openapi-directory icon indicating copy to clipboard operation
openapi-directory copied to clipboard

Published 20 hours ago verified publisher icon APIs-guru

APIs with API_Keys not defined in security definitions

Open maryguirola opened this issue 8 years ago • 7 comments

APIs with API_Keys parameters in their paths, but not defined in security definitions:

1- transportation_laws_and_incentives_0_1_0

2- high_performance_building_database_1_0

3- owler_1_0_0

4- org_hunter_1_0_0

5- ontraport_1_1_3

6- yunbi

7- vat api

8 - Pandorabots

9- regulations_gov_3_0

10- i_am_real_1_0_0

11- hetras hotel API v0 v0

12- hetras_booking_api_v0_v0

13- getty_images_3_0

14- gavagai_1_0_0

15- data2_crm_api_documentation_1_0_0

16- core_api_v2_beta_2_0

17- city_context_1_0_0

18- active_documentation_for__v1_1_1_7

maryguirola avatar Mar 11 '16 15:03 maryguirola

Hi @maryguirola Thank you for input. Today spoke with @darosh and he reported exactly the same problem. I will try to create a solution to fix it.

IvanGoncharov avatar Mar 11 '16 18:03 IvanGoncharov

+1. At some point I had a script to fix these, something like

function looksLikeAPIKey(param) {
  return param.name.mach(/api.?key/i)
}

If every operation has an identical parameter with looksLikeAPIKey === true I turn it into a securityDefinition

rbren avatar Mar 11 '16 19:03 rbren

@bobby-brennan I plan to do something similar but also check that securityDefinition is missing.

IvanGoncharov avatar Mar 11 '16 21:03 IvanGoncharov

:+1:

darosh avatar Mar 12 '16 16:03 darosh

It would be nice to have info about such securityDefinition extraction in the list.json together with some sort of style validation warning/hint feedback to API spec creator.

darosh avatar Mar 12 '16 16:03 darosh

There are similar key and oauth_token query params alternatives in many googleapis with machine unreadable (conditionally required) descriptions like:

Required unless you provide an OAuth 2.0…

I guess they could be extracted too.

darosh avatar Mar 12 '16 16:03 darosh

I commit fix for some of specs. Here is update list:

~~1- transportation_laws_and_incentives_0_1_0~~ ~~2- high_performance_building_database_1_0~~ ~~3- owler_1_0_0~~ ~~4- org_hunter_1_0_0~~ 5- ontraport_1_1_3 6- yunbi ~~7- vat api~~ ~~8 - Pandorabots~~ ~~9- regulations_gov_3_0~~ 10- i_am_real_1_0_0 11- hetras hotel API v0 v0 12- hetras_booking_api_v0_v0 ~~13- getty_images_3_0~~ ~~14- gavagai_1_0_0~~ 15- data2_crm_api_documentation_1_0_0 ~~16- core_api_v2_beta_2_0~~ ~~17- city_context_1_0_0~~ 18- active_documentation_for__v1_1_1_7

IvanGoncharov avatar Mar 16 '16 17:03 IvanGoncharov