valid-security-scheme-type

Overview

This rule belongs to the swagger-v2-standards-validation ruleset and states that:

The type of the security scheme specified using property type of the Security Scheme Object must have only one of the following values: apiKey, basic or oauth2. Other types are not supported or allowed.

Property	Value
Enabled	Yes
Maximum Severity	Error
Message	Invalid type of security scheme found.
Code	SWAGGER20STANDARDS_V372
Type	Validation
Rule System	Semantic
Broad Category	Security Schemes
Products Impacted	API Transformer, Code Generation, Developer Experience Portal
Tags	swagger2 swagger standards semantic validation type security scheme security

Suggested Fixes

• Value of security scheme type is compared in a case-sensitive manner.
• Ensure that the security scheme type value matches exactly with the possible list of values and that there are no typos: apiKey, basic, or oauth2.
• Ensure that the value for security scheme type is not null or empty.

For More Information

• https://github.com/OAI/OpenAPI-Specification/blob/main/versions/2.0.md
• https://github.com/OAI/OpenAPI-Specification/blob/main/versions/2.0.md#format
• https://github.com/OAI/OpenAPI-Specification/blob/main/versions/2.0.md#patterned-fields-10
• https://docs.apimatic.io/rulesets/overview/