Authentication Security Best Practices

(6 reviews)

security-fields-operation-empty

general > security-fields-operation-empty

Guidance

This field should not be empty. If you leave the security field of the operation empty, anyone
can use the API operation. All they need to know is the URL for the API operation and how to invoke it.

Message

The security field of the operation {{core.name}} should not be empty.

Examples

valid

/pets:
  get:
    summary: List all pets
    operationId: listPets
    responses:
      '200':
        description: A string response.
        content:
          application/json:
            schema:
              type: string
    security:
      - OAuth2AuthCode: []

invalid

/pets:
  get:
    summary: List all pets
    operationId: listPets
    responses:
      '200':
        description: A string response.
        content:
          application/json:
            schema:
              type: string

Applies to Operation

Type	Ruleset
Organization	MuleSoft
Published by	MuleSoft Organization
Published on	Nov 29, 2023

Authentication Security Best Practices

security-fields-operation-empty

Guidance

Message

Examples

valid

invalid

Constraint

Type: Declarative Validation

Reviews

Asset versions for 1.1.x

Tags