Skip to main content



This rule belongs to the openapi-v3-standards-validation ruleset and states that:

The parameters list must not contain an explicit definition for the Authorization header parameter. If a definition is added, it will be ignored.

Maximum SeverityWarning
MessageDefinition for Authorization header parameter found.
Rule SystemSemantic
Broad CategoryParameters
Products ImpactedAPI Transformer, Code Generation, Developer Experience Portal
Tagsopenapi3 openapi standards semantic validation authorization header parameter

Suggested Fixes

  • Ensure that the parameters list does not contain a parameter named Authorization with location set as header.
  • Remove the entry for parameter named Authorization from the parameters list.
  • Use the OpenAPI's security schemes and security requirements to configure operation level authentication instead of defining the Authorization header explicitly.

For More Information