I’m working with an API that uses OpenAPI for its schema documentation. However, there are certain fields in the request body that shouldn’t be visible to all consumers, for example, internalProperty: bool. These properties are crucial for some internal functionalities but aren’t documented in the public-facing schema.

I’ve considered two approaches to manage these fields:

1. Explicit Code Checks: The server-side code identifies and processes these fields specifically.
2. Dual Schemas: Use a public schema for external consumers and a private schema that includes the undisclosed fields for internal use.

My primary concern is ensuring that the server handles these fields correctly without compromising security or performance.

Is there a standard or recommended approach in the industry for managing such fields in OpenAPI? Are there specific pitfalls or challenges I should be aware of with either of the methods above?