callback-payload-verification-signature-header-required
Overview
This rule belongs to the openapi-v3-apimatic-linting ruleset and states that:
When payload verification is defined for a callback group, the signatureHeader field must be specified. This identifies the HTTP header that contains the signature for payload verification.
| Property | Value |
|---|---|
| Enabled | Yes |
| Maximum Severity | Error |
| Message | The payload verification signature header is required for the callback group. |
| Code | OPENAPI3APIMATIC_L515 |
| Type | Linting |
| Rule System | Semantic |
| Broad Category | OpenAPI Callbacks |
| Products Impacted | Code Generation, Developer Experience Portal |
| Tags | openapi3 openapi apimatic semantic linting callback payload verification signature header required |
Suggested Fixes
- Specify the
signatureHeaderfield in the payload verification definition. - The signature header identifies which HTTP header contains the verification signature.
For More Information
- https://docs.apimatic.io/specification-extensions/swagger-codegen-extensions/#callback-group-extension
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#callback-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md
- https://docs.apimatic.io/rulesets/overview/