Forum Discussion

briantruitt's avatar
briantruitt
7 months ago

Receiving 'operation 401 is missing' warning when I have it defined

I have an example api up on my company's swaggerhub (openapi 3.0) that is telling me I don't have a 401 response defined (owasp:api3:2019-define-error-responses-401) but as you can see below it is defined and moreover, it renders the api correctly and resolves the ref just fine:

openapi: 3.0.0
info:
  version: 1.0.0
  title: default rest api template
  description: default rest api template
  contact:
    email: me@somewhere.com
paths:
  /hello:
    post:
      description: Some description
      requestBody:
        description: A name to say hello to.
        content:
          application/json:
            schema:
              type: object
              required:
                - name
              properties:
                name:
                  $ref: '#/components/schemas/Name'
            examples:
              Name Provided:
                value:
                  name: Brian
      responses:
        '200':
          description: returns a greeting successfully
          content:
            application/json:
              schema:
                type: object
                required:
                  - greeting
                properties:
                  greeting:
                    allOf:
                      - $ref: '#/components/schemas/Greeting'
                    description: The greeting created from the passed in name.
              examples:
                Greeting Brian:
                  value:
                    greeting: 'Hello, Brian!'
        '400':
          $ref: https://api.swaggerhub.com/domains/MyOrg/core-domain/1.0.1#/components/responses/Unauthorized
        '401':
          $ref: https://api.swaggerhub.com/domains/MyOrg/core-domain/1.0.1#/components/responses/Unauthorized
        '500':
          $ref: https://api.swaggerhub.com/domains/MyOrg/core-domain/1.0.1#/components/responses/InternalServerError
        default:
          $ref: https://api.swaggerhub.com/domains/MyOrg/core-domain/1.0.1#/components/responses/InternalServerError
      summary: Returns a greeting
      security:
        - MerchantDomainVerification: []
components:
  schemas:
    Name:
      type: string
      maxLength: 12
      pattern: '^[a-zA-Z-]*$'
      description: A person's name
      example: Brian
    Greeting:
      type: string
      maxLength: 20
      pattern: '^[a-zA-Z-,! ]*$'
      description: An enthusiastic greeting
      example: 'Hello, Brian!'
  securitySchemes:
    MerchantDomainVerification:
      type: apiKey
      in: header
      name: X-Merchant-Id
      description: merchant api key assigned to the requesting merchant.

Line 47 is apparently the offending line. Line 49 shows a similar warning for 500s. On one hand, it's telling me the 401 response doesn't exit, but on the other, it finds it and renders it without any issue.

Any insight would be great. Thanks!

No RepliesBe the first to reply