OpenAPI Queries List

This page contains all queries from OpenAPI.

Query Severity Category Description Help
Cleartext API Key In Operation Security
d90d4e40-44c1-4125-87a0-e072c3e195b5
High Access Control API Keys should not be sent as cleartext over an unencrypted channel Documentation
Field 'securityScheme' On Components Is Undefined
8db5544e-4874-4baa-9322-e9f75a2d219e
High Access Control Components' securityScheme field must have a valid scheme Documentation
Global Security Field Is Undefined
8af270ce-298b-4405-9922-82a10aee7a4f
High Access Control Global security field should be defined to prevent API to have insecure paths and have this rules defined on securitySchemes Documentation
Global Security Field Has An Empty Array
d674aea4-ba8b-454b-bb97-88a772ea33f0
High Access Control Security object need to have defined rules in its array and rules should be defined on securityScheme Documentation
Security Field On Operations Has An Empty Object Definition
baade968-7467-41e4-bf22-83ca222f5800
High Access Control Security object for operations should not be empty object or has any empty object definition Documentation
No Global And Operation Security Defined
96729c6b-7400-4d9e-9807-17f00cdde4d2
High Access Control All paths should have security scheme, if it is omitted, global security field should be defined Documentation
Global security field has an empty object
543e38f4-1eee-479e-8eb0-15257013aa0a
High Access Control Global security definition must not have empty objects Documentation
Cleartext Credentials With Basic Authentication For Operation
86b1fa30-9790-4980-994d-a27e0f6f27c1
High Access Control Cleartext credentials over unencrypted channel should not be accepted for the operation Documentation
Security Field On Operations Has An Empty Array
663c442d-f918-4f62-b096-0bf5dcbeb655
High Access Control Security object for operations, if defined, must define a security scheme, otherwise it should be considered an error Documentation
Schema Array Items Has No Type
be0e0df7-f3d9-42a1-9b6f-d425f94872c4
High Insecure Configurations Schema array items type should be defined Documentation
Array Schema Without Maximum Number of Items
6998389e-66b2-473d-8d05-c8d71ac4d04d
High Insecure Configurations Array schema should have the field 'maxItems' set Documentation
Cleartext API Key In Global Security
9c238c97-1991-4c0b-9c7d-6c7912e1dc7c
Medium Access Control API Keys should not be sent as cleartext over an unencrypted channel Documentation
Security Scheme Using HTTP Negotiate
f525cc92-9050-4c41-a75c-890dc6f64449
Medium Access Control Security Scheme HTTP should not be using negotiate authentication Documentation
Implicit Flow in OAuth2
4a1f3d75-ab73-41b2-83e7-06a93dc3a75a
Medium Access Control There is a 'securityScheme' using implicit flow on OAuth2, which is deprecated Documentation
Security Scheme HTTP Unknown Scheme
06764426-3c56-407e-981f-caa25db1c149
Medium Access Control Security Scheme HTTP scheme should be registered in the IANA Authentication Scheme registry Documentation
Security Scheme Using HTTP Digest
a4247b11-890b-45df-bf42-350a7a3af9be
Medium Access Control Security Scheme HTTP should not be using digest authentication Documentation
Security Scheme Using HTTP Basic
68e5fcac-390c-4939-a373-6074b7be7c71
Medium Access Control Security Scheme HTTP should not be using basic authentication Documentation
API Key Exposed In Global Security
aecee30b-8ea1-4776-a99c-d6d600f0862f
Medium Access Control API Keys should not be transported over network Documentation
Invalid OAuth2 Authorization URL
52c0d841-60d6-4a81-88dd-c35fef36d315
Medium Access Control The field authorizationUrl on implicit or authorizationCode fields from OAuth must be a valid URL Documentation
OAuth2 With Password Flow
3979b0a4-532c-4ea7-86e4-34c090eaa4f2
Medium Access Control OAuth2 password flow insecurely exposes the credentials of the resource owner to the client Documentation
Invalid OAuth2 Token URL
3ba0cca1-b815-47bf-ac62-1e584eb64a05
Medium Access Control OAuth2 security scheme flow requires a valid URL in the tokenUrl field Documentation
OAuth2 With Implicit Flow
39cb32f2-3a42-4af0-8037-82a7a9654b6c
Medium Access Control OAuth2 implicit flow is vulnerable to access token leakage and access token replay Documentation
Global Server Object Uses HTTP
2d8c175a-6d90-412b-8b0e-e034ea49a1fe
Medium Encryption Global server object URL should use 'https' protocol instead of 'http' Documentation
Path Server Object Uses HTTP
9670f240-7b4d-4955-bd93-edaa9fa38b58
Medium Encryption The property 'url' in the Path Server Object should only allow 'HTTPS' protocols to ensure an encrypted connection Documentation
JSON Object Schema Without Properties
9d967a2b-9d64-41a6-abea-dfc4960299bd
Medium Insecure Configurations Schema of the JSON object should have properties defined and 'additionalProperties' set to false. Documentation
Schema Object is Empty
500ce696-d501-41dd-86eb-eceb011a386f
Medium Insecure Configurations The Schema Object should not be empty to avoid accepting any JSON values Documentation
Numeric Schema Without Maximum
2ea04bef-c769-409e-9179-ee3a50b5c0ac
Medium Insecure Configurations Numeric schema (type set to 'integer' or 'number') should have 'maximum' defined. Documentation
Parameter Object Without Schema
8fe1846f-52cc-4413-ace9-1933d7d23672
Medium Insecure Configurations The Parameter Object should have the attribute 'schema' defined Documentation
Numeric Schema Without Format
fbf699b5-ef74-4542-9cf1-f6eeac379373
Medium Insecure Configurations Numeric schema (type set to 'integer' or 'number') should have 'format' defined. Documentation
String Schema Without Pattern
00b78adf-b83f-419c-8ed8-c6018441dd3a
Medium Insecure Configurations String schema should have 'pattern' defined. Documentation
String Schema Without Maximum Length
8c8261c2-19a9-4ef7-ad37-b8bc7bdd4d85
Medium Insecure Configurations String schema should have 'maxLength' defined. Documentation
JSON Object Schema Without Type
e2ffa504-d22a-4c94-b6c5-f661849d2db7
Medium Insecure Configurations Schema of the JSON object should have 'type' defined. Documentation
Media Type Object Without Schema
f79b9d26-e945-44e7-98a1-b93f0f7a68a0
Medium Insecure Configurations The Media Type Object should have the attribute 'schema' defined Documentation
String Schema with Broad Pattern
8c81d6c0-716b-49ec-afa5-2d62da4e3f3c
Medium Insecure Configurations String schema should restrict the pattern Documentation
Numeric Schema Without Minimum
181bd815-767e-4e95-a24d-bb3c87328e19
Medium Insecure Configurations Numeric schema (type set to 'integer' or 'number') should have 'minimum' defined. Documentation
Success Response Code Undefined for Trace Operation
105e20dd-8449-4d71-95c6-d5dac96639af
Medium Networking and Firewall Trace should define the '200' successful code Documentation
Response on operations that should have a body has undefined schema
a92be1d5-d762-484a-86d6-8cd0907ba100
Medium Networking and Firewall If a response is not head or its code is not 204 or 304, it should have a schema defined Documentation
Success Response Code Undefined for Post Operation
f368dd2d-9344-4146-a05b-7c6faa1269ad
Medium Networking and Firewall Post should define at least one success response (200, 201, 202 or 204) Documentation
Default Response Undefined On Operations
86e3702f-c868-44b2-b61d-ea5316c18110
Medium Networking and Firewall Operations responses should have a default response defined Documentation
Header Object Without Schema
50de3b5b-6465-4e06-a9b0-b4c2ba34326b
Medium Networking and Firewall The header object should have schema defined Documentation
Response on operations that should not have a body has declared content
12a7210b-f4b4-47d0-acac-0a819e2a0ca3
Medium Networking and Firewall If a response is head or its code is 204 or 304, it shouldn't have a content defined Documentation
Response Code Missing
6c35d2c6-09f2-4e5c-a094-e0e91327071d
Medium Networking and Firewall 500, 429 and 400 responses should be defined for all operations, except head operation. 415 response should be defined for the post, put, and patch operations. 404 response should be defined for the get, put, head, delete operations. 200 response should be defined for options operation. 401 and 403 response should be defined for all operations when the security field is defined. Documentation
Success Response Code Undefined for Delete Operation
3b497874-ae59-46dd-8d72-1868a3b8f150
Medium Networking and Firewall Delete should define at least one success response (200, 201, 202 or 204) Documentation
Success Response Code Undefined for Put Operation
60b5f56b-66ff-4e1c-9b62-5753e16825bc
Medium Networking and Firewall Put should define at least one success response (200, 201, 202 or 204) Documentation
Success Response Code Undefined for Head Operation
3b066059-f411-4554-ac8d-96f32bff90da
Medium Networking and Firewall Head should define at least one success response (200 or 202) Documentation
Success Response Code Undefined for Patch Operation
1908a8ee-927d-4166-8f18-241152170cc1
Medium Networking and Firewall Patch should define at least one success response (200, 201, 202 or 204) Documentation
Success Response Code Undefined for Get Operation
b2f275be-7d64-4064-b418-be6b431363a7
Medium Networking and Firewall Get should define at least one success response (200 or 202) Documentation
API Key Exposed In Operation Security
281b8071-6226-4a43-911d-fec246d422c2
Low Access Control API Keys should not be transported over network Documentation
Undefined Scope 'securityScheme' On Global 'security' Field
23a9e2d9-8738-4556-a71c-2802b6ffa022
Low Access Control Using an scope on global security field that is undefined on 'securityScheme' can be defined by an attacker Documentation
Security Scheme Using Oauth 1.0
1bc3205c-0d60-44e6-84f3-44fbf4dac5b3
Low Access Control Oauth 1.0 is deprecated, OAuth2 should be used instead Documentation
API Key Exposed In Global Security Scheme
40e1d1bf-11a9-4f63-a3a2-a8b84c602839
Low Access Control API Keys should not be transported over network Documentation
Global Security Scheme Using Basic Authentication
77276d82-4f45-4cf1-8e2b-4d345b936228
Low Access Control A security scheme is allowing basic authentication credentials to be transported over network Documentation
Undefined Scope 'securityScheme' On 'security' Field On Operations
462d6a1d-fed9-4d75-bb9e-3de902f35e6e
Low Access Control Using an scope on security of operations that is undefined on 'securityScheme' can be defined by an attacker Documentation
Schema Invalid Number Format
d929c031-078f-4241-b802-e224656ad890
Low Insecure Configurations Schema numeric types should be valid, for integer must be int32 or int64 and number must be float or double Documentation
Unknown Schema String Format
a767f960-0489-4532-a6a0-3f0b43da7dab
Low Insecure Configurations String schema should have the format field set as 'date', 'date-time', 'password', 'byte', 'binary', 'email', 'uuid', 'uri', 'hostname', 'ipv4' or 'ipv6' Documentation
Unknown Prefix
a5375be3-521c-43bb-9eab-e2432e368ee4
Info Best Practices The media type prefix should be set as 'application', 'audio', 'font', 'example', 'image', 'message', 'model', 'multipart', 'text' or 'video' Documentation
Invalid Operation External Documentation URL
5ea61624-3733-4a3a-8ca4-b96fec9c5aeb
Info Best Practices Operation External Documentation URL should be a valid URL Documentation
Header Parameter Named as 'Authorization'
8c84f75e-5048-4926-a4cb-33e7b3431300
Info Best Practices The header Parameter should not be named as 'Authorization'. If so, it will be ignored. Documentation
Components Parameter Definition Is Unused
698a464e-bb3e-4ba8-ab5e-e6599b7644a0
Info Best Practices Components parameters definitions should be referenced or removed from Open API definition Documentation
Header Parameter Named as 'Content-Type'
72d259ca-9741-48dd-9f62-eb11f2936b37
Info Best Practices The header Parameter should not be named as 'Content-Type'. If so, it will be ignored. Documentation
Invalid Media Type Value
cf4a5f45-a27b-49df-843a-9911dbfe71d4
Info Best Practices The Media Type value should match the following format: /[+suffix][;parameters] Documentation
Components Example Definition Is Unused
b05bb927-2df5-43cc-8d7b-6825c0e71625
Info Best Practices Components examples definitions should be referenced or removed from Open API definition Documentation
Property 'explode' of Encoding Object Ignored
a4dd69b8-49fa-45d2-a060-c76655405b05
Info Best Practices Property 'explode' of the encoding object should be defined when the media type of the request body is 'application/x-www-form-urlencoded'. If not, it will be ignored. Documentation
Header Response Named as 'Content-Type'
d4e43db5-54d8-4dda-b3c2-0dc6f31a46bd
Info Best Practices The Header Response should not be named as 'Content-Type'. If so, it will be ignored. Documentation
Components Link Definition Is Unused
c19779a9-5774-4d2f-a3a1-a99831730375
Info Best Practices Components links definitions should be referenced or removed from Open API definition Documentation
Encoding Header 'Content-Type' Improperly Defined
4cd8de87-b595-48b6-ab3c-1904567135ab
Info Best Practices Encoding Map Key should not define a 'Content-Type' in the 'headers' field. If so, it will be ignored. Documentation
JSON '$ref' alongside other properties
96beb800-566f-49a9-a0ea-dbdf4bc80429
Info Best Practices Each field on Open API specification which accepts '$ref', infers that field is using a reference object, which has only '$ref' key Documentation
Invalid License URL
9239c289-9e4c-4d92-8be1-9d506057c971
Info Best Practices License Object URL should be a valid URL Documentation
Property 'allowReserved' of Encoding Object Ignored
4190dda7-af03-4cf0-a128-70ac1661ca09
Info Best Practices Property 'allowReserved' of the encoding object should be defined when the media type of the request body is 'application/x-www-form-urlencoded'. If not, it will be ignored. Documentation
Property 'allowEmptyValue' Ignored
59c2f769-7cc2-49c8-a3de-4e211135cfab
Info Best Practices Property 'allowEmptyValue' is ignored in the following cases: {"sytle": "simple", "explode": false}, {"sytle": "simple", "explode": true}, {"sytle": "spaceDelimited", "explode": false}, {"sytle": "pipeDelimited", "explode": false}, and {"sytle": "deepObject", "explode": true} Documentation
Example Not Compliant With Schema Type
881a6e71-c2a7-4fe2-b9c3-dfcf08895331
Info Best Practices Examples values and fields should be compliant with the schema type Documentation
Invalid Contact Email
b1a7fcb0-2afe-4d5c-a6a1-4e6311fc29e7
Info Best Practices Contact Object Email should be a valid email Documentation
Components Schema Definition Is Unused
962fa01e-b791-4dcc-b04a-4a3e7389be5e
Info Best Practices Components schemas definitions should be referenced or removed from Open API definition Documentation
Property 'style' of Encoding Object Ignored
d3ea644a-9a5c-4fee-941f-f8a6786c0470
Info Best Practices Property 'style' of the encoding object should be defined when the media type of the request body is 'application/x-www-form-urlencoded'. If not, it will be ignored. Documentation
Components Response Definition Is Unused
9c3ea128-7e9a-4b4c-8a32-75ad17a2d3ae
Info Best Practices Components responses definitions should be referenced or removed from Open API definition Documentation
Invalid Contact URL
332cf2ad-380d-4b90-b436-46f8e635cf38
Info Best Practices Contact Object URL should be a valid URL Documentation
Components Callback Definition Is Unused
d15db953-a553-4b8a-9a14-a3d62ea3d79d
Info Best Practices Components callbacks definitions should be referenced or removed from Open API definition Documentation
Invalid Tag External Documentation URL
5aea1d7e-b834-4749-b143-2c7ec3bd5922
Info Best Practices Tag External Documentation URL should be a valid URL Documentation
Path Without Operation
84c826c9-1893-4b34-8cdd-db97645b4bf3
Info Best Practices Path object should have at least one operation object defined Documentation
Required Property With Default Value
013bdb4b-9246-4248-b0c3-7fb0fee42a29
Info Best Practices Required properties receive value from requests, which makes unnecessary declare a default value Documentation
Components Request Body Definition Is Unused
6b76f589-9713-44ab-97f5-59a3dba1a285
Info Best Practices Components request bodies definitions should be referenced or removed from Open API definition Documentation
Schema Object Using Enum With Keyword
2e9b6612-8f69-42e0-a5b8-ed17739c2f3a
Info Best Practices Schema Object properties should not contain 'enum' and schema keywords Documentation
Components Header Definition Is Unused
a68da022-e95a-4bc2-97d3-481e0bd6d446
Info Best Practices Components headers definitions should be referenced or removed from Open API definition Documentation
Invalid Schema External Documentation URL
6952a7e0-6e48-4285-bbc1-27c64e60f888
Info Best Practices Schema External Documentation URL should be a valid URL Documentation
Header Parameter Named as 'Accept'
f2702af5-6016-46cb-bbc8-84c766032095
Info Best Practices The header Parameter should not be named as 'Accept'. If so, it will be ignored. Documentation
Invalid Global External Documentation URL
b2d9dbf6-539c-4374-a1fd-210ddf5563a8
Info Best Practices Global External Documentation URL should be a valid URL Documentation
Operation Without Successful HTTP Status Code
48e9e1fe-cf79-45b5-93e6-8b55ae5dadfd
Info Best Practices Operation Object should have at least one successful HTTP status code defined Documentation
Security Operation Field Undefined
20a482d5-c5d9-4a7a-b7a4-60d0805047b4
Info Structure and Semantics Security operation field should be defined in '#/components/securitySchemes' Documentation
Parameter Object With Undefined Type
46facedc-f243-4108-ab33-583b807d50b0
Info Structure and Semantics A Parameter Object must contain either a 'schema' property, or a 'content' property Documentation
Path Template is Empty
ae13a37d-943b-47a7-a970-83c8598bcca3
Info Structure and Semantics All path templates should not be empty Documentation
Schema JSON Reference Does Not Exists
015eac96-6313-43c0-84e5-81b1374fa637
Info Structure and Semantics Schema reference should exists on components field Documentation
Empty Array
5915c20f-dffa-4cee-b5d4-f457ddc0151a
Info Structure and Semantics All array fields should not be empty Documentation
Property Defining Minimum Greater Than Maximum
ab2af219-cd08-4233-b5a1-a788aac88b51
Info Structure and Semantics Property defining minimum has greater value than maximum defined Documentation
Request Body Object With Incorrect Media Type
58f06434-a88c-4f74-826c-db7e10cc7def
Info Structure and Semantics The field 'content' of the request body object should be set to 'multipart' or 'application/x-www-form-urlencoded' when field 'encoding' is set. Documentation
Link Object Incorrect Ref
b9db8a10-020c-49ca-88c6-780e5fdb4328
Info Structure and Semantics Link object reference must always point to '#/components/links' Documentation
Path Is Ambiguous
237402e2-c2f0-46c9-9cf5-286160cf7bfc
Info Structure and Semantics All path should be unique, if has more than one operation, all operations should be part of same Path Object Documentation
Schema Has A Required Property Undefined
2bd608ae-8a1f-457f-b710-c237883cb313
Info Structure and Semantics Schema Object should not be have a required property that is not defined on properties Documentation
Schema Discriminator Not Required
b481d46c-9c61-480f-86d9-af07146dc4a4
Info Structure and Semantics The discriminator property in the Schema Object should be a required property Documentation
Example JSON Reference Does Not Exists
6a2c219f-da5e-4745-941e-5ea8cde23356
Info Structure and Semantics Example reference should exists on components field Documentation
Response JSON Reference Does Not Exists
7a01dfbd-da62-4165-aed7-71349ad42ab4
Info Structure and Semantics Response reference should exists on components field Documentation
Schema Discriminator Mismatch Defined Properties
40d3df21-c170-4dbe-9c02-4289b51f994f
Info Structure and Semantics Schema discriminator values should match defined properties. Documentation
Response Object With Incorrect Ref
b3871dd8-9333-4d6c-bd52-67eb898b71ab
Info Structure and Semantics Response Object reference must always point to '#/components/responses' Documentation
Link Object With Both 'operationId' And 'operationRef'
60fb6621-9f02-473b-9424-ba9a825747d3
Info Structure and Semantics Link object 'OperationId' should not have both 'operationId' and 'operationRef' defined since they are mutually exclusive. Documentation
Server Object Variable Not Used
8aee4754-970d-4c5f-8142-a49dfe388b1a
Info Structure and Semantics Every defined Server Variable Object should be used in a Service URL. Documentation
Encoding Map Key Mismatch Schema Defined Properties
cd7a52cf-8d7f-4cfe-bbeb-6306d23f576b
Info Structure and Semantics Encoding Map Key should be set in schema defined properties Documentation
Request Body With Incorrect Ref
0f6cd0ab-c366-4595-84fc-fbd8b9901e4d
Info Structure and Semantics Request Body reference must always point to '#/components/RequestBodies' Documentation
Schema Discriminator Property Not String
dadc2f36-1f5a-46c0-8289-75e626583123
Info Structure and Semantics Schema discriminator property should be a string Documentation
Parameter Object With Incorrect Ref
d40f27e6-15fb-4b56-90f8-fc0ff0291c51
Info Structure and Semantics Parameter Object reference must always point to '#/components/parameters' Documentation
Invalid Content Type For Multiple Files Upload
26f06397-36d8-4ce7-b993-17711261d777
Info Structure and Semantics Content Type should be set to 'multipart/form-data' in case of uploading an arbitrary number of files (array) Documentation
Parameters Name In Combination Should Be Unique
f5b2e6af-76f5-496d-8482-8f898c5fdb4a
Info Structure and Semantics Parameters properties 'name' and 'in' should have unique combinations Documentation
Schema With Both ReadOnly And WriteOnly
d2361d58-361c-49f0-9e50-b957fd608b29
Info Structure and Semantics Schema should not have both 'writeOnly' and 'readOnly' set to true Documentation
Header JSON Reference Does Not Exists
376c9390-7e9e-4cb8-a067-fd31c05451fd
Info Structure and Semantics Header reference should exists on components field Documentation
Paths Object is Empty
815021c8-a50c-46d9-b192-24f71072c400
Info Structure and Semantics Paths object may be empty due to ACL constraints, meaning they are not exposed Documentation
Components Object Fixed Field Key Improperly Named
151331e2-11f4-4bb6-bd35-9a005e695087
Info Structure and Semantics Components object fixed fields (schemas, responses, parameters, examples, requestBodies, headers, securitySchemes, links, and callbacks) should use keys that match the following REGEX: ^[a-zA-Z0-9\.\-_]+$ Documentation
Path Parameter With No Corresponding Template Path
69d7aefd-149d-47b8-8d89-1c2181a8067b
Info Structure and Semantics The path parameter must have a corresponding template path for a given operation Documentation
Callback JSON Reference Does Not Exists
f29904c8-6041-4bca-b043-dfa0546b8079
Info Structure and Semantics Callback reference should exists on components field Documentation
Schema Object Properties With Duplicated Keys
10c61e4b-eed5-49cf-9c7d-d4bf02e9edfa
Info Structure and Semantics Schema Object Property key should be unique through out the fields 'properties', 'allOf', 'additionalProperties' Documentation
Schema Enum Invalid
03856cb2-e46c-4daf-bfbf-214ec93c882b
Info Structure and Semantics The field 'enum' of Schema Object should be consistent with the schema's type Documentation
Link Object OperationId Does Not Target Operation Object
c5bb7461-aa57-470b-a714-3bc3d74f4669
Info Structure and Semantics Link object 'OperationId' should target an existing operation object in the OpenAPI definition Documentation
Unknown Property
fb7d81e7-4150-48c4-b914-92fc05da6a2f
Info Structure and Semantics All properties defined in OpenAPI objects should be known Documentation
Link JSON Reference Does Not Exists
801f0c6a-a834-4467-89c6-ddecffb46b5a
Info Structure and Semantics Link reference should exists on components field Documentation
Object Without Required Property
d172a060-8569-4412-8045-3560ebd477e8
Info Structure and Semantics OpenAPI Object should contain all of its required fields Documentation
Parameter Object With Schema And Content
31dd6fc0-f274-493b-9614-e063086c19fc
Info Structure and Semantics A Parameter Object must contain either a 'schema' property, or a 'content' property, but not both since they are mutually exclusive Documentation
Schema Items Undefined
a8e859da-4a43-4e7f-94b8-25d6e3bf8e90
Info Structure and Semantics Schema items should be defined when the schema is set to an array. Documentation
Property 'allowReserved' Improperly Defined
7f203940-39c4-4ea7-91ee-7aba16bca9e2
Info Structure and Semantics Property 'allowReserved' should be only defined for query parameters Documentation
Servers Array Undefined
c66ebeaa-676c-40dc-a3ff-3e49395dcd5e
Info Structure and Semantics The Servers array should have at least one server defined. If not, the default value would be a Server Object with a URL value of '/'. Documentation
Template Path With No Corresponding Path Parameter
561710b1-b845-4562-95ce-2397a05ccef4
Info Structure and Semantics The template path must have a corresponding path parameter for a given operation Documentation
Parameter Object Content With Multiple Entries
8bfed1c6-2d59-4924-bc7f-9b9d793ed0df
Info Structure and Semantics The map content property of the parameter object should only contain one entry Documentation
Security Field Undefined
ab1263c2-81df-46f0-9f2c-0b62fdb68419
Info Structure and Semantics Security field should be defined in '#/components/securitySchemes' Documentation
Example JSON Reference Outside Components Examples
bac56e3c-1f71-4a74-8ae6-2fba07efcddb
Info Structure and Semantics Reference to examples should point to #/components/examples Documentation
OperationId Not Unique
c254adc4-ef25-46e1-8270-b7944adb4198
Info Structure and Semantics OperationId should be unique when defined Documentation
Security Requirement Object With Wrong Scopes
37140f7f-724a-4c87-a536-e9cee1d61533
Info Structure and Semantics Security Requirement Object should only have scopes defined for security schemes of type 'oauth2' and 'openIdConnect' Documentation
Callback Object With Incorrect Ref
ba066cda-e808-450d-92b6-f29109754d45
Info Structure and Semantics Callback Object reference must always point to '#/components/callbacks' Documentation
Responses With Wrong HTTP Status Code
d86655c0-92f6-4ffc-b4d5-5b5775804c27
Info Structure and Semantics HTTP Responses status code should be in range of [200-599] Documentation
Request Body JSON Reference Does Not Exists
ca02f4e8-d3ae-4832-b7db-bb037516d9e7
Info Structure and Semantics Request Body reference should exists on components field Documentation
Non-Array Schema With Items
20cb3159-b219-496b-8dac-54ae3ab2021a
Info Structure and Semantics Non-Array Schema should not have 'items' defined Documentation
Server URL Not Absolute
a0bf7382-5d5a-4224-924c-3db8466026c9
Info Structure and Semantics The Server URL should be an absolute URL Documentation
Schema Type Has Invalid Keyword
a9228976-10cf-4b5f-b902-9e962aad037a
Info Structure and Semantics Schema defined type is using a keyword of another type Documentation
Property 'allowEmptyValue' Improperly Defined
4bcbcd52-3028-469f-bc14-02c7dbba2df2
Info Structure and Semantics Property 'allowEmptyValue' should be only defined for query parameters Documentation
Responses Object Is Empty
990eaf09-d6f1-4c3c-b174-a517b1de8917
Info Structure and Semantics Responses Object should not be empty Documentation
Parameter JSON Reference Does Not Exists
2e275f16-b627-4d3f-ae73-a6153a23ae8f
Info Structure and Semantics Parameter reference should exists on components field Documentation
Schema Default Invalid
a96bbc06-8cde-4295-ad3c-ee343a7f658e
Info Structure and Semantics The field 'default' of Schema Object should be consistent with the schema's type Documentation
Schema Object Incorrect Ref
4cac7ace-b0fb-477d-830d-65395d9109d9
Info Structure and Semantics Schema Object reference must always point to '#/components/schemas' Documentation
Header Object With Incorrect Ref
2d6646f4-2946-420f-8c14-3232d49ae0cb
Info Structure and Semantics Header Object reference must always point to '#/components/headers' Documentation
Properties Missing Required Property
3fb03214-25d4-4bd4-867c-c2d8d708a483
Info Structure and Semantics Schema Object should have all required properties defined Documentation
Parameter Objects Headers With Duplicated Name
05505192-ba2c-4a81-9b25-dcdbcc973746
Info Structure and Semantics Parameter Objects should not have duplicate names for 'header' location, since HTTP headers are not case sensitive. Documentation
Schema Object With Circular Ref
1a1aea94-745b-40a7-b860-0702ea6ee636
Info Structure and Semantics Schema Object should not reference it self in 'allOf', 'oneOf', 'anyOf' and 'not' properties Documentation
Server URL Uses Undefined Variables
8d0921d6-4131-461f-a253-99e873f8f77e
Info Structure and Semantics Any variable used in the Service URL should be defined in the Service Object through 'variables'. Documentation
Path Parameter Not Required
0de50145-e845-47f4-9a15-23bcf2125710
Info Structure and Semantics The property 'required' determines whether the parameter is mandatory. If the parameter location is 'path', this property is required and its value must be true. Documentation