At least one 200 or 202 response should be defined for GET operations

Description

GET operations in your API must have at least one 200 or 202 response defined.

Example

The following is an example of how this issue could look in your API definition:

"get": {
  "description": "Returns all pets from the system that the user has access to",
  ...
  "responses": {
    "default": {
      "description": "unexpected error",
      "schema": {
        "$ref": "../common/Error.json"
      }
    }
  }
}

Possible exploit scenario

Attackers strive to make your APIs behave in an unexpected way to learn more about your system or to cause a data breach. We highly recommend that you minimize any risks and clearly specify the data that your API operations can return for each possible response code.

Remediation

Define 200 or 202 responses for all GET operations.

"get": {
  "description": "Returns all pets from the system that the user has access to",
  ...
  "responses": {
    "200": {
      "description": "pet response",
      "schema": {
        "type": "array",
        "items": {
          "$ref": "Pet.json"
        }
      }
    },
    "default": {
     "description": "unexpected error",
      "schema": {
        "$ref": "../common/Error.json"
      }
    }
  }
}

Get API Security news directly in your Inbox.

By clicking Subscribe you agree to our Data Policy