required-api-key-security-scheme-parameter-location

Overview

This rule belongs to the swagger-v2-standards-validation ruleset and states that:

If the security scheme type is API Key (i.e. type is set to apiKey), the Security Scheme Object must specify a location for the API Key parameter using the in property. Valid values for location are query or header. If location information is missing, query will be assumed by default automatically during import/transformations in APIMatic.

Property	Value
Enabled	Yes
Maximum Severity	Error
Message	Required in property in API key Security Scheme Object is missing.
Code	SWAGGER20STANDARDS_V374
Type	Validation
Rule System	Semantic
Broad Category	Security Schemes
Products Impacted	API Transformer, Code Generation, Developer Experience Portal
Tags	swagger2 swagger standards semantic validation location api key type security scheme security

Suggested Fixes

• Add missing in property in the Security Scheme Object.
• Make sure that the in property is not null or empty.
• Ensure that the in property has one of the following values: query, or header.
• Choose a different security scheme type if API key location is not applicable in your API authentication's case.

For More Information

• https://github.com/OAI/OpenAPI-Specification/blob/main/versions/2.0.md#security-scheme-object
• https://github.com/OAI/OpenAPI-Specification/blob/main/versions/2.0.md
• https://docs.apimatic.io/rulesets/overview/