Skip to main content



This rule belongs to the swagger-v1-validation ruleset and states that:

If the authorization type is API Key (i.e. type is set to apiKey), the Authorization Object must specify how the API key parameter must be passed, using the passAs property. Valid values for it are query or header. If a value is not provided, query will be assumed by default automatically during import/transformations into APIMatic.

Maximum SeverityError
MessageRequired passAs property in API key Authorization Object is missing.
Rule SystemSemantic
Broad CategoryAuthorizations
Products ImpactedAPI Transformer, Code Generation, Developer Experience Portal
Tagsswagger1 swagger semantic validation pass as api key type authorization

Suggested Fixes

  • Add missing passAs property in the Authorization Object.
  • Make sure that the passAs property is not null or empty.
  • Ensure that the passAs property has one of the following values: query, or header.
  • Choose a different authorization type if API key configuration is not applicable in your API authentication's case.

For More Information