If operation has security defined, the 403 response should be defined

Description

If the security section defines security requirements for an API operation, you should define 401 and 403 responses for the operation. The 403 response is missing.

Remediation

Define 403 responses for all operations that have security defined for them.


Get API Security news directly in your Inbox.

By clicking Subscribe you agree to our Data Policy