fern-api
diff --git a/‎api-yml.schema.json‎
Lines changed: 29 additions & 0 deletions b/‎api-yml.schema.json‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎fern/apis/fern-definition/definition/auth.yml‎
Lines changed: 12 additions & 0 deletions b/‎fern/apis/fern-definition/definition/auth.yml‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎generators-yml.schema.json‎
Lines changed: 29 additions & 0 deletions b/‎generators-yml.schema.json‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎generators/swift/sdk/src/generators/client/util/__test__/snapshots/formatted-endpoint-paths/endpoint-security-auth.swift‎
Lines changed: 9 additions & 0 deletions b/‎generators/swift/sdk/src/generators/client/util/__test__/snapshots/formatted-endpoint-paths/endpoint-security-auth.swift‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎packages/cli/cli/src/commands/export/security.ts‎
Lines changed: 4 additions & 0 deletions b/‎packages/cli/cli/src/commands/export/security.ts‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎packages/cli/cli/versions.yml‎
Lines changed: 10 additions & 0 deletions b/‎packages/cli/cli/versions.yml‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎packages/cli/fern-definition/ir-to-jsonschema/src/__test__/__snapshots__/endpoint-security-auth/type_auth_TokenResponse.json‎
Lines changed: 27 additions & 0 deletions b/‎packages/cli/fern-definition/ir-to-jsonschema/src/__test__/__snapshots__/endpoint-security-auth/type_auth_TokenResponse.json‎
Lines changed: 27 additions & 0 deletions
diff --git a/‎packages/cli/fern-definition/ir-to-jsonschema/src/__test__/__snapshots__/endpoint-security-auth/type_user_User.json‎
Lines changed: 17 additions & 0 deletions b/‎packages/cli/fern-definition/ir-to-jsonschema/src/__test__/__snapshots__/endpoint-security-auth/type_user_User.json‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎packages/cli/fern-definition/schema/src/schemas/api/resources/auth/types/ApiAuthSchema.ts‎
Lines changed: 5 additions & 1 deletion b/‎packages/cli/fern-definition/schema/src/schemas/api/resources/auth/types/ApiAuthSchema.ts‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎packages/cli/fern-definition/schema/src/schemas/api/resources/auth/types/EndpointSecuritySchema.ts‎
Lines changed: 10 additions & 0 deletions b/‎packages/cli/fern-definition/schema/src/schemas/api/resources/auth/types/EndpointSecuritySchema.ts‎
Lines changed: 10 additions & 0 deletions
@@ -370,6 +370,32 @@
       ],
       "additionalProperties": false
     },
+    "auth.EndpointSecuritySchemaDetails": {
+      "type": "object",
+      "additionalProperties": false
+    },
+    "auth.EndpointSecuritySchema": {
+      "type": "object",
+      "properties": {
+        "docs": {
+          "oneOf": [
+            {
+              "type": "string"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "endpoint-security": {
+          "$ref": "#/definitions/auth.EndpointSecuritySchemaDetails"
+        }
+      },
+      "required": [
+        "endpoint-security"
+      ],
+      "additionalProperties": false
+    },
     "auth.ApiAuthSchema": {
       "anyOf": [
         {
@@ -380,6 +406,9 @@
         },
         {
           "$ref": "#/definitions/auth.AnyAuthSchemesSchema"
+        },
+        {
+          "$ref": "#/definitions/auth.EndpointSecuritySchema"
         }
       ]
     },
 
@@ -16,6 +16,7 @@ types:
       - string
       - AuthSchemeReferenceSchema
       - AnyAuthSchemesSchema
+      - EndpointSecuritySchema
 
   AuthSchemeReferenceSchema:
     extends:
@@ -29,6 +30,17 @@ types:
     properties:
       any: list<AnyAuthItem>
 
+  EndpointSecuritySchema:
+    extends:
+      - commons.WithDocsSchema
+    properties:
+      endpoint-security:
+        type: EndpointSecuritySchemaDetails
+        docs: Indicates that authentication requirements are defined per-endpoint via the `security` field.
+
+  EndpointSecuritySchemaDetails:
+    properties: {}
+
   AnyAuthItem:
     discriminated: false
     union:
 
@@ -1518,6 +1518,32 @@
       ],
       "additionalProperties": false
     },
+    "fernDefinition.auth.EndpointSecuritySchemaDetails": {
+      "type": "object",
+      "additionalProperties": false
+    },
+    "fernDefinition.auth.EndpointSecuritySchema": {
+      "type": "object",
+      "properties": {
+        "docs": {
+          "oneOf": [
+            {
+              "type": "string"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "endpoint-security": {
+          "$ref": "#/definitions/fernDefinition.auth.EndpointSecuritySchemaDetails"
+        }
+      },
+      "required": [
+        "endpoint-security"
+      ],
+      "additionalProperties": false
+    },
     "fernDefinition.auth.ApiAuthSchema": {
       "anyOf": [
         {
@@ -1528,6 +1554,9 @@
         },
         {
           "$ref": "#/definitions/fernDefinition.auth.AnyAuthSchemesSchema"
+        },
+        {
+          "$ref": "#/definitions/fernDefinition.auth.EndpointSecuritySchema"
         }
       ]
     },
 
@@ -0,0 +1,9 @@
+// service_auth
+"/token"
+
+// service_user
+"/users"
+"/users"
+"/users"
+"/users"
+"/users"
@@ -18,6 +18,10 @@ export function constructEndpointSecurity(apiAuth: ApiAuth): OpenAPIV3.SecurityR
             apiAuth.schemes.map((scheme) => ({
                 [getNameForAuthScheme(scheme)]: []
             })),
+        endpointSecurity: () => {
+            // When auth is endpoint-security, security is defined per-endpoint, not globally
+            return [];
+        },
         _other: () => {
             throw new Error("Unknown auth scheme requirement: " + apiAuth.requirement);
         }
 
@@ -1,4 +1,14 @@
 # yaml-language-server: $schema=../../../fern-versions-yml.schema.json
+- version: 3.27.0
+  changelogEntry:
+    - summary: |
+        Add `ENDPOINT_SECURITY` value to `AuthSchemesRequirement` enum in the IR. 
+        This allows users to specify that authentication requirements are defined per-endpoint rather than globally. 
+        Users can now use `endpoint-security: {}` in their Fern API definition's `auth` field to indicate that security is configured on individual endpoints via the `security` field.
+      type: feat
+  createdAt: "2025-12-18"
+  irVersion: 62
+
 - version: 3.26.3
   changelogEntry:
     - summary: |
 
@@ -0,0 +1,27 @@
+{
+  "type": "object",
+  "properties": {
+    "access_token": {
+      "type": "string"
+    },
+    "expires_in": {
+      "type": "integer"
+    },
+    "refresh_token": {
+      "oneOf": [
+        {
+          "type": "string"
+        },
+        {
+          "type": "null"
+        }
+      ]
+    }
+  },
+  "required": [
+    "access_token",
+    "expires_in"
+  ],
+  "additionalProperties": false,
+  "definitions": {}
+}
@@ -0,0 +1,17 @@
+{
+  "type": "object",
+  "properties": {
+    "id": {
+      "type": "string"
+    },
+    "name": {
+      "type": "string"
+    }
+  },
+  "required": [
+    "id",
+    "name"
+  ],
+  "additionalProperties": false,
+  "definitions": {}
+}
@@ -4,4 +4,8 @@
 
 import * as FernDefinition from "../../../index";
 
-export type ApiAuthSchema = string | FernDefinition.AuthSchemeReferenceSchema | FernDefinition.AnyAuthSchemesSchema;
+export type ApiAuthSchema =
+    | string
+    | FernDefinition.AuthSchemeReferenceSchema
+    | FernDefinition.AnyAuthSchemesSchema
+    | FernDefinition.EndpointSecuritySchema;
@@ -0,0 +1,10 @@
+/**
+ * This file was auto-generated by Fern from our API Definition.
+ */
+
+import * as FernDefinition from "../../../index";
+
+export interface EndpointSecuritySchema extends FernDefinition.WithDocsSchema {
+    /** Indicates that authentication requirements are defined per-endpoint via the `security` field. */
+    "endpoint-security": FernDefinition.EndpointSecuritySchemaDetails;
+}