I have an Spring Boot implemented in Kotlin exposing a REST API that is documented using OpenAPI annotations. The API is grouped into three parts: eco, flow and platform. The code (Spring Boot Controllers) reside in separate packages and have separate path prefixes.

The OpenAPI definition is defined as follows:

class SpringdocConfiguration() {

    fun eco() = GroupedOpenApi.builder()

    fun flow() = GroupedOpenApi.builder()

    fun platform() = GroupedOpenApi.builder()

I wanto the eco part to be publicly visible. However, the flow and the platform API documentation should only be visible after some form of authentication (e.g. username/password using BasicAuth). Is that possible with OpenApi or do I need to implement this using Spring Security?