Suppose I have an API called “User”, and in there is a
/session and a
/tasks endpoint. Is it possible to have
POST /session open (so the user can log in) while at the same time having
GET /tasks requiring authorization? Or do we have to create two different definitions that point to the same service?