@dave yes I think your right I can solve it the way I was thinking I think but it screws up the swagger auth output. Is there any documentation on creating a custom security ?