params.mdx b/fern/products/sdks/snippets/basic-auth-params.mdx index 8f408f3d2..adf8495c0 100644 --- a/fern/products/sdks/snippets/basic-auth-params.mdx +++ b/fern/products/sdks/snippets/basic-auth-params.mdx @@ -30,4 +30,7 @@ auth-schemes: Environment variable name that the SDK will automatically scan for the username or password value. When this environment variable is present, users don't need to explicitly provide the username parameter. Follow naming conventions like `YOUR_APP_USERNAME` or `SERVICE_CLIENT_ID`. + + + When `true`, the field is removed from the generated SDK's public API. The omitted field is treated as an empty string when encoding the `Authorization` header (omitting `password` produces `base64("username:")`; omitting `username` produces `base64(":password")`). When both are omitted, the `Authorization` header is skipped entirely. Use this when your API expects only one half of the basic auth credential pair. \ No newline at end of file From 105f0f6ea5f192358c1a71fc3c9b00f4853af2ba Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Wed, 6 May 2026 18:36:27 +0000 Subject: [PATCH 2/7] docs: drop ferndef auth changes Co-Authored-By: Devin Logan --- fern/products/api-def/ferndef/auth.mdx | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/fern/products/api-def/ferndef/auth.mdx b/fern/products/api-def/ferndef/auth.mdx index 7729b137a..139484503 100644 --- a/fern/products/api-def/ferndef/auth.mdx +++ b/fern/products/api-def/ferndef/auth.mdx @@ -131,30 +131,6 @@ client = new Client({ }) ``` -### Omit username or password - -If your API only expects one half of a basic auth credential pair (for example, a token in the username and an empty password), set `omit: true` on the field you want to remove from the generated SDK: - -```yaml title="api.yml" {8} -auth: Basic -auth-schemes: - Basic: - scheme: basic - username: - name: apiToken - password: - omit: true -``` - -The omitted field is removed from the SDK's constructor entirely. Internally, an empty string is used to encode the `Authorization` header — omitting `password` produces `base64("apiToken:")`, and omitting `username` produces `base64(":password")`. If both fields are omitted, no `Authorization` header is sent. - -```ts index.ts -// Only the non-omitted field is exposed -const client = new Client({ - apiToken: "ey34..." -}) -``` - ## Custom header (e.g. API key) You can also create your own authentication scheme with customized headers. From c5636fc12e1a8b7ea67dffc4ee16c9037cba4a3c Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Wed, 6 May 2026 18:40:54 +0000 Subject: [PATCH 3/7] docs: remove openapi auth omit example, rely on reference snippet Co-Authored-By: Devin Logan --- fern/products/api-def/openapi/auth.mdx | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/fern/products/api-def/openapi/auth.mdx b/fern/products/api-def/openapi/auth.mdx index 662497fe1..7aca361ce 100644 --- a/fern/products/api-def/openapi/auth.mdx +++ b/fern/products/api-def/openapi/auth.mdx @@ -218,19 +218,6 @@ auth-schemes: env: MY_CLIENT_SECRET ``` -To remove `username` or `password` from the generated SDK — for example, when your API expects a token in the username and ignores the password — set `omit: true` on the field. The omitted field is treated as an empty string when encoding the `Authorization` header, and is dropped from the SDK's public API. If both fields are omitted, no `Authorization` header is sent. - -```yaml title="generators.yml" {8} -auth-schemes: - BasicAuth: - scheme: basic - username: - name: apiToken - env: MY_API_TOKEN - password: - omit: true -``` - From c8b5662d4e211e9d49177d1b59293b9745c8d30e Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Wed, 6 May 2026 18:42:50 +0000 Subject: [PATCH 4/7] docs: surface omit option in openapi basic auth accordion Co-Authored-By: Devin Logan --- fern/products/api-def/openapi/auth.mdx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fern/products/api-def/openapi/auth.mdx b/fern/products/api-def/openapi/auth.mdx index 7aca361ce..1e0e07ffd 100644 --- a/fern/products/api-def/openapi/auth.mdx +++ b/fern/products/api-def/openapi/auth.mdx @@ -218,6 +218,8 @@ auth-schemes: env: MY_CLIENT_SECRET ``` +Set `omit: true` on `username` or `password` to remove it from the generated SDK. + From 33a1b7b7e2da02629021fe3dc34a005b2c16cbe6 Mon Sep 17 00:00:00 2001 From: Devin Logan Date: Wed, 6 May 2026 15:46:12 -0400 Subject: [PATCH 5/7] add cross reference --- fern/products/api-def/openapi/auth.mdx | 2 +- fern/products/sdks/snippets/basic-auth-params.mdx | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fern/products/api-def/openapi/auth.mdx b/fern/products/api-def/openapi/auth.mdx index 1e0e07ffd..dad14ef7c 100644 --- a/fern/products/api-def/openapi/auth.mdx +++ b/fern/products/api-def/openapi/auth.mdx @@ -218,7 +218,7 @@ auth-schemes: env: MY_CLIENT_SECRET ``` -Set `omit: true` on `username` or `password` to remove it from the generated SDK. +[Set `omit: true` on `username` or `password`](learn/sdks/reference/generators-yml#usernameomit-passwordomit) to remove it from the generated SDK. diff --git a/fern/products/sdks/snippets/basic-auth-params.mdx b/fern/products/sdks/snippets/basic-auth-params.mdx index adf8495c0..a86183c1c 100644 --- a/fern/products/sdks/snippets/basic-auth-params.mdx +++ b/fern/products/sdks/snippets/basic-auth-params.mdx @@ -31,6 +31,6 @@ auth-schemes: Environment variable name that the SDK will automatically scan for the username or password value. When this environment variable is present, users don't need to explicitly provide the username parameter. Follow naming conventions like `YOUR_APP_USERNAME` or `SERVICE_CLIENT_ID`. - + When `true`, the field is removed from the generated SDK's public API. The omitted field is treated as an empty string when encoding the `Authorization` header (omitting `password` produces `base64("username:")`; omitting `username` produces `base64(":password")`). When both are omitted, the `Authorization` header is skipped entirely. Use this when your API expects only one half of the basic auth credential pair. \ No newline at end of file From 11b3b196ef87f46037e73ef25aa9ef2d6817a946 Mon Sep 17 00:00:00 2001 From: Devin Logan Date: Wed, 6 May 2026 15:47:55 -0400 Subject: [PATCH 6/7] small clarity edit --- fern/products/sdks/snippets/basic-auth-params.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fern/products/sdks/snippets/basic-auth-params.mdx b/fern/products/sdks/snippets/basic-auth-params.mdx index a86183c1c..6b8c3efdb 100644 --- a/fern/products/sdks/snippets/basic-auth-params.mdx +++ b/fern/products/sdks/snippets/basic-auth-params.mdx @@ -32,5 +32,5 @@ auth-schemes: Environment variable name that the SDK will automatically scan for the username or password value. When this environment variable is present, users don't need to explicitly provide the username parameter. Follow naming conventions like `YOUR_APP_USERNAME` or `SERVICE_CLIENT_ID`. - When `true`, the field is removed from the generated SDK's public API. The omitted field is treated as an empty string when encoding the `Authorization` header (omitting `password` produces `base64("username:")`; omitting `username` produces `base64(":password")`). When both are omitted, the `Authorization` header is skipped entirely. Use this when your API expects only one half of the basic auth credential pair. + Use when your API expects only one half of the basic auth credential pair. When `true`, the field is removed from the generated SDK's public API. The omitted field is treated as an empty string when encoding the `Authorization` header (omitting `password` produces `base64("username:")`; omitting `username` produces `base64(":password")`). When both are omitted, the `Authorization` header is skipped entirely. \ No newline at end of file From 694b83f9fcfdb815b789c49719515cfed6b50fee Mon Sep 17 00:00:00 2001 From: Devin Logan Date: Wed, 6 May 2026 15:53:19 -0400 Subject: [PATCH 7/7] link fix --- fern/products/api-def/openapi/auth.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fern/products/api-def/openapi/auth.mdx b/fern/products/api-def/openapi/auth.mdx index dad14ef7c..6940b776e 100644 --- a/fern/products/api-def/openapi/auth.mdx +++ b/fern/products/api-def/openapi/auth.mdx @@ -218,7 +218,7 @@ auth-schemes: env: MY_CLIENT_SECRET ``` -[Set `omit: true` on `username` or `password`](learn/sdks/reference/generators-yml#usernameomit-passwordomit) to remove it from the generated SDK. +[Set `omit: true` on `username` or `password`](/learn/sdks/reference/generators-yml#usernameomit-passwordomit) to remove it from the generated SDK.