API Specs
If your seller service is defined using an OpenAPI specification, you should clearly document how Skyfire tokens must be passed and validated.
Explicit documentation ensures buyer agents can automatically generate and include the correct tokens when calling your API.
See an example OpenAPI spec, here!
Ways to Require a Header
In both approaches, you should avoid using the standard Authorization header, as it may conflict with existing authentication middleware and tooling. Instead, use a dedicated header such as skyfire-pay-id.
Security Scheme
Define a security scheme:
{
"components": {
"securitySchemes": {
"SkyfirePayId": {
"type": "apiKey",
"in": "header",
"name": "skyfire-pay-id",
"description": "Skyfire token header. This service accepts kya, pay, or kya-pay tokens."
}
}
},
"security": [
{
"SkyfirePayId": []
}
]
}components:
securitySchemes:
SkyfirePayId:
type: apiKey
in: header
name: skyfire-pay-id
description: Skyfire token header. This service accepts kya, pay, or kya-pay tokens.
security:
- SkyfirePayId: []What this does:
- Defines the header as part of authentication
- Applies to globally to all endpoints (or can be overridden per operation)
- Signals to tools and clients that this is security-related
- Is enforced by applying the
securityfield
Required Header Parameter
Explicitly define a header as a parameter:
{
"paths": {
"/example": {
"get": {
"parameters": [
{
"name": "skyfire-pay-id",
"in": "header",
"description": "Skyfire token header. This service accepts kya, pay, or kya-pay tokens.",
"required": true,
"schema": {
"type": "string"
}
}
]
}
}
}
}paths:
/example:
get:
parameters:
- name: skyfire-pay-id
in: header
description: Skyfire token header. This service accepts kya, pay, or kya-pay tokens.
required: true
schema:
type: stringWhat this does:
- Requires the client to include the header for that specific operation
- Must be defined per endpoint
- Treats the header as a standard input parameter (not authentication)
- Does not integrate with auth tooling or flows
Specify Accepted Token Types
For each endpoint, describe which Skyfire tokens are accepted so integrators and buyer agents know what to send.
This can usually be documented in one of two lightweight ways:
- In the header description itself
- With an optional vendor extension such as
x-skyfire-token-type
In many cases, the description alone is enough. If your endpoint behavior is simple, adding clear text like “Accepts pay or kya-pay tokens” is often sufficient for both human readers and generated documentation.
Document, where relevant:
- Whether a
kyatoken is required (identity only) - Whether a
paytoken is required (payment only) - Whether a
kya-paytoken is required (identity & payment) - Whether one token type is required vs multiple token types are allowed
- Any required token claims your service validates, such as
sub,hid, or payment-specific fields
Using a vendor extension to specify token type (optional)
You may optionally use a vendor extension like x-skyfire-token-type to explicitly indicate expected token behavior for tooling or documentation purposes.
Security scheme example
{
"components": {
"securitySchemes": {
"SkyfirePayId": {
"type": "apiKey",
"in": "header",
"name": "skyfire-pay-id",
"description": "Skyfire token header. This service accepts pay, or kya-pay tokens."
}
}
},
"security": [
{
"SkyfirePayId": []
}
],
"paths": {
"/purchase": {
"post": {
"summary": "Create a purchase",
"description": "Creates a purchase for the requested resource.",
"security": [
{
"SkyfirePayId": []
}
],
"x-skyfire-token-type": ["pay", "kya-pay"]
}
}
}
}components:
securitySchemes:
SkyfirePayId:
type: apiKey
in: header
name: skyfire-pay-id
description: Skyfire token header. This service accepts pay or kya-pay tokens.
security:
- SkyfirePayId: []
paths:
/purchase:
post:
summary: Create a purchase
description: Creates a purchase for the requested resource.
security:
- SkyfirePayId: []
x-skyfire-token-type:
- pay
- kya-payRequired header parameter example
{
"paths": {
"/profile": {
"get": {
"summary": "Get profile",
"description": "Returns the profile for the current user.",
"parameters": [
{
"name": "skyfire-pay-id",
"in": "header",
"required": true,
"schema": {
"type": "string"
},
"description": "Skyfire toekn header. This service accepts kya or kya-pay tokens."
}
],
"x-skyfire-token-type": ["kya", "kya-pay"]
}
}
}
}paths:
/profile:
get:
summary: Get profile
description: Returns the profile for the current user.
parameters:
- name: skyfire-pay-id
in: header
required: true
schema:
type: string
description: Skyfire token header. This service accepts ky or kya-pay tokens.
x-skyfire-token-type:
- kya
- kya-payRecommended Error Handling
Your specification should also describe error responses for:
- Missing token
- Invalid or expired token
- Incorrect token type for the operation
Clear error documentation improves integration speed and reduces support overhead. See Handling Missing or Invalid Tokens
Why This Matters
Well-documented token requirements allow buyer agents to:
- Automatically attach the correct token
- Avoid conflicts with existing
Authorization-based authentication systems - Enforce payment requirements correctly
- Reduce integration errors
For details on how to validate tokens and extract claims, see Verify and Extract Data from Tokens.

