Skip to main content



This rule belongs to the apimatic-preliminary-linting ruleset and states that:

APIs almost always require only authorized users to make requests to the API server. For this, a particular authentication mechanism is required to be followed. If the API requires authentication, the authentication mechanism must be defined globally in the authentication section of the relevant API description format. Endpoints not requiring any authentication can be excluded as required.

Maximum SeverityInformation
MessageNo authentication mechanism defined for this API.
Rule SystemSemantic
Broad CategoryAuthentication
Products ImpactedCode Generation, Developer Experience Portal, API Transformer
Tagspreliminary checks linting apimatic authentication authorization

Suggested Fixes

  • If the API uses any kind of authentication, it must be defined in the global authentication section.
  • If your API uses a custom authentication flow, it can be manually defined using endpoints. The global authentication mechanism may be skipped in that case.

For More Information