API keys transported in a header over network
I have followed the swagger 2.0 for preparing my swaggers. I was trying to code the apikey authentication in my swaggers. I have followed the below document
I have used the code as below in security definitions
securityDefinitions: authorization: type: apiKey name: Authorization in: header
and defined the auth as below
security: - authorization: 
but getting the error as below
Operation accepts API keys transported in a header over network (score impact less than 1)
also for few of the operations like OPTIONS, I dont require authorization at all. In that case, I was using as below
and ending up with below error
The security section of the operation 'options' contains an empty array (score impact less than 1)
Any help would be appriciated.
Are you using third-party API security scanning tools here in conjunction with your Swagger definitions?
If so, then please refer to the configuration options of those tools to ensure conformity etc.
In general, the reason the warning/scan errors above for APIKeys is because they are regarded as less secure than other more secure authentication methods, like OAuth 2.0, which issue tokens that have a limited lifetime.