Authentication Security Best Practices

general > insecure-basic-auth

Guidance

Your API accepts basic authentication credentials sent in cleartext over an unencrypted channel. Attackers can
easily intercept API calls and retrieve the credentials. They can then use the credentials to make other API calls.

Applies to Operation

Constraint

Type: Declarative Validation