Schemes should be defined
Issue ID: warning-schemes-undefined
Description
You have not defined the schemes
field in your API.
The Open API Specification (OAS) does not define the schemes
field as mandatory and states that when missing, the default scheme is the same as used to access your API definition itself. However, because API definitions are uploaded to 42Crunch Platform, not retrieved from URLs, API Security Audit cannot infer the default scheme.
For more details, see the OpenAPI Specification.
Example
The following is an example of how this issue could look in your API definition:
{
"swagger": "2.0",
"info": {
"version": "1.0.0",
"title": "Swagger Petstore"
},
"host": "petstore.swagger.io",
"basePath": "/v1",
"schemes": [
]
}
Remediation
Make sure that you have defined at least one scheme for your API:
{
"swagger": "2.0",
"info": {
"version": "1.0.0",
"title": "Swagger Petstore"
},
"host": "petstore.swagger.io",
"basePath": "/v1",
"schemes": [
"https"
]
}