Authors:
@jeremyfielJeremy Fiel (ADP)
Following the HTTP standard and RESTful api principles, a DELETE operation SHOULD NOT include a requestBody in an attempt to modify a resource on the server, RFC9110.
Add this to the rules section of your redocly.yaml:
rules:
rule/delete-should-not-define-requestBody:
severity: warn
message: '"DELETE" SHOULD NOT define a "requestBody" schema'
subject:
type: Operation
filterInParentKeys:
- delete
assertions:
disallowed:
- requestBody
This rule will warn if any PathItem includes a DELETE operation with a requestBody schema definition.
Here's a sample of an OpenAPI description:
openapi: 3.0.3
info:
title: Title
version: 1.0.0
paths:
/api/v1/thing/{thing-id}:
delete:
summary: a summary
description: delete with requestBody
parameters:
- name: thing-id
in: path
required: true
schema:
type: string
requestBody: # <-- This will error
description: a request body for my delete operation
content:
'application/json':
schema:
type: object
properties:
some_prop:
type: string
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
properties:
some_prop:
type: string