webhook-payload-verification-signature-header-required
Overview
This rule belongs to the openapi-v3-apimatic-linting ruleset and states that:
When payload verification is defined for a webhook group, the signatureHeader field must be specified. This identifies the HTTP header that contains the signature for payload verification.
| Property | Value |
|---|---|
| Enabled | Yes |
| Maximum Severity | Error |
| Message | The payload verification signature header is required for the webhook group. |
| Code | OPENAPI3APIMATIC_L1045 |
| Type | Linting |
| Rule System | Semantic |
| Broad Category | OpenAPI Webhooks |
| Products Impacted | Code Generation, Developer Experience Portal |
| Tags | openapi3 openapi apimatic semantic linting webhook payload verification signature header required |
Suggested Fixes
- Specify the
signatureHeaderfield in the payload verification definition. - The signature header identifies which HTTP header contains the verification signature.
For More Information
- https://docs.apimatic.io/specification-extensions/swagger-codegen-extensions/#webhook-group-extension
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.0.md#fixed-fields
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md
- https://docs.apimatic.io/rulesets/overview/