diff --git a/rswag-specs/lib/rswag/specs/request_factory.rb b/rswag-specs/lib/rswag/specs/request_factory.rb
index d1d6045..daae7da 100644
--- a/rswag-specs/lib/rswag/specs/request_factory.rb
+++ b/rswag-specs/lib/rswag/specs/request_factory.rb
@@ -65,9 +65,13 @@ module Rswag
 
       def resolve_api_key_parameters
         @api_key_params ||= begin
-          global_requirements = (@global_metadata[:security] || {})
-          requirements = global_requirements.merge(@api_metadata[:operation][:security] || {})
-          definitions = (@global_metadata[:securityDefinitions] || {}).slice(*requirements.keys)
+          # First figure out the security requirement applicable to the operation
+          global_requirements = (@global_metadata[:security] || [] ).map { |r| r.keys.first }
+          operation_requirements = (@api_metadata[:operation][:security] || [] ).map { |r| r.keys.first }
+          requirements = global_requirements | operation_requirements
+
+          # Then obtain the scheme definitions for those requirements
+          definitions = (@global_metadata[:securityDefinitions] || {}).slice(*requirements)
           definitions.values.select { |d| d[:type] == :apiKey }
         end
       end
diff --git a/rswag-specs/spec/rswag/specs/example_helpers_spec.rb b/rswag-specs/spec/rswag/specs/example_helpers_spec.rb
index 4b95571..6b389d4 100644
--- a/rswag-specs/spec/rswag/specs/example_helpers_spec.rb
+++ b/rswag-specs/spec/rswag/specs/example_helpers_spec.rb
@@ -26,9 +26,9 @@ module Rswag
               { name: 'q1', in: :query, type: 'string' },
               { name: :blog, in: :body, schema: { type: 'object' } }
             ],
-            security: {
-              api_key: []
-            }
+            security: [
+              { api_key: [] }
+            ]
           }
         }
       end
diff --git a/rswag-specs/spec/rswag/specs/request_factory_spec.rb b/rswag-specs/spec/rswag/specs/request_factory_spec.rb
index 6a5d92a..c6791b1 100644
--- a/rswag-specs/spec/rswag/specs/request_factory_spec.rb
+++ b/rswag-specs/spec/rswag/specs/request_factory_spec.rb
@@ -102,7 +102,7 @@ module Rswag
           end
 
           context 'global requirement' do
-            before { global_metadata[:security] = { api_key: [] } }
+            before { global_metadata[:security] = [ { api_key: [] } ] }
 
             it "appends the api_key using metadata and example value" do
               expect(path).to eq('/blogs/1/comments/2?api_key=fookey')
@@ -110,7 +110,7 @@ module Rswag
           end
 
           context 'operation-specific requirement' do
-            before { api_metadata[:operation][:security] = { api_key: [] } }
+            before { api_metadata[:operation][:security] = [ { api_key: [] } ] }
 
             it "appends the api_key using metadata and example value" do
               expect(path).to eq('/blogs/1/comments/2?api_key=fookey')
diff --git a/test-app/spec/swagger_helper.rb b/test-app/spec/swagger_helper.rb
index ae18921..a3b76b4 100644
--- a/test-app/spec/swagger_helper.rb
+++ b/test-app/spec/swagger_helper.rb
@@ -51,9 +51,9 @@ RSpec.configure do |config|
           in: :query
         }
       },
-      security: {
-        api_key: []
-      }
+      security: [
+        { api_key: [] }
+      ]
     }
   }
 end
diff --git a/test-app/swagger/v1/swagger.json b/test-app/swagger/v1/swagger.json
index 3b135ff..e2e0311 100644
--- a/test-app/swagger/v1/swagger.json
+++ b/test-app/swagger/v1/swagger.json
@@ -145,9 +145,11 @@
       "in": "query"
     }
   },
-  "security": {
-    "api_key": [
+  "security": [
+    {
+      "api_key": [
 
-    ]
-  }
+      ]
+    }
+  ]
 }
\ No newline at end of file