learn.openapis.org
learn.openapis.org copied to clipboard
OAI
Doubt with Path Parameter Validation
Hi, I have the following api speficiation.
{
"openapi": "3.0.0",
"info": {
"title": "API Spec With Mandatory Header and Query Parameters",
"version": "1.0.0"
},
"paths": {
"/api-endpoint/{id}": {
"get": {
"summary": "Restricted API Endpoint",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "apiKey",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "userId",
"in": "query",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful response"
}
}
}
}
},
"components": {
"securitySchemes": {
"ApiKeyHeader": {
"type": "apiKey",
"name": "apiKey",
"in": "header"
}
}
},
"security": [
{
"ApiKeyHeader": []
}
]
}
(1) /api-endpoint gives the following error which is expected
GET Path '/api-endpoint' not found
(2) /api-endpoint/ does not give any error. Can anyone confirm if the empty string can be taken as path parameter ? (I have kept path parameter required as true. So, my expectation is if its empty then it should fail)
Path segments can be empty, although some OpenAPI tools are pickier than others.
You could add a pattern requiring at least one character, or be even more restrictive.
This seems to have been well answered by @ralfhandl so I'll close the issue - let us know if you need anything else though!
