We want to check the response compliance for the OpenAPI Document. The idea is to make sure the response codes and body follow the definition of the OpenAPI document.
We manage to enable it but found that there are generic response codes like 404 that pass the check even though they are not defined in the document explicitly.
W want to know if that is by design. Is there a list of specific status codes that are enabled by default, and if you have any documentation regarding the behavior we can expect from this check on the response.
API GW 10.x
based on what Responses Object in an OpenAPI Document (https://swagger.io/specification/) says, openapi document does not have to cover all status codes. It just must define the success case:
A container for the expected responses of an operation. The container maps a HTTP response code to the expected response.
The documentation is not necessarily expected to cover all possible HTTP response codes because they may not be known in advance. However, documentation is expected to cover a successful operation response and any known errors.
The default MAY be used as a default response object for all HTTP codes that are not covered individually by the specification.
The Responses Object MUST contain at least one response code, and it SHOULD be the response for a successful operation call.
so if you don't define 404 in the openapi document, that means the 404 response can be anything