# Auth Schemes
## Automatic Detection
Thanix automatically detects the auth scheme from the OpenAPI schema's `components.securitySchemes` during schema parsing. The detection logic is in `bindgen.rs`:
```plantuml
@startuml
participant "OpenAPI Schema" as Schema
participant "determine_auth_scheme()" as Detect
participant "Generated Code" as Code
Schema -> Detect : components.securitySchemes
note right of Detect
http/bearer -> AuthType::Bearer
http/basic -> AuthType::Basic
apiKey/header -> AuthType::ApiKey
oauth2 -> AuthType::Bearer
none -> AuthType::None
end note
Detect -> Code : apply auth header from\nclient.auth_header_value
@enduml
```
| `type: http, scheme: bearer` | `Bearer` | `r#request.header("Authorization", auth)` |
| `type: http, scheme: basic` | `Basic` | `r#request.header("Authorization", auth)` |
| `type: apiKey, in: header` | `ApiKey(header_name)` | `r#request.header("<name>", auth)` |
| `type: oauth2` | `Bearer` | `r#request.header("Authorization", auth)` |
| `type: openIdConnect` | `Bearer` | `r#request.header("Authorization", auth)` |
| No schemes defined | `None` | `r#request.header("Authorization", auth)` |
## Using the Generated Client
The `ThanixClient` struct has an `auth_header_value: Option<String>` field. You set the complete header value:
```rust
let client = ThanixClient::new("https://api.example.com");
// Bearer auth
client.auth_header_value = Some("Bearer my-jwt-token".into());
// Token auth (NetBox)
client.auth_header_value = Some("Token abc123def456".into());
// Basic auth
client.auth_header_value = Some("Basic base64encodedcreds".into());
```
```admonish note
Setting `auth_header_value` to `None` disables the auth header entirely.
```
## API Key in Custom Header
If the API uses an API key in a custom header (e.g., `X-API-Key`), the generator detects this from `securitySchemes` and uses the specified header name. Set the value as-is:
```rust
client.auth_header_value = Some("my-api-key-value".into());
```