Avaloq · API Governance Rules

Avaloq API Rules

Spectral linting rules defining API design standards and conventions for Avaloq.

25 Rules error 9 warn 15 info 1
View Rules File View on GitHub

Rule Categories

avaloq

Rules

error
avaloq-info-title-required
Avaloq APIs must have a title in the info object.
$.info
error
avaloq-info-version-required
Avaloq APIs must define a version.
$.info
warn
avaloq-info-description-required
Avaloq APIs must have a description.
$.info
warn
avaloq-info-contact-required
Avaloq APIs must include contact information.
$.info
error
avaloq-servers-required
Avaloq APIs must define at least one server.
$
error
avaloq-server-url-https
Avaloq server URLs must use HTTPS.
$.servers[*]
warn
avaloq-paths-kebab-case
Avaloq path segments must use kebab-case.
$.paths
error
avaloq-operation-summary-required
All Avaloq operations must have a summary.
$.paths[*][get,post,put,patch,delete]
warn
avaloq-operation-description-required
All Avaloq operations must have a description.
$.paths[*][get,post,put,patch,delete]
error
avaloq-operation-id-required
All Avaloq operations must have an operationId.
$.paths[*][get,post,put,patch,delete]
warn
avaloq-operation-tags-required
All Avaloq operations must have at least one tag.
$.paths[*][get,post,put,patch,delete]
warn
avaloq-parameters-description-required
All Avaloq parameters must have a description.
$.paths[*][get,post,put,patch,delete].parameters[*]
warn
avaloq-request-body-description
Avaloq request bodies must have a description.
$.paths[*][post,put,patch].requestBody
error
avaloq-response-200-required
Avaloq GET operations must have a 200 response.
$.paths[*].get.responses
warn
avaloq-response-400-required
Avaloq operations must document 400 errors.
$.paths[*][get,post,put,patch,delete].responses
warn
avaloq-response-401-required
Avaloq operations must document 401 unauthorized.
$.paths[*][get,post,put,patch,delete].responses
warn
avaloq-schema-properties-described
Avaloq schema properties must have descriptions.
$.components.schemas[*].properties[*]
warn
avaloq-schema-type-required
Avaloq schema properties must have a type.
$.components.schemas[*].properties[*]
error
avaloq-security-defined
Avaloq APIs must define security schemes.
$.components
warn
avaloq-bearer-auth-required
Avaloq APIs must use Bearer/JWT authentication.
$.components.securitySchemes[*]
error
avaloq-get-no-request-body
Avaloq GET operations must not have a request body.
$.paths[*].get
warn
avaloq-delete-no-request-body
Avaloq DELETE operations must not have a request body.
$.paths[*].delete
warn
avaloq-post-returns-201
Avaloq POST creation operations should return 201.
$.paths[*].post.responses
info
avaloq-schema-example-provided
Avaloq schemas should have examples.
$.components.schemas[*]
warn
avaloq-response-content-type
Avaloq API responses must specify content type.
$.paths[*][get,post,put,patch].responses[*]

Spectral Ruleset

Raw ↑ 
rules:
  avaloq-info-title-required:
    description: "Avaloq APIs must have a title in the info object."
    message: "Info object must have a title."
    severity: error
    given: "$.info"
    then:
      field: title
      function: truthy

  avaloq-info-version-required:
    description: "Avaloq APIs must define a version."
    message: "Info object must have a version."
    severity: error
    given: "$.info"
    then:
      field: version
      function: truthy

  avaloq-info-description-required:
    description: "Avaloq APIs must have a description."
    message: "Info object must have a description."
    severity: warn
    given: "$.info"
    then:
      field: description
      function: truthy

  avaloq-info-contact-required:
    description: "Avaloq APIs must include contact information."
    message: "Info object must have a contact."
    severity: warn
    given: "$.info"
    then:
      field: contact
      function: truthy

  avaloq-servers-required:
    description: "Avaloq APIs must define at least one server."
    message: "Servers array must be defined and non-empty."
    severity: error
    given: "$"
    then:
      field: servers
      function: truthy

  avaloq-server-url-https:
    description: "Avaloq server URLs must use HTTPS."
    message: "Server URL must use HTTPS protocol."
    severity: error
    given: "$.servers[*]"
    then:
      field: url
      function: pattern
      functionOptions:
        match: "^https://"

  avaloq-paths-kebab-case:
    description: "Avaloq path segments must use kebab-case."
    message: "Path segments must use lowercase kebab-case."
    severity: warn
    given: "$.paths"
    then:
      function: pattern
      functionOptions:
        match: "^(\\/[a-z0-9-{}]+)+$"

  avaloq-operation-summary-required:
    description: "All Avaloq operations must have a summary."
    message: "Operation must have a summary."
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: summary
      function: truthy

  avaloq-operation-description-required:
    description: "All Avaloq operations must have a description."
    message: "Operation must have a description."
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: description
      function: truthy

  avaloq-operation-id-required:
    description: "All Avaloq operations must have an operationId."
    message: "Operation must have an operationId."
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: operationId
      function: truthy

  avaloq-operation-tags-required:
    description: "All Avaloq operations must have at least one tag."
    message: "Operation must have at least one tag."
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: tags
      function: truthy

  avaloq-parameters-description-required:
    description: "All Avaloq parameters must have a description."
    message: "Parameter must have a description."
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].parameters[*]"
    then:
      field: description
      function: truthy

  avaloq-request-body-description:
    description: "Avaloq request bodies must have a description."
    message: "Request body must have a description."
    severity: warn
    given: "$.paths[*][post,put,patch].requestBody"
    then:
      field: description
      function: truthy

  avaloq-response-200-required:
    description: "Avaloq GET operations must have a 200 response."
    message: "GET operation must define a 200 response."
    severity: error
    given: "$.paths[*].get.responses"
    then:
      field: "200"
      function: truthy

  avaloq-response-400-required:
    description: "Avaloq operations must document 400 errors."
    message: "Operation must define a 400 error response."
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].responses"
    then:
      field: "400"
      function: truthy

  avaloq-response-401-required:
    description: "Avaloq operations must document 401 unauthorized."
    message: "Operation must define a 401 response."
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].responses"
    then:
      field: "401"
      function: truthy

  avaloq-schema-properties-described:
    description: "Avaloq schema properties must have descriptions."
    message: "Schema property must have a description."
    severity: warn
    given: "$.components.schemas[*].properties[*]"
    then:
      field: description
      function: truthy

  avaloq-schema-type-required:
    description: "Avaloq schema properties must have a type."
    message: "Schema property must have a type."
    severity: warn
    given: "$.components.schemas[*].properties[*]"
    then:
      field: type
      function: truthy

  avaloq-security-defined:
    description: "Avaloq APIs must define security schemes."
    message: "Components must include securitySchemes."
    severity: error
    given: "$.components"
    then:
      field: securitySchemes
      function: truthy

  avaloq-bearer-auth-required:
    description: "Avaloq APIs must use Bearer/JWT authentication."
    message: "Security scheme must be OAuth2 or bearer type."
    severity: warn
    given: "$.components.securitySchemes[*]"
    then:
      field: type
      function: enumeration
      functionOptions:
        values: [oauth2, http, apiKey]

  avaloq-get-no-request-body:
    description: "Avaloq GET operations must not have a request body."
    message: "GET operations must not include a requestBody."
    severity: error
    given: "$.paths[*].get"
    then:
      field: requestBody
      function: falsy

  avaloq-delete-no-request-body:
    description: "Avaloq DELETE operations must not have a request body."
    message: "DELETE operations must not include a requestBody."
    severity: warn
    given: "$.paths[*].delete"
    then:
      field: requestBody
      function: falsy

  avaloq-post-returns-201:
    description: "Avaloq POST creation operations should return 201."
    message: "POST operations creating resources should return 201."
    severity: warn
    given: "$.paths[*].post.responses"
    then:
      field: "201"
      function: truthy

  avaloq-schema-example-provided:
    description: "Avaloq schemas should have examples."
    message: "Schema should include an example."
    severity: info
    given: "$.components.schemas[*]"
    then:
      field: example
      function: truthy

  avaloq-response-content-type:
    description: "Avaloq API responses must specify content type."
    message: "Response must define a content type."
    severity: warn
    given: "$.paths[*][get,post,put,patch].responses[*]"
    then:
      field: content
      function: truthy