The ‘security’ section references a security scheme not defined in the ‘securityDefinitions’

Description

The security section contains a reference to a security scheme that is not defined in the securityDefinitions field. The security section specifies what kind of authentication your API requires, either on global level for the whole API or for individual API operations.

Example

The following is an example how this could look in your API definition. The security section references an OAuth security scheme, but this scheme has not been defined in securityDefinitions:

"schemes": [
    "https"
  ],
  ...
  "securityDefinitions": {
    "regularSecurity": {
      "type": "basic"
    }
  },
  ...
  "security": [
    {
      "regularSecurity": []
      "OAuth2": [ "readOnly" ]
    }
  ],
  ...
}

Remediation

Make sure that all security schemes that the  security section  references are defined in the securityDefinitions field.

"schemes": [
    "https"
  ],
  ...
  "securityDefinitions": {
    "regularSecurity": {
      "type": "basic"
    }
     "OAuth2": {
       "type": "oauth2",
       "flow": "accessCode",
       "scopes": {
        ...
     },
  ...
  "security": [
    {
      "regularSecurity": []
      "OAuth2": [ "readOnly" ]
    }
  ],
  ...
}

 


Get API Security news directly in your Inbox.

By clicking Subscribe you agree to our Data Policy