Skip to main content



This rule belongs to the swagger-v2-standards-validation ruleset and states that:

In a Swagger 2.0 document, the Security Requirement Object property value allows specifying scope values for OAuth 2.0 security schemes. For all other security scheme types (i.e. for type not set as oauth2), the property value must be set as an empty array.

Maximum SeverityError
MessageSecurity requirement value is not an empty array.
Rule SystemSemantic
Broad CategorySecurity Requirements
Products ImpactedAPI Transformer, Code Generation, Developer Experience Portal
Tagsswagger2 swagger standards semantic validation scopes oauth 2.0 security schemes security requirement security

Suggested Fixes

  • Set the security requirement property value as an empty array i.e. remove any items included in the array.
  • If you want to add scope values in the array, make sure that the security scheme you are applying using the security requirement property is of type oauth2.
  • The array can only contain scope values for OAuth 2.0 security schemes and should not contain any other type of data.
  • Security roles specific data can only be added for Swagger 2.0 documents.

For More Information