Allegion · API Governance Rules

Allegion API Rules

Spectral linting rules defining API design standards and conventions for Allegion.

Allegion API Rules is a Spectral governance ruleset published by Allegion on the APIs.io network, containing 7 lint rules.

The ruleset includes 1 error-severity rule and 6 warning-severity rules.

Tagged areas include Access Control, Smart Lock, Smart Home, Mobile Credentials, and Bluetooth.

Rulesets can be applied to your own OpenAPI specs via Spectral to enforce the same governance standards.

7 Rules error 1 warn 6
View Rules File View on GitHub

Rule Categories

schlage

Rules

warn
schlage-home-summary-title-case
Operation summaries must use Title Case
$.paths[*][get,post,put,patch,delete].summary
warn
schlage-home-oauth-only
Every operation must require the OAuth2 security scheme registered against account.schlage.com
$.paths[*][get,post,put,patch,delete].security[*]
warn
schlage-home-async-202-on-writes
POST, PUT, and DELETE responses against /devices paths must declare 202 ACCEPTED (async command pattern).
$.paths[*][post,put,delete].responses
error
schlage-home-webhook-https
Webhook subscription URL fields must require HTTPS.
$.components.schemas.WebhookSubscription.properties.url
warn
schlage-home-access-code-name
AccessCode.name must be 1-12 alpha-numeric characters per Schlage Home documentation.
$.components.schemas.AccessCode.properties.name
warn
schlage-home-server-host
Servers must point at api.allegion.com.
$.servers[*].url
warn
schlage-home-oauth-token-url
OAuth2 token URL must be https://account.schlage.com/OAuth2/token.
$.components.securitySchemes.OAuth2.flows.authorizationCode.tokenUrl

Spectral Ruleset

Raw ↑ 
extends:
  - spectral:oas

rules:
  # Schlage Home API operation summaries use Title Case
  schlage-home-summary-title-case:
    description: Operation summaries must use Title Case
    message: "Summary '{{value}}' should start with an uppercase letter"
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].summary"
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z]"

  # Schlage Home uses OAuth 2.0 authorization code flow
  schlage-home-oauth-only:
    description: Every operation must require the OAuth2 security scheme registered against account.schlage.com
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].security[*]"
    then:
      field: OAuth2
      function: truthy

  # Device write operations return 202 ACCEPTED
  schlage-home-async-202-on-writes:
    description: POST, PUT, and DELETE responses against /devices paths must declare 202 ACCEPTED (async command pattern).
    severity: warn
    given: "$.paths[*][post,put,delete].responses"
    then:
      field: "202"
      function: truthy

  # Webhook subscription URLs must be HTTPS
  schlage-home-webhook-https:
    description: Webhook subscription URL fields must require HTTPS.
    severity: error
    given: "$.components.schemas.WebhookSubscription.properties.url"
    then:
      field: pattern
      function: truthy

  # Access code names must obey 1-12 alpha-numeric
  schlage-home-access-code-name:
    description: AccessCode.name must be 1-12 alpha-numeric characters per Schlage Home documentation.
    severity: warn
    given: "$.components.schemas.AccessCode.properties.name"
    then:
      field: pattern
      function: truthy

  # Server base URL must be api.allegion.com
  schlage-home-server-host:
    description: Servers must point at api.allegion.com.
    severity: warn
    given: "$.servers[*].url"
    then:
      function: pattern
      functionOptions:
        match: "^https://api\\.allegion\\.com"

  # OAuth2 token endpoint must be account.schlage.com
  schlage-home-oauth-token-url:
    description: OAuth2 token URL must be https://account.schlage.com/OAuth2/token.
    severity: warn
    given: "$.components.securitySchemes.OAuth2.flows.authorizationCode.tokenUrl"
    then:
      function: pattern
      functionOptions:
        match: "^https://account\\.schlage\\.com/OAuth2/token$"