delete-operation-cannot-have-request-body
Overview
This rule belongs to the openapi-v3-standards-linting
ruleset and states that:
HTTP methods like GET, DELETE, HEAD are not allowed to have a request body since a payload for these methods do not have any defined semantics. If request body is defined for non-body HTTP verbs, it will get ignored. Therefore, in OpenAPI as well, the DELETE Operation Object must not set the requestBody
property.
Property | Value |
---|---|
Enabled | Yes |
Maximum Severity | Warning |
Message | Operation Object for DELETE HTTP method cannot have a request body. |
Code | OPENAPI3STANDARDS_L044 |
Type | Linting |
Rule System | Semantic |
Broad Category | Operations |
Products Impacted | API Transformer, Code Generation, Developer Experience Portal |
Tags | openapi3 openapi standards semantic linting delete request body body parameter operation |
Suggested Fixes
- Remove the
requestBody
property from the DELETE Operation Object. - Change the HTTP method to POST or any other method that supports request body.
For More Information
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.0.md#operation-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.0.md#operationRequestBody
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.0.md#request-body-object
- https://datatracker.ietf.org/doc/html/rfc7231#section-4.3.5
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md
- https://docs.apimatic.io/rulesets/overview/