valid-security-scheme-type
Overview
This rule belongs to the openapi-v3-standards-validation ruleset and states that:
The type of the security scheme specified using property type of the Security Scheme Object must have only one of the following values: apiKey, http, oauth2, openIdConnect. Type mutualTLS can also be used but only for OpenAPI v3.1.x documents. Other types are not supported or allowed.
| Property | Value |
|---|---|
| Enabled | Yes |
| Maximum Severity | Error |
| Message | Invalid type of security scheme found. |
| Code | OPENAPI3STANDARDS_V411 |
| Type | Validation |
| Rule System | Semantic |
| Broad Category | Security Schemes |
| Products Impacted | API Transformer, Code Generation, Developer Experience Portal |
| Tags | openapi3 openapi standards semantic validation type security scheme security |
Suggested Fixes
- Value of security scheme type is compared in a case-sensitive manner.
- Ensure that the security scheme type value matches exactly with the possible list of values and that there are no typos:
apiKey,http,oauth2,openIdConnect. - If you are using OpenAPI v3.1.x documents, you can also use the
mutualTLStype. - Ensure that the value for security scheme type is not null or empty.
For More Information
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#openapi-specification
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.0.md#security-scheme-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#fixed-fields-23
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#security-scheme-object
- https://docs.apimatic.io/rulesets/overview/