`az-error-response` requires certain read-only properties to be marked as "required" about azure-api-style-guide HOT 2 CLOSED

You have linked to the "old" Microsoft API Guidelines, but Azure has published updated API Guidelines here and this style guide and ruleset are a companion to these updated guidelines.

As for your specific concern:

my understanding is that all these properties must be marked as "readOnly", since they are only ever used in responses

OpenAPI v2 describes readOnly this way:

Relevant only for Schema "properties" definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but MUST NOT be sent as part of the request. Properties marked as readOnly being true SHOULD NOT be in the required list of the defined schema. Default value is false.

So by the specification you are correct that a required property should not be marked readOnly.

But the specification does not require that a schema that is only used for responses mark all its properties as readOnly. And while it seems harmless to do so, it prevents the use of required in response schemas, which is a useful tool in documenting which properties will always be present in a response. So I think that marking properties of a schema that is only used in a response as readOnly is an anti-pattern and should be discouraged.

In fact, the OpenAPI committee recognized the problems with the definition of readOnly in OpenAPI v2 and changed in in OpenAPI v3 to say:

If the property is marked as readOnly being true and is in the required list, the required will take effect on the response only.

So in OpenAPI v3, there is no conflict between readOnly and required.

from azure-api-style-guide.

I think this issue is addressed but please reopen if there is something specific you believe is still needed.

from azure-api-style-guide.