Akamai API Security API Rules
Spectral linting rules defining API design standards and conventions for Akamai API Security.
23 Rules
error 12
warn 11
Rule Categories
delete
get
info
no
openapi
operation
parameter
paths
response
schema
security
servers
Rules
warn
info-title-format
$.info.title
error
info-description-required
$.info
error
info-version-required
$.info
warn
servers-https
$.servers[*].url
warn
paths-kebab-case
$.paths[*]~
error
paths-no-trailing-slash
$.paths[*]~
error
operation-summary-required
$.paths[*][get,post,put,patch,delete,head,options]
warn
operation-summary-akamai-prefix
$.paths[*][get,post,put,patch,delete,head,options].summary
warn
operation-description-required
$.paths[*][get,post,put,patch,delete,head,options]
error
operation-id-required
$.paths[*][get,post,put,patch,delete,head,options]
warn
operation-id-camel-case
$.paths[*][get,post,put,patch,delete,head,options].operationId
error
operation-tags-required
$.paths[*][get,post,put,patch,delete,head,options]
warn
parameter-description-required
$.paths[*][get,post,put,patch,delete][*].parameters[*]
error
operation-success-response
$.paths[*][get,post,put,patch,delete]
error
response-description-required
$.paths[*][*].responses[*]
warn
schema-type-defined
$.components.schemas[*].properties[*]
warn
schema-description-required
$.components.schemas[*]
warn
security-schemes-defined
$.components
error
get-no-request-body
$.paths[*].get
warn
delete-no-request-body
$.paths[*].delete
error
no-empty-descriptions
$..description
Spectral Ruleset
# Akamai API Security Spectral Ruleset
# Enforces conventions found in the Akamai Application Security API specification
rules:
# INFO / METADATA
info-title-format:
message: "API title should start with 'Akamai'"
severity: warn
given: "$.info.title"
then:
function: pattern
functionOptions:
match: "^Akamai"
info-description-required:
message: "API info must have a description"
severity: error
given: "$.info"
then:
field: description
function: truthy
info-version-required:
message: "API info must have a version"
severity: error
given: "$.info"
then:
field: version
function: truthy
# OPENAPI VERSION
openapi-version-3:
message: "Must use OpenAPI 3.x"
severity: error
given: "$"
then:
field: openapi
function: pattern
functionOptions:
match: "^3\\."
# SERVERS
servers-defined:
message: "Servers must be defined"
severity: error
given: "$"
then:
field: servers
function: truthy
servers-https:
message: "Server URLs should use HTTPS"
severity: warn
given: "$.servers[*].url"
then:
function: pattern
functionOptions:
match: "^https://"
# PATHS
paths-kebab-case:
message: "Path segments should use kebab-case"
severity: warn
given: "$.paths[*]~"
then:
function: pattern
functionOptions:
match: "^(\\/([a-z0-9][a-z0-9\\-]*|\\{[a-zA-Z][a-zA-Z0-9_]*\\}))*$"
paths-no-trailing-slash:
message: "Paths must not have trailing slashes"
severity: error
given: "$.paths[*]~"
then:
function: pattern
functionOptions:
notMatch: "\\/$"
# OPERATIONS
operation-summary-required:
message: "Every operation must have a summary"
severity: error
given: "$.paths[*][get,post,put,patch,delete,head,options]"
then:
field: summary
function: truthy
operation-summary-akamai-prefix:
message: "Operation summaries should start with 'Akamai'"
severity: warn
given: "$.paths[*][get,post,put,patch,delete,head,options].summary"
then:
function: pattern
functionOptions:
match: "^Akamai"
operation-description-required:
message: "Every operation must have a description"
severity: warn
given: "$.paths[*][get,post,put,patch,delete,head,options]"
then:
field: description
function: truthy
operation-id-required:
message: "Every operation must have an operationId"
severity: error
given: "$.paths[*][get,post,put,patch,delete,head,options]"
then:
field: operationId
function: truthy
operation-id-camel-case:
message: "operationId should use camelCase"
severity: warn
given: "$.paths[*][get,post,put,patch,delete,head,options].operationId"
then:
function: pattern
functionOptions:
match: "^[a-z][a-zA-Z0-9]*$"
operation-tags-required:
message: "Every operation must have at least one tag"
severity: error
given: "$.paths[*][get,post,put,patch,delete,head,options]"
then:
field: tags
function: truthy
# PARAMETERS
parameter-description-required:
message: "All parameters must have a description"
severity: warn
given: "$.paths[*][get,post,put,patch,delete][*].parameters[*]"
then:
field: description
function: truthy
# RESPONSES
operation-success-response:
message: "Operations must have at least one 2xx response"
severity: error
given: "$.paths[*][get,post,put,patch,delete]"
then:
field: responses
function: truthy
response-description-required:
message: "All responses must have a description"
severity: error
given: "$.paths[*][*].responses[*]"
then:
field: description
function: truthy
# SCHEMAS
schema-type-defined:
message: "Schema properties should have a type defined"
severity: warn
given: "$.components.schemas[*].properties[*]"
then:
field: type
function: truthy
schema-description-required:
message: "Top-level schemas should have a description"
severity: warn
given: "$.components.schemas[*]"
then:
field: description
function: truthy
# SECURITY
security-schemes-defined:
message: "Security schemes should be defined"
severity: warn
given: "$.components"
then:
field: securitySchemes
function: truthy
# HTTP METHODS
get-no-request-body:
message: "GET operations must not have a request body"
severity: error
given: "$.paths[*].get"
then:
field: requestBody
function: falsy
delete-no-request-body:
message: "DELETE operations should not have a request body"
severity: warn
given: "$.paths[*].delete"
then:
field: requestBody
function: falsy
# GENERAL QUALITY
no-empty-descriptions:
message: "Descriptions must not be empty"
severity: error
given: "$..description"
then:
function: truthy