When writing an Open API 3.0 specification that is to be used to create an AWS API Gateway API method, if you want to use a custom authorizer to authorize API access using multiple headers to hold two or more values (such as API Token and API Secret for example) you can do so by adding the two headers to the x-amazon-apigateway-authorizer.identitySource as a comma separated list. It is important to set the securityScheme.name to the value of 'Unused' (see below)

      type: apiKey
      name: Unused
      in: header
      x-amazon-apigateway-authtype: 'Custom Authentication using API Key and Secret'
        type: request
        identitySource: method.request.header.API-Token, method.request.header.API-Secret
        authorizerUri: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:API-Key-Authorizer/invocations
        enableSimpleResponses: true
        authorizerResultTtlInSeconds: 0

References: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-authorizer.html