API definition security validation

POST {{baseUrl}}/security/api-validation

Performs an analysis on the given definition and returns any issues based on your [predefined rulesets] This endpoint can help you understand the violations' impact and offers solutions to help you resolve any errors. You can include this endpoint to your CI/CD process to automate schema validation.

For more information, see our [Rule violations in the API definition] documentation.

Include the following properties in the request body:

type — A string value that contains the API definition's type. One of:
- openapi3
- openapi2
language — A string value that contains the API definition's language. One of:
- json
- yaml
schema — A string value that contains the API definition's contents.

Note:

The maximum allowed size of the definition is 10 MB.
You must [import and enable] OWASP security rules in Qodex for this endpoint to return any security rule violations.

Request Body

{"schema"=>{"type"=>"{{schemaType}}", "language"=>"{{schemaLanguage}}", "schema"=>"{{schemaBody}}"}}

RESPONSES

status: OK

{&quot;warnings&quot;:[{&quot;slug&quot;:&quot;POSTMAN_OWASP_GOVERNANCE_RULE_0005&quot;,&quot;severity&quot;:&quot;WARN&quot;,&quot;message&quot;:&quot;Security field is not defined&quot;,&quot;location&quot;:{&quot;start&quot;:{&quot;line&quot;:1,&quot;column&quot;:0},&quot;end&quot;:{&quot;line&quot;:75,&quot;column&quot;:21}},&quot;dataPath&quot;:[],&quot;possibleFixUrl&quot;:&quot;https://go.pstmn.io/openapi3-security-warnings#security-field-is-not-defined&quot;,&quot;category&quot;:{&quot;name&quot;:&quot;governance&quot;,&quot;slug&quot;:&quot;governance&quot;},&quot;vulnerability&quot;:{&quot;name&quot;:&quot;Security field is not defined&quot;,&quot;slug&quot;:&quot;POSTMAN_OWASP_GOVERNANCE_VULNERABILITY_0005&quot;},&quot;type&quot;:&quot;governance&quot;,&quot;checksum&quot;:&quot;ff10236473b8bc137ecdb94c282de9375503772beffffd02eb7aa957e1a3e873&quot;},{&quot;slug&quot;:&quot;POSTMAN_OWASP_GOVERNANCE_RULE_0017&quot;,&quot;severity&quot;:&quot;WARN&quot;,&quot;message&quot;:&quot;Operation does not enforce any security scheme.&quot;,&quot;location&quot;:{&quot;start&quot;:{&quot;line&quot;:16,&quot;column&quot;:8},&quot;end&quot;:{&quot;line&quot;:36,&quot;column&quot;:50}},&quot;dataPath&quot;:[&quot;paths&quot;,&quot;/spacecrafts/{spacecraftId}&quot;,&quot;get&quot;],&quot;possibleFixUrl&quot;:&quot;https://go.pstmn.io/openapi3-security-warnings#operation-does-not-enforce-any-security-scheme&quot;,&quot;category&quot;:{&quot;name&quot;:&quot;governance&quot;,&quot;slug&quot;:&quot;governance&quot;},&quot;vulnerability&quot;:{&quot;name&quot;:&quot;Operation does not enforce any security scheme.&quot;,&quot;slug&quot;:&quot;POSTMAN_OWASP_GOVERNANCE_VULNERABILITY_0017&quot;},&quot;type&quot;:&quot;governance&quot;,&quot;checksum&quot;:&quot;7760d7354c85b925141d708e14ecaef6512ef20a5b89ba8c722d1fc16c1e5b02&quot;}]}