I have an Spring Boot implemented in Kotlin exposing a REST API that is documented using OpenAPI annotations. The API is grouped into three parts: eco, flow and platform. The code (Spring Boot Controllers) reside in separate packages and have separate path prefixes.

The OpenAPI definition is defined as follows:

@Configuration
@OpenAPIDefinition
class SpringdocConfiguration() {

    @Bean
    fun eco() = GroupedOpenApi.builder()
        .group("eco")
        .pathsToMatch("/some/path/eco")
        .packagesToScan("com.my.app.eco")
        .build()

    @Bean
    fun flow() = GroupedOpenApi.builder()
        .group("flow")
        .pathsToMatch("/some/path/flow")
        .packagesToScan("com.my.app.flow")
        .build()

    @Bean
    fun platform() = GroupedOpenApi.builder()
        .group("platform")
        .pathsToMatch("/some/path/platform")
        .packagesToScan("com.my.app.platform")
        .build()
}

I wanto the eco part to be publicly visible. However, the flow and the platform API documentation should only be visible after some form of authentication (e.g. username/password using BasicAuth). Is that possible with OpenApi or do I need to implement this using Spring Security?