Skip to main content



This rule belongs to the apimatic-preliminary-linting ruleset and states that:

A declaration of Authorization header at endpoint level is not recommended. Alternatively, make use of the appropriate authentication scheme for the API which will automatically enable the authentication globally for all your endpoints except those that do not require authentication.

Maximum SeverityInformation
MessageAuthorization header declaration found in endpoint headers.
Rule SystemSemantic
Broad CategoryEndpoints
Products ImpactedCode Generation, Developer Experience Portal, API Transformer
Tagspreliminary checks linting apimatic authentication endpoint authorization headers request headers

Suggested Fixes

  • Make use of a global API authentication scheme and remove all inline declarations of endpoint level Authorization headers.
  • If an endpoint does not require authentication, enable the Skip Authentication flag for that endpoint.

For More Information