{"section":"security","title":"Security Rules","description":"Rules for API security requirements","totalRules":5,"spectralRules":[{"name":"servers-https-only","severity":"error","message":"Server URLs must use HTTPS","given":"$.servers[*].url","then":{"function":"pattern","functionOptions":{"match":"^https://"}}},{"name":"security-schemes-defined","severity":"warn","message":"API should define security schemes","given":"$.components","then":{"field":"securitySchemes","function":"truthy"}},{"name":"global-security-defined","severity":"info","message":"API should define global security requirements","given":"$","then":{"field":"security","function":"truthy"}},{"name":"no-api-key-in-url","severity":"error","message":"API keys should not be passed in query parameters","given":"$.components.securitySchemes[?(@.type=='apiKey')]","then":{"field":"in","function":"pattern","functionOptions":{"notMatch":"^query$"}}},{"name":"oauth2-security","severity":"info","message":"Consider using OAuth 2.0 for authentication","given":"$.components.securitySchemes","then":{"function":"schema","functionOptions":{"schema":{"type":"object","additionalProperties":{"anyOf":[{"properties":{"type":{"const":"oauth2"}}}]}}}}}],"rules":[{"id":"https-required","requirement":"MUST","rule":"All API traffic must use HTTPS","severity":"error","spectralRule":"servers-https-only","rationale":"TLS protects data in transit from eavesdropping and tampering"},{"id":"security-schemes-defined","requirement":"SHOULD","rule":"API should define security schemes","severity":"warn","spectralRule":"security-schemes-defined"},{"id":"global-security","requirement":"SHOULD","rule":"API should define global security requirements","severity":"info","spectralRule":"global-security-defined"},{"id":"no-api-key-in-url","requirement":"MUST NOT","rule":"API keys must not be passed in URL query parameters","severity":"error","spectralRule":"no-api-key-in-url","rationale":"URLs are logged in browser history, server logs, and referrer headers","examples":{"notRecommended":["GET /v1/users?api_key=secret123"],"recommended":["GET /v1/users\\nX-API-Key: secret123"]}},{"id":"use-oauth2","requirement":"SHOULD","rule":"Use OAuth 2.0 for authentication","severity":"info","spectralRule":"oauth2-security"}]}