operation-rate-limiting-defined

Warn if operation does not define rate limiting headers.

Rule Details

In case your API imposes some rate limits (for example, because of overload or lack of payments), it is worthwhile to explcitly indicate it in the OpenAPI schema. This will allow your users to manage requests accordingly.

The operation-rate-limiting-defined rule checks operations defined in an OpenAPI schema and warns if their responses do not define any rate limiting headers.

Expected header names:

• Retry-After
• RateLimit-Limit or X-RateLimit-Limit

Configuration

None.

Examples

paths:
  /users:
    get:
      responses:
        '200':
          description: A list of users.
          headers:
            RateLimit-Limit:
              description: The maximum number of requests you're permitted to make per hour.
              schema:
                type: integer

When Not to Use It

If your API does not impose any rate limits.

Compatibility

This rule is compatible with all OpenAPI 3.x versions.