API schema security warnings

In Postman, we highly recommend you to follow Security warnings at the API definition stage of API development. This set of warnings can be used to govern the security posture of any API definition in OpenAPI 3.0 and OpenAPI 2.0 format. A security warning does not mean that your API schema is broken; it indicates that there are potential security risks to which your API is vulnerable. Postman will highlight these security warnings and help you understand their implications and possible ways to patch the warnings.

For more information on API Schemas, see Validating your API Schemas.

Security warnings are available for OpenAPI 3.0 and OpenAPI 2.0 schemas.

You can use Postman to identify any potential security misses when your API is defined.

Security warnings for OpenAPI 3.0

Also, for every security warning that Postman supports, you can inspect each warning, understand its implication and find out ways to apply patches in order to solve the underlying issue highlighted by the warning. Once you create a new API, navigate to the Definition tab on the API version page to view the issues found in schema, if any. Under Warnings, click Possible fix to the right of the warning to understand more about the security warning and possible ways to resolve them.

Next steps

For more information on the list of all warnings supported, see Security warnings for OpenAPI 3.0 and Security warnings for OpenAPI 2.0.

Last modified: 2022/01/13