Skip to content

OpenAPI

OpenAPI Queries List

This page contains all queries from OpenAPI.

2.0

Below are listed queries related to OpenAPI 2.0:

Query Severity Category More info
Security Definitions Undefined or Empty
e3f026e8-fdb4-4d5a-bcfd-bd94452073fe
High Access Control Query details
Documentation
Security Requirement Not Defined In Security Definition
a599b0d1-ff89-4cb8-9ece-9951854c06f6
High Structure and Semantics Query details
Documentation
Global Security Using Password Flow
2da46be4-4317-4650-9285-56d7103c4f93
Medium Access Control Query details
Documentation
Implicit Flow in OAuth2 (v2)
e9817ad8-a8c9-4038-8a2f-db0e6e7b284b
Medium Access Control Query details
Documentation
Invalid OAuth2 Authorization URL (v2)
33d96c65-977d-4c33-943f-440baca49185
Medium Access Control Query details
Documentation
Invalid OAuth2 Token URL (v2)
274f910a-0665-4f08-b66d-7058fe927dba
Medium Access Control Query details
Documentation
Operation Using Basic Auth
ceefb058-8065-418f-9c4c-584a78c7e104
Medium Access Control Query details
Documentation
Operation Using Implicit Flow
f42dfe7e-787d-4478-a75e-a5f3d8a2269e
Medium Access Control Query details
Documentation
Operation Using Password Flow
2e44e632-d617-43cb-b294-6bfe72a08938
Medium Access Control Query details
Documentation
Security Definitions Allows Password Flow
773116aa-2e6d-416f-bd85-f0301cc05d76
Medium Access Control Query details
Documentation
Security Definitions Using Basic Auth
221015a8-aa2a-43f5-b00b-ad7d2b1d47a8
Medium Access Control Query details
Documentation
Global Schemes Uses HTTP
f30ee711-0082-4480-85ab-31d922d9a2b2
Medium Encryption Query details
Documentation
Path Scheme Accepts HTTP (v2)
a6847dc6-f4ea-45ac-a81f-93291ae6c573
Medium Encryption Query details
Documentation
Schemes Uses HTTP
a46928f1-43d7-4671-94e0-2dd99746f389
Medium Encryption Query details
Documentation
Operation Object Without 'consumes'
0c79e50e-b3cf-490c-b8f6-587c644d4d0c
Medium Insecure Configurations Query details
Documentation
Operation Object Without 'produces'
be3e170e-1572-461e-a8b6-d963def581ec
Medium Insecure Configurations Query details
Documentation
Non OAuth2 Security Requirement Defining OAuth2 Scopes
ba239cb9-f342-4c20-812d-7b5a2aa6969e
Medium Structure and Semantics Query details
Documentation
Undefined Scope 'securityDefinition' On 'security' Field On Operations
3847280c-9193-40bc-8009-76168e822ce2
Low Access Control Query details
Documentation
Undefined Scope 'securityDefinition' On Global 'security' Field
9aa6e95c-d964-4239-a3a8-9f37a3c5a31f
Low Access Control Query details
Documentation
Constraining Enum Property
be1d8733-3731-40c7-a845-734741c6871d
Info Best Practices Query details
Documentation
Global Parameter Definition Not Being Used
b30981fa-a12e-49c7-a5bb-eeafb61d0f0f
Info Best Practices Query details
Documentation
Global Responses Definition Not Being Used
0b76d993-ee52-43e0-8b39-3787d2ddabf1
Info Best Practices Query details
Documentation
Global Schema Definition Not Being Used
6d2e0790-cc3d-4c74-b973-d4e8b09f4455
Info Best Practices Query details
Documentation
Invalid Media Type Value (v2)
f985a7d2-d404-4a7f-9814-f645f791e46e
Info Best Practices Query details
Documentation
Operation Summary Too Long
d47940ca-5970-45cc-bdd1-4d81398cee1f
Info Best Practices Query details
Documentation
Schema with 'additionalProperties' set as Boolean
3a01790c-ebee-4da6-8fd3-e78657383b75
Info Best Practices Query details
Documentation
Unknown Prefix (v2)
3b615f00-c443-4ba9-acc4-7c308716917d
Info Best Practices Query details
Documentation
BasePath With Wrong Format
b4803607-ed72-4d60-99e2-3fa6edf471c6
Info Structure and Semantics Query details
Documentation
Body Parameter With Wrong Property
c38d630d-a415-4e3e-bac2-65475979ba88
Info Structure and Semantics Query details
Documentation
Body Parameter Without Schema
ed48229d-d43e-4da7-b453-5f98d964a57a
Info Structure and Semantics Query details
Documentation
File Parameter With Wrong Consumes Property
7f91992f-b4c8-43bf-9bf9-fae9ecdb6e3a
Info Structure and Semantics Query details
Documentation
Host With Invalid Pattern
3d7d7b6c-fb0a-475e-8a28-c125e30d15f0
Info Structure and Semantics Query details
Documentation
Multi 'collectionformat' Not Valid For 'in' Parameter
750f6448-27c0-49f8-a153-b81735c1e19c
Info Structure and Semantics Query details
Documentation
Multiple Body Parameters In The Same Operation
b90033cf-ad9f-4fb9-acd1-1b9d6d278c87
Info Structure and Semantics Query details
Documentation
Non Body Parameter Without Schema
73c3bc54-3cc6-4c0a-b30a-e19f2abfc951
Info Structure and Semantics Query details
Documentation
Object Without Required Property (v2)
5e5ecb9d-04b5-4e4f-b5a5-6ee04279b275
Info Structure and Semantics Query details
Documentation
Operation Example Mismatch Produces MimeType
2cf35b40-ded3-43d6-9633-c8dcc8bcc822
Info Structure and Semantics Query details
Documentation
Operation Object Parameters With 'body' And 'formatData' locations
eb3f9744-d24e-4614-b1ff-2a9514eca21c
Info Structure and Semantics Query details
Documentation
Parameter File Type Not In 'formData'
c3cab8c4-6c52-47a9-942b-c27f26fbd7d2
Info Structure and Semantics Query details
Documentation
Parameter JSON Reference Does Not Exist (v2)
fb889ae9-2d16-40b5-b41f-9da716c5abc1
Info Structure and Semantics Query details
Documentation
Parameter Object With Incorrect Ref (v2)
2596545e-1757-4ff7-a15a-8a9a180a42f3
Info Structure and Semantics Query details
Documentation
Property Not Unique
750b40be-4bac-4f59-bdc4-1ca0e6c3450e
Info Structure and Semantics Query details
Documentation
Response Object With Incorrect Ref (v2)
bccfa089-89e4-47e0-a0e5-185fe6902220
Info Structure and Semantics Query details
Documentation
Responses JSON Reference Does Not Exists (v2)
e9db5fb4-6a84-4abb-b4af-3b94fbdace6d
Info Structure and Semantics Query details
Documentation
Schema JSON Reference Does Not Exist (v2)
98295b32-ec09-4b5b-89a9-39853197f914
Info Structure and Semantics Query details
Documentation
Schema Object Incorrect Ref (v2)
0220e1c5-65d1-49dd-b7c2-cef6d6cb5283
Info Structure and Semantics Query details
Documentation
Unknown Property (v2)
429b2106-ba37-43ba-9727-7f699cc611e1
Info Structure and Semantics Query details
Documentation

3.0

Below are listed queries related to OpenAPI 3.0:

Query Severity Category More info
Cleartext Credentials With Basic Authentication For Operation
86b1fa30-9790-4980-994d-a27e0f6f27c1
Medium Access Control Query details
Documentation
Field 'securityScheme' On Components Is Undefined
8db5544e-4874-4baa-9322-e9f75a2d219e
Medium Access Control Query details
Documentation
Global Security Scheme Using Basic Authentication
77276d82-4f45-4cf1-8e2b-4d345b936228
Medium Access Control Query details
Documentation
Invalid OAuth2 Authorization URL (v3)
52c0d841-60d6-4a81-88dd-c35fef36d315
Medium Access Control Query details
Documentation
Invalid OAuth2 Token URL (v3)
3ba0cca1-b815-47bf-ac62-1e584eb64a05
Medium Access Control Query details
Documentation
OAuth2 With Implicit Flow
39cb32f2-3a42-4af0-8037-82a7a9654b6c
Medium Access Control Query details
Documentation
OAuth2 With Password Flow
3979b0a4-532c-4ea7-86e4-34c090eaa4f2
Medium Access Control Query details
Documentation
Security Scheme HTTP Unknown Scheme
06764426-3c56-407e-981f-caa25db1c149
Medium Access Control Query details
Documentation
Global Server Object Uses HTTP
2d8c175a-6d90-412b-8b0e-e034ea49a1fe
Medium Encryption Query details
Documentation
Path Server Object Uses HTTP (v3)
9670f240-7b4d-4955-bd93-edaa9fa38b58
Medium Encryption Query details
Documentation
Media Type Object Without Schema
f79b9d26-e945-44e7-98a1-b93f0f7a68a0
Medium Insecure Configurations Query details
Documentation
Parameter Object Without Schema
8fe1846f-52cc-4413-ace9-1933d7d23672
Medium Insecure Configurations Query details
Documentation
Header Object Without Schema
50de3b5b-6465-4e06-a9b0-b4c2ba34326b
Medium Networking and Firewall Query details
Documentation
API Key Exposed In Global Security Scheme
40e1d1bf-11a9-4f63-a3a2-a8b84c602839
Low Access Control Query details
Documentation
Security Scheme Using HTTP Basic
68e5fcac-390c-4939-a373-6074b7be7c71
Low Access Control Query details
Documentation
Security Scheme Using HTTP Digest
a4247b11-890b-45df-bf42-350a7a3af9be
Low Access Control Query details
Documentation
Security Scheme Using HTTP Negotiate
f525cc92-9050-4c41-a75c-890dc6f64449
Low Access Control Query details
Documentation
Security Scheme Using Oauth 1.0
1bc3205c-0d60-44e6-84f3-44fbf4dac5b3
Low Access Control Query details
Documentation
Undefined Scope 'securityScheme' On 'security' Field On Operations
462d6a1d-fed9-4d75-bb9e-3de902f35e6e
Low Access Control Query details
Documentation
Undefined Scope 'securityScheme' On Global 'security' Field
23a9e2d9-8738-4556-a71c-2802b6ffa022
Low Access Control Query details
Documentation
Additional Properties Too Permissive
9f88c88d-824d-4d9a-b985-e22977046042
Low Insecure Configurations Query details
Documentation
Additional Properties Too Restrictive
a19c3bbd-c056-40d7-9e1c-eeb0634e320d
Low Insecure Configurations Query details
Documentation
Success Response Code Undefined for Trace Operation
105e20dd-8449-4d71-95c6-d5dac96639af
Low Networking and Firewall Query details
Documentation
Components Callback Definition Is Unused
d15db953-a553-4b8a-9a14-a3d62ea3d79d
Info Best Practices Query details
Documentation
Components Example Definition Is Unused
b05bb927-2df5-43cc-8d7b-6825c0e71625
Info Best Practices Query details
Documentation
Components Header Definition Is Unused
a68da022-e95a-4bc2-97d3-481e0bd6d446
Info Best Practices Query details
Documentation
Components Link Definition Is Unused
c19779a9-5774-4d2f-a3a1-a99831730375
Info Best Practices Query details
Documentation
Components Parameter Definition Is Unused
698a464e-bb3e-4ba8-ab5e-e6599b7644a0
Info Best Practices Query details
Documentation
Components Request Body Definition Is Unused
6b76f589-9713-44ab-97f5-59a3dba1a285
Info Best Practices Query details
Documentation
Components Response Definition Is Unused
9c3ea128-7e9a-4b4c-8a32-75ad17a2d3ae
Info Best Practices Query details
Documentation
Components Schema Definition Is Unused
962fa01e-b791-4dcc-b04a-4a3e7389be5e
Info Best Practices Query details
Documentation
Encoding Header 'Content-Type' Improperly Defined
4cd8de87-b595-48b6-ab3c-1904567135ab
Info Best Practices Query details
Documentation
Invalid Media Type Value (v3)
cf4a5f45-a27b-49df-843a-9911dbfe71d4
Info Best Practices Query details
Documentation
Property 'allowEmptyValue' Ignored
59c2f769-7cc2-49c8-a3de-4e211135cfab
Info Best Practices Query details
Documentation
Property 'allowReserved' of Encoding Object Ignored
4190dda7-af03-4cf0-a128-70ac1661ca09
Info Best Practices Query details
Documentation
Property 'explode' of Encoding Object Ignored
a4dd69b8-49fa-45d2-a060-c76655405b05
Info Best Practices Query details
Documentation
Property 'style' of Encoding Object Ignored
d3ea644a-9a5c-4fee-941f-f8a6786c0470
Info Best Practices Query details
Documentation
Unknown Prefix (v3)
a5375be3-521c-43bb-9eab-e2432e368ee4
Info Best Practices Query details
Documentation
Callback JSON Reference Does Not Exist
f29904c8-6041-4bca-b043-dfa0546b8079
Info Structure and Semantics Query details
Documentation
Callback Object With Incorrect Ref
ba066cda-e808-450d-92b6-f29109754d45
Info Structure and Semantics Query details
Documentation
Components Object Fixed Field Key Improperly Named
151331e2-11f4-4bb6-bd35-9a005e695087
Info Structure and Semantics Query details
Documentation
Empty Array
5915c20f-dffa-4cee-b5d4-f457ddc0151a
Info Structure and Semantics Query details
Documentation
Encoding Map Key Mismatch Schema Defined Properties
cd7a52cf-8d7f-4cfe-bbeb-6306d23f576b
Info Structure and Semantics Query details
Documentation
Example JSON Reference Does Not Exist
6a2c219f-da5e-4745-941e-5ea8cde23356
Info Structure and Semantics Query details
Documentation
Example JSON Reference Outside Components Examples
bac56e3c-1f71-4a74-8ae6-2fba07efcddb
Info Structure and Semantics Query details
Documentation
Header JSON Reference Does Not Exist
376c9390-7e9e-4cb8-a067-fd31c05451fd
Info Structure and Semantics Query details
Documentation
Header Object With Incorrect Ref
2d6646f4-2946-420f-8c14-3232d49ae0cb
Info Structure and Semantics Query details
Documentation
Invalid Content Type For Multiple Files Upload
26f06397-36d8-4ce7-b993-17711261d777
Info Structure and Semantics Query details
Documentation
Link JSON Reference Does Not Exist
801f0c6a-a834-4467-89c6-ddecffb46b5a
Info Structure and Semantics Query details
Documentation
Link Object Incorrect Ref
b9db8a10-020c-49ca-88c6-780e5fdb4328
Info Structure and Semantics Query details
Documentation
Link Object OperationId Does Not Target Operation Object
c5bb7461-aa57-470b-a714-3bc3d74f4669
Info Structure and Semantics Query details
Documentation
Link Object With Both 'operationId' And 'operationRef'
60fb6621-9f02-473b-9424-ba9a825747d3
Info Structure and Semantics Query details
Documentation
Object Without Required Property (v3)
d172a060-8569-4412-8045-3560ebd477e8
Info Structure and Semantics Query details
Documentation
Parameter JSON Reference Does Not Exist (v3)
2e275f16-b627-4d3f-ae73-a6153a23ae8f
Info Structure and Semantics Query details
Documentation
Parameter Object Content With Multiple Entries
8bfed1c6-2d59-4924-bc7f-9b9d793ed0df
Info Structure and Semantics Query details
Documentation
Parameter Object With Incorrect Ref (v3)
d40f27e6-15fb-4b56-90f8-fc0ff0291c51
Info Structure and Semantics Query details
Documentation
Parameter Object With Schema And Content
31dd6fc0-f274-493b-9614-e063086c19fc
Info Structure and Semantics Query details
Documentation
Parameter Object With Undefined Type
46facedc-f243-4108-ab33-583b807d50b0
Info Structure and Semantics Query details
Documentation
Property 'allowReserved' Improperly Defined
7f203940-39c4-4ea7-91ee-7aba16bca9e2
Info Structure and Semantics Query details
Documentation
Request Body JSON Reference Does Not Exist
ca02f4e8-d3ae-4832-b7db-bb037516d9e7
Info Structure and Semantics Query details
Documentation
Request Body Object With Incorrect Media Type
58f06434-a88c-4f74-826c-db7e10cc7def
Info Structure and Semantics Query details
Documentation
Request Body With Incorrect Ref
0f6cd0ab-c366-4595-84fc-fbd8b9901e4d
Info Structure and Semantics Query details
Documentation
Response JSON Reference Does Not Exist (v3)
7a01dfbd-da62-4165-aed7-71349ad42ab4
Info Structure and Semantics Query details
Documentation
Response Object With Incorrect Ref (v3)
b3871dd8-9333-4d6c-bd52-67eb898b71ab
Info Structure and Semantics Query details
Documentation
Schema JSON Reference Does Not Exist (v3)
015eac96-6313-43c0-84e5-81b1374fa637
Info Structure and Semantics Query details
Documentation
Schema Object Incorrect Ref (v3)
4cac7ace-b0fb-477d-830d-65395d9109d9
Info Structure and Semantics Query details
Documentation
Schema With Both ReadOnly And WriteOnly
d2361d58-361c-49f0-9e50-b957fd608b29
Info Structure and Semantics Query details
Documentation
Security Field Undefined
ab1263c2-81df-46f0-9f2c-0b62fdb68419
Info Structure and Semantics Query details
Documentation
Security Operation Field Undefined
20a482d5-c5d9-4a7a-b7a4-60d0805047b4
Info Structure and Semantics Query details
Documentation
Security Requirement Object With Wrong Scopes
37140f7f-724a-4c87-a536-e9cee1d61533
Info Structure and Semantics Query details
Documentation
Server Object Variable Not Used
8aee4754-970d-4c5f-8142-a49dfe388b1a
Info Structure and Semantics Query details
Documentation
Server URL Not Absolute
a0bf7382-5d5a-4224-924c-3db8466026c9
Info Structure and Semantics Query details
Documentation
Server URL Uses Undefined Variables
8d0921d6-4131-461f-a253-99e873f8f77e
Info Structure and Semantics Query details
Documentation
Servers Array Undefined
c66ebeaa-676c-40dc-a3ff-3e49395dcd5e
Info Structure and Semantics Query details
Documentation
Unknown Property (v3)
fb7d81e7-4150-48c4-b914-92fc05da6a2f
Info Structure and Semantics Query details
Documentation

SHARED (V2/V3)

Below are listed queries related to OpenAPI SHARED (V2/V3):

Query Severity Category More info
Global Security Field Has An Empty Array (v2)
da31d54b-ad54-41dc-95eb-8b3828629213
High Access Control Security object need to have defined rules in its array and rules should be defined on securityScheme
Documentation
Global Security Field Has An Empty Array (v3)
d674aea4-ba8b-454b-bb97-88a772ea33f0
High Access Control Query details
Documentation
Global security field has an empty object (v2)
292919fb-7b26-4454-bee9-ce29094768dd
High Access Control Global security definition must not have empty objects
Documentation
Global security field has an empty object (v3)
543e38f4-1eee-479e-8eb0-15257013aa0a
High Access Control Query details
Documentation
Global Security Field Is Undefined (v2)
74703c89-0ea2-49ab-a7db-bf04f19f5a57
High Access Control Global security field should be defined to prevent API to have insecure paths and have this rules defined on securityDefinitions
Documentation
Global Security Field Is Undefined (v3)
8af270ce-298b-4405-9922-82a10aee7a4f
High Access Control Query details
Documentation
No Global And Operation Security Defined (v2)
586abcee-9653-462d-ad7b-2638a32bd6e6
High Access Control All paths should have security scheme, if it is omitted, global security field should be defined
Documentation
No Global And Operation Security Defined (v3)
96729c6b-7400-4d9e-9807-17f00cdde4d2
High Access Control Query details
Documentation
Security Field On Operations Has An Empty Array (v2)
5d29effc-5d68-481f-9721-d74e5919226b
High Access Control Security object for operations, if defined, must define a security scheme, otherwise it should be considered an error
Documentation
Security Field On Operations Has An Empty Array (v3)
663c442d-f918-4f62-b096-0bf5dcbeb655
High Access Control Query details
Documentation
Security Field On Operations Has An Empty Object Definition (v2)
74581e3b-1d55-4323-a139-5959a7b3abc5
High Access Control Security object for operations should not be empty object or has any empty object definition
Documentation
Security Field On Operations Has An Empty Object Definition (v3)
baade968-7467-41e4-bf22-83ca222f5800
High Access Control Query details
Documentation
Array Without Maximum Number of Items (v2)
99eb2c95-2040-4104-9e7c-e16f7474d218
Medium Insecure Configurations Array schema/parameter should have the field 'maxItems' set
Documentation
Array Without Maximum Number of Items (v3)
6998389e-66b2-473d-8d05-c8d71ac4d04d
Medium Insecure Configurations Query details
Documentation
JSON Object Schema Without Properties (v2)
3d28f751-bc18-4f83-ace0-216b6086410b
Medium Insecure Configurations Schema of the JSON object should have properties defined and 'additionalProperties' set to false.
Documentation
JSON Object Schema Without Properties (v3)
9d967a2b-9d64-41a6-abea-dfc4960299bd
Medium Insecure Configurations Query details
Documentation
JSON Object Schema Without Type (v2)
62d52544-82ef-4b75-8308-cad49d50212b
Medium Insecure Configurations Schema of the JSON object should have 'type' defined.
Documentation
JSON Object Schema Without Type (v3)
e2ffa504-d22a-4c94-b6c5-f661849d2db7
Medium Insecure Configurations Query details
Documentation
Pattern Undefined (v2)
afde15cf-9444-4126-8c62-41cd79db1d1d
Medium Insecure Configurations String schema/parameter/header should have 'pattern' defined.
Documentation
Pattern Undefined (v3)
00b78adf-b83f-419c-8ed8-c6018441dd3a
Medium Insecure Configurations Query details
Documentation
Schema Object is Empty (v2)
967575e5-eb44-4c24-aadb-7e33608ed30a
Medium Insecure Configurations The Schema Object should not be empty to avoid accepting any JSON values
Documentation
Schema Object is Empty (v3)
500ce696-d501-41dd-86eb-eceb011a386f
Medium Insecure Configurations Query details
Documentation
Response on operations that should have a body has undefined schema (v2)
31afbcb7-70e0-48bb-a31a-3374f95cf859
Medium Networking and Firewall If a response is not head or its code is not 204 or 304, it should have a schema defined
Documentation
Response on operations that should have a body has undefined schema (v3)
a92be1d5-d762-484a-86d6-8cd0907ba100
Medium Networking and Firewall Query details
Documentation
API Key Exposed In Global Security (v2)
533a0d13-6e89-4551-ae33-bce14e5849c1
Low Access Control API Keys should be transported using a secure method such as HTTPS. Define a security scheme that uses a secure method to transport the API key.
Documentation
API Key Exposed In Global Security (v3)
aecee30b-8ea1-4776-a99c-d6d600f0862f
Low Access Control Query details
Documentation
API Key Exposed In Operation Security (v2)
392599e4-a4e2-403d-bc56-3fe05755782d
Low Access Control API Keys should be transported using a secure method such as HTTPS. Define a security scheme that uses a secure method to transport the API key.
Documentation
API Key Exposed In Operation Security (v3)
281b8071-6226-4a43-911d-fec246d422c2
Low Access Control Query details
Documentation
Array Items Has No Type (v2)
8697a1a4-82c6-4603-8ac8-57529756744e
Low Insecure Configurations Schema/Parameter array items type should be defined
Documentation
Array Items Has No Type (v3)
be0e0df7-f3d9-42a1-9b6f-d425f94872c4
Low Insecure Configurations Query details
Documentation
Invalid Format (v2)
caf1793e-95dd-4b18-8d90-8f3c0ab5bddf
Low Insecure Configurations The format should be valid for the type defined. For integer type must be int32 or int64 and number type must be float or double
Documentation
Invalid Format (v3)
d929c031-078f-4241-b802-e224656ad890
Low Insecure Configurations Query details
Documentation
Maximum Length Undefined (v2)
2ec86e48-ab90-4cb6-a131-0502afd1f442
Low Insecure Configurations String schema/parameter/header should have 'maxLength' defined.
Documentation
Maximum Length Undefined (v3)
8c8261c2-19a9-4ef7-ad37-b8bc7bdd4d85
Low Insecure Configurations Query details
Documentation
Numeric Schema Without Format (v2)
3ed8fc82-c2bb-49e0-811f-c53923674c49
Low Insecure Configurations Numeric schema (type set to 'integer' or 'number') should have 'format' defined.
Documentation
Numeric Schema Without Format (v3)
fbf699b5-ef74-4542-9cf1-f6eeac379373
Low Insecure Configurations Query details
Documentation
Numeric Schema Without Maximum (v2)
203eee11-15b6-4d47-b888-4c7f534967ee
Low Insecure Configurations Numeric schema (type set to 'integer' or 'number') should have 'maximum' defined.
Documentation
Numeric Schema Without Maximum (v3)
2ea04bef-c769-409e-9179-ee3a50b5c0ac
Low Insecure Configurations Query details
Documentation
Numeric Schema Without Minimum (v2)
efd1dfc8-da91-4909-a3f3-c23abc5ec799
Low Insecure Configurations Numeric schema (type set to 'integer' or 'number') should have 'minimum' defined.
Documentation
Numeric Schema Without Minimum (v3)
181bd815-767e-4e95-a24d-bb3c87328e19
Low Insecure Configurations Query details
Documentation
String Schema with Broad Pattern (v2)
e4a019f0-9af3-49c8-bf68-1939a6ff240d
Low Insecure Configurations String schema should restrict the pattern
Documentation
String Schema with Broad Pattern (v3)
8c81d6c0-716b-49ec-afa5-2d62da4e3f3c
Low Insecure Configurations Query details
Documentation
Default Response Undefined On Operations (v2)
5f34c7ae-4f3f-4cbb-8fe3-a11d6961062f
Low Networking and Firewall Operations responses should have a default response defined
Documentation
Default Response Undefined On Operations (v3)
86e3702f-c868-44b2-b61d-ea5316c18110
Low Networking and Firewall Query details
Documentation
Response Code Missing (v2)
6e96ed39-bf45-4089-99ba-f1fe7cf6966f
Low Networking and Firewall 500, 429 and 400 responses should be defined for all operations, except head operation. 415 response should be defined for the post, put, and patch operations. 404 response should be defined for the get, put, head, delete operations. 200 response should be defined for options operation. 401 and 403 response should be defined for all operations when the security field is defined.
Documentation
Response Code Missing (v3)
6c35d2c6-09f2-4e5c-a094-e0e91327071d
Low Networking and Firewall Query details
Documentation
Response on operations that should not have a body has declared content (v2)
268defd2-2839-4e15-8cbc-de86eb38c231
Low Networking and Firewall If a response is head or its code is 204 or 304, it shouldn't have a schema defined
Documentation
Response on operations that should not have a body has declared content (v3)
12a7210b-f4b4-47d0-acac-0a819e2a0ca3
Low Networking and Firewall Query details
Documentation
Success Response Code Undefined for Delete Operation (v2)
ad432855-b7fb-4429-92a3-93b5ce34f0b1
Low Networking and Firewall Delete should define at least one success response (200, 201, 202 or 204)
Documentation
Success Response Code Undefined for Delete Operation (v3)
3b497874-ae59-46dd-8d72-1868a3b8f150
Low Networking and Firewall Query details
Documentation
Success Response Code Undefined for Get Operation (v2)
9b633f3b-c94b-4fbb-a65b-1a4e9134fb63
Low Networking and Firewall Get should define at least one success response (200 or 202)
Documentation
Success Response Code Undefined for Get Operation (v3)
b2f275be-7d64-4064-b418-be6b431363a7
Low Networking and Firewall Query details
Documentation
Success Response Code Undefined for Head Operation (v2)
4f0b30e3-a498-4dd7-b3f2-f4b6471a8d5a
Low Networking and Firewall Head should define at least one success response (200 or 202)
Documentation
Success Response Code Undefined for Head Operation (v3)
3b066059-f411-4554-ac8d-96f32bff90da
Low Networking and Firewall Query details
Documentation
Success Response Code Undefined for Patch Operation (v2)
f36e87cc-a209-4f37-8571-66833e4aead7
Low Networking and Firewall Patch should define at least one success response (200, 201, 202 or 204)
Documentation
Success Response Code Undefined for Patch Operation (v3)
1908a8ee-927d-4166-8f18-241152170cc1
Low Networking and Firewall Query details
Documentation
Success Response Code Undefined for Post Operation (v2)
9fedee41-2e6d-4091-b011-4a16b4c18c70
Low Networking and Firewall Post should define at least one success response (200, 201, 202 or 204)
Documentation
Success Response Code Undefined for Post Operation (v3)
f368dd2d-9344-4146-a05b-7c6faa1269ad
Low Networking and Firewall Query details
Documentation
Success Response Code Undefined for Put Operation (v2)
965a043f-5f3c-4d0a-be72-d9ce12fdb4d6
Low Networking and Firewall Put should define at least one success response (200, 201, 202 or 204)
Documentation
Success Response Code Undefined for Put Operation (v3)
60b5f56b-66ff-4e1c-9b62-5753e16825bc
Low Networking and Firewall Query details
Documentation
Example Not Compliant With Schema Type (v2)
448db771-06ea-4dee-b48c-1689cbfb4b43
Info Best Practices Examples values and fields should be compliant with the schema type
Documentation
Example Not Compliant With Schema Type (v3)
881a6e71-c2a7-4fe2-b9c3-dfcf08895331
Info Best Practices Query details
Documentation
Header Parameter Named as 'Accept' (v2)
3ddd74cc-6582-486c-8b0c-2b48cb38e0a3
Info Best Practices The header Parameter should not be named as 'Accept'. If so, it will be ignored.
Documentation
Header Parameter Named as 'Accept' (v3)
f2702af5-6016-46cb-bbc8-84c766032095
Info Best Practices Query details
Documentation
Header Parameter Named as 'Authorization' (v2)
e2e00c97-7171-4fb4-b461-d631df9a711c
Info Best Practices The header Parameter should not be named as 'Authorization'. If so, it will be ignored.
Documentation
Header Parameter Named as 'Authorization' (v3)
8c84f75e-5048-4926-a4cb-33e7b3431300
Info Best Practices Query details
Documentation
Header Parameter Named as 'Content-Type' (v2)
51978067-3b22-4c29-aaf3-96bf0bc28897
Info Best Practices The header Parameter should not be named as 'Content-Type'. If so, it will be ignored.
Documentation
Header Parameter Named as 'Content-Type' (v3)
72d259ca-9741-48dd-9f62-eb11f2936b37
Info Best Practices Query details
Documentation
Header Response Name Is Invalid (v2)
86733e01-a435-4bd5-a8b0-5108be9dc1e4
Info Best Practices The Header Response should not be named as 'Content-Type', 'Authorization' or 'Accept'. If so, it will be ignored.
Documentation
Header Response Name Is Invalid (v3)
d4e43db5-54d8-4dda-b3c2-0dc6f31a46bd
Info Best Practices Query details
Documentation
Invalid Contact Email (v2)
d83bebc8-4e5e-4241-b783-cba9fb5a1c9a
Info Best Practices Contact Object Email should be a valid email
Documentation
Invalid Contact Email (v3)
b1a7fcb0-2afe-4d5c-a6a1-4e6311fc29e7
Info Best Practices Query details
Documentation
Invalid Contact URL (v2)
c7000383-16d0-4509-8cd3-585e5ea2e2f2
Info Best Practices Contact Object URL should be a valid URL
Documentation
Invalid Contact URL (v3)
332cf2ad-380d-4b90-b436-46f8e635cf38
Info Best Practices Query details
Documentation
Invalid Global External Documentation URL (v2)
46d3b74d-9fe9-45bf-9e9e-efb7f701ee28
Info Best Practices Global External Documentation URL should be a valid URL
Documentation
Invalid Global External Documentation URL (v3)
b2d9dbf6-539c-4374-a1fd-210ddf5563a8
Info Best Practices Query details
Documentation
Invalid License URL (v2)
de2b4910-8484-46d6-a055-dc1e793ee3ff
Info Best Practices License Object URL should be a valid URL
Documentation
Invalid License URL (v3)
9239c289-9e4c-4d92-8be1-9d506057c971
Info Best Practices Query details
Documentation
Invalid Operation External Documentation URL (v2)
25635c31-ee32-4708-88e5-fced87516f51
Info Best Practices Operation External Documentation URL should be a valid URL
Documentation
Invalid Operation External Documentation URL (v3)
5ea61624-3733-4a3a-8ca4-b96fec9c5aeb
Info Best Practices Query details
Documentation
Invalid Schema External Documentation URL (v2)
f7fa95b7-d819-484c-9a2b-665dd1bba25e
Info Best Practices Schema External Documentation URL should be a valid URL
Documentation
Invalid Schema External Documentation URL (v3)
6952a7e0-6e48-4285-bbc1-27c64e60f888
Info Best Practices Query details
Documentation
Invalid Tag External Documentation URL (v2)
b4a7d925-738b-4219-99d9-87d6ee262a03
Info Best Practices Tag External Documentation URL should be a valid URL
Documentation
Invalid Tag External Documentation URL (v3)
5aea1d7e-b834-4749-b143-2c7ec3bd5922
Info Best Practices Query details
Documentation
JSON '$ref' alongside other properties (v2)
f34c1c68-4773-4df0-a103-6e2ca32e585f
Info Best Practices Each field on Open API specification which accepts '$ref', infers that field is using a reference object, which has only '$ref' key
Documentation
JSON '$ref' alongside other properties (v3)
96beb800-566f-49a9-a0ea-dbdf4bc80429
Info Best Practices Query details
Documentation
Object Using Enum With Keyword (v2)
7f15962a-d862-451c-ac9b-84ec13747aa6
Info Best Practices Schema/Parameter/Header Object properties should not contain 'enum' and schema keywords
Documentation
Object Using Enum With Keyword (v3)
2e9b6612-8f69-42e0-a5b8-ed17739c2f3a
Info Best Practices Query details
Documentation
Operation Without Successful HTTP Status Code (v2)
a1ee6ebe-3877-42ec-b9a6-e524e7d06aa2
Info Best Practices Operation Object should have at least one successful HTTP status code defined
Documentation
Operation Without Successful HTTP Status Code (v3)
48e9e1fe-cf79-45b5-93e6-8b55ae5dadfd
Info Best Practices Query details
Documentation
Path Without Operation (v2)
609cd557-66b4-41fa-8edd-2abc6c7cfd08
Info Best Practices Path object should have at least one operation object defined
Documentation
Path Without Operation (v3)
84c826c9-1893-4b34-8cdd-db97645b4bf3
Info Best Practices Query details
Documentation
Required Property With Default Value (v2)
f7ab6c83-ef89-40e1-8a99-32e2599fb665
Info Best Practices Required properties receive value from requests, which makes unnecessary declare a default value
Documentation
Required Property With Default Value (v3)
013bdb4b-9246-4248-b0c3-7fb0fee42a29
Info Best Practices Query details
Documentation
Default Invalid (v2)
78dfd8f0-a6ee-48ec-af8c-e4d9b3292a07
Info Structure and Semantics The field 'default' of Schema/Parameter/Header Object should be consistent with the schema's/parameter's/header's type
Documentation
Default Invalid (v3)
a96bbc06-8cde-4295-ad3c-ee343a7f658e
Info Structure and Semantics Query details
Documentation
Items Undefined (v2)
3e4d34d2-36cf-4449-976d-6c256db8fc49
Info Structure and Semantics Schema/Parameter items should be defined when the schema/parameter is set to an array.
Documentation
Items Undefined (v3)
a8e859da-4a43-4e7f-94b8-25d6e3bf8e90
Info Structure and Semantics Query details
Documentation
Non-Array Schema With Items (v2)
9d47956b-29cd-43b1-9e6e-b39a4d484353
Info Structure and Semantics Non-Array Schema should not have 'items' defined
Documentation
Non-Array Schema With Items (v3)
20cb3159-b219-496b-8dac-54ae3ab2021a
Info Structure and Semantics Query details
Documentation
OperationId Not Unique (v2)
21245007-91c4-40e5-964e-40c85d1e5aa6
Info Structure and Semantics OperationId should be unique when defined
Documentation
OperationId Not Unique (v3)
c254adc4-ef25-46e1-8270-b7944adb4198
Info Structure and Semantics Query details
Documentation
Parameter Objects Headers With Duplicated Name (v2)
bd2cbef5-62c4-40f1-af07-4b7f9ced6616
Info Structure and Semantics Parameter Objects should not have duplicate names for 'header' location, since HTTP headers are not case sensitive.
Documentation
Parameter Objects Headers With Duplicated Name (v3)
05505192-ba2c-4a81-9b25-dcdbcc973746
Info Structure and Semantics Query details
Documentation
Parameters Name In Combination Not Unique (v2)
ab871897-ec02-4835-9818-702536ee1dda
Info Structure and Semantics Parameters properties 'name' and 'in' should have unique combinations
Documentation
Parameters Name In Combination Not Unique (v3)
f5b2e6af-76f5-496d-8482-8f898c5fdb4a
Info Structure and Semantics Query details
Documentation
Path Is Ambiguous (v2)
b2468463-3ac4-4930-890c-f35b2bf4485d
Info Structure and Semantics All path should be unique, if has more than one operation, all operations should be part of same Path Object
Documentation
Path Is Ambiguous (v3)
237402e2-c2f0-46c9-9cf5-286160cf7bfc
Info Structure and Semantics Query details
Documentation
Path Parameter Not Required (v2)
ccd0613f-cb77-4684-a892-183bd2674d12
Info Structure and Semantics The property 'required' determines whether the parameter is mandatory. If the parameter location is 'path', this property is required and its value must be true.
Documentation
Path Parameter Not Required (v3)
0de50145-e845-47f4-9a15-23bcf2125710
Info Structure and Semantics Query details
Documentation
Path Parameter With No Corresponding Template Path (v2)
194ef1f8-360e-4c14-8ed2-e83e2bafa142
Info Structure and Semantics The path parameter must have a corresponding template path for a given operation
Documentation
Path Parameter With No Corresponding Template Path (v3)
69d7aefd-149d-47b8-8d89-1c2181a8067b
Info Structure and Semantics Query details
Documentation
Path Template is Empty (v2)
c201b7ad-6173-4598-a407-5edb04a1bcd7
Info Structure and Semantics All path templates should not be empty
Documentation
Path Template is Empty (v3)
ae13a37d-943b-47a7-a970-83c8598bcca3
Info Structure and Semantics Query details
Documentation
Paths Object is Empty (v2)
3e6c7b1c-8a8d-43ab-98b9-65159f44db4a
Info Structure and Semantics Paths object may be empty due to ACL constraints, meaning they are not exposed
Documentation
Paths Object is Empty (v3)
815021c8-a50c-46d9-b192-24f71072c400
Info Structure and Semantics Query details
Documentation
Properties Missing Required Property (v2)
71beb6ab-8b70-4816-a9ac-a0ff1fb22a62
Info Structure and Semantics Schema Object should have all required properties defined
Documentation
Properties Missing Required Property (v3)
3fb03214-25d4-4bd4-867c-c2d8d708a483
Info Structure and Semantics Query details
Documentation
Property 'allowEmptyValue' Improperly Defined (v2)
0bc1477d-0922-478b-ae16-674a7634a1a8
Info Structure and Semantics Property 'allowEmptyValue' should be only defined for query parameters and formData parameters
Documentation
Property 'allowEmptyValue' Improperly Defined (v3)
4bcbcd52-3028-469f-bc14-02c7dbba2df2
Info Structure and Semantics Query details
Documentation
Property Defining Minimum Greater Than Maximum (v2)
b5102ea9-6527-4bb7-94fc-9b4076150e55
Info Structure and Semantics Property defining minimum has greater value than maximum defined
Documentation
Property Defining Minimum Greater Than Maximum (v3)
ab2af219-cd08-4233-b5a1-a788aac88b51
Info Structure and Semantics Query details
Documentation
Responses Object Is Empty (v2)
6172e7ab-d2b7-45f8-a7db-1603931d8ba3
Info Structure and Semantics Responses Object should not be empty
Documentation
Responses Object Is Empty (v3)
990eaf09-d6f1-4c3c-b174-a517b1de8917
Info Structure and Semantics Query details
Documentation
Responses With Wrong HTTP Status Code (v2)
069a5378-2091-43f0-aa3b-ee8f20996e99
Info Structure and Semantics HTTP Responses status code should be in range of [200-599]
Documentation
Responses With Wrong HTTP Status Code (v3)
d86655c0-92f6-4ffc-b4d5-5b5775804c27
Info Structure and Semantics Query details
Documentation
Schema Discriminator Mismatch Defined Properties (v2)
addc0eab-27f6-4c26-8526-d2ccd3732662
Info Structure and Semantics Schema discriminator values should match defined properties.
Documentation
Schema Discriminator Mismatch Defined Properties (v3)
40d3df21-c170-4dbe-9c02-4289b51f994f
Info Structure and Semantics Query details
Documentation
Schema Discriminator Not Required (v2)
be6a3722-af60-438c-b1b9-2a03e2958ab7
Info Structure and Semantics The discriminator property in the Schema Object should be a required property
Documentation
Schema Discriminator Not Required (v3)
b481d46c-9c61-480f-86d9-af07146dc4a4
Info Structure and Semantics Query details
Documentation
Schema Discriminator Property Not String (v2)
949376f1-f560-4c6d-a016-63424ca931bb
Info Structure and Semantics Schema discriminator property should be a string
Documentation
Schema Discriminator Property Not String (v3)
dadc2f36-1f5a-46c0-8289-75e626583123
Info Structure and Semantics Query details
Documentation
Schema Enum Invalid (v2)
8fe6d18a-ad4c-4397-8884-e3a9da57f4c9
Info Structure and Semantics The field 'enum' of Schema Object should be consistent with the schema's type
Documentation
Schema Enum Invalid (v3)
03856cb2-e46c-4daf-bfbf-214ec93c882b
Info Structure and Semantics Query details
Documentation
Schema Has A Required Property Undefined (v2)
811762c8-2e99-4f70-88f9-a63875a953b1
Info Structure and Semantics Schema Object should not be have a required property that is not defined on properties
Documentation
Schema Has A Required Property Undefined (v3)
2bd608ae-8a1f-457f-b710-c237883cb313
Info Structure and Semantics Query details
Documentation
Schema Object Properties With Duplicated Keys (v2)
ded017bf-fb13-4f8d-868b-84aebcc572ad
Info Structure and Semantics Schema Object Property key should be unique through out the fields 'properties', 'allOf', 'additionalProperties'
Documentation
Schema Object Properties With Duplicated Keys (v3)
10c61e4b-eed5-49cf-9c7d-d4bf02e9edfa
Info Structure and Semantics Query details
Documentation
Schema Object With Circular Ref (v2)
cbff2508-85c9-4448-a8b3-770070edf5ca
Info Structure and Semantics Schema Object should not reference it self in 'allOf', 'oneOf', 'anyOf' and 'not' properties
Documentation
Schema Object With Circular Ref (v3)
1a1aea94-745b-40a7-b860-0702ea6ee636
Info Structure and Semantics Query details
Documentation
Template Path With No Corresponding Path Parameter (v2)
e7656d8d-7288-4bbe-b07b-22b389be75ce
Info Structure and Semantics The template path must have a corresponding path parameter for a given operation
Documentation
Template Path With No Corresponding Path Parameter (v3)
561710b1-b845-4562-95ce-2397a05ccef4
Info Structure and Semantics Query details
Documentation
Type Has Invalid Keyword (v2)
492c6cbb-f3f8-4807-aa4f-42b8b1c46b59
Info Structure and Semantics Schema/Parameter/Header Object define type should not use a keyword of another type
Documentation
Type Has Invalid Keyword (v3)
a9228976-10cf-4b5f-b902-9e962aad037a
Info Structure and Semantics Query details
Documentation