no-authorization-header-parameter-definition
Overview
This rule belongs to the openapi-v3-standards-validation ruleset and states that:
The parameters list must not contain an explicit definition for the Authorization header parameter. If a definition is added, it will be ignored.
| Property | Value |
|---|---|
| Enabled | Yes |
| Maximum Severity | Warning |
| Message | Definition for Authorization header parameter found. |
| Code | OPENAPI3STANDARDS_V085 |
| Type | Validation |
| Rule System | Semantic |
| Broad Category | Parameters |
| Products Impacted | API Transformer, Code Generation, Developer Experience Portal |
| Tags | openapi3 openapi standards semantic validation authorization header parameter |
Suggested Fixes
- Ensure that the parameters list does not contain a parameter named
Authorizationwith location set asheader. - Remove the entry for parameter named
Authorizationfrom the parameters list. - Use the OpenAPI's security schemes and security requirements to configure operation level authentication instead of defining the
Authorizationheader explicitly.
For More Information
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.0.md#fixed-fields-10
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.0.md#parameter-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#fixed-fields-10
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#parameter-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#openapi-specification
- https://docs.apimatic.io/rulesets/overview/