This rule belongs to the
openapi-v3-apimatic-linting ruleset and states that:
APIs that require some form of authentication must define the security schemes used, in the global Components Object using the
securitySchemes property and apply these security schemes to the endpoints that require authentication. This will ensure that the requests that require authentication are authenticated properly.
|Message||No security mechanism applied to the API.|
|Broad Category||OpenAPI Security Requirements|
|Products Impacted||API Transformer, Code Generation, Developer Experience Portal|
- Remove any Authorization header definitions from the operations and instead define the authentication mechanism using the OpenAPI's global security schemes. Then apply those schemes to operations as required.
- When defining a security scheme globally assign a short but unique name for it.
- Choose the appropriate security scheme type when defining a security scheme.
- If your API does not require authentication, you can ignore this lint check or disable it.
For More Information