Recommended

oas2-api-schemes


Formats: Severity:

In OpenAPI 2 schemes is a string array, that contains URIs that define the HTTP transport types used by the API spec.

Knowing over which HTTP transport an API operates is important for automation and code generation.

A note on HTTP vs HTTPS
We should NOT use HTTP in public internet facing APIs. Generally it’s OK when used behind a secured API gateway. We should always use HTTPS over HTTP for any public API.

Values can ONLY be one of: http, https, ws or wss to be valid, however vacuum is not checking the contents of the array.

Why did this violation appear?

schemes is missing from the spec, or the supplied value is not an array

Bad example

swagger: 2.0
host: "quobix.com"
paths:
 /vacuum:
  ...

Good example

swagger: 2.0
host: "quobix.com"
schemes:
 - "https"
paths:
 /vacuum:
  ...

How do I fix this violation?

Ensure that the schemes property is present, and the content is defined as an array

Spectral Equivalent

The rule is equivalent to oas2-api-schemes