valid-api-key-security-scheme-parameter-location

Overview

This rule belongs to the swagger-v2-standards-validation ruleset and states that:

The location of the API key specified using property in of the Security Scheme Object must have only one of the following values: query, or header. Other types are not supported nor allowed.

Property	Value
Enabled	Yes
Maximum Severity	Error
Message	Invalid location for API key found.
Code	SWAGGER20STANDARDS_V375
Type	Validation
Rule System	Semantic
Broad Category	Security Schemes
Products Impacted	API Transformer, Code Generation, Developer Experience Portal
Tags	swagger2 swagger standards semantic validation location api key type security scheme security

Suggested Fixes

• Value of API key location is compared in a case-sensitive manner.
• Ensure that the API key location value matches exactly with the possible list of values and that there are no typos: query, or header.
• Ensure that the value for API key location is not null or empty.

For More Information

• https://github.com/OAI/OpenAPI-Specification/blob/main/versions/2.0.md#security-scheme-object
• https://github.com/OAI/OpenAPI-Specification/blob/main/versions/2.0.md
• https://docs.apimatic.io/rulesets/overview/