After you create the REST API descriptor (RAD), you can define the security definitions in the RAD to enable authentication for the RAD or for an individual operation. You can use the security definitions to define all the supported authentication types for the RAD and then define the security to use a specific authentication type for the RAD or for an individual operation.