Backstage · API Governance Rules
Backstage API Rules
Spectral linting rules defining API design standards and conventions for Backstage.
21 Rules
error 8
warn 10
info 3
Rule Categories
get
info
no
openapi
operation
parameter
paths
response
schema
security
servers
Rules
error
info-title-required
Info must have a title
$.info
warn
info-description-required
Info must have a description
$.info
error
info-version-required
Info must have a version
$.info
error
openapi-version-3
Must use OpenAPI 3.0.x or 3.1.x
$
warn
servers-defined
Servers must be defined
$
warn
paths-kebab-case
Path segments should use kebab-case
$.paths
warn
paths-no-trailing-slash
Paths must not have trailing slashes
$.paths
error
operation-summary-required
Every operation must have a summary
$.paths[*][get,post,put,patch,delete,head,options]
warn
operation-description-required
Every operation must have a description
$.paths[*][get,post,put,patch,delete,head,options]
error
operation-id-required
Every operation must have an operationId
$.paths[*][get,post,put,patch,delete,head,options]
warn
operation-id-camel-case
OperationIds should use camelCase
$.paths[*][get,post,put,patch,delete,head,options].operationId
warn
operation-tags-required
Every operation must have at least one tag
$.paths[*][get,post,put,patch,delete,head,options]
info
operation-summary-backstage-prefix
Operation summaries should start with "Backstage"
$.paths[*][get,post,put,patch,delete,head,options].summary
warn
parameter-description-required
All parameters must have descriptions
$.paths[*][get,post,put,patch,delete,head,options].parameters[*]
error
response-success-required
Every operation must have at least one 2xx response
$.paths[*][get,post,put,patch,delete]
error
response-description-required
Every response must have a description
$.paths[*][get,post,put,patch,delete].responses[*]
info
response-401-defined
Protected operations should define a 401 response
$.paths[*][post,put,patch,delete]
warn
schema-type-defined
All schemas should have a type
$.components.schemas[*]
info
security-schemes-defined
Security schemes must be defined if auth is used
$.components
error
get-no-request-body
GET operations must not have a request body
$.paths[*].get
warn
no-empty-descriptions
Descriptions must not be empty strings
$..description