At least one 200, 201, 202, or 204 response should be defined for POST operations
Issue ID: v3-response-post-2xx
Average severity: Medium
Description
POST
operations in your API must have at least one 200
, 201
, 202
, or 204
response defined.
For more details, see RFC 7231.
Example
The following is an example of how this type of risk could look in your API definition:
{
"post": {
// ...
"responses": {
"default": {
"description": "Unexpected error",
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
}
Attackers strive to make your APIs behave in an unexpected way to learn more about your system or to cause a data breach. We highly recommend that you minimize any risks and clearly specify the data that your API operations can return for each possible response code.
Remediation
Define 200
, 201
, 202
, or 204
responses for all POST
operation.
{
"post": {
// ...
"responses": {
"204": {
"description": "OK"
},
"default": {
"description": "Unexpected error",
"schema": {
"$ref": "#/components/schemas/Error"
}
}
}
}
}