Sending credentials over HTTP in cleartext expose your API calls to man-in-the-middle attacks among others. Ensure that you are using an encrypted channel for sending credentials.
Ensure that you aren't using the unencryptedScheme. For example:
components: securitySchemes: - unencryptedScheme: - type: http - scheme: basic + encryptedScheme: + type: oauth2 paths: "/": get: security: - - unencryptedScheme:  + - encryptedScheme: + - write + - read
Updated 5 months ago