API definition uses the 'x-42c-no-authentication' extension

Issue ID: v3-warning-x-42c-no-authentication-used

Description

The API definition has the vendor extension x-42c-no-authentication defined. While there are perfectly legitimate use cases for it, it can be dangerous if used in a wrong place.

The extension switches off authentication checks completely in Security Audit. This means that you will not know if security risks related to are present in your API definition, which can be a big security risk down the line.

For more details, see the x-42c-no-authentication.

Remediation

We recommend using x-42c-accept-empty-security instead of x-42c-no-authentication. However, as the empty security requirement (security: []) cannot be declared on the global level in the API, in some cases using x-42c-no-authentication may make sense.