Doubt with Path Parameter Validation

triptesh1212 commented 4 months ago

Hi, I have the following api speficiation.

{
  "openapi": "3.0.0",
  "info": {
    "title": "API Spec With Mandatory Header and Query Parameters",
    "version": "1.0.0"
  },
  "paths": {
    "/api-endpoint/{id}": {
      "get": {
        "summary": "Restricted API Endpoint",
        "parameters": [
          {
            "name": "id",
            "in": "path",
            "required": true,
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "apiKey",
            "in": "header",
            "required": true,
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "userId",
            "in": "query",
            "required": true,
            "schema": {
              "type": "string"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Successful response"
          }
        }
      }
    }
  },
  "components": {
    "securitySchemes": {
      "ApiKeyHeader": {
        "type": "apiKey",
        "name": "apiKey",
        "in": "header"
      }
    }
  },
  "security": [
    {
      "ApiKeyHeader": []
    }
  ]
}

(1) /api-endpoint gives the following error which is expected

GET Path '/api-endpoint' not found

(2) /api-endpoint/ does not give any error. Can anyone confirm if the empty string can be taken as path parameter ? (I have kept path parameter required as true. So, my expectation is if its empty then it should fail)

ralfhandl commented 4 months ago

Path segments can be empty, although some OpenAPI tools are pickier than others.

You could add a pattern requiring at least one character, or be even more restrictive.

lornajane commented 2 months ago

This seems to have been well answered by @ralfhandl so I'll close the issue - let us know if you need anything else though!

OAI / learn.openapis.org

Doubt with Path Parameter Validation #95