Recommended

oas3-host-not-example


Formats: Severity:

JSON Path: $.servers[*].url

Sometimes a Server definition url contains ‘example.com’, added during testing phases. Sometimes this is left in when the specification is pushed to production.

Unless the user is the owner of ‘example.com’, it’s probably a good idea to check for this and any other example-type domains used.

Why did this violation appear?

example.com’ was found in the url property of a Server definition.

Bad example

openapi: 3.1
servers:
 - url: "https://example.com"
  ...

Good example

openapi: 3.1
servers:
 - url: "https://quobix.com/vacuum/api"
   description: "Central API endpoint for the vacuum endpoint"
  ...

How do I fix this violation?

Remove ‘example.com’ and replace it with something, literally anything other than that.

Spectral Equivalent

The rule is equivalent to oas3-host-not-example