at-least-one-security-mechanism-applied
Overview
This rule belongs to the openapi-v3-apimatic-linting ruleset and states that:
APIs that require some form of authentication must define the security schemes used, in the global Components Object using the securitySchemes property and apply these security schemes to the endpoints that require authentication. This will ensure that the requests that require authentication are authenticated properly.
| Property | Value |
|---|---|
| Enabled | Yes |
| Maximum Severity | Warning |
| Message | No security mechanism applied to the API. |
| Code | OPENAPI3APIMATIC_L930 |
| Type | Linting |
| Rule System | Semantic |
| Broad Category | OpenAPI Security Requirements |
| Products Impacted | API Transformer, Code Generation, Developer Experience Portal |
| Tags | openapi3 openapi apimatic semantic linting security schemes security requirements scheme components |
Suggested Fixes
- Remove any Authorization header definitions from the operations and instead define the authentication mechanism using the OpenAPI's global security schemes. Then apply those schemes to operations as required.
- When defining a security scheme globally assign a short but unique name for it.
- Choose the appropriate security scheme type when defining a security scheme.
- If your API does not require authentication, you can ignore this lint check or disable it.
For More Information
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#components-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#security-scheme-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md
- https://docs.apimatic.io/rulesets/overview/