BBVA · API Governance Rules

BBVA API Rules

Spectral linting rules defining API design standards and conventions for BBVA.

6 Rules error 2 warn 3 info 1
View Rules File View on GitHub

Rule Categories

bbva

Rules

error
bbva-bearer-auth-required
BBVA API operations must use OAuth 2.0 Bearer token authentication.
$.paths[?([email protected]('(token|oauth)'))].*.security
error
bbva-operation-id-required
All BBVA API operations must have an operationId.
$.paths.*.*
warn
bbva-response-200-required
All GET operations should define a 200 success response.
$.paths.*.get.responses
warn
bbva-error-response-400
Operations should define a 400 error response for bad requests.
$.paths.*.*.responses
info
bbva-country-header-documented
BBVA multi-country APIs should document country selection mechanism.
$.info
warn
bbva-iban-format
IBAN fields should use string format with pattern constraint.
$.components.schemas..[?(@property === 'iban')]

Spectral Ruleset

bbva-spectral-rules.yml Raw ↑ 
rules:
  bbva-bearer-auth-required:
    description: BBVA API operations must use OAuth 2.0 Bearer token authentication.
    message: Operation must include BearerAuth or OAuth2 security requirement.
    severity: error
    given: $.paths[?([email protected]('(token|oauth)'))].*.security
    then:
      function: schema
      functionOptions:
        schema:
          type: array
          minItems: 1

  bbva-operation-id-required:
    description: All BBVA API operations must have an operationId.
    message: Operation is missing operationId.
    severity: error
    given: $.paths.*.*
    then:
      field: operationId
      function: truthy

  bbva-response-200-required:
    description: All GET operations should define a 200 success response.
    message: GET operation is missing a 200 response.
    severity: warn
    given: $.paths.*.get.responses
    then:
      field: '200'
      function: truthy

  bbva-error-response-400:
    description: Operations should define a 400 error response for bad requests.
    message: Operation is missing a 400 Bad Request response definition.
    severity: warn
    given: $.paths.*.*.responses
    then:
      field: '400'
      function: truthy

  bbva-country-header-documented:
    description: BBVA multi-country APIs should document country selection mechanism.
    message: Consider documenting the country or region selection header/parameter.
    severity: info
    given: $.info
    then:
      field: description
      function: truthy

  bbva-iban-format:
    description: IBAN fields should use string format with pattern constraint.
    message: IBAN property should specify format or pattern.
    severity: warn
    given: $.components.schemas..[?(@property === 'iban')]
    then:
      field: type
      function: truthy