Skip to main content



This rule belongs to the postman-validation ruleset and states that:

If the authentication type is oauth2 and grant_type is set as implicit or authorization_code, then the authentication object must specify a non-empty authorization URL to be used for this grant type, using the authUrl property. If the authorization URL information is missing, a dummy value will be assigned to it automatically during import/transformations in APIMatic.

Maximum SeverityError
MessageRequired authUrl property in authentication configuration is missing.
Rule SystemSemantic
Broad CategoryAuthentication
Products ImpactedAPI Transformer, Code Generation, Developer Experience Portal
Tagspostman api semantic validation url authorization oauth2 type authentication

Suggested Fixes

  • Add missing authUrl property in the oauth2 authentication definition.
  • Make sure that the authUrl property in the oauth2 authentication object is not empty and is a valid absolute URL.
  • Choose a different grant_type (e.g. password, client_credentials) in the oauth2 authentication object if the current URL is not applicable for your API authentication.
  • In the Postman application, open the target request/folder/collection level authentication configuration settings by navigating to the relevant Auth section. Next, select OAuth 2.0 from the Type dropdown, then ensure that the Auth URL property is set to a valid absolute URL. Save and export your Postman Collection file again.
  • Choose a different grant type from the Grant Type dropdown in the Auth section if the current authorization URL is not applicable for your API authentication.

For More Information