Basiq · API Governance Rules

Basiq API Rules

Spectral linting rules defining API design standards and conventions for Basiq.

15 Rules error 6 warn 9
View Rules File View on GitHub

Rule Categories

basiq

Rules

error
basiq-bearer-auth-required
All protected operations must use BearerAuth security.
$.paths[?([email protected]('token'))].*.security
error
basiq-operation-id-required
All operations must have an operationId.
$.paths.*.*
warn
basiq-operation-id-camel-case
Operation IDs must use camelCase.
$.paths.*.*.operationId
error
basiq-summary-required
All operations must have a summary.
$.paths.*.*
warn
basiq-summary-title-case
Operation summaries must use Title Case.
$.paths.*.*.summary
error
basiq-tags-required
All operations must be tagged.
$.paths.*.*
warn
basiq-description-required
All operations must have a description.
$.paths.*.*
error
basiq-200-response-required
All GET operations must define a 200 response.
$.paths.*.get.responses
warn
basiq-404-response-required
Parameterized path operations should define a 404 response.
$.paths.*.get.responses
warn
basiq-user-path-prefix
User-scoped resource paths should be nested under /users/{userId}.
$.paths[*]~
warn
basiq-response-schema-ref
Responses should reference schemas using $ref rather than inline definitions.
$.paths.*.*.responses.*.content.application/json.schema
warn
basiq-schema-description-required
All schema properties should have descriptions.
$.components.schemas.*.properties.*
warn
basiq-info-contact-required
API info must include contact details.
$.info
error
basiq-server-url-https
Server URLs must use HTTPS.
$.servers.*.url
warn
basiq-204-delete-response
DELETE operations should return 204 No Content.
$.paths.*.delete.responses

Spectral Ruleset

Raw ↑ 
rules:
  basiq-bearer-auth-required:
    description: All protected operations must use BearerAuth security.
    message: Operation must include BearerAuth security requirement.
    severity: error
    given: $.paths[?([email protected]('token'))].*.security
    then:
      function: schema
      functionOptions:
        schema:
          type: array
          contains:
            type: object
            required: [BearerAuth]

  basiq-operation-id-required:
    description: All operations must have an operationId.
    message: Operation is missing operationId.
    severity: error
    given: $.paths.*.*
    then:
      field: operationId
      function: truthy

  basiq-operation-id-camel-case:
    description: Operation IDs must use camelCase.
    message: "{{value}} must use camelCase."
    severity: warn
    given: $.paths.*.*.operationId
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]+$"

  basiq-summary-required:
    description: All operations must have a summary.
    message: Operation is missing summary.
    severity: error
    given: $.paths.*.*
    then:
      field: summary
      function: truthy

  basiq-summary-title-case:
    description: Operation summaries must use Title Case.
    message: Summary must use Title Case.
    severity: warn
    given: $.paths.*.*.summary
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z][a-zA-Z0-9 ]+$"

  basiq-tags-required:
    description: All operations must be tagged.
    message: Operation must include at least one tag.
    severity: error
    given: $.paths.*.*
    then:
      field: tags
      function: truthy

  basiq-description-required:
    description: All operations must have a description.
    message: Operation is missing description.
    severity: warn
    given: $.paths.*.*
    then:
      field: description
      function: truthy

  basiq-200-response-required:
    description: All GET operations must define a 200 response.
    message: GET operation is missing 200 success response.
    severity: error
    given: $.paths.*.get.responses
    then:
      field: "200"
      function: truthy

  basiq-404-response-required:
    description: Parameterized path operations should define a 404 response.
    message: Operation on parameterized path is missing 404 response.
    severity: warn
    given: $.paths.*.get.responses
    then:
      field: "404"
      function: truthy

  basiq-user-path-prefix:
    description: User-scoped resource paths should be nested under /users/{userId}.
    message: Resource path should be nested under /users/{userId}.
    severity: warn
    given: $.paths[*]~
    then:
      function: pattern
      functionOptions:
        match: "^/(token|users)"

  basiq-response-schema-ref:
    description: Responses should reference schemas using $ref rather than inline definitions.
    message: Response content should use $ref to reference schemas.
    severity: warn
    given: $.paths.*.*.responses.*.content.application/json.schema
    then:
      field: "$ref"
      function: truthy

  basiq-schema-description-required:
    description: All schema properties should have descriptions.
    message: Schema property is missing description.
    severity: warn
    given: $.components.schemas.*.properties.*
    then:
      field: description
      function: truthy

  basiq-info-contact-required:
    description: API info must include contact details.
    message: API info is missing contact information.
    severity: warn
    given: $.info
    then:
      field: contact
      function: truthy

  basiq-server-url-https:
    description: Server URLs must use HTTPS.
    message: Server URL must use HTTPS.
    severity: error
    given: $.servers.*.url
    then:
      function: pattern
      functionOptions:
        match: "^https://"

  basiq-204-delete-response:
    description: DELETE operations should return 204 No Content.
    message: DELETE operation should define a 204 response.
    severity: warn
    given: $.paths.*.delete.responses
    then:
      field: "204"
      function: truthy