OpenAPI Queries List¶
This page contains all queries from OpenAPI.
Query | Severity | Category | Description | Help |
---|---|---|---|---|
Cleartext API Key In Operation Security d90d4e40-44c1-4125-87a0-e072c3e195b5 |
High | Access Control | API Keys should not be sent as cleartext over an unencrypted channel | Documentation |
Field 'securityScheme' On Components Is Undefined 8db5544e-4874-4baa-9322-e9f75a2d219e |
High | Access Control | Components' securityScheme field must have a valid scheme | Documentation |
Global Security Field Is Undefined 8af270ce-298b-4405-9922-82a10aee7a4f |
High | Access Control | Global security field should be defined to prevent API to have insecure paths and have this rules defined on securitySchemes | Documentation |
Global Security Field Has An Empty Array d674aea4-ba8b-454b-bb97-88a772ea33f0 |
High | Access Control | Security object need to have defined rules in its array and rules should be defined on securityScheme | Documentation |
Security Field On Operations Has An Empty Object Definition baade968-7467-41e4-bf22-83ca222f5800 |
High | Access Control | Security object for operations should not be empty object or has any empty object definition | Documentation |
No Global And Operation Security Defined 96729c6b-7400-4d9e-9807-17f00cdde4d2 |
High | Access Control | All paths should have security scheme, if it is omitted, global security field should be defined | Documentation |
Global security field has an empty object 543e38f4-1eee-479e-8eb0-15257013aa0a |
High | Access Control | Global security definition must not have empty objects | Documentation |
Cleartext Credentials With Basic Authentication For Operation 86b1fa30-9790-4980-994d-a27e0f6f27c1 |
High | Access Control | Cleartext credentials over unencrypted channel should not be accepted for the operation | Documentation |
Security Field On Operations Has An Empty Array 663c442d-f918-4f62-b096-0bf5dcbeb655 |
High | Access Control | Security object for operations, if defined, must define a security scheme, otherwise it should be considered an error | Documentation |
Schema Array Items Has No Type be0e0df7-f3d9-42a1-9b6f-d425f94872c4 |
High | Insecure Configurations | Schema array items type should be defined | Documentation |
Array Schema Without Maximum Number of Items 6998389e-66b2-473d-8d05-c8d71ac4d04d |
High | Insecure Configurations | Array schema should have the field 'maxItems' set | Documentation |
Cleartext API Key In Global Security 9c238c97-1991-4c0b-9c7d-6c7912e1dc7c |
Medium | Access Control | API Keys should not be sent as cleartext over an unencrypted channel | Documentation |
Security Scheme Using HTTP Negotiate f525cc92-9050-4c41-a75c-890dc6f64449 |
Medium | Access Control | Security Scheme HTTP should not be using negotiate authentication | Documentation |
Implicit Flow in OAuth2 4a1f3d75-ab73-41b2-83e7-06a93dc3a75a |
Medium | Access Control | There is a 'securityScheme' using implicit flow on OAuth2, which is deprecated | Documentation |
Security Scheme HTTP Unknown Scheme 06764426-3c56-407e-981f-caa25db1c149 |
Medium | Access Control | Security Scheme HTTP scheme should be registered in the IANA Authentication Scheme registry | Documentation |
Security Scheme Using HTTP Digest a4247b11-890b-45df-bf42-350a7a3af9be |
Medium | Access Control | Security Scheme HTTP should not be using digest authentication | Documentation |
Security Scheme Using HTTP Basic 68e5fcac-390c-4939-a373-6074b7be7c71 |
Medium | Access Control | Security Scheme HTTP should not be using basic authentication | Documentation |
API Key Exposed In Global Security aecee30b-8ea1-4776-a99c-d6d600f0862f |
Medium | Access Control | API Keys should not be transported over network | Documentation |
Invalid OAuth2 Authorization URL 52c0d841-60d6-4a81-88dd-c35fef36d315 |
Medium | Access Control | The field authorizationUrl on implicit or authorizationCode fields from OAuth must be a valid URL | Documentation |
OAuth2 With Password Flow 3979b0a4-532c-4ea7-86e4-34c090eaa4f2 |
Medium | Access Control | OAuth2 password flow insecurely exposes the credentials of the resource owner to the client | Documentation |
Invalid OAuth2 Token URL 3ba0cca1-b815-47bf-ac62-1e584eb64a05 |
Medium | Access Control | OAuth2 security scheme flow requires a valid URL in the tokenUrl field | Documentation |
OAuth2 With Implicit Flow 39cb32f2-3a42-4af0-8037-82a7a9654b6c |
Medium | Access Control | OAuth2 implicit flow is vulnerable to access token leakage and access token replay | Documentation |
Global Server Object Uses HTTP 2d8c175a-6d90-412b-8b0e-e034ea49a1fe |
Medium | Encryption | Global server object URL should use 'https' protocol instead of 'http' | Documentation |
Path Server Object Uses HTTP 9670f240-7b4d-4955-bd93-edaa9fa38b58 |
Medium | Encryption | The property 'url' in the Path Server Object should only allow 'HTTPS' protocols to ensure an encrypted connection | Documentation |
JSON Object Schema Without Properties 9d967a2b-9d64-41a6-abea-dfc4960299bd |
Medium | Insecure Configurations | Schema of the JSON object should have properties defined and 'additionalProperties' set to false. | Documentation |
Schema Object is Empty 500ce696-d501-41dd-86eb-eceb011a386f |
Medium | Insecure Configurations | The Schema Object should not be empty to avoid accepting any JSON values | Documentation |
Numeric Schema Without Maximum 2ea04bef-c769-409e-9179-ee3a50b5c0ac |
Medium | Insecure Configurations | Numeric schema (type set to 'integer' or 'number') should have 'maximum' defined. | Documentation |
Parameter Object Without Schema 8fe1846f-52cc-4413-ace9-1933d7d23672 |
Medium | Insecure Configurations | The Parameter Object should have the attribute 'schema' defined | Documentation |
Numeric Schema Without Format fbf699b5-ef74-4542-9cf1-f6eeac379373 |
Medium | Insecure Configurations | Numeric schema (type set to 'integer' or 'number') should have 'format' defined. | Documentation |
String Schema Without Pattern 00b78adf-b83f-419c-8ed8-c6018441dd3a |
Medium | Insecure Configurations | String schema should have 'pattern' defined. | Documentation |
String Schema Without Maximum Length 8c8261c2-19a9-4ef7-ad37-b8bc7bdd4d85 |
Medium | Insecure Configurations | String schema should have 'maxLength' defined. | Documentation |
JSON Object Schema Without Type e2ffa504-d22a-4c94-b6c5-f661849d2db7 |
Medium | Insecure Configurations | Schema of the JSON object should have 'type' defined. | Documentation |
Media Type Object Without Schema f79b9d26-e945-44e7-98a1-b93f0f7a68a0 |
Medium | Insecure Configurations | The Media Type Object should have the attribute 'schema' defined | Documentation |
String Schema with Broad Pattern 8c81d6c0-716b-49ec-afa5-2d62da4e3f3c |
Medium | Insecure Configurations | String schema should restrict the pattern | Documentation |
Numeric Schema Without Minimum 181bd815-767e-4e95-a24d-bb3c87328e19 |
Medium | Insecure Configurations | Numeric schema (type set to 'integer' or 'number') should have 'minimum' defined. | Documentation |
Success Response Code Undefined for Trace Operation 105e20dd-8449-4d71-95c6-d5dac96639af |
Medium | Networking and Firewall | Trace should define the '200' successful code | Documentation |
Response on operations that should have a body has undefined schema a92be1d5-d762-484a-86d6-8cd0907ba100 |
Medium | Networking and Firewall | If a response is not head or its code is not 204 or 304, it should have a schema defined | Documentation |
Success Response Code Undefined for Post Operation f368dd2d-9344-4146-a05b-7c6faa1269ad |
Medium | Networking and Firewall | Post should define at least one success response (200, 201, 202 or 204) | Documentation |
Default Response Undefined On Operations 86e3702f-c868-44b2-b61d-ea5316c18110 |
Medium | Networking and Firewall | Operations responses should have a default response defined | Documentation |
Header Object Without Schema 50de3b5b-6465-4e06-a9b0-b4c2ba34326b |
Medium | Networking and Firewall | The header object should have schema defined | Documentation |
Response on operations that should not have a body has declared content 12a7210b-f4b4-47d0-acac-0a819e2a0ca3 |
Medium | Networking and Firewall | If a response is head or its code is 204 or 304, it shouldn't have a content defined | Documentation |
Response Code Missing 6c35d2c6-09f2-4e5c-a094-e0e91327071d |
Medium | Networking and Firewall | 500, 429 and 400 responses should be defined for all operations, except head operation. 415 response should be defined for the post, put, and patch operations. 404 response should be defined for the get, put, head, delete operations. 200 response should be defined for options operation. 401 and 403 response should be defined for all operations when the security field is defined. | Documentation |
Success Response Code Undefined for Delete Operation 3b497874-ae59-46dd-8d72-1868a3b8f150 |
Medium | Networking and Firewall | Delete should define at least one success response (200, 201, 202 or 204) | Documentation |
Success Response Code Undefined for Put Operation 60b5f56b-66ff-4e1c-9b62-5753e16825bc |
Medium | Networking and Firewall | Put should define at least one success response (200, 201, 202 or 204) | Documentation |
Success Response Code Undefined for Head Operation 3b066059-f411-4554-ac8d-96f32bff90da |
Medium | Networking and Firewall | Head should define at least one success response (200 or 202) | Documentation |
Success Response Code Undefined for Patch Operation 1908a8ee-927d-4166-8f18-241152170cc1 |
Medium | Networking and Firewall | Patch should define at least one success response (200, 201, 202 or 204) | Documentation |
Success Response Code Undefined for Get Operation b2f275be-7d64-4064-b418-be6b431363a7 |
Medium | Networking and Firewall | Get should define at least one success response (200 or 202) | Documentation |
API Key Exposed In Operation Security 281b8071-6226-4a43-911d-fec246d422c2 |
Low | Access Control | API Keys should not be transported over network | Documentation |
Undefined Scope 'securityScheme' On Global 'security' Field 23a9e2d9-8738-4556-a71c-2802b6ffa022 |
Low | Access Control | Using an scope on global security field that is undefined on 'securityScheme' can be defined by an attacker | Documentation |
Security Scheme Using Oauth 1.0 1bc3205c-0d60-44e6-84f3-44fbf4dac5b3 |
Low | Access Control | Oauth 1.0 is deprecated, OAuth2 should be used instead | Documentation |
API Key Exposed In Global Security Scheme 40e1d1bf-11a9-4f63-a3a2-a8b84c602839 |
Low | Access Control | API Keys should not be transported over network | Documentation |
Global Security Scheme Using Basic Authentication 77276d82-4f45-4cf1-8e2b-4d345b936228 |
Low | Access Control | A security scheme is allowing basic authentication credentials to be transported over network | Documentation |
Undefined Scope 'securityScheme' On 'security' Field On Operations 462d6a1d-fed9-4d75-bb9e-3de902f35e6e |
Low | Access Control | Using an scope on security of operations that is undefined on 'securityScheme' can be defined by an attacker | Documentation |
Schema Invalid Number Format d929c031-078f-4241-b802-e224656ad890 |
Low | Insecure Configurations | Schema numeric types should be valid, for integer must be int32 or int64 and number must be float or double | Documentation |
Unknown Schema String Format a767f960-0489-4532-a6a0-3f0b43da7dab |
Low | Insecure Configurations | String schema should have the format field set as 'date', 'date-time', 'password', 'byte', 'binary', 'email', 'uuid', 'uri', 'hostname', 'ipv4' or 'ipv6' | Documentation |
Unknown Prefix a5375be3-521c-43bb-9eab-e2432e368ee4 |
Info | Best Practices | The media type prefix should be set as 'application', 'audio', 'font', 'example', 'image', 'message', 'model', 'multipart', 'text' or 'video' | Documentation |
Invalid Operation External Documentation URL 5ea61624-3733-4a3a-8ca4-b96fec9c5aeb |
Info | Best Practices | Operation External Documentation URL should be a valid URL | Documentation |
Header Parameter Named as 'Authorization' 8c84f75e-5048-4926-a4cb-33e7b3431300 |
Info | Best Practices | The header Parameter should not be named as 'Authorization'. If so, it will be ignored. | Documentation |
Components Parameter Definition Is Unused 698a464e-bb3e-4ba8-ab5e-e6599b7644a0 |
Info | Best Practices | Components parameters definitions should be referenced or removed from Open API definition | Documentation |
Header Parameter Named as 'Content-Type' 72d259ca-9741-48dd-9f62-eb11f2936b37 |
Info | Best Practices | The header Parameter should not be named as 'Content-Type'. If so, it will be ignored. | Documentation |
Invalid Media Type Value cf4a5f45-a27b-49df-843a-9911dbfe71d4 |
Info | Best Practices | The Media Type value should match the following format: |
Documentation |
Components Example Definition Is Unused b05bb927-2df5-43cc-8d7b-6825c0e71625 |
Info | Best Practices | Components examples definitions should be referenced or removed from Open API definition | Documentation |
Property 'explode' of Encoding Object Ignored a4dd69b8-49fa-45d2-a060-c76655405b05 |
Info | Best Practices | Property 'explode' of the encoding object should be defined when the media type of the request body is 'application/x-www-form-urlencoded'. If not, it will be ignored. | Documentation |
Header Response Named as 'Content-Type' d4e43db5-54d8-4dda-b3c2-0dc6f31a46bd |
Info | Best Practices | The Header Response should not be named as 'Content-Type'. If so, it will be ignored. | Documentation |
Components Link Definition Is Unused c19779a9-5774-4d2f-a3a1-a99831730375 |
Info | Best Practices | Components links definitions should be referenced or removed from Open API definition | Documentation |
Encoding Header 'Content-Type' Improperly Defined 4cd8de87-b595-48b6-ab3c-1904567135ab |
Info | Best Practices | Encoding Map Key should not define a 'Content-Type' in the 'headers' field. If so, it will be ignored. | Documentation |
JSON '$ref' alongside other properties 96beb800-566f-49a9-a0ea-dbdf4bc80429 |
Info | Best Practices | Each field on Open API specification which accepts '$ref', infers that field is using a reference object, which has only '$ref' key | Documentation |
Invalid License URL 9239c289-9e4c-4d92-8be1-9d506057c971 |
Info | Best Practices | License Object URL should be a valid URL | Documentation |
Property 'allowReserved' of Encoding Object Ignored 4190dda7-af03-4cf0-a128-70ac1661ca09 |
Info | Best Practices | Property 'allowReserved' of the encoding object should be defined when the media type of the request body is 'application/x-www-form-urlencoded'. If not, it will be ignored. | Documentation |
Property 'allowEmptyValue' Ignored 59c2f769-7cc2-49c8-a3de-4e211135cfab |
Info | Best Practices | Property 'allowEmptyValue' is ignored in the following cases: {"sytle": "simple", "explode": false}, {"sytle": "simple", "explode": true}, {"sytle": "spaceDelimited", "explode": false}, {"sytle": "pipeDelimited", "explode": false}, and {"sytle": "deepObject", "explode": true} | Documentation |
Example Not Compliant With Schema Type 881a6e71-c2a7-4fe2-b9c3-dfcf08895331 |
Info | Best Practices | Examples values and fields should be compliant with the schema type | Documentation |
Invalid Contact Email b1a7fcb0-2afe-4d5c-a6a1-4e6311fc29e7 |
Info | Best Practices | Contact Object Email should be a valid email | Documentation |
Components Schema Definition Is Unused 962fa01e-b791-4dcc-b04a-4a3e7389be5e |
Info | Best Practices | Components schemas definitions should be referenced or removed from Open API definition | Documentation |
Property 'style' of Encoding Object Ignored d3ea644a-9a5c-4fee-941f-f8a6786c0470 |
Info | Best Practices | Property 'style' of the encoding object should be defined when the media type of the request body is 'application/x-www-form-urlencoded'. If not, it will be ignored. | Documentation |
Components Response Definition Is Unused 9c3ea128-7e9a-4b4c-8a32-75ad17a2d3ae |
Info | Best Practices | Components responses definitions should be referenced or removed from Open API definition | Documentation |
Invalid Contact URL 332cf2ad-380d-4b90-b436-46f8e635cf38 |
Info | Best Practices | Contact Object URL should be a valid URL | Documentation |
Components Callback Definition Is Unused d15db953-a553-4b8a-9a14-a3d62ea3d79d |
Info | Best Practices | Components callbacks definitions should be referenced or removed from Open API definition | Documentation |
Invalid Tag External Documentation URL 5aea1d7e-b834-4749-b143-2c7ec3bd5922 |
Info | Best Practices | Tag External Documentation URL should be a valid URL | Documentation |
Path Without Operation 84c826c9-1893-4b34-8cdd-db97645b4bf3 |
Info | Best Practices | Path object should have at least one operation object defined | Documentation |
Required Property With Default Value 013bdb4b-9246-4248-b0c3-7fb0fee42a29 |
Info | Best Practices | Required properties receive value from requests, which makes unnecessary declare a default value | Documentation |
Components Request Body Definition Is Unused 6b76f589-9713-44ab-97f5-59a3dba1a285 |
Info | Best Practices | Components request bodies definitions should be referenced or removed from Open API definition | Documentation |
Schema Object Using Enum With Keyword 2e9b6612-8f69-42e0-a5b8-ed17739c2f3a |
Info | Best Practices | Schema Object properties should not contain 'enum' and schema keywords | Documentation |
Components Header Definition Is Unused a68da022-e95a-4bc2-97d3-481e0bd6d446 |
Info | Best Practices | Components headers definitions should be referenced or removed from Open API definition | Documentation |
Invalid Schema External Documentation URL 6952a7e0-6e48-4285-bbc1-27c64e60f888 |
Info | Best Practices | Schema External Documentation URL should be a valid URL | Documentation |
Header Parameter Named as 'Accept' f2702af5-6016-46cb-bbc8-84c766032095 |
Info | Best Practices | The header Parameter should not be named as 'Accept'. If so, it will be ignored. | Documentation |
Invalid Global External Documentation URL b2d9dbf6-539c-4374-a1fd-210ddf5563a8 |
Info | Best Practices | Global External Documentation URL should be a valid URL | Documentation |
Operation Without Successful HTTP Status Code 48e9e1fe-cf79-45b5-93e6-8b55ae5dadfd |
Info | Best Practices | Operation Object should have at least one successful HTTP status code defined | Documentation |
Security Operation Field Undefined 20a482d5-c5d9-4a7a-b7a4-60d0805047b4 |
Info | Structure and Semantics | Security operation field should be defined in '#/components/securitySchemes' | Documentation |
Parameter Object With Undefined Type 46facedc-f243-4108-ab33-583b807d50b0 |
Info | Structure and Semantics | A Parameter Object must contain either a 'schema' property, or a 'content' property | Documentation |
Path Template is Empty ae13a37d-943b-47a7-a970-83c8598bcca3 |
Info | Structure and Semantics | All path templates should not be empty | Documentation |
Schema JSON Reference Does Not Exists 015eac96-6313-43c0-84e5-81b1374fa637 |
Info | Structure and Semantics | Schema reference should exists on components field | Documentation |
Empty Array 5915c20f-dffa-4cee-b5d4-f457ddc0151a |
Info | Structure and Semantics | All array fields should not be empty | Documentation |
Property Defining Minimum Greater Than Maximum ab2af219-cd08-4233-b5a1-a788aac88b51 |
Info | Structure and Semantics | Property defining minimum has greater value than maximum defined | Documentation |
Request Body Object With Incorrect Media Type 58f06434-a88c-4f74-826c-db7e10cc7def |
Info | Structure and Semantics | The field 'content' of the request body object should be set to 'multipart' or 'application/x-www-form-urlencoded' when field 'encoding' is set. | Documentation |
Link Object Incorrect Ref b9db8a10-020c-49ca-88c6-780e5fdb4328 |
Info | Structure and Semantics | Link object reference must always point to '#/components/links' | Documentation |
Path Is Ambiguous 237402e2-c2f0-46c9-9cf5-286160cf7bfc |
Info | Structure and Semantics | All path should be unique, if has more than one operation, all operations should be part of same Path Object | Documentation |
Schema Has A Required Property Undefined 2bd608ae-8a1f-457f-b710-c237883cb313 |
Info | Structure and Semantics | Schema Object should not be have a required property that is not defined on properties | Documentation |
Schema Discriminator Not Required b481d46c-9c61-480f-86d9-af07146dc4a4 |
Info | Structure and Semantics | The discriminator property in the Schema Object should be a required property | Documentation |
Example JSON Reference Does Not Exists 6a2c219f-da5e-4745-941e-5ea8cde23356 |
Info | Structure and Semantics | Example reference should exists on components field | Documentation |
Response JSON Reference Does Not Exists 7a01dfbd-da62-4165-aed7-71349ad42ab4 |
Info | Structure and Semantics | Response reference should exists on components field | Documentation |
Schema Discriminator Mismatch Defined Properties 40d3df21-c170-4dbe-9c02-4289b51f994f |
Info | Structure and Semantics | Schema discriminator values should match defined properties. | Documentation |
Response Object With Incorrect Ref b3871dd8-9333-4d6c-bd52-67eb898b71ab |
Info | Structure and Semantics | Response Object reference must always point to '#/components/responses' | Documentation |
Link Object With Both 'operationId' And 'operationRef' 60fb6621-9f02-473b-9424-ba9a825747d3 |
Info | Structure and Semantics | Link object 'OperationId' should not have both 'operationId' and 'operationRef' defined since they are mutually exclusive. | Documentation |
Server Object Variable Not Used 8aee4754-970d-4c5f-8142-a49dfe388b1a |
Info | Structure and Semantics | Every defined Server Variable Object should be used in a Service URL. | Documentation |
Encoding Map Key Mismatch Schema Defined Properties cd7a52cf-8d7f-4cfe-bbeb-6306d23f576b |
Info | Structure and Semantics | Encoding Map Key should be set in schema defined properties | Documentation |
Request Body With Incorrect Ref 0f6cd0ab-c366-4595-84fc-fbd8b9901e4d |
Info | Structure and Semantics | Request Body reference must always point to '#/components/RequestBodies' | Documentation |
Schema Discriminator Property Not String dadc2f36-1f5a-46c0-8289-75e626583123 |
Info | Structure and Semantics | Schema discriminator property should be a string | Documentation |
Parameter Object With Incorrect Ref d40f27e6-15fb-4b56-90f8-fc0ff0291c51 |
Info | Structure and Semantics | Parameter Object reference must always point to '#/components/parameters' | Documentation |
Invalid Content Type For Multiple Files Upload 26f06397-36d8-4ce7-b993-17711261d777 |
Info | Structure and Semantics | Content Type should be set to 'multipart/form-data' in case of uploading an arbitrary number of files (array) | Documentation |
Parameters Name In Combination Should Be Unique f5b2e6af-76f5-496d-8482-8f898c5fdb4a |
Info | Structure and Semantics | Parameters properties 'name' and 'in' should have unique combinations | Documentation |
Schema With Both ReadOnly And WriteOnly d2361d58-361c-49f0-9e50-b957fd608b29 |
Info | Structure and Semantics | Schema should not have both 'writeOnly' and 'readOnly' set to true | Documentation |
Header JSON Reference Does Not Exists 376c9390-7e9e-4cb8-a067-fd31c05451fd |
Info | Structure and Semantics | Header reference should exists on components field | Documentation |
Paths Object is Empty 815021c8-a50c-46d9-b192-24f71072c400 |
Info | Structure and Semantics | Paths object may be empty due to ACL constraints, meaning they are not exposed | Documentation |
Components Object Fixed Field Key Improperly Named 151331e2-11f4-4bb6-bd35-9a005e695087 |
Info | Structure and Semantics | Components object fixed fields (schemas, responses, parameters, examples, requestBodies, headers, securitySchemes, links, and callbacks) should use keys that match the following REGEX: ^[a-zA-Z0-9\.\-_]+$ |
Documentation |
Path Parameter With No Corresponding Template Path 69d7aefd-149d-47b8-8d89-1c2181a8067b |
Info | Structure and Semantics | The path parameter must have a corresponding template path for a given operation | Documentation |
Callback JSON Reference Does Not Exists f29904c8-6041-4bca-b043-dfa0546b8079 |
Info | Structure and Semantics | Callback reference should exists on components field | Documentation |
Schema Object Properties With Duplicated Keys 10c61e4b-eed5-49cf-9c7d-d4bf02e9edfa |
Info | Structure and Semantics | Schema Object Property key should be unique through out the fields 'properties', 'allOf', 'additionalProperties' | Documentation |
Schema Enum Invalid 03856cb2-e46c-4daf-bfbf-214ec93c882b |
Info | Structure and Semantics | The field 'enum' of Schema Object should be consistent with the schema's type | Documentation |
Link Object OperationId Does Not Target Operation Object c5bb7461-aa57-470b-a714-3bc3d74f4669 |
Info | Structure and Semantics | Link object 'OperationId' should target an existing operation object in the OpenAPI definition | Documentation |
Unknown Property fb7d81e7-4150-48c4-b914-92fc05da6a2f |
Info | Structure and Semantics | All properties defined in OpenAPI objects should be known | Documentation |
Link JSON Reference Does Not Exists 801f0c6a-a834-4467-89c6-ddecffb46b5a |
Info | Structure and Semantics | Link reference should exists on components field | Documentation |
Object Without Required Property d172a060-8569-4412-8045-3560ebd477e8 |
Info | Structure and Semantics | OpenAPI Object should contain all of its required fields | Documentation |
Parameter Object With Schema And Content 31dd6fc0-f274-493b-9614-e063086c19fc |
Info | Structure and Semantics | A Parameter Object must contain either a 'schema' property, or a 'content' property, but not both since they are mutually exclusive | Documentation |
Schema Items Undefined a8e859da-4a43-4e7f-94b8-25d6e3bf8e90 |
Info | Structure and Semantics | Schema items should be defined when the schema is set to an array. | Documentation |
Property 'allowReserved' Improperly Defined 7f203940-39c4-4ea7-91ee-7aba16bca9e2 |
Info | Structure and Semantics | Property 'allowReserved' should be only defined for query parameters | Documentation |
Servers Array Undefined c66ebeaa-676c-40dc-a3ff-3e49395dcd5e |
Info | Structure and Semantics | The Servers array should have at least one server defined. If not, the default value would be a Server Object with a URL value of '/'. | Documentation |
Template Path With No Corresponding Path Parameter 561710b1-b845-4562-95ce-2397a05ccef4 |
Info | Structure and Semantics | The template path must have a corresponding path parameter for a given operation | Documentation |
Parameter Object Content With Multiple Entries 8bfed1c6-2d59-4924-bc7f-9b9d793ed0df |
Info | Structure and Semantics | The map content property of the parameter object should only contain one entry | Documentation |
Security Field Undefined ab1263c2-81df-46f0-9f2c-0b62fdb68419 |
Info | Structure and Semantics | Security field should be defined in '#/components/securitySchemes' | Documentation |
Example JSON Reference Outside Components Examples bac56e3c-1f71-4a74-8ae6-2fba07efcddb |
Info | Structure and Semantics | Reference to examples should point to #/components/examples | Documentation |
OperationId Not Unique c254adc4-ef25-46e1-8270-b7944adb4198 |
Info | Structure and Semantics | OperationId should be unique when defined | Documentation |
Security Requirement Object With Wrong Scopes 37140f7f-724a-4c87-a536-e9cee1d61533 |
Info | Structure and Semantics | Security Requirement Object should only have scopes defined for security schemes of type 'oauth2' and 'openIdConnect' | Documentation |
Callback Object With Incorrect Ref ba066cda-e808-450d-92b6-f29109754d45 |
Info | Structure and Semantics | Callback Object reference must always point to '#/components/callbacks' | Documentation |
Responses With Wrong HTTP Status Code d86655c0-92f6-4ffc-b4d5-5b5775804c27 |
Info | Structure and Semantics | HTTP Responses status code should be in range of [200-599] | Documentation |
Request Body JSON Reference Does Not Exists ca02f4e8-d3ae-4832-b7db-bb037516d9e7 |
Info | Structure and Semantics | Request Body reference should exists on components field | Documentation |
Non-Array Schema With Items 20cb3159-b219-496b-8dac-54ae3ab2021a |
Info | Structure and Semantics | Non-Array Schema should not have 'items' defined | Documentation |
Server URL Not Absolute a0bf7382-5d5a-4224-924c-3db8466026c9 |
Info | Structure and Semantics | The Server URL should be an absolute URL | Documentation |
Schema Type Has Invalid Keyword a9228976-10cf-4b5f-b902-9e962aad037a |
Info | Structure and Semantics | Schema defined type is using a keyword of another type | Documentation |
Property 'allowEmptyValue' Improperly Defined 4bcbcd52-3028-469f-bc14-02c7dbba2df2 |
Info | Structure and Semantics | Property 'allowEmptyValue' should be only defined for query parameters | Documentation |
Responses Object Is Empty 990eaf09-d6f1-4c3c-b174-a517b1de8917 |
Info | Structure and Semantics | Responses Object should not be empty | Documentation |
Parameter JSON Reference Does Not Exists 2e275f16-b627-4d3f-ae73-a6153a23ae8f |
Info | Structure and Semantics | Parameter reference should exists on components field | Documentation |
Schema Default Invalid a96bbc06-8cde-4295-ad3c-ee343a7f658e |
Info | Structure and Semantics | The field 'default' of Schema Object should be consistent with the schema's type | Documentation |
Schema Object Incorrect Ref 4cac7ace-b0fb-477d-830d-65395d9109d9 |
Info | Structure and Semantics | Schema Object reference must always point to '#/components/schemas' | Documentation |
Header Object With Incorrect Ref 2d6646f4-2946-420f-8c14-3232d49ae0cb |
Info | Structure and Semantics | Header Object reference must always point to '#/components/headers' | Documentation |
Properties Missing Required Property 3fb03214-25d4-4bd4-867c-c2d8d708a483 |
Info | Structure and Semantics | Schema Object should have all required properties defined | Documentation |
Parameter Objects Headers With Duplicated Name 05505192-ba2c-4a81-9b25-dcdbcc973746 |
Info | Structure and Semantics | Parameter Objects should not have duplicate names for 'header' location, since HTTP headers are not case sensitive. | Documentation |
Schema Object With Circular Ref 1a1aea94-745b-40a7-b860-0702ea6ee636 |
Info | Structure and Semantics | Schema Object should not reference it self in 'allOf', 'oneOf', 'anyOf' and 'not' properties | Documentation |
Server URL Uses Undefined Variables 8d0921d6-4131-461f-a253-99e873f8f77e |
Info | Structure and Semantics | Any variable used in the Service URL should be defined in the Service Object through 'variables'. | Documentation |
Path Parameter Not Required 0de50145-e845-47f4-9a15-23bcf2125710 |
Info | Structure and Semantics | The property 'required' determines whether the parameter is mandatory. If the parameter location is 'path', this property is required and its value must be true. | Documentation |