Contributions
Re: Who's using Default Response?
I am outing myself as one of those guys who are not working with the default error response concept. Usually I only include 200 with content I tend to omit headers too. My source code outputs parts of the specification (paths+components/schemas). Up to now the readers of the specification (other developers+testers+operations) never complained about missing details. Attackers are certainly able to exploit APIs. Just swagger, yaml, oas, etc. won't protect systems from getting hacked. Given the bunch of tools around, I also have to reveal that I never heard about apisecurity.io It looks like it works in analogy to html, css validators1.3KViews1like1Comment