Schemes should be defined

Issue ID: warning-schemes-undefined

Description

You have not defined the schemes field in your API.

The Open API Specification (OAS) does not define the schemes field as mandatory and states that when missing, the default scheme is the same as used to access your API definition itself. However, because API definitions are uploaded to 42Crunch Platform, not retrieved from URLs, API Security Audit cannot infer the default scheme.

For more details, see the OpenAPI Specification.

Example

The following is an example of how this issue could look in your API definition:

{
    "swagger": "2.0",
    "info": {
        "version": "1.0.0",
        "title": "Swagger Petstore"
    },
    "host": "petstore.swagger.io",
    "basePath": "/v1",
    "schemes": [
    ]
}

Remediation

Make sure that you have defined at least one scheme for your API:

{
    "swagger": "2.0",
    "info": {
        "version": "1.0.0",
        "title": "Swagger Petstore"
    },
    "host": "petstore.swagger.io",
    "basePath": "/v1",
    "schemes": [
        "https"
    ]
}