Skip to main content

api-authentication-mechanism-defined

Overview

This rule belongs to the apimatic-preliminary-linting ruleset and states that:

APIs almost always require only authorized users to make requests to the API server. For this, a particular authentication mechanism is required to be followed. If the API requires authentication, the authentication mechanism must be defined globally in the authentication section of the relevant API description format. Endpoints not requiring any authentication can be excluded as required.

PropertyValue
EnabledYes
Maximum SeverityInformation
MessageNo authentication mechanism defined for this API.
CodeAPIMATICPRE_L022
TypeLinting
Rule SystemSemantic
Broad CategoryAuthentication
Products ImpactedCode Generation, Developer Experience Portal, API Transformer
Tagspreliminary checks linting apimatic authentication authorization

Suggested Fixes

  • If the API uses any kind of authentication, it must be defined in the global authentication section.
  • If your API uses a custom authentication flow, it can be manually defined using endpoints. The global authentication mechanism may be skipped in that case.

For More Information