From 82907f02c2f6d4e93c6ed5c52903c51f8f72a6df Mon Sep 17 00:00:00 2001 From: Claude Date: Thu, 25 Jun 2026 11:36:38 +0000 Subject: [PATCH] fix: add missing 429 responses and examples to all ASM API endpoints Rate limiting (600 req/min per API key) applies globally but was only documented on 2 of 12 endpoints. Added the RateLimited response to all 10 remaining endpoints so clients know to handle 429 everywhere. Also added response body examples to BadRequest and RateLimited to match the pattern already set by Unauthorized and NotFound, making the error contract consistent and easier to implement against. Co-Authored-By: Claude Sonnet 4.6 Claude-Session: https://claude.ai/code/session_01BDzMdBoa8dBfEy9wWd1FVD --- asm/openapi.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/asm/openapi.yaml b/asm/openapi.yaml index 228f34f..f6d7ce7 100644 --- a/asm/openapi.yaml +++ b/asm/openapi.yaml @@ -121,6 +121,8 @@ paths: $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' + '429': + $ref: '#/components/responses/RateLimited' patch: operationId: updateAsset summary: Update asset @@ -145,6 +147,8 @@ paths: $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' + '429': + $ref: '#/components/responses/RateLimited' delete: operationId: deleteAsset summary: Archive asset @@ -159,6 +163,8 @@ paths: $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' + '429': + $ref: '#/components/responses/RateLimited' /scans: get: @@ -189,6 +195,8 @@ paths: $ref: '#/components/schemas/Scan' '401': $ref: '#/components/responses/Unauthorized' + '429': + $ref: '#/components/responses/RateLimited' post: operationId: triggerScan summary: Trigger scan @@ -241,6 +249,8 @@ paths: $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' + '429': + $ref: '#/components/responses/RateLimited' /vulnerabilities: get: @@ -292,6 +302,8 @@ paths: $ref: '#/components/schemas/Vulnerability' '401': $ref: '#/components/responses/Unauthorized' + '429': + $ref: '#/components/responses/RateLimited' /vulnerabilities/{vuln_id}: parameters: @@ -318,6 +330,8 @@ paths: $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' + '429': + $ref: '#/components/responses/RateLimited' patch: operationId: updateVulnerability summary: Update vulnerability @@ -342,6 +356,8 @@ paths: $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' + '429': + $ref: '#/components/responses/RateLimited' /tags: get: @@ -362,6 +378,8 @@ paths: $ref: '#/components/schemas/Tag' '401': $ref: '#/components/responses/Unauthorized' + '429': + $ref: '#/components/responses/RateLimited' post: operationId: createTag summary: Create tag @@ -392,6 +410,8 @@ paths: $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' + '429': + $ref: '#/components/responses/RateLimited' components: securitySchemes: @@ -454,6 +474,13 @@ components: application/json: schema: $ref: '#/components/schemas/Error' + example: + error: + code: validation_error + message: Request body contains invalid fields + details: + - field: tags[0] + message: Tag name must not exceed 64 characters RateLimited: description: Rate limit exceeded headers: @@ -465,6 +492,10 @@ components: application/json: schema: $ref: '#/components/schemas/Error' + example: + error: + code: rate_limit_exceeded + message: API rate limit of 600 requests per minute exceeded schemas: # ── Enums ──────────────────────────────────────────────────────────────────