Skip to main content



This rule belongs to the raml-validation ruleset and states that:

If the OAuth 2.0 settings include client_credentials, password or authorization_code in the authorizationGrants list, the settings must also specify a non-empty access token URL using the accessTokenUri property.

Maximum SeverityError
MessageRequired accessTokenUri property in OAuth 2.0 security settings is missing.
Rule SystemSemantic
Broad CategorySecurity Schemes
Products ImpactedAPI Transformer, Code Generation, Developer Experience Portal
Tagsraml semantic validation uri access token settings oauth2 security scheme security

Suggested Fixes

  • Add missing accessTokenUri property in the OAuth 2.0 security settings.
  • Make sure that the accessTokenUri property is not null or empty.
  • If you think that the accessTokenUri is not applicable, remove client_credentials, password or authorization_code grant types from the authorizationGrants OAuth 2.0 setting list.

For More Information