Ensure JSON object schema have 'properties' defined and 'additionalProperties' set to false

Ensure that the properties of a JSON object are defined in OpenAPI and no other properties are allowed. Otherwise, the API may accept invalid or unexpected data and cause errors.

Suggest Edits

Risk Level: medium
Platform: OpenAPI
Spectral Rule ID: OPENAPI007

REMEDIATION

Define the properties field for the object schema and set additionalProperties to false.

swagger: '2.0'
# OR
openapi: '3.0.0'
info:
  version: 1.0.0
  title: Sample API
paths:
  /users/{id}:
    get:
      parameters:
        - name: id
          in: path
          required: true
          type: string
      responses:
        '200':
          description: A user object.
          content:
            application/json:
              schema:
                type: object
+               properties:
+                 name:
+                   type: string
+                 age:
+                   type: integer
+                 email:
+                   type: string
+                   format: email
+               additionalProperties: false

Read more:

  • TBD

Updated 7 months ago