Skip to content

OpenAPI

OpenAPI Queries List

This page contains all queries from OpenAPI.

SHARED (V2/V3)

Bellow are listed queries related with OpenAPI SHARED (V2/V3):

Query Severity Category Description Help
Global Security Field Is Undefined (v2)
74703c89-0ea2-49ab-a7db-bf04f19f5a57
High Access Control Global security field should be defined to prevent API to have insecure paths and have this rules defined on securityDefinitions Documentation
Global Security Field Is Undefined (v3)
8af270ce-298b-4405-9922-82a10aee7a4f
High Access Control Global security field should be defined to prevent API to have insecure paths and have this rules defined on securitySchemes (read more) Documentation
Security Field On Operations Has An Empty Object Definition (v2)
74581e3b-1d55-4323-a139-5959a7b3abc5
High Access Control Security object for operations should not be empty object or has any empty object definition Documentation
Security Field On Operations Has An Empty Object Definition (v3)
baade968-7467-41e4-bf22-83ca222f5800
High Access Control Security object for operations should not be empty object or has any empty object definition (read more) Documentation
No Global And Operation Security Defined (v2)
586abcee-9653-462d-ad7b-2638a32bd6e6
High Access Control All paths should have security scheme, if it is omitted, global security field should be defined Documentation
No Global And Operation Security Defined (v3)
96729c6b-7400-4d9e-9807-17f00cdde4d2
High Access Control All paths should have security scheme, if it is omitted, global security field should be defined (read more) Documentation
Security Field On Operations Has An Empty Array (v2)
5d29effc-5d68-481f-9721-d74e5919226b
High Access Control Security object for operations, if defined, must define a security scheme, otherwise it should be considered an error Documentation
Security Field On Operations Has An Empty Array (v3)
663c442d-f918-4f62-b096-0bf5dcbeb655
High Access Control Security object for operations, if defined, must define a security scheme, otherwise it should be considered an error (read more) Documentation
Global security field has an empty object (v2)
292919fb-7b26-4454-bee9-ce29094768dd
High Access Control Global security definition must not have empty objects Documentation
Global security field has an empty object (v3)
543e38f4-1eee-479e-8eb0-15257013aa0a
High Access Control Global security definition must not have empty objects (read more) Documentation
Global Security Field Has An Empty Array (v2)
da31d54b-ad54-41dc-95eb-8b3828629213
High Access Control Security object need to have defined rules in its array and rules should be defined on securityScheme Documentation
Global Security Field Has An Empty Array (v3)
d674aea4-ba8b-454b-bb97-88a772ea33f0
High Access Control Security object need to have defined rules in its array and rules should be defined on securityScheme (read more) Documentation
Cleartext API Key In Operation Security (v2)
99733b39-6413-4ed8-8acf-dc7cdc9b4e51
High Access Control API Keys should not be sent as cleartext over an unencrypted channel Documentation
Cleartext API Key In Operation Security (v3)
d90d4e40-44c1-4125-87a0-e072c3e195b5
High Access Control API Keys should not be sent as cleartext over an unencrypted channel (read more) Documentation
Array Items Has No Type (v2)
8697a1a4-82c6-4603-8ac8-57529756744e
High Insecure Configurations Schema/Parameter array items type should be defined Documentation
Array Items Has No Type (v3)
be0e0df7-f3d9-42a1-9b6f-d425f94872c4
High Insecure Configurations Schema array items type should be defined (read more) Documentation
Array Without Maximum Number of Items (v2)
99eb2c95-2040-4104-9e7c-e16f7474d218
High Insecure Configurations Array schema/parameter should have the field 'maxItems' set Documentation
Array Without Maximum Number of Items (v3)
6998389e-66b2-473d-8d05-c8d71ac4d04d
High Insecure Configurations Array schema should have the field 'maxItems' set (read more) Documentation
API Key Exposed In Global Security (v2)
533a0d13-6e89-4551-ae33-bce14e5849c1
Medium Access Control API Keys should not be transported over network Documentation
API Key Exposed In Global Security (v3)
aecee30b-8ea1-4776-a99c-d6d600f0862f
Medium Access Control API Keys should not be transported over network (read more) Documentation
Cleartext API Key In Global Security (v2)
70d3873e-d537-46e5-ac3b-4e48fbdd29b4
Medium Access Control API Keys should not be sent as cleartext over an unencrypted channel Documentation
Cleartext API Key In Global Security (v3)
9c238c97-1991-4c0b-9c7d-6c7912e1dc7c
Medium Access Control API Keys should not be sent as cleartext over an unencrypted channel (read more) Documentation
String Schema with Broad Pattern (v2)
e4a019f0-9af3-49c8-bf68-1939a6ff240d
Medium Insecure Configurations String schema should restrict the pattern Documentation
String Schema with Broad Pattern (v3)
8c81d6c0-716b-49ec-afa5-2d62da4e3f3c
Medium Insecure Configurations String schema should restrict the pattern (read more) Documentation
Numeric Schema Without Minimum (v2)
efd1dfc8-da91-4909-a3f3-c23abc5ec799
Medium Insecure Configurations Numeric schema (type set to 'integer' or 'number') should have 'minimum' defined. Documentation
Numeric Schema Without Minimum (v3)
181bd815-767e-4e95-a24d-bb3c87328e19
Medium Insecure Configurations Numeric schema (type set to 'integer' or 'number') should have 'minimum' defined. (read more) Documentation
JSON Object Schema Without Properties (v2)
3d28f751-bc18-4f83-ace0-216b6086410b
Medium Insecure Configurations Schema of the JSON object should have properties defined and 'additionalProperties' set to false. Documentation
JSON Object Schema Without Properties (v3)
9d967a2b-9d64-41a6-abea-dfc4960299bd
Medium Insecure Configurations Schema of the JSON object should have properties defined and 'additionalProperties' set to false. (read more) Documentation
Pattern Undefined (v2)
afde15cf-9444-4126-8c62-41cd79db1d1d
Medium Insecure Configurations String schema/parameter/header should have 'pattern' defined. Documentation
Pattern Undefined (v3)
00b78adf-b83f-419c-8ed8-c6018441dd3a
Medium Insecure Configurations String schema should have 'pattern' defined. (read more) Documentation
Schema Object is Empty (v2)
967575e5-eb44-4c24-aadb-7e33608ed30a
Medium Insecure Configurations The Schema Object should not be empty to avoid accepting any JSON values Documentation
Schema Object is Empty (v3)
500ce696-d501-41dd-86eb-eceb011a386f
Medium Insecure Configurations The Schema Object should not be empty to avoid accepting any JSON values (read more) Documentation
Numeric Schema Without Format (v2)
3ed8fc82-c2bb-49e0-811f-c53923674c49
Medium Insecure Configurations Numeric schema (type set to 'integer' or 'number') should have 'format' defined. Documentation
Numeric Schema Without Format (v3)
fbf699b5-ef74-4542-9cf1-f6eeac379373
Medium Insecure Configurations Numeric schema (type set to 'integer' or 'number') should have 'format' defined. (read more) Documentation
Maximum Length Undefined (v2)
2ec86e48-ab90-4cb6-a131-0502afd1f442
Medium Insecure Configurations String schema/parameter/header should have 'maxLength' defined. Documentation
Maximum Length Undefined (v3)
8c8261c2-19a9-4ef7-ad37-b8bc7bdd4d85
Medium Insecure Configurations String schema should have 'maxLength' defined. (read more) Documentation
JSON Object Schema Without Type (v2)
62d52544-82ef-4b75-8308-cad49d50212b
Medium Insecure Configurations Schema of the JSON object should have 'type' defined. Documentation
JSON Object Schema Without Type (v3)
e2ffa504-d22a-4c94-b6c5-f661849d2db7
Medium Insecure Configurations Schema of the JSON object should have 'type' defined. (read more) Documentation
Numeric Schema Without Maximum (v2)
203eee11-15b6-4d47-b888-4c7f534967ee
Medium Insecure Configurations Numeric schema (type set to 'integer' or 'number') should have 'maximum' defined. Documentation
Numeric Schema Without Maximum (v3)
2ea04bef-c769-409e-9179-ee3a50b5c0ac
Medium Insecure Configurations Numeric schema (type set to 'integer' or 'number') should have 'maximum' defined. (read more) Documentation
Response on operations that should not have a body has declared content (v2)
268defd2-2839-4e15-8cbc-de86eb38c231
Medium Networking and Firewall If a response is head or its code is 204 or 304, it shouldn't have a schema defined Documentation
Response on operations that should not have a body has declared content (v3)
12a7210b-f4b4-47d0-acac-0a819e2a0ca3
Medium Networking and Firewall If a response is head or its code is 204 or 304, it shouldn't have a content defined (read more) Documentation
Default Response Undefined On Operations (v2)
5f34c7ae-4f3f-4cbb-8fe3-a11d6961062f
Medium Networking and Firewall Operations responses should have a default response defined Documentation
Default Response Undefined On Operations (v3)
86e3702f-c868-44b2-b61d-ea5316c18110
Medium Networking and Firewall Operations responses should have a default response defined (read more) Documentation
Success Response Code Undefined for Post Operation (v2)
9fedee41-2e6d-4091-b011-4a16b4c18c70
Medium Networking and Firewall Post should define at least one success response (200, 201, 202 or 204) Documentation
Success Response Code Undefined for Post Operation (v3)
f368dd2d-9344-4146-a05b-7c6faa1269ad
Medium Networking and Firewall Post should define at least one success response (200, 201, 202 or 204) (read more) Documentation
Success Response Code Undefined for Get Operation (v2)
9b633f3b-c94b-4fbb-a65b-1a4e9134fb63
Medium Networking and Firewall Get should define at least one success response (200 or 202) Documentation
Success Response Code Undefined for Get Operation (v3)
b2f275be-7d64-4064-b418-be6b431363a7
Medium Networking and Firewall Get should define at least one success response (200 or 202) (read more) Documentation
Response Code Missing (v2)
6e96ed39-bf45-4089-99ba-f1fe7cf6966f
Medium Networking and Firewall 500, 429 and 400 responses should be defined for all operations, except head operation. 415 response should be defined for the post, put, and patch operations. 404 response should be defined for the get, put, head, delete operations. 200 response should be defined for options operation. 401 and 403 response should be defined for all operations when the security field is defined. Documentation
Response Code Missing (v3)
6c35d2c6-09f2-4e5c-a094-e0e91327071d
Medium Networking and Firewall 500, 429 and 400 responses should be defined for all operations, except head operation. 415 response should be defined for the post, put, and patch operations. 404 response should be defined for the get, put, head, delete operations. 200 response should be defined for options operation. 401 and 403 response should be defined for all operations when the security field is defined. (read more) Documentation
Success Response Code Undefined for Head Operation (v2)
4f0b30e3-a498-4dd7-b3f2-f4b6471a8d5a
Medium Networking and Firewall Head should define at least one success response (200 or 202) Documentation
Success Response Code Undefined for Head Operation (v3)
3b066059-f411-4554-ac8d-96f32bff90da
Medium Networking and Firewall Head should define at least one success response (200 or 202) (read more) Documentation
Success Response Code Undefined for Put Operation (v2)
965a043f-5f3c-4d0a-be72-d9ce12fdb4d6
Medium Networking and Firewall Put should define at least one success response (200, 201, 202 or 204) Documentation
Success Response Code Undefined for Put Operation (v3)
60b5f56b-66ff-4e1c-9b62-5753e16825bc
Medium Networking and Firewall Put should define at least one success response (200, 201, 202 or 204) (read more) Documentation
Success Response Code Undefined for Patch Operation (v2)
f36e87cc-a209-4f37-8571-66833e4aead7
Medium Networking and Firewall Patch should define at least one success response (200, 201, 202 or 204) Documentation
Success Response Code Undefined for Patch Operation (v3)
1908a8ee-927d-4166-8f18-241152170cc1
Medium Networking and Firewall Patch should define at least one success response (200, 201, 202 or 204) (read more) Documentation
Response on operations that should have a body has undefined schema (v2)
31afbcb7-70e0-48bb-a31a-3374f95cf859
Medium Networking and Firewall If a response is not head or its code is not 204 or 304, it should have a schema defined Documentation
Response on operations that should have a body has undefined schema (v3)
a92be1d5-d762-484a-86d6-8cd0907ba100
Medium Networking and Firewall If a response is not head or its code is not 204 or 304, it should have a schema defined (read more) Documentation
Success Response Code Undefined for Delete Operation (v2)
ad432855-b7fb-4429-92a3-93b5ce34f0b1
Medium Networking and Firewall Delete should define at least one success response (200, 201, 202 or 204) Documentation
Success Response Code Undefined for Delete Operation (v3)
3b497874-ae59-46dd-8d72-1868a3b8f150
Medium Networking and Firewall Delete should define at least one success response (200, 201, 202 or 204) (read more) Documentation
API Key Exposed In Operation Security (v2)
392599e4-a4e2-403d-bc56-3fe05755782d
Low Access Control API Keys should not be transported over network Documentation
API Key Exposed In Operation Security (v3)
281b8071-6226-4a43-911d-fec246d422c2
Low Access Control API Keys should not be transported over network (read more) Documentation
Invalid Format (v2)
caf1793e-95dd-4b18-8d90-8f3c0ab5bddf
Low Insecure Configurations The format should be valid for the type defined. For integer type must be int32 or int64 and number type must be float or double Documentation
Invalid Format (v3)
d929c031-078f-4241-b802-e224656ad890
Low Insecure Configurations The format should be valid for the type defined. For integer type must be int32 or int64 and number type must be float or double (read more) Documentation
JSON '$ref' alongside other properties (v2)
f34c1c68-4773-4df0-a103-6e2ca32e585f
Info Best Practices Each field on Open API specification which accepts '$ref', infers that field is using a reference object, which has only '$ref' key Documentation
JSON '$ref' alongside other properties (v3)
96beb800-566f-49a9-a0ea-dbdf4bc80429
Info Best Practices Each field on Open API specification which accepts '$ref', infers that field is using a reference object, which has only '$ref' key (read more) Documentation
Path Without Operation (v2)
609cd557-66b4-41fa-8edd-2abc6c7cfd08
Info Best Practices Path object should have at least one operation object defined Documentation
Path Without Operation (v3)
84c826c9-1893-4b34-8cdd-db97645b4bf3
Info Best Practices Path object should have at least one operation object defined (read more) Documentation
Header Parameter Named as 'Authorization' (v2)
e2e00c97-7171-4fb4-b461-d631df9a711c
Info Best Practices The header Parameter should not be named as 'Authorization'. If so, it will be ignored. Documentation
Header Parameter Named as 'Authorization' (v3)
8c84f75e-5048-4926-a4cb-33e7b3431300
Info Best Practices The header Parameter should not be named as 'Authorization'. If so, it will be ignored. (read more) Documentation
Operation Without Successful HTTP Status Code (v2)
a1ee6ebe-3877-42ec-b9a6-e524e7d06aa2
Info Best Practices Operation Object should have at least one successful HTTP status code defined Documentation
Operation Without Successful HTTP Status Code (v3)
48e9e1fe-cf79-45b5-93e6-8b55ae5dadfd
Info Best Practices Operation Object should have at least one successful HTTP status code defined (read more) Documentation
Header Parameter Named as 'Content-Type' (v2)
51978067-3b22-4c29-aaf3-96bf0bc28897
Info Best Practices The header Parameter should not be named as 'Content-Type'. If so, it will be ignored. Documentation
Header Parameter Named as 'Content-Type' (v3)
72d259ca-9741-48dd-9f62-eb11f2936b37
Info Best Practices The header Parameter should not be named as 'Content-Type'. If so, it will be ignored. (read more) Documentation
Invalid Contact URL (v2)
c7000383-16d0-4509-8cd3-585e5ea2e2f2
Info Best Practices Contact Object URL should be a valid URL Documentation
Invalid Contact URL (v3)
332cf2ad-380d-4b90-b436-46f8e635cf38
Info Best Practices Contact Object URL should be a valid URL (read more) Documentation
Invalid License URL (v2)
de2b4910-8484-46d6-a055-dc1e793ee3ff
Info Best Practices License Object URL should be a valid URL Documentation
Invalid License URL (v3)
9239c289-9e4c-4d92-8be1-9d506057c971
Info Best Practices License Object URL should be a valid URL (read more) Documentation
Invalid Operation External Documentation URL (v2)
25635c31-ee32-4708-88e5-fced87516f51
Info Best Practices Operation External Documentation URL should be a valid URL Documentation
Invalid Operation External Documentation URL (v3)
5ea61624-3733-4a3a-8ca4-b96fec9c5aeb
Info Best Practices Operation External Documentation URL should be a valid URL (read more) Documentation
Invalid Contact Email (v2)
d83bebc8-4e5e-4241-b783-cba9fb5a1c9a
Info Best Practices Contact Object Email should be a valid email Documentation
Invalid Contact Email (v3)
b1a7fcb0-2afe-4d5c-a6a1-4e6311fc29e7
Info Best Practices Contact Object Email should be a valid email (read more) Documentation
Example Not Compliant With Schema Type (v2)
448db771-06ea-4dee-b48c-1689cbfb4b43
Info Best Practices Examples values and fields should be compliant with the schema type Documentation
Example Not Compliant With Schema Type (v3)
881a6e71-c2a7-4fe2-b9c3-dfcf08895331
Info Best Practices Examples values and fields should be compliant with the schema type (read more) Documentation
Object Using Enum With Keyword (v2)
7f15962a-d862-451c-ac9b-84ec13747aa6
Info Best Practices Schema/Parameter/Header Object properties should not contain 'enum' and schema keywords Documentation
Object Using Enum With Keyword (v3)
2e9b6612-8f69-42e0-a5b8-ed17739c2f3a
Info Best Practices Schema Object properties should not contain 'enum' and schema keywords (read more) Documentation
Invalid Global External Documentation URL (v2)
46d3b74d-9fe9-45bf-9e9e-efb7f701ee28
Info Best Practices Global External Documentation URL should be a valid URL Documentation
Invalid Global External Documentation URL (v3)
b2d9dbf6-539c-4374-a1fd-210ddf5563a8
Info Best Practices Global External Documentation URL should be a valid URL (read more) Documentation
Header Parameter Named as 'Accept' (v2)
3ddd74cc-6582-486c-8b0c-2b48cb38e0a3
Info Best Practices The header Parameter should not be named as 'Accept'. If so, it will be ignored. Documentation
Header Parameter Named as 'Accept' (v3)
f2702af5-6016-46cb-bbc8-84c766032095
Info Best Practices The header Parameter should not be named as 'Accept'. If so, it will be ignored. (read more) Documentation
Header Response Name Is Invalid (v2)
86733e01-a435-4bd5-a8b0-5108be9dc1e4
Info Best Practices The Header Response should not be named as 'Content-Type', 'Authorization' or 'Accept'. If so, it will be ignored. Documentation
Header Response Name Is Invalid (v3)
d4e43db5-54d8-4dda-b3c2-0dc6f31a46bd
Info Best Practices The Header Response should not be named as 'Content-Type', 'Authorization' or 'Accept'. If so, it will be ignored. (read more) Documentation
Invalid Schema External Documentation URL (v2)
f7fa95b7-d819-484c-9a2b-665dd1bba25e
Info Best Practices Schema External Documentation URL should be a valid URL Documentation
Invalid Schema External Documentation URL (v3)
6952a7e0-6e48-4285-bbc1-27c64e60f888
Info Best Practices Schema External Documentation URL should be a valid URL (read more) Documentation
Required Property With Default Value (v2)
f7ab6c83-ef89-40e1-8a99-32e2599fb665
Info Best Practices Required properties receive value from requests, which makes unnecessary declare a default value Documentation
Required Property With Default Value (v3)
013bdb4b-9246-4248-b0c3-7fb0fee42a29
Info Best Practices Required properties receive value from requests, which makes unnecessary declare a default value (read more) Documentation
Invalid Tag External Documentation URL (v2)
b4a7d925-738b-4219-99d9-87d6ee262a03
Info Best Practices Tag External Documentation URL should be a valid URL Documentation
Invalid Tag External Documentation URL (v3)
5aea1d7e-b834-4749-b143-2c7ec3bd5922
Info Best Practices Tag External Documentation URL should be a valid URL (read more) Documentation
Schema Discriminator Property Not String (v2)
949376f1-f560-4c6d-a016-63424ca931bb
Info Structure and Semantics Schema discriminator property should be a string Documentation
Schema Discriminator Property Not String (v3)
dadc2f36-1f5a-46c0-8289-75e626583123
Info Structure and Semantics Schema discriminator property should be a string (read more) Documentation
Property 'allowEmptyValue' Improperly Defined (v2)
0bc1477d-0922-478b-ae16-674a7634a1a8
Info Structure and Semantics Property 'allowEmptyValue' should be only defined for query parameters and formData parameters Documentation
Property 'allowEmptyValue' Improperly Defined (v3)
4bcbcd52-3028-469f-bc14-02c7dbba2df2
Info Structure and Semantics Property 'allowEmptyValue' should be only defined for query parameters and formData parameters (read more) Documentation
Schema Object Properties With Duplicated Keys (v2)
ded017bf-fb13-4f8d-868b-84aebcc572ad
Info Structure and Semantics Schema Object Property key should be unique through out the fields 'properties', 'allOf', 'additionalProperties' Documentation
Schema Object Properties With Duplicated Keys (v3)
10c61e4b-eed5-49cf-9c7d-d4bf02e9edfa
Info Structure and Semantics Schema Object Property key should be unique through out the fields 'properties', 'allOf', 'additionalProperties' (read more) Documentation
Path Parameter With No Corresponding Template Path (v2)
194ef1f8-360e-4c14-8ed2-e83e2bafa142
Info Structure and Semantics The path parameter must have a corresponding template path for a given operation Documentation
Path Parameter With No Corresponding Template Path (v3)
69d7aefd-149d-47b8-8d89-1c2181a8067b
Info Structure and Semantics The path parameter must have a corresponding template path for a given operation (read more) Documentation
Properties Missing Required Property (v2)
71beb6ab-8b70-4816-a9ac-a0ff1fb22a62
Info Structure and Semantics Schema Object should have all required properties defined Documentation
Properties Missing Required Property (v3)
3fb03214-25d4-4bd4-867c-c2d8d708a483
Info Structure and Semantics Schema Object should have all required properties defined (read more) Documentation
Paths Object is Empty (v2)
3e6c7b1c-8a8d-43ab-98b9-65159f44db4a
Info Structure and Semantics Paths object may be empty due to ACL constraints, meaning they are not exposed Documentation
Paths Object is Empty (v3)
815021c8-a50c-46d9-b192-24f71072c400
Info Structure and Semantics Paths object may be empty due to ACL constraints, meaning they are not exposed (read more) Documentation
Path Template is Empty (v2)
c201b7ad-6173-4598-a407-5edb04a1bcd7
Info Structure and Semantics All path templates should not be empty Documentation
Path Template is Empty (v3)
ae13a37d-943b-47a7-a970-83c8598bcca3
Info Structure and Semantics All path templates should not be empty (read more) Documentation
Schema Discriminator Mismatch Defined Properties (v2)
addc0eab-27f6-4c26-8526-d2ccd3732662
Info Structure and Semantics Schema discriminator values should match defined properties. Documentation
Schema Discriminator Mismatch Defined Properties (v3)
40d3df21-c170-4dbe-9c02-4289b51f994f
Info Structure and Semantics Schema discriminator values should match defined properties. (read more) Documentation
Type Has Invalid Keyword (v2)
492c6cbb-f3f8-4807-aa4f-42b8b1c46b59
Info Structure and Semantics Schema/Parameter/Header Object define type should not use a keyword of another type Documentation
Type Has Invalid Keyword (v3)
a9228976-10cf-4b5f-b902-9e962aad037a
Info Structure and Semantics Schema Object define type should not use a keyword of another type (read more) Documentation
OperationId Not Unique (v2)
21245007-91c4-40e5-964e-40c85d1e5aa6
Info Structure and Semantics OperationId should be unique when defined Documentation
OperationId Not Unique (v3)
c254adc4-ef25-46e1-8270-b7944adb4198
Info Structure and Semantics OperationId should be unique when defined (read more) Documentation
Path Is Ambiguous (v2)
b2468463-3ac4-4930-890c-f35b2bf4485d
Info Structure and Semantics All path should be unique, if has more than one operation, all operations should be part of same Path Object Documentation
Path Is Ambiguous (v3)
237402e2-c2f0-46c9-9cf5-286160cf7bfc
Info Structure and Semantics All path should be unique, if has more than one operation, all operations should be part of same Path Object (read more) Documentation
Parameters Name In Combination Not Unique (v2)
ab871897-ec02-4835-9818-702536ee1dda
Info Structure and Semantics Parameters properties 'name' and 'in' should have unique combinations Documentation
Parameters Name In Combination Not Unique (v3)
f5b2e6af-76f5-496d-8482-8f898c5fdb4a
Info Structure and Semantics Parameters properties 'name' and 'in' should have unique combinations (read more) Documentation
Items Undefined (v2)
3e4d34d2-36cf-4449-976d-6c256db8fc49
Info Structure and Semantics Schema/Parameter items should be defined when the schema/parameter is set to an array. Documentation
Items Undefined (v3)
a8e859da-4a43-4e7f-94b8-25d6e3bf8e90
Info Structure and Semantics Schema/Parameter items should be defined when the schema/parameter is set to an array. (read more) Documentation
Responses With Wrong HTTP Status Code (v2)
069a5378-2091-43f0-aa3b-ee8f20996e99
Info Structure and Semantics HTTP Responses status code should be in range of [200-599] Documentation
Responses With Wrong HTTP Status Code (v3)
d86655c0-92f6-4ffc-b4d5-5b5775804c27
Info Structure and Semantics HTTP Responses status code should be in range of [200-599] (read more) Documentation
Schema Enum Invalid (v2)
8fe6d18a-ad4c-4397-8884-e3a9da57f4c9
Info Structure and Semantics The field 'enum' of Schema Object should be consistent with the schema's type Documentation
Schema Enum Invalid (v3)
03856cb2-e46c-4daf-bfbf-214ec93c882b
Info Structure and Semantics The field 'enum' of Schema Object should be consistent with the schema's type (read more) Documentation
Parameter Objects Headers With Duplicated Name (v2)
bd2cbef5-62c4-40f1-af07-4b7f9ced6616
Info Structure and Semantics Parameter Objects should not have duplicate names for 'header' location, since HTTP headers are not case sensitive. Documentation
Parameter Objects Headers With Duplicated Name (v3)
05505192-ba2c-4a81-9b25-dcdbcc973746
Info Structure and Semantics Parameter Objects should not have duplicate names for 'header' location, since HTTP headers are not case sensitive. (read more) Documentation
Template Path With No Corresponding Path Parameter (v2)
e7656d8d-7288-4bbe-b07b-22b389be75ce
Info Structure and Semantics The template path must have a corresponding path parameter for a given operation Documentation
Template Path With No Corresponding Path Parameter (v3)
561710b1-b845-4562-95ce-2397a05ccef4
Info Structure and Semantics The template path must have a corresponding path parameter for a given operation (read more) Documentation
Schema Has A Required Property Undefined (v2)
811762c8-2e99-4f70-88f9-a63875a953b1
Info Structure and Semantics Schema Object should not be have a required property that is not defined on properties Documentation
Schema Has A Required Property Undefined (v3)
2bd608ae-8a1f-457f-b710-c237883cb313
Info Structure and Semantics Schema Object should not be have a required property that is not defined on properties (read more) Documentation
Path Parameter Not Required (v2)
ccd0613f-cb77-4684-a892-183bd2674d12
Info Structure and Semantics The property 'required' determines whether the parameter is mandatory. If the parameter location is 'path', this property is required and its value must be true. Documentation
Path Parameter Not Required (v3)
0de50145-e845-47f4-9a15-23bcf2125710
Info Structure and Semantics The property 'required' determines whether the parameter is mandatory. If the parameter location is 'path', this property is required and its value must be true. (read more) Documentation
Default Invalid (v2)
78dfd8f0-a6ee-48ec-af8c-e4d9b3292a07
Info Structure and Semantics The field 'default' of Schema/Parameter/Header Object should be consistent with the schema's/parameter's/header's type Documentation
Default Invalid (v3)
a96bbc06-8cde-4295-ad3c-ee343a7f658e
Info Structure and Semantics The field 'default' of Schema Object should be consistent with the schema's type (read more) Documentation
Property Defining Minimum Greater Than Maximum (v2)
b5102ea9-6527-4bb7-94fc-9b4076150e55
Info Structure and Semantics Property defining minimum has greater value than maximum defined Documentation
Property Defining Minimum Greater Than Maximum (v3)
ab2af219-cd08-4233-b5a1-a788aac88b51
Info Structure and Semantics Property defining minimum has greater value than maximum defined (read more) Documentation
Schema Object With Circular Ref (v2)
cbff2508-85c9-4448-a8b3-770070edf5ca
Info Structure and Semantics Schema Object should not reference it self in 'allOf', 'oneOf', 'anyOf' and 'not' properties Documentation
Schema Object With Circular Ref (v3)
1a1aea94-745b-40a7-b860-0702ea6ee636
Info Structure and Semantics Schema Object should not reference it self in 'allOf', 'oneOf', 'anyOf' and 'not' properties (read more) Documentation
Schema Discriminator Not Required (v2)
be6a3722-af60-438c-b1b9-2a03e2958ab7
Info Structure and Semantics The discriminator property in the Schema Object should be a required property Documentation
Schema Discriminator Not Required (v3)
b481d46c-9c61-480f-86d9-af07146dc4a4
Info Structure and Semantics The discriminator property in the Schema Object should be a required property (read more) Documentation
Non-Array Schema With Items (v2)
9d47956b-29cd-43b1-9e6e-b39a4d484353
Info Structure and Semantics Non-Array Schema should not have 'items' defined Documentation
Non-Array Schema With Items (v3)
20cb3159-b219-496b-8dac-54ae3ab2021a
Info Structure and Semantics Non-Array Schema should not have 'items' defined (read more) Documentation
Responses Object Is Empty (v2)
6172e7ab-d2b7-45f8-a7db-1603931d8ba3
Info Structure and Semantics Responses Object should not be empty Documentation
Responses Object Is Empty (v3)
990eaf09-d6f1-4c3c-b174-a517b1de8917
Info Structure and Semantics Responses Object should not be empty (read more) Documentation

2.0

Bellow are listed queries related with OpenAPI 2.0:

Query Severity Category Description Help
Security Definitions Undefined or Empty
e3f026e8-fdb4-4d5a-bcfd-bd94452073fe
High Access Control Security Definitions Object should be set and not empty (read more) Documentation
Security Requirement Not Defined In Security Definition
a599b0d1-ff89-4cb8-9ece-9951854c06f6
High Structure and Semantics All security requirement objects must be defined in 'securityDefinitions' (read more) Documentation
Non OAuth2 Security Requirement Defining OAuth2 Scopes
ba239cb9-f342-4c20-812d-7b5a2aa6969e
High Structure and Semantics If the security scheme is not of type 'oauth2', the array value must be empty (read more) Documentation
Implicit Flow in OAuth2 (v2)
e9817ad8-a8c9-4038-8a2f-db0e6e7b284b
Medium Access Control There is a 'securityDefinition' using implicit flow on OAuth2, which is deprecated (read more) Documentation
Global Security Using Password Flow
2da46be4-4317-4650-9285-56d7103c4f93
Medium Access Control Security should not use 'password' Flow in OAuth2 authentication (read more) Documentation
Operation Using Password Flow
2e44e632-d617-43cb-b294-6bfe72a08938
Medium Access Control Operation Object should not use 'password' Flow in OAuth2 authentication (read more) Documentation
Security Definitions Allows Password Flow
773116aa-2e6d-416f-bd85-f0301cc05d76
Medium Access Control Security Definition Object should not allow 'password' Flow in OAuth2 authentication (read more) Documentation
Invalid OAuth2 Authorization URL (v2)
33d96c65-977d-4c33-943f-440baca49185
Medium Access Control The field authorizationUrl on implicit or authorizationCode fields from OAuth must be a valid URL (read more) Documentation
Invalid OAuth2 Token URL (v2)
274f910a-0665-4f08-b66d-7058fe927dba
Medium Access Control OAuth2 security definition flow requires a valid URL in the tokenUrl field (read more) Documentation
Schemes Uses HTTP
a46928f1-43d7-4671-94e0-2dd99746f389
Medium Encryption Schemes should use 'https' protocol instead of 'http'. Scheme using 'http' allows for clear text credentials (read more) Documentation
Path Scheme Accepts HTTP (v2)
a6847dc6-f4ea-45ac-a81f-93291ae6c573
Medium Encryption The Scheme list of Operation Object should only allow 'HTTPS' protocol to ensure an encrypted connection (read more) Documentation
Global Schemes Uses HTTP
f30ee711-0082-4480-85ab-31d922d9a2b2
Medium Encryption Global Schemes should use 'https' protocol instead of 'http' (read more) Documentation
Operation Object Without 'produces'
be3e170e-1572-461e-a8b6-d963def581ec
Medium Insecure Configurations Operation Object should have 'produces' feild defined for 'GET'operation (read more) Documentation
Operation Object Without 'consumes'
0c79e50e-b3cf-490c-b8f6-587c644d4d0c
Medium Insecure Configurations Operation Object should have 'consumes' feild defined for 'POST', 'PUT' and 'PATCH' operations (read more) Documentation
Security Definitions Using Basic Auth
221015a8-aa2a-43f5-b00b-ad7d2b1d47a8
Low Access Control Security Definition Object should not use basic authentication (read more) Documentation
Undefined Scope 'securityDefinition' On Global 'security' Field
9aa6e95c-d964-4239-a3a8-9f37a3c5a31f
Low Access Control Using an scope on global security field that is undefined on 'securityDefinitions' can be defined by an attacker (read more) Documentation
Operation Using Implicit Flow
f42dfe7e-787d-4478-a75e-a5f3d8a2269e
Low Access Control Operation Object should not use implicit flow (read more) Documentation
Undefined Scope 'securityDefinition' On 'security' Field On Operations
3847280c-9193-40bc-8009-76168e822ce2
Low Access Control Using an scope on security of operations that is undefined on 'securityDefinitions' can be defined by an attacker (read more) Documentation
Operation Using Basic Auth
ceefb058-8065-418f-9c4c-584a78c7e104
Low Access Control Operation Object should not use basic authentication (read more) Documentation
Operation Summary Too Long
d47940ca-5970-45cc-bdd1-4d81398cee1f
Low Best Practices Operation summary should be short (less than 120 characters) (read more) Documentation
Unknown Prefix (v2)
3b615f00-c443-4ba9-acc4-7c308716917d
Info Best Practices The media type prefix should be set as 'application', 'audio', 'font', 'example', 'image', 'message', 'model', 'multipart', 'text' or 'video' (read more) Documentation
Global Schema Definition Not Being Used
6d2e0790-cc3d-4c74-b973-d4e8b09f4455
Info Best Practices All global schemas definitions should be in use (read more) Documentation
Schema with 'additionalProperties' set as Boolean
3a01790c-ebee-4da6-8fd3-e78657383b75
Info Best Practices The value of 'additionalProperties' should be set as object instead of boolean, since swagger 2.0 does not support boolean value for it (read more) Documentation
Global Parameter Definition Not Being Used
b30981fa-a12e-49c7-a5bb-eeafb61d0f0f
Info Best Practices All global parameters definitions should be in use (read more) Documentation
Constraining Enum Property
be1d8733-3731-40c7-a845-734741c6871d
Info Best Practices There is a constraining keyword in a property which is already restricted by enum values (read more) Documentation
Global Responses Definition Not Being Used
0b76d993-ee52-43e0-8b39-3787d2ddabf1
Info Best Practices All global responses definitions should be in use (read more) Documentation
Invalid Media Type Value (v2)
f985a7d2-d404-4a7f-9814-f645f791e46e
Info Best Practices The Media Type value should match the following format: /[+suffix][;parameters] (read more) Documentation
Schema Object Incorrect Ref (v2)
0220e1c5-65d1-49dd-b7c2-cef6d6cb5283
Info Structure and Semantics Schema Object reference must always point to '#/definitions' (read more) Documentation
Parameter Object With Incorrect Ref (v2)
2596545e-1757-4ff7-a15a-8a9a180a42f3
Info Structure and Semantics Parameter Object reference must always point to '#/parameters' (read more) Documentation
Operation Object Parameters With 'body' And 'formatData' locations
eb3f9744-d24e-4614-b1ff-2a9514eca21c
Info Structure and Semantics Operation object parameters should not have both 'body' and 'formatData' locations (read more) Documentation
BasePath With Wrong Format
b4803607-ed72-4d60-99e2-3fa6edf471c6
Info Structure and Semantics The 'basePath' value format must match the pattern '^/' (read more) Documentation
Parameter File Type Not In 'formData'
c3cab8c4-6c52-47a9-942b-c27f26fbd7d2
Info Structure and Semantics The In field of Parameter Object must be 'formData' when type is 'file' (read more) Documentation
Multiple Body Parameters In The Same Operation
b90033cf-ad9f-4fb9-acd1-1b9d6d278c87
Info Structure and Semantics Only one body parameter is allowed on operation's parameters type field (read more) Documentation
Schema JSON Reference Does Not Exists (v2)
98295b32-ec09-4b5b-89a9-39853197f914
Info Structure and Semantics Schema reference should exists on definitions field (read more) Documentation
Responses JSON Reference Does Not Exists (v2)
e9db5fb4-6a84-4abb-b4af-3b94fbdace6d
Info Structure and Semantics Responses reference should exist on responses definition field (read more) Documentation
Non Body Parameter Without Schema
73c3bc54-3cc6-4c0a-b30a-e19f2abfc951
Info Structure and Semantics The Body Parameter Object should have the attribute 'schema' defined (read more) Documentation
Property Not Unique
750b40be-4bac-4f59-bdc4-1ca0e6c3450e
Info Structure and Semantics Every defined property must be unique throughout the whole API (read more) Documentation
Multi 'collectionformat' Not Valid For 'in' Parameter
750f6448-27c0-49f8-a153-b81735c1e19c
Info Structure and Semantics When 'collectionformat' is defined as 'multi', 'in' field must be 'query' or 'formData' (read more) Documentation
Host With Invalid Pattern
3d7d7b6c-fb0a-475e-8a28-c125e30d15f0
Info Structure and Semantics Host field should be an IP or a valid host name (read more) Documentation
Body Parameter With Wrong Property
c38d630d-a415-4e3e-bac2-65475979ba88
Info Structure and Semantics The Body Parameter Object should only have the following properties defined - 'name', 'in', 'description', 'required', and 'schema' (read more) Documentation
Response Object With Incorrect Ref (v2)
bccfa089-89e4-47e0-a0e5-185fe6902220
Info Structure and Semantics Response Object reference must always point to '#/responses' (read more) Documentation
Parameter JSON Reference Does Not Exists (v2)
fb889ae9-2d16-40b5-b41f-9da716c5abc1
Info Structure and Semantics Parameter reference should exist on parameters definition field (read more) Documentation
File Parameter With Wrong Consumes Property
7f91992f-b4c8-43bf-9bf9-fae9ecdb6e3a
Info Structure and Semantics Operations file parameters consumes must be 'multipart/form-data', 'application/x-www-form-urlencoded' or both (read more) Documentation
Object Without Required Property (v2)
5e5ecb9d-04b5-4e4f-b5a5-6ee04279b275
Info Structure and Semantics OpenAPI Object should contain all of its required fields (read more) Documentation
Unknown Property (v2)
429b2106-ba37-43ba-9727-7f699cc611e1
Info Structure and Semantics All properties defined in OpenAPI objects should be known (read more) Documentation
Operation Example Mismatch Produces MimeType
2cf35b40-ded3-43d6-9633-c8dcc8bcc822
Info Structure and Semantics Example should match one of MimeTypes on 'produces'. It is important to know that, if a 'produces' is declared on operation it will override global 'produces' (read more) Documentation
Body Parameter Without Schema
ed48229d-d43e-4da7-b453-5f98d964a57a
Info Structure and Semantics The Body Parameter Object should have the attribute 'schema' defined (read more) Documentation

3.0

Bellow are listed queries related with OpenAPI 3.0:

Query Severity Category Description Help
Field 'securityScheme' On Components Is Undefined
8db5544e-4874-4baa-9322-e9f75a2d219e
High Access Control Components' securityScheme field must have a valid scheme (read more) Documentation
Cleartext Credentials With Basic Authentication For Operation
86b1fa30-9790-4980-994d-a27e0f6f27c1
High Access Control Cleartext credentials over unencrypted channel should not be accepted for the operation (read more) Documentation
Implicit Flow in OAuth2 (v3)
4a1f3d75-ab73-41b2-83e7-06a93dc3a75a
Medium Access Control There is a 'securityScheme' using implicit flow on OAuth2, which is deprecated (read more) Documentation
OAuth2 With Password Flow
3979b0a4-532c-4ea7-86e4-34c090eaa4f2
Medium Access Control OAuth2 password flow insecurely exposes the credentials of the resource owner to the client (read more) Documentation
Security Scheme Using HTTP Negotiate
f525cc92-9050-4c41-a75c-890dc6f64449
Medium Access Control Security Scheme HTTP should not be using negotiate authentication (read more) Documentation
OAuth2 With Implicit Flow
39cb32f2-3a42-4af0-8037-82a7a9654b6c
Medium Access Control OAuth2 implicit flow is vulnerable to access token leakage and access token replay (read more) Documentation
Security Scheme HTTP Unknown Scheme
06764426-3c56-407e-981f-caa25db1c149
Medium Access Control Security Scheme HTTP scheme should be registered in the IANA Authentication Scheme registry (read more) Documentation
Security Scheme Using HTTP Digest
a4247b11-890b-45df-bf42-350a7a3af9be
Medium Access Control Security Scheme HTTP should not be using digest authentication (read more) Documentation
Security Scheme Using HTTP Basic
68e5fcac-390c-4939-a373-6074b7be7c71
Medium Access Control Security Scheme HTTP should not be using basic authentication (read more) Documentation
Invalid OAuth2 Authorization URL (v3)
52c0d841-60d6-4a81-88dd-c35fef36d315
Medium Access Control The field authorizationUrl on implicit or authorizationCode fields from OAuth must be a valid URL (read more) Documentation
Invalid OAuth2 Token URL (v3)
3ba0cca1-b815-47bf-ac62-1e584eb64a05
Medium Access Control OAuth2 security scheme flow requires a valid URL in the tokenUrl field (read more) Documentation
Global Server Object Uses HTTP
2d8c175a-6d90-412b-8b0e-e034ea49a1fe
Medium Encryption Global server object URL should use 'https' protocol instead of 'http' (read more) Documentation
Path Server Object Uses HTTP (v3)
9670f240-7b4d-4955-bd93-edaa9fa38b58
Medium Encryption The property 'url' in the Path Server Object should only allow 'HTTPS' protocols to ensure an encrypted connection (read more) Documentation
Additional Properties Too Restrictive
a19c3bbd-c056-40d7-9e1c-eeb0634e320d
Medium Insecure Configurations Objects should accept 'additionalProperties' if it is allOf or an object with anyOf or oneOf (read more) Documentation
Parameter Object Without Schema
8fe1846f-52cc-4413-ace9-1933d7d23672
Medium Insecure Configurations The Parameter Object should have the attribute 'schema' defined (read more) Documentation
Media Type Object Without Schema
f79b9d26-e945-44e7-98a1-b93f0f7a68a0
Medium Insecure Configurations The Media Type Object should have the attribute 'schema' defined (read more) Documentation
Additional Properties Too Permissive
9f88c88d-824d-4d9a-b985-e22977046042
Medium Insecure Configurations Objects should not accept 'additionalProperties' if it is possible (read more) Documentation
Header Object Without Schema
50de3b5b-6465-4e06-a9b0-b4c2ba34326b
Medium Networking and Firewall The header object should have schema defined (read more) Documentation
Success Response Code Undefined for Trace Operation
105e20dd-8449-4d71-95c6-d5dac96639af
Medium Networking and Firewall Trace should define the '200' successful code (read more) Documentation
Undefined Scope 'securityScheme' On Global 'security' Field
23a9e2d9-8738-4556-a71c-2802b6ffa022
Low Access Control Using an scope on global security field that is undefined on 'securityScheme' can be defined by an attacker (read more) Documentation
Security Scheme Using Oauth 1.0
1bc3205c-0d60-44e6-84f3-44fbf4dac5b3
Low Access Control Oauth 1.0 is deprecated, OAuth2 should be used instead (read more) Documentation
Undefined Scope 'securityScheme' On 'security' Field On Operations
462d6a1d-fed9-4d75-bb9e-3de902f35e6e
Low Access Control Using an scope on security of operations that is undefined on 'securityScheme' can be defined by an attacker (read more) Documentation
Global Security Scheme Using Basic Authentication
77276d82-4f45-4cf1-8e2b-4d345b936228
Low Access Control A security scheme is allowing basic authentication credentials to be transported over network (read more) Documentation
API Key Exposed In Global Security Scheme
40e1d1bf-11a9-4f63-a3a2-a8b84c602839
Low Access Control API Keys should not be transported over network (read more) Documentation
Components Request Body Definition Is Unused
6b76f589-9713-44ab-97f5-59a3dba1a285
Info Best Practices Components request bodies definitions should be referenced or removed from Open API definition (read more) Documentation
Unknown Prefix (v3)
a5375be3-521c-43bb-9eab-e2432e368ee4
Info Best Practices The media type prefix should be set as 'application', 'audio', 'font', 'example', 'image', 'message', 'model', 'multipart', 'text' or 'video' (read more) Documentation
Components Example Definition Is Unused
b05bb927-2df5-43cc-8d7b-6825c0e71625
Info Best Practices Components examples definitions should be referenced or removed from Open API definition (read more) Documentation
Components Callback Definition Is Unused
d15db953-a553-4b8a-9a14-a3d62ea3d79d
Info Best Practices Components callbacks definitions should be referenced or removed from Open API definition (read more) Documentation
Property 'allowReserved' of Encoding Object Ignored
4190dda7-af03-4cf0-a128-70ac1661ca09
Info Best Practices Property 'allowReserved' of the encoding object should be defined when the media type of the request body is 'application/x-www-form-urlencoded'. If not, it will be ignored. (read more) Documentation
Components Link Definition Is Unused
c19779a9-5774-4d2f-a3a1-a99831730375
Info Best Practices Components links definitions should be referenced or removed from Open API definition (read more) Documentation
Components Header Definition Is Unused
a68da022-e95a-4bc2-97d3-481e0bd6d446
Info Best Practices Components headers definitions should be referenced or removed from Open API definition (read more) Documentation
Components Response Definition Is Unused
9c3ea128-7e9a-4b4c-8a32-75ad17a2d3ae
Info Best Practices Components responses definitions should be referenced or removed from Open API definition (read more) Documentation
Property 'explode' of Encoding Object Ignored
a4dd69b8-49fa-45d2-a060-c76655405b05
Info Best Practices Property 'explode' of the encoding object should be defined when the media type of the request body is 'application/x-www-form-urlencoded'. If not, it will be ignored. (read more) Documentation
Components Schema Definition Is Unused
962fa01e-b791-4dcc-b04a-4a3e7389be5e
Info Best Practices Components schemas definitions should be referenced or removed from Open API definition (read more) Documentation
Property 'style' of Encoding Object Ignored
d3ea644a-9a5c-4fee-941f-f8a6786c0470
Info Best Practices Property 'style' of the encoding object should be defined when the media type of the request body is 'application/x-www-form-urlencoded'. If not, it will be ignored. (read more) Documentation
Property 'allowEmptyValue' Ignored
59c2f769-7cc2-49c8-a3de-4e211135cfab
Info Best Practices Property 'allowEmptyValue' is ignored in the following cases: {"sytle": "simple", "explode": false}, {"sytle": "simple", "explode": true}, {"sytle": "spaceDelimited", "explode": false}, {"sytle": "pipeDelimited", "explode": false}, and {"sytle": "deepObject", "explode": true} (read more) Documentation
Components Parameter Definition Is Unused
698a464e-bb3e-4ba8-ab5e-e6599b7644a0
Info Best Practices Components parameters definitions should be referenced or removed from Open API definition (read more) Documentation
Encoding Header 'Content-Type' Improperly Defined
4cd8de87-b595-48b6-ab3c-1904567135ab
Info Best Practices Encoding Map Key should not define a 'Content-Type' in the 'headers' field. If so, it will be ignored. (read more) Documentation
Invalid Media Type Value (v3)
cf4a5f45-a27b-49df-843a-9911dbfe71d4
Info Best Practices The Media Type value should match the following format: /[+suffix][;parameters] (read more) Documentation
Schema Object Incorrect Ref (v3)
4cac7ace-b0fb-477d-830d-65395d9109d9
Info Structure and Semantics Schema Object reference must always point to '#/components/schemas' (read more) Documentation
Header Object With Incorrect Ref
2d6646f4-2946-420f-8c14-3232d49ae0cb
Info Structure and Semantics Header Object reference must always point to '#/components/headers' (read more) Documentation
Security Requirement Object With Wrong Scopes
37140f7f-724a-4c87-a536-e9cee1d61533
Info Structure and Semantics Security Requirement Object should only have scopes defined for security schemes of type 'oauth2' and 'openIdConnect' (read more) Documentation
Callback JSON Reference Does Not Exists
f29904c8-6041-4bca-b043-dfa0546b8079
Info Structure and Semantics Callback reference should exists on components field (read more) Documentation
Link Object With Both 'operationId' And 'operationRef'
60fb6621-9f02-473b-9424-ba9a825747d3
Info Structure and Semantics Link object 'OperationId' should not have both 'operationId' and 'operationRef' defined since they are mutually exclusive. (read more) Documentation
Parameter Object With Schema And Content
31dd6fc0-f274-493b-9614-e063086c19fc
Info Structure and Semantics A Parameter Object must contain either a 'schema' property, or a 'content' property, but not both since they are mutually exclusive (read more) Documentation
Server Object Variable Not Used
8aee4754-970d-4c5f-8142-a49dfe388b1a
Info Structure and Semantics Every defined Server Variable Object should be used in a Service URL. (read more) Documentation
Parameter Object With Incorrect Ref (v3)
d40f27e6-15fb-4b56-90f8-fc0ff0291c51
Info Structure and Semantics Parameter Object reference must always point to '#/components/parameters' (read more) Documentation
Server URL Uses Undefined Variables
8d0921d6-4131-461f-a253-99e873f8f77e
Info Structure and Semantics Any variable used in the Service URL should be defined in the Service Object through 'variables'. (read more) Documentation
Request Body JSON Reference Does Not Exists
ca02f4e8-d3ae-4832-b7db-bb037516d9e7
Info Structure and Semantics Request Body reference should exists on components field (read more) Documentation
Servers Array Undefined
c66ebeaa-676c-40dc-a3ff-3e49395dcd5e
Info Structure and Semantics The Servers array should have at least one server defined. If not, the default value would be a Server Object with a URL value of '/'. (read more) Documentation
Link Object Incorrect Ref
b9db8a10-020c-49ca-88c6-780e5fdb4328
Info Structure and Semantics Link object reference must always point to '#/components/links' (read more) Documentation
Components Object Fixed Field Key Improperly Named
151331e2-11f4-4bb6-bd35-9a005e695087
Info Structure and Semantics Components object fixed fields (schemas, responses, parameters, examples, requestBodies, headers, securitySchemes, links, and callbacks) should use keys that match the following REGEX: ^[a-zA-Z0-9\.\-_]+$ (read more) Documentation
Parameter Object With Undefined Type
46facedc-f243-4108-ab33-583b807d50b0
Info Structure and Semantics A Parameter Object must contain either a 'schema' property, or a 'content' property (read more) Documentation
Example JSON Reference Does Not Exists
6a2c219f-da5e-4745-941e-5ea8cde23356
Info Structure and Semantics Example reference should exists on components field (read more) Documentation
Security Field Undefined
ab1263c2-81df-46f0-9f2c-0b62fdb68419
Info Structure and Semantics Security field should be defined in '#/components/securitySchemes' (read more) Documentation
Example JSON Reference Outside Components Examples
bac56e3c-1f71-4a74-8ae6-2fba07efcddb
Info Structure and Semantics Reference to examples should point to #/components/examples (read more) Documentation
Invalid Content Type For Multiple Files Upload
26f06397-36d8-4ce7-b993-17711261d777
Info Structure and Semantics Content Type should be set to 'multipart/form-data' in case of uploading an arbitrary number of files (array) (read more) Documentation
Request Body Object With Incorrect Media Type
58f06434-a88c-4f74-826c-db7e10cc7def
Info Structure and Semantics The field 'content' of the request body object should be set to 'multipart' or 'application/x-www-form-urlencoded' when field 'encoding' is set. (read more) Documentation
Encoding Map Key Mismatch Schema Defined Properties
cd7a52cf-8d7f-4cfe-bbeb-6306d23f576b
Info Structure and Semantics Encoding Map Key should be set in schema defined properties (read more) Documentation
Header JSON Reference Does Not Exists
376c9390-7e9e-4cb8-a067-fd31c05451fd
Info Structure and Semantics Header reference should exists on components field (read more) Documentation
Link Object OperationId Does Not Target Operation Object
c5bb7461-aa57-470b-a714-3bc3d74f4669
Info Structure and Semantics Link object 'OperationId' should target an existing operation object in the OpenAPI definition (read more) Documentation
Schema JSON Reference Does Not Exists (v3)
015eac96-6313-43c0-84e5-81b1374fa637
Info Structure and Semantics Schema reference should exists on components field (read more) Documentation
Schema With Both ReadOnly And WriteOnly
d2361d58-361c-49f0-9e50-b957fd608b29
Info Structure and Semantics Schema should not have both 'writeOnly' and 'readOnly' set to true (read more) Documentation
Property 'allowReserved' Improperly Defined
7f203940-39c4-4ea7-91ee-7aba16bca9e2
Info Structure and Semantics Property 'allowReserved' should be only defined for query parameters (read more) Documentation
Server URL Not Absolute
a0bf7382-5d5a-4224-924c-3db8466026c9
Info Structure and Semantics The Server URL should be an absolute URL (read more) Documentation
Response JSON Reference Does Not Exists (v3)
7a01dfbd-da62-4165-aed7-71349ad42ab4
Info Structure and Semantics Response reference should exists on components field (read more) Documentation
Empty Array
5915c20f-dffa-4cee-b5d4-f457ddc0151a
Info Structure and Semantics All array fields should not be empty (read more) Documentation
Response Object With Incorrect Ref (v3)
b3871dd8-9333-4d6c-bd52-67eb898b71ab
Info Structure and Semantics Response Object reference must always point to '#/components/responses' (read more) Documentation
Parameter Object Content With Multiple Entries
8bfed1c6-2d59-4924-bc7f-9b9d793ed0df
Info Structure and Semantics The map content property of the parameter object should only contain one entry (read more) Documentation
Parameter JSON Reference Does Not Exists (v3)
2e275f16-b627-4d3f-ae73-a6153a23ae8f
Info Structure and Semantics Parameter reference should exists on components field (read more) Documentation
Security Operation Field Undefined
20a482d5-c5d9-4a7a-b7a4-60d0805047b4
Info Structure and Semantics Security operation field should be defined in '#/components/securitySchemes' (read more) Documentation
Link JSON Reference Does Not Exists
801f0c6a-a834-4467-89c6-ddecffb46b5a
Info Structure and Semantics Link reference should exists on components field (read more) Documentation
Object Without Required Property (v3)
d172a060-8569-4412-8045-3560ebd477e8
Info Structure and Semantics OpenAPI Object should contain all of its required fields (read more) Documentation
Callback Object With Incorrect Ref
ba066cda-e808-450d-92b6-f29109754d45
Info Structure and Semantics Callback Object reference must always point to '#/components/callbacks' (read more) Documentation
Unknown Property (v3)
fb7d81e7-4150-48c4-b914-92fc05da6a2f
Info Structure and Semantics All properties defined in OpenAPI objects should be known (read more) Documentation
Request Body With Incorrect Ref
0f6cd0ab-c366-4595-84fc-fbd8b9901e4d
Info Structure and Semantics Request Body reference must always point to '#/components/RequestBodies' (read more) Documentation