APIs with API_Keys not defined in security definitions

APIs-guru / openapi-directory

🌐 Wikipedia for Web APIs. Directory of REST API definitions in OpenAPI 2.0/3.x format

https://apis.guru/

Creative Commons Zero v1.0 Universal

3.88k stars 578 forks source link

APIs with API_Keys not defined in security definitions #43

Open maryguirola opened 8 years ago

maryguirola commented 8 years ago

APIs with API_Keys parameters in their paths, but not defined in security definitions:

1- transportation_laws_and_incentives_0_1_0

2- high_performance_building_database_1_0

3- owler_1_0_0

4- org_hunter_1_0_0

5- ontraport_1_1_3

6- yunbi

7- vat api

8 - Pandorabots

9- regulations_gov_3_0

10- i_am_real_1_0_0

11- hetras hotel API v0 v0

12- hetras_booking_api_v0_v0

13- getty_images_3_0

14- gavagai_1_0_0

15- data2_crm_api_documentation_1_0_0

16- core_api_v2_beta_2_0

17- city_context_1_0_0

18- active_documentation_for__v1_1_1_7

IvanGoncharov commented 8 years ago

Hi @maryguirola Thank you for input. Today spoke with @darosh and he reported exactly the same problem. I will try to create a solution to fix it.

rbren commented 8 years ago

+1. At some point I had a script to fix these, something like

function looksLikeAPIKey(param) {
  return param.name.mach(/api.?key/i)
}

If every operation has an identical parameter with looksLikeAPIKey === true I turn it into a securityDefinition

IvanGoncharov commented 8 years ago

@bobby-brennan I plan to do something similar but also check that securityDefinition is missing.

darosh commented 8 years ago

:+1:

darosh commented 8 years ago

It would be nice to have info about such securityDefinition extraction in the list.json together with some sort of style validation warning/hint feedback to API spec creator.

darosh commented 8 years ago

There are similar key and oauth_token query params alternatives in many googleapis with machine unreadable (conditionally required) descriptions like:

Required unless you provide an OAuth 2.0…

I guess they could be extracted too.

IvanGoncharov commented 8 years ago

I commit fix for some of specs. Here is update list:

~~1- transportation_laws_and_incentives_0_1_0~~ ~~2- high_performance_building_database_1_0~~ ~~3- owler_1_0_0~~ ~~4- org_hunter_1_0_0~~ 5- ontraport_1_1_3 6- yunbi ~~7- vat api~~ ~~8 - Pandorabots~~ ~~9- regulations_gov_3_0~~ 10- i_am_real_1_0_0 11- hetras hotel API v0 v0 12- hetras_booking_api_v0_v0 ~~13- getty_images_3_0~~ ~~14- gavagai_1_0_0~~ 15- data2_crm_api_documentation_1_0_0 ~~16- core_api_v2_beta_2_0~~ ~~17- city_context_1_0_0~~ 18- active_documentation_for__v1_1_1_7