no-x-security-both-scheme-and-scheme-name

Copy

• Copy for LLM

  Copy page as Markdown for LLMs
• View as Markdown

  Open this page as Markdown
• Open in ChatGPT

  Get insights from ChatGPT
• Open in Claude

  Get insights from Claude

Forbids using both scheme and schemeName in the same x-security item.

Rationale

Each x-security entry must reference a security scheme in exactly one way—either embed the scheme object or reference it via schemeName. You can include multiple x-security entries in a workflow; this rule applies to each entry individually. Using both scheme and schemeName in the same entry is ambiguous and is rejected by the runtime.

Configuration

Example:

rules:
  no-x-security-both-scheme-and-scheme-name: error

Examples

Incorrect — both present:

workflows:
  - workflowId: get-museum-hours
    x-security:
      - scheme:
          type: http
          scheme: bearer
        schemeName: BearerAuth
        values:
          token: some-token

Correct — only scheme:

workflows:
  - workflowId: get-museum-hours
    x-security:
      - scheme:
          type: http
          scheme: bearer
        values:
          token: some-token

Correct — only schemeName:

workflows:
  - workflowId: get-museum-hours
    x-security:
      - schemeName: BearerAuth
        values:
          token: some-token

Related rules

• x-security-scheme-name-reference
• x-security-scheme-required-values

Resources

• Rule source: https://github.com/Redocly/redocly-cli/blob/main/packages/core/src/rules/respect/no-x-security-both-scheme-and-scheme-name.ts