Paths are equivalent

Description

Your API contains paths that are equivalent. In practice, these paths are considered to be identical because there is no way of telling them apart. All paths must be unique.

This can happen, for example, if you have defined same path but with different parameter name for different operations. The parameter name alone does not make the path unique.

Example

The following is an example of how this could look in your API definition. GET and PUT operations have the same path but different parameter:

paths:
  
  '/path/{IDs}':
    get:
      summary: Get the ID list
      parameters:
        - name: IDs
          in: path
          required: true
          type: string
      ...
  '/path/{addIDs}':
    put:
      summary: Add IDs to the ID list
      parameters:
        - name: add IDs
          in: path
          required: true
          type: string
      ...

Remediation

Define a single path /path/{parameter} with multiple operations (here GET and PUT):

'/path/{IDs}':
    get:
      summary: Get the ID list
      parameters:
        - name: IDs
          in: path
          required: true
          type: string
      ...
    put:
      summary: Add IDs to the ID list
      parameters:
        - name: add IDs
          in: path
          required: true
          type: string
      ...

If you need multiple paths, make sure that all paths are considered unique.


Get API Security news directly in your Inbox.

By clicking Subscribe you agree to our Data Policy