Tutorials

Fixing API Security Issues identified in the Audit Report

In our previous tutorial, we took a look at the audit report from API Contract Security Audit. This one proceeds onto fixing the issues found in the audit and see how we can iteratively work on our OpenAPI / Swagger definition.

Navigating Issues

The best place to start are the high priority issues, they are the fastest way to improve the audit score. For example, in the audit report, click Go to Issue on the first issue in the priority list. You get a view similar to the image on the right.

Here we can see we have seven different places where the issue in question occurs (1) . To go and fix the issue in this particular place, click on Fix issue in Editor (2) . This takes you to the correct spot in your API definition in our built-in Security Editor (3) . By default, the details of the issue and remediation recommendations are shown on the right, but if you have minimized the sidebar, just click How to Fix to view them again.

Fixing Issues

In our example, you can see that the property maxLength of the string is missing and the remediation suggestions on the right (1). Once you have edited the file to fix the issue, click Save and Re-Test to update the OpenAPI (Swagger) definition.

The issue is fixed, audit is re-run, and the audit score increases accordingly (3).

You can continue to move down the list from here to fix the highest priority issues, or return back to your report and filter the issues as you want.

Updating the Definition

You can work on your API outside 42Crunch Platform as well, like in your IDE or any other editor, and then upload the updated definition manually in the platform. Or you can automate a workflow to push your changes to your API to the platform as well.

Latest Resources

WEBINAR

Agentic AI: Fools Rush in Where Angels Fear to Tread

Join, Rik Turner, Chief Analyst at Omdia in conversation with Philippe Leothaud, CTO at 42Crunch as they separate signal from noise and explore the practical implications for enterprises seeking to enable the AI enterprise with agentic AI, but ensure that the appropriate security guardrails are in place.

BLOG

The Best API Security Platform for the Agentic Enterprise

By Hugh Carroll | May 8, 2026

Selecting the API Security Platform that addresses your AI concerns Enterprise API security has always been hard. In 2026, it has become structurally more difficult — not because the threat landscape has changed incrementally, but because of the way that APIs are being built has changed entirely. AI […]

DataSheet

Product Datasheet Addressing API Security Challenges

APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Secure Your APIs Today

#1 API security platform

Free Trial

Platform Overview

Capabilities

SERVICES

Integrations

Use Cases

BY FUNCTION

BY INDUSTRY

Learn

About

WHY 42Crunch

ABOUT US

Help