Aqua Security · API Governance Rules

Aqua Security API Rules

Spectral linting rules defining API design standards and conventions for Aqua Security.

30 Rules error 12 warn 15 info 3

View Rules File View on GitHub

Rule Categories

delete get info no openapi operation parameter paths request response schema security servers tags

Rules

error

info-title-required

Info object must have a title starting with "Aqua Security"

$.info

warn

info-description-required

Info object must have a description with at least 50 characters

$.info

error

info-version-required

Info object must have a version

$.info

warn

info-contact-required

API should have contact information

$.info

error

openapi-version-3

Use OpenAPI 3.0.x

$

error

servers-defined

Servers must be defined

$

warn

servers-https-only

Server URLs should use HTTPS

$.servers[*]

warn

paths-kebab-case

Path segments should use kebab-case

$.paths

warn

paths-no-trailing-slash

Paths should not have trailing slashes

$.paths

error

operation-summary-required

Every operation must have a summary

$.paths[*][get,post,put,delete,patch]

warn

operation-summary-prefix

Operation summaries should start with "Aqua Security"

$.paths[*][get,post,put,delete,patch]

warn

operation-description-required

Every operation should have a description

$.paths[*][get,post,put,delete,patch]

error

operation-id-required

Every operation must have an operationId

$.paths[*][get,post,put,delete,patch]

warn

operation-id-camel-case

OperationId should use camelCase

$.paths[*][get,post,put,delete,patch]

error

operation-tags-required

Every operation must have at least one tag

$.paths[*][get,post,put,delete,patch]

warn

parameter-description-required

All parameters must have a description

$.paths[*][*].parameters[*]

info

parameter-snake-case

Parameter names should use snake_case or kebab-case

$.paths[*][*].parameters[*]

warn

request-body-content-type

Request bodies should use application/json

$.paths[*][post,put,patch].requestBody.content

error

response-success-required

Every operation must have a success (2xx) response

$.paths[*][get,post,put,delete,patch].responses

warn

response-401-required

Secured endpoints should document 401 responses

$.paths[*][get,post,put,delete,patch].responses

error

response-description-required

All responses must have a description

$.paths[*][*].responses[*]

warn

schema-type-defined

Schema properties should have a type defined

$.components.schemas[*].properties[*]

info

schema-description-recommended

Top-level schemas should have a description

$.components.schemas[*]

error

security-schemes-defined

Security schemes must be defined in components

$.components

warn

security-bearer-description

Bearer auth security scheme should have a description

$.components.securitySchemes[*]

error

get-no-request-body

GET operations should not have a request body

$.paths[*].get

warn

delete-no-request-body

DELETE operations should not have a request body

$.paths[*].delete

info

delete-returns-204

DELETE operations should return 204

$.paths[*].delete.responses

error

no-empty-descriptions

Descriptions should not be empty strings

$..description

warn

tags-global-defined

Tags should be defined globally with descriptions

$