Skip to main content

no-authorization-header-parameter-definition

Overview

This rule belongs to the openapi-v3-standards-validation ruleset and states that:

The parameters list must not contain an explicit definition for the Authorization header parameter. If a definition is added, it will be ignored.

PropertyValue
EnabledYes
Maximum SeverityWarning
MessageDefinition for Authorization header parameter found.
CodeOPENAPI3STANDARDS_V085
TypeValidation
Rule SystemSemantic
Broad CategoryParameters
Products ImpactedAPI Transformer, Code Generation, Developer Experience Portal
Tagsopenapi3 openapi standards semantic validation authorization header parameter

Suggested Fixes

  • Ensure that the parameters list does not contain a parameter named Authorization with location set as header.
  • Remove the entry for parameter named Authorization from the parameters list.
  • Use the OpenAPI's security schemes and security requirements to configure operation level authentication instead of defining the Authorization header explicitly.

For More Information