operation-4xx-response


Formats: Severity:

Check every Operation Response defines at least one 4xx error code.

Consumers of your API are always going to send bad data. Unless operations return at least one User Error status code (4xx), the consumer of the API has no idea if they are using it correctly.

Why did this violation appear?

There is an Operation Response in your specification that isn’t returning at least one 4xx error code.

What is this rule checking for?

Every Operation Response is checked for the following:

  • 4xx Response code

A bad example.

"/burger":
  get:
    responses:
      "200":
        description: All the burgers please
  post:
    responses:
      "200":
        description: Burger was created! well done    

A good example.

"/burger":
  get:
    responses:
      "200":
        description: All the burgers please
      "429":
        description: We're super busy right now, please wait.  
  post:
    responses:
      "401":
        description: This API is protected, only authorized users.
      "200":
        description: Burger was created! well done    

How do I fix this violation?

Ensure all operations return at least one 4xx response.