Allegion · API Governance Rules

Allegion API Rules

Spectral linting rules defining API design standards and conventions for Allegion.

Allegion API Rules is a Spectral governance ruleset published by Allegion on the APIs.io network, containing 6 lint rules.

The ruleset includes 2 error-severity rules and 4 warning-severity rules.

Tagged areas include Access Control, Smart Lock, Smart Home, Mobile Credentials, and Bluetooth.

Rulesets can be applied to your own OpenAPI specs via Spectral to enforce the same governance standards.

6 Rules error 2 warn 4
View Rules File View on GitHub

Rule Categories

engage

Rules

warn
engage-summary-title-case
Operation summaries must use Title Case.
$.paths[*][get,post,put,patch,delete].summary
error
engage-subscription-key-name
API key security scheme name must be `alle-subscription-key` per Allegion documentation.
$.components.securitySchemes.SubscriptionKey
error
engage-subscription-key-in-header
Subscription key must be transmitted in the request header.
$.components.securitySchemes.SubscriptionKey
warn
engage-dual-auth
Operations must require both SubscriptionKey and BasicAuth per Allegion documentation.
$.security[0]
warn
engage-server-host
Servers must point at api.allegion.com/engage.
$.servers[*].url
warn
engage-credential-status-enum
MobileCredential.status must be one of Active, Revoked, Expired.
$.components.schemas.MobileCredential.properties.status

Spectral Ruleset

Raw ↑ 
extends:
  - spectral:oas

rules:
  # ENGAGE Credentialing summaries use Title Case
  engage-summary-title-case:
    description: Operation summaries must use Title Case.
    message: "Summary '{{value}}' should start with an uppercase letter"
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].summary"
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z]"

  # Subscription key header is alle-subscription-key
  engage-subscription-key-name:
    description: API key security scheme name must be `alle-subscription-key` per Allegion documentation.
    severity: error
    given: "$.components.securitySchemes.SubscriptionKey"
    then:
      field: name
      function: pattern
      functionOptions:
        match: "^alle-subscription-key$"

  # Subscription key must be in header
  engage-subscription-key-in-header:
    description: Subscription key must be transmitted in the request header.
    severity: error
    given: "$.components.securitySchemes.SubscriptionKey"
    then:
      field: in
      function: pattern
      functionOptions:
        match: "^header$"

  # Every operation must require both schemes
  engage-dual-auth:
    description: Operations must require both SubscriptionKey and BasicAuth per Allegion documentation.
    severity: warn
    given: "$.security[0]"
    then:
      field: SubscriptionKey
      function: truthy

  # Server base URL
  engage-server-host:
    description: Servers must point at api.allegion.com/engage.
    severity: warn
    given: "$.servers[*].url"
    then:
      function: pattern
      functionOptions:
        match: "^https://api\\.allegion\\.com/engage"

  # Credential status enum is fixed
  engage-credential-status-enum:
    description: MobileCredential.status must be one of Active, Revoked, Expired.
    severity: warn
    given: "$.components.schemas.MobileCredential.properties.status"
    then:
      field: enum
      function: truthy