Non-body parameter must not define the schema property

Description

The parameter in question is not a body parameter, but it has the schema property defined. Non-body parameters must not have the schema property defined.

For more details, see the OpenAPI Specification.

Example

The following is an example of how this issue could look in your API definition:

{
  "name": "IDs",
  "in": "query",
  "description": "IDs to fetch",
  "required": false,
  "schema": {
    "type": "object"
    "required": [
          "ID list"
     ],
     "properties": {
        "ID list"
          "type": "array",
          "items": {
          "type": "integer"
           ...
     },
    "collectionFormat": "multi"
  }
}

Remediation

Make sure that non-body parameters do not have the schema property defined.

{
  "name": "IDs",
  "in": "query",
  "description": "IDs to fetch",
  "required": false,
  "type": "array",
  "items": {
    "type": "integer"
     ...
  },
  "collectionFormat": "multi"
}

Get API Security news directly in your Inbox.

By clicking Subscribe you agree to our Data Policy