Non-body parameter must not define the schema property

Description

The parameter in question is not a body parameter, but it has the schema property defined. Non-body parameters must not have the schema property defined.

Example

The following is an example of how this issue could look in your API definition:

{
  "name": "IDs",
  "in": "query",
  "description": "IDs to fetch",
  "required": false,
  "schema": {
    "type": "object"
    "required": [
          "ID list"
     ],
     "properties": {
        "ID list"
          "type": "array",
          "items": {
          "type": "integer"
           ...
     },
    "collectionFormat": "multi"
  }
}

Remediation

Make sure that non-body parameters do not have the schema property defined.

{
  "name": "IDs",
  "in": "query",
  "description": "IDs to fetch",
  "required": false,
  "type": "array",
  "items": {
    "type": "integer"
     ...
  },
  "collectionFormat": "multi"
}

Get API Security news directly in your Inbox.

By clicking Subscribe you agree to our Data Policy