Apigee · API Governance Rules

Apigee API Rules

Spectral linting rules defining API design standards and conventions for Apigee.

14 Rules error 5 warn 7 info 2
View Rules File View on GitHub

Rule Categories

delete info operation parameter response schema security servers

Rules

warn
info-title-prefix
API title must start with 'Apigee'.
$.info
error
info-description-required
API must have a description.
$.info
error
servers-https
All server URLs must use HTTPS.
$.servers[*]
info
servers-googleapis
Apigee API servers should be on *.googleapis.com.
$.servers[*]
warn
operation-summary-title-case
Operation summaries must be in Title Case.
$.paths[*][get,post,put,patch,delete]
warn
operation-summary-prefix
Operation summaries must start with 'Apigee'.
$.paths[*][get,post,put,patch,delete]
error
operation-id-required
Every operation must have an operationId.
$.paths[*][get,post,put,patch,delete]
warn
operation-id-camelcase
OperationId must use camelCase.
$.paths[*][get,post,put,patch,delete]
warn
operation-tags-required
Every operation must have at least one tag.
$.paths[*][get,post,put,patch,delete]
warn
parameter-description-required
All parameters must have a description.
$.paths[*][get,post,put,patch,delete].parameters[*]
error
response-success-required
Every operation must have a 2xx response.
$.paths[*][get,post,put,patch,delete].responses
warn
delete-returns-200-or-204
DELETE operations should return 200 or 204.
$.paths[*].delete.responses
info
schema-property-description
Schema properties should have descriptions.
$.components.schemas[*].properties[*]
error
security-oauth2-required
Apigee APIs must define OAuth2 security.
$.components.securitySchemes

Spectral Ruleset

Raw ↑ 
extends: spectral:oas
rules:
  info-title-prefix:
    description: API title must start with 'Apigee'.
    severity: warn
    given: '$.info'
    then:
      field: title
      function: pattern
      functionOptions:
        match: '^Apigee'

  info-description-required:
    description: API must have a description.
    severity: error
    given: '$.info'
    then:
      field: description
      function: truthy

  servers-https:
    description: All server URLs must use HTTPS.
    severity: error
    given: '$.servers[*]'
    then:
      field: url
      function: pattern
      functionOptions:
        match: '^https://'

  servers-googleapis:
    description: Apigee API servers should be on *.googleapis.com.
    severity: info
    given: '$.servers[*]'
    then:
      field: url
      function: pattern
      functionOptions:
        match: '\.googleapis\.com'

  operation-summary-title-case:
    description: Operation summaries must be in Title Case.
    severity: warn
    given: '$.paths[*][get,post,put,patch,delete]'
    then:
      field: summary
      function: pattern
      functionOptions:
        match: '^[A-Z]'

  operation-summary-prefix:
    description: Operation summaries must start with 'Apigee'.
    severity: warn
    given: '$.paths[*][get,post,put,patch,delete]'
    then:
      field: summary
      function: pattern
      functionOptions:
        match: '^Apigee'

  operation-id-required:
    description: Every operation must have an operationId.
    severity: error
    given: '$.paths[*][get,post,put,patch,delete]'
    then:
      field: operationId
      function: truthy

  operation-id-camelcase:
    description: OperationId must use camelCase.
    severity: warn
    given: '$.paths[*][get,post,put,patch,delete]'
    then:
      field: operationId
      function: pattern
      functionOptions:
        match: '^[a-z][a-zA-Z0-9]*$'

  operation-tags-required:
    description: Every operation must have at least one tag.
    severity: warn
    given: '$.paths[*][get,post,put,patch,delete]'
    then:
      field: tags
      function: truthy

  parameter-description-required:
    description: All parameters must have a description.
    severity: warn
    given: '$.paths[*][get,post,put,patch,delete].parameters[*]'
    then:
      field: description
      function: truthy

  response-success-required:
    description: Every operation must have a 2xx response.
    severity: error
    given: '$.paths[*][get,post,put,patch,delete].responses'
    then:
      function: schema
      functionOptions:
        schema:
          anyOf:
            - required: ['200']
            - required: ['201']
            - required: ['204']

  delete-returns-200-or-204:
    description: DELETE operations should return 200 or 204.
    severity: warn
    given: '$.paths[*].delete.responses'
    then:
      function: schema
      functionOptions:
        schema:
          anyOf:
            - required: ['200']
            - required: ['204']

  schema-property-description:
    description: Schema properties should have descriptions.
    severity: info
    given: '$.components.schemas[*].properties[*]'
    then:
      field: description
      function: truthy

  security-oauth2-required:
    description: Apigee APIs must define OAuth2 security.
    severity: error
    given: '$.components.securitySchemes'
    then:
      function: truthy