unused-request-body

unused-request-body

This rule checks for operations that normally cannot have a request body (i.e., GET, TRACE, or HEAD), but still define one.

Rule Details

Defining a request body for operation which cannot have one, such as GET, TRACE or HEAD can lead to confusion and unnecessary complexity in the API’s structure.

The unused-request-body rule works by iterating over all the operations defined in the schema and checking if any GET, TRACE or HEAD operations have a defined request body. If such an operation is found, the rule raises a warning.

Configuration

None.

Examples

Good.

paths:
  /users:
    get:
      responses:
        "200":
          description: A list of users.

Bad. The GET operation on /users has a defined request body.

paths:
  /users:
    get:
      requestBody:
        content:
          application/json:
            schema:
              $ref: "#/components/schemas/User"
      responses:
        "200":
          description: A list of users.

When Not to Use It

We recommend to always enable this rule.

Compatibility

This rule is compatible with all OpenAPI 3.x versions.

← Back to Index