Conflicting 'x-42c' vendor extensions applied to the API
Issue ID: v3-validation-x-42c-extensions-conflict
Description
Your API has conflicting x-42c
vendor extensions applied to it. These extensions usually apply some directives that tell 42Crunch Platform how to treat your APIs as they are processed by platform services. If these directives in an API conflict with each other, the platform cannot distinguish which of the directives it should follow and consequently your API cannot be reliably processed.
You might have either defined the conflicting extensions directly in your OpenAPI definition, or the extensions might have been added through customization rules that your API has been tagged for. The most common case is that an API ends up having both x-42c-no-authentication
and x-42c-accept-empty-security
applied to it, leading Security Audit not knowing how to process the security checks on the API.
For more details, see x-42c extensions.
Example
The following is an example of how this issue could look in your API definition. The API has the extension x-42c-accept-empty-security
defined on the global level, but the extension x-42c-no-authentication
has also been defined in an operation, leading to a conflict:
{
"openapi": "3.0.0",
// ...
"x-42c-accept-empty-security": true,
// ...
"post": {
"description": "Creates a new pet in the store. Duplicates are allowed.",
"operationId": "createPets",
"x-42c-no-authentication": true,
"tags": [
"pets"
]
}
}
Even if the extension x-42c-accept-empty-security
was removed from this API, an audit rule that the API was tagged for could also apply it and cause the conflict because of the x-42c-no-authentication
on the operation level:
It is also possible that no extensions are defined directly in the OpenAPI definition, but all are applied through tags or come from the default customization rules.
Remediation
Make sure that the unnecessary extensions causing the conflict are removed from the API so that it can be reliably processed. Remember to also check any rules that tags could be applying to your API.
{
"openapi": "3.0.0",
// ...
"x-42c-accept-empty-security": true,
// ...
"post": {
"description": "Creates a new pet in the store. Duplicates are allowed.",
"operationId": "createPets",
"security": [
],
"tags": [
"pets"
]
}
}