OpenAPI format requires specific sections to be present in the API contract file. These include, for example:
- General API information
- Location of the API endpoint
- The resources and HTTP verbs the API exposes
- Formats of incoming and outgoing data communications
If the structure of your API is not well-formed, it may not be possible to audit its security.
This section provides details of the possible issues with the structure of your OpenAPI contract and how you can fix the issues.
- Body parameter defines a property not applicable to body parametersBody parameter must have the 'schema' property definedCircular reference is not allowedExternal references at the path item level are not supportedFile parameter has no 'in: formData' property definedHeader is an array, the 'items' property must be definedHeader is not an array, the 'items' property must not be definedMandatory property is missingNon-body parameter must not define the 'schema' propertyOAuth2 security scheme defines a property not applicable to the defined OAuth2 flowOAuth2 security scheme does not define a property that the defined OAuth2 flow requiresParameter cannot be a JSON reference that points outside '#/parameters'Parameter is an array, the 'items' property must be definedParameter is not an array, the 'items' property must not be definedPath parameter must have the property 'required' set to 'true'Paths in your API definition are not exposedProperty defining a maximum is not greater than the corresponding property defining the minimumProperty must be unique throughout the OpenAPI definitionProperty must have a positive integer valueProperty must have an integer valueProperty value has different type than what the OpenAPI Specification requires for this propertyProperty value is not an enum that the OpenAPI Specification allows for this propertyRequired dependent property of an existing property is missingResponse cannot be a JSON reference that points outside '#/responses'Responses object must contain at least one HTTP response code or a default responseSchema cannot be a JSON reference that points outside '#/definitions'Schema is an array, the 'items' property must be definedSchema is not an array, the 'items' property must not be definedSecurity scheme defines a property not applicable to itSecurity scheme does not define a required propertyTarget of the JSON reference of the parameter does not existTarget of the JSON reference of the response does not exist in the APITarget of the JSON reference of the schema does not existValue 'multi' for the property 'collectionFormat' is only allowed for query parametersValue of the numeric property is too big for the type of the property
Copyright 42Crunch 2021