The OpenAPI specification provides the ability to centrally define how we use API key, JWT, or OAuth authentication across our APIs. The OpenAPI security schemes property centrally defines what authentication mechanisms are available for use across each individual API operation.
The security schemes for an OpenAPI can be used to configure the gateway, generate client code, and be linted using governance rules, helping close the loop on this piece of security. Every API should have security defined as part of the technical contract, introduced centrally by security and governance, but then applied to each operation by teams producing APIs.