API keys transported in a header over network

Question

Hi Team,&nbsp;I have followed the swagger 2.0 for preparing my swaggers. I was trying to code the apikey authentication in my swaggers. I have followed the below documenthttps://swagger.io/docs/specification/2-0/authentication/api-keys/&nbsp;I have used the code as below in security definitionssecurityDefinitions:
  authorization:
    type: apiKey
    name: Authorization
    in: header&nbsp;and defined the auth as belowsecurity:
  - authorization: []&nbsp;but getting the error as belowOperation accepts API keys transported in a header over network (score impact less than 1)&nbsp;also for few of the operations like OPTIONS, I dont require authorization at all. In that case, I was using as belowsecurity: []&nbsp;and ending up with below errorThe security section of the operation 'options' contains an empty array (score impact less than 1)&nbsp;Any help would be appriciated.

frankkilcommins · Answer

Hey&nbsp;adurthisridhar,
&nbsp;
Are you using third-party API security scanning tools here in conjunction with your Swagger definitions?
If so, then please refer to the configuration options of those tools to ensure conformity etc.In general, the reason the warning/scan errors above for APIKeys is because they&nbsp;are regarded as less secure than other&nbsp;more secure authentication methods, like OAuth 2.0, which issue tokens that have a limited lifetime.
&nbsp;
Cheers,
Frank

Forum Discussion

API keys transported in a header over network

1 Reply

Related Content

Missing Transport Exception

Missing header

Sending e-mail via CDO due to "Transport failed to connect to the server"

Copy and Paste Headers v3.42.0

api try it Post Network error

Recent Discussions

Long shot question from noob

GROUPING CONTROLLERS INTO SEPARATE SWAGGER UI PAGES

oneOf or anyOf for the header schema

Should the Curl command show the path to the file to be uploaded

ID_TOKEN as the header in the Google OAUTH2.0