Axway · API Governance Rules

Axway API Rules

Spectral linting rules defining API design standards and conventions for Axway.

32 Rules error 12 warn 12 info 8
View Rules File View on GitHub

Rule Categories

info microcks naming operations parameters paths request responses schemas security

Rules

error
info-title-required
API spec must have a non-empty info.title
$.info
error
info-description-required
API spec must have an info.description
$.info
warn
info-version-semver
Info version should follow semantic versioning
$.info.version
warn
info-contact-required
API spec should include contact information
$.info
error
paths-lowercase
Path segments must be lowercase
$.paths
error
paths-no-trailing-slash
Paths must not end with a trailing slash
$.paths
warn
paths-kebab-or-lower
Path segments should use lowercase or snake_case (Axway convention)
$.paths
warn
paths-no-file-extensions
Paths should not include file extensions
$.paths
error
operations-operation-id-required
Every operation must have an operationId
$.paths[*][get,post,put,patch,delete]
warn
operations-operation-id-underscore
operationId should use underscore convention (resource_action)
$.paths[*][get,post,put,patch,delete].operationId
error
operations-summary-required
Every operation must have a summary
$.paths[*][get,post,put,patch,delete]
warn
operations-description-required
Every operation must have a description
$.paths[*][get,post,put,patch,delete]
error
operations-tags-required
Every operation must have at least one tag
$.paths[*][get,post,put,patch,delete]
warn
operations-tags-lowercase
Tags should be lowercase (Axway convention)
$.paths[*][get,post,put,patch,delete].tags[*]
warn
parameters-description-required
Every parameter must have a description
$.paths[*][get,post,put,patch,delete].parameters[*]
error
parameters-schema-required
Every parameter must have a schema with type
$.paths[*][get,post,put,patch,delete].parameters[*]
info
parameters-camel-case
Parameter names should use camelCase or snake_case
$.paths[*][get,post,put,patch,delete].parameters[*].name
error
responses-success-required
Every operation must define a success response (2xx)
$.paths[*][get,post,put,patch,delete].responses
warn
responses-error-401
Operations with security should define a 401 response
$.paths[*][get,post,put,patch,delete].responses
info
responses-error-400
POST/PUT operations should define a 400 response
$.paths[*][post,put].responses
error
schemas-type-required
Every schema must declare a type
$.components.schemas[*]
info
schemas-description-recommended
Schemas should have a description
$.components.schemas[*]
info
schemas-properties-description
Schema properties should have descriptions
$.components.schemas[*].properties[*]
info
schemas-no-additional-properties-unset
Object schemas should explicitly set additionalProperties
$.components.schemas[?(@.type=='object')]
error
security-schemes-defined
API must define at least one security scheme
$.components
info
security-bearer-format
Bearer security schemes should specify bearerFormat
$.components.securitySchemes[?(@.scheme=='bearer')]
warn
security-oauth2-scopes
OAuth2 schemes should define scopes
$.components.securitySchemes[?(@.type=='oauth2')].flows[*]
warn
request-body-json
Request bodies should use application/json content type
$.paths[*][post,put,patch].requestBody.content
error
request-body-schema
Request body JSON content must have a schema
$.paths[*][post,put,patch].requestBody.content.application/json
warn
naming-schema-pascal-case
Schema names should use PascalCase
$.components.schemas
info
microcks-operation-extension
Operations should include x-microcks-operation for mock compatibility
$.paths[*][get,post,put,patch,delete]
info
microcks-response-examples
Success responses should include named examples for Microcks
$.paths[*][get,post,put,patch,delete].responses.200.content.application/json

Spectral Ruleset

Raw ↑ 
rules:

  # ── Info ──────────────────────────────────────────────────────────────
  info-title-required:
    description: API spec must have a non-empty info.title
    severity: error
    given: $.info
    then:
      field: title
      function: truthy

  info-description-required:
    description: API spec must have an info.description
    severity: error
    given: $.info
    then:
      field: description
      function: truthy

  info-version-semver:
    description: Info version should follow semantic versioning
    severity: warn
    given: $.info.version
    then:
      function: pattern
      functionOptions:
        match: "^[0-9]+\\.[0-9]+\\.[0-9]+"

  info-contact-required:
    description: API spec should include contact information
    severity: warn
    given: $.info
    then:
      field: contact
      function: truthy

  # ── Paths ─────────────────────────────────────────────────────────────
  paths-lowercase:
    description: Path segments must be lowercase
    severity: error
    given: $.paths
    then:
      function: pattern
      functionOptions:
        match: "^[/a-z0-9_{}.-]+$"

  paths-no-trailing-slash:
    description: Paths must not end with a trailing slash
    severity: error
    given: $.paths
    then:
      function: pattern
      functionOptions:
        notMatch: "/$"

  paths-kebab-or-lower:
    description: Path segments should use lowercase or snake_case (Axway convention)
    severity: warn
    given: $.paths
    then:
      function: pattern
      functionOptions:
        match: "^[/a-z0-9_{}-]+$"

  paths-no-file-extensions:
    description: Paths should not include file extensions
    severity: warn
    given: $.paths
    then:
      function: pattern
      functionOptions:
        notMatch: "\\.(json|xml|yaml|html)$"

  # ── Operations ────────────────────────────────────────────────────────
  operations-operation-id-required:
    description: Every operation must have an operationId
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: operationId
      function: truthy

  operations-operation-id-underscore:
    description: operationId should use underscore convention (resource_action)
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].operationId"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z]+_[a-zA-Z]+$"

  operations-summary-required:
    description: Every operation must have a summary
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: summary
      function: truthy

  operations-description-required:
    description: Every operation must have a description
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: description
      function: truthy

  operations-tags-required:
    description: Every operation must have at least one tag
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: tags
      function: truthy

  operations-tags-lowercase:
    description: Tags should be lowercase (Axway convention)
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].tags[*]"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-z0-9_-]*$"

  # ── Parameters ────────────────────────────────────────────────────────
  parameters-description-required:
    description: Every parameter must have a description
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].parameters[*]"
    then:
      field: description
      function: truthy

  parameters-schema-required:
    description: Every parameter must have a schema with type
    severity: error
    given: "$.paths[*][get,post,put,patch,delete].parameters[*]"
    then:
      field: schema
      function: truthy

  parameters-camel-case:
    description: Parameter names should use camelCase or snake_case
    severity: info
    given: "$.paths[*][get,post,put,patch,delete].parameters[*].name"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9_]*$"

  # ── Responses ─────────────────────────────────────────────────────────
  responses-success-required:
    description: Every operation must define a success response (2xx)
    severity: error
    given: "$.paths[*][get,post,put,patch,delete].responses"
    then:
      function: schema
      functionOptions:
        schema:
          anyOf:
            - required: ["200"]
            - required: ["201"]
            - required: ["202"]
            - required: ["204"]

  responses-error-401:
    description: Operations with security should define a 401 response
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].responses"
    then:
      field: "401"
      function: truthy

  responses-error-400:
    description: POST/PUT operations should define a 400 response
    severity: info
    given: "$.paths[*][post,put].responses"
    then:
      field: "400"
      function: truthy

  # ── Schemas ───────────────────────────────────────────────────────────
  schemas-type-required:
    description: Every schema must declare a type
    severity: error
    given: "$.components.schemas[*]"
    then:
      field: type
      function: truthy

  schemas-description-recommended:
    description: Schemas should have a description
    severity: info
    given: "$.components.schemas[*]"
    then:
      field: description
      function: truthy

  schemas-properties-description:
    description: Schema properties should have descriptions
    severity: info
    given: "$.components.schemas[*].properties[*]"
    then:
      field: description
      function: truthy

  schemas-no-additional-properties-unset:
    description: Object schemas should explicitly set additionalProperties
    severity: info
    given: "$.components.schemas[?(@.type=='object')]"
    then:
      field: additionalProperties
      function: defined

  # ── Security ──────────────────────────────────────────────────────────
  security-schemes-defined:
    description: API must define at least one security scheme
    severity: error
    given: $.components
    then:
      field: securitySchemes
      function: truthy

  security-bearer-format:
    description: Bearer security schemes should specify bearerFormat
    severity: info
    given: "$.components.securitySchemes[?(@.scheme=='bearer')]"
    then:
      field: bearerFormat
      function: truthy

  security-oauth2-scopes:
    description: OAuth2 schemes should define scopes
    severity: warn
    given: "$.components.securitySchemes[?(@.type=='oauth2')].flows[*]"
    then:
      field: scopes
      function: truthy

  # ── Request Bodies ────────────────────────────────────────────────────
  request-body-json:
    description: Request bodies should use application/json content type
    severity: warn
    given: "$.paths[*][post,put,patch].requestBody.content"
    then:
      field: application/json
      function: truthy

  request-body-schema:
    description: Request body JSON content must have a schema
    severity: error
    given: "$.paths[*][post,put,patch].requestBody.content.application/json"
    then:
      field: schema
      function: truthy

  # ── Naming Conventions ────────────────────────────────────────────────
  naming-schema-pascal-case:
    description: Schema names should use PascalCase
    severity: warn
    given: $.components.schemas
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z][a-zA-Z0-9]*$"

  # ── Microcks ──────────────────────────────────────────────────────────
  microcks-operation-extension:
    description: Operations should include x-microcks-operation for mock compatibility
    severity: info
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: x-microcks-operation
      function: truthy

  microcks-response-examples:
    description: Success responses should include named examples for Microcks
    severity: info
    given: "$.paths[*][get,post,put,patch,delete].responses.200.content.application/json"
    then:
      field: examples
      function: truthy