This rule belongs to the
openapi-v3-standards-validation ruleset and states that:
The location of the API key specified using property
in of the Security Scheme Object must have only one of the following values:
cookie. Other types are not supported nor allowed.
|Message||Invalid location for API key found.|
|Broad Category||Security Schemes|
|Products Impacted||API Transformer, Code Generation, Developer Experience Portal|
- Value of API key location is compared in a case-sensitive manner.
- Ensure that the API key location value matches exactly with the possible list of values and that there are no typos:
- Ensure that the value for API key location is not null or empty.
For More Information