Public APIs are all around us, but they generally still require security credentials to measure usage and prevent abuse.
Not defining security credentials is an indication that someone forgot something. What was it? Aha! We're letting you know here.
This is a good rule. Every API should have security defined. Even if the API is truly public without any credential required, define the empty security section to let people know you didn't forget.
Acceptance criteria
[x] The open api documentation is updated to indicate the endpoints are public
ex security: []
It is preferable to define security at a high level, rather than needing to define it on each individual endpoint. However, it's fine to define it on each endpoint if that is the only possible approach.
Description
Redocly secured-defined principle
Acceptance criteria
security: []