Articles
Author
vacuum
Quick Start
💥 Try It Now
About vacuum
Installing
Why?
Concepts
FAQ
AsyncAPI
Ignoring Violations
JSON Schema
Changelog
Configuring
Generate API Docs
VSCode Plugin
GitHub Action
CLI Commands
Lint
vacuum Report
Dashboard
Generate Docs
HTML Report
Spectral Report
References
Upgrade vacuum
Version
Bundle Spec
Generate RuleSet
Language Server
Apply Overlay
Schema
Open Collection
Change Detection
Exit Codes
Developer API
API Quick Start
Spec Index
RuleResultSet
Loading RuleSet
Custom Go Functions
Custom JS Functions
Non-OpenAPI Files
Functions
Core Functions
OpenAPI Functions
OWASP Functions
JSON Schema Funcs
AsyncAPI Funcs
Rules
Examples
OWASP
Channels
Operations/Paths
Messages
Schemas
Spec Information
Servers
Validation
Descriptions
Tags
Security
RuleSets
What are they?
Sharing RuleSets
No Rules/Off
OpenAPI Default
Custom RuleSets
OWASP Rules
JSON Schema Rules
AsyncAPI Default
AsyncAPI All Rules
  • GitHub GitHub Repo stars
  • Discord Discord Server
    • ✨ New! Try the OpenAPI Doctor ✨ The OpenAPI Doctor
    Recommended

    asyncapi-server-security

    Formats: Severity:

    asyncapi-server-security checks security requirements declared by servers.

    Why did this violation appear?

    A server security entry names a scheme that is not declared under components.securitySchemes, or a $ref points somewhere else.

    Bad example

    asyncapi: 3.1.0
servers:
  production:
    host: events.example.com
    protocol: mqtt
    security:
      - missingAuth: []
components:
  securitySchemes: {}

    Good example

    asyncapi: 3.1.0
servers:
  production:
    host: events.example.com
    protocol: mqtt
    security:
      - apiKey: []
components:
  securitySchemes:
    apiKey:
      type: apiKey
      in: user
      name: api_key

    How do I fix this violation?

    Declare every scheme used by server security or update the server to use an existing scheme.