Articles
Author
vacuum
Installing
Quick Start
About vacuum
Why?
Concepts
💥 Online Demo
FAQ
Ignoring Violations
Changelog
Configuring
VSCode Plugin
CLI Commands
Lint
vacuum Report
Dashboard
HTML Report
Spectral Report
References
Version
Bundle Spec
Generate RuleSet
Language Server
Developer API
API Quick Start
Spec Index
RuleResultSet
Loading RuleSet
Custom Go Functions
Custom JS Functions
Non-OpenAPI Files
Functions
Core Functions
OpenAPI Functions
OWASP Functions
Rules
Examples
OWASP
Operations/Paths
Schemas
Spec Information
Validation
Descriptions
Tags
Security
RuleSets
What are they?
Sharing RuleSets
No Rules/Off
Recommended Rules
Custom RuleSets
OWASP Rules
  • GitHub GitHub Repo stars
  • Discord Discord Server
    • ✨ New! Try the OpenAPI Doctor ✨ The OpenAPI Doctor

    operation-4xx-response

    Formats: Severity:

    Check every Operation Response defines at least one 4xx error code.

    Consumers of your API are always going to send bad data. Unless operations return at least one User Error status code (4xx), the consumer of the API has no idea if they are using it correctly.

    Why did this violation appear?

    There is an Operation Response in your specification that isn’t returning at least one 4xx error code.

    What is this rule checking for?

    Every Operation Response is checked for the following:

    • 4xx Response code

    A bad example.

    "/burger":
  get:
    responses:
      "200":
        description: All the burgers please
  post:
    responses:
      "200":
        description: Burger was created! well done

    A good example.

    "/burger":
  get:
    responses:
      "200":
        description: All the burgers please
      "429":
        description: We're super busy right now, please wait.  
  post:
    responses:
      "401":
        description: This API is protected, only authorized users.
      "200":
        description: Burger was created! well done

    How do I fix this violation?

    Ensure all operations return at least one 4xx response.