Bentley Systems · API Governance Rules

Bentley Systems API Rules

Spectral linting rules defining API design standards and conventions for Bentley Systems.

Bentley Systems API Rules is a Spectral governance ruleset published by Bentley Systems on the APIs.io network, containing 12 lint rules.

The ruleset includes 4 error-severity rules, 6 warning-severity rules, and 2 info-severity rules.

Tagged areas include Infrastructure Engineering, Digital Twin, BIM, CAD, and Reality Capture.

Rulesets can be applied to your own OpenAPI specs via Spectral to enforce the same governance standards.

12 Rules error 4 warn 6 info 2

View Rules File View on GitHub

Rule Categories

bentley

Rules

error

bentley-itwin-base-url

All iTwin Platform APIs must use api.bentley.com as the host

$.servers[*].url

error

bentley-oauth2-required

iTwin Platform APIs must define OAuth2 (Bentley IMS) as the security scheme

$.components.securitySchemes.OAuth2

error

bentley-operation-id-required

All iTwin operations must define an operationId

$.paths[*][get,post,put,patch,delete]

warn

bentley-operation-id-pascal-case

iTwin operationIds use PascalCase (e.g., GetIModel, CreateChangeset)

$.paths[*][get,post,put,patch,delete].operationId

warn

bentley-tags-required

All iTwin operations must include at least one tag

$.paths[*][get,post,put,patch,delete]

warn

bentley-summary-title-case

iTwin operation summaries should use Title Case

$.paths[*][get,post,put,patch,delete].summary

error

bentley-response-200-or-201

All iTwin operations must define a 2xx success response

$.paths[*][get,post,put,patch,delete].responses

warn

bentley-uuid-path-params

iTwin resource id path parameters should be uuid-typed

$.paths[*].parameters[?(@.in=='path' && @.name=~/Id$/)].schema

info

bentley-itwin-id-required

Top-level collection GETs should accept iTwinId query parameter for scoping

$.paths[?(@property==/)].get.parameters[?(@.name=='iTwinId')]

warn

bentley-external-docs-required

iTwin Platform API specs should reference developer.bentley.com via externalDocs

$.externalDocs.url

warn

bentley-info-contact-required

Spec info.contact must reference Bentley Developer Relations

$.info.contact

info

bentley-license-required

Spec info.license should reference the Bentley Developer Portal terms

$.info.license.url

Spectral Ruleset

extends: spectral:oas
rules:
  bentley-itwin-base-url:
    description: All iTwin Platform APIs must use api.bentley.com as the host
    message: "Server URL '{{value}}' must use https://api.bentley.com host"
    given: "$.servers[*].url"
    severity: error
    then:
      function: pattern
      functionOptions:
        match: "^https://api\\.bentley\\.com"

  bentley-oauth2-required:
    description: iTwin Platform APIs must define OAuth2 (Bentley IMS) as the security scheme
    message: "Security scheme 'OAuth2' (Bentley IMS) must be defined"
    given: "$.components.securitySchemes.OAuth2"
    severity: error
    then:
      function: truthy

  bentley-operation-id-required:
    description: All iTwin operations must define an operationId
    message: "Operation at {{path}} is missing operationId"
    given: "$.paths[*][get,post,put,patch,delete]"
    severity: error
    then:
      field: operationId
      function: truthy

  bentley-operation-id-pascal-case:
    description: iTwin operationIds use PascalCase (e.g., GetIModel, CreateChangeset)
    message: "operationId '{{value}}' should use PascalCase"
    given: "$.paths[*][get,post,put,patch,delete].operationId"
    severity: warn
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z][a-zA-Z0-9]+$"

  bentley-tags-required:
    description: All iTwin operations must include at least one tag
    message: "Operation '{{path}}' must include a tag"
    given: "$.paths[*][get,post,put,patch,delete]"
    severity: warn
    then:
      field: tags
      function: truthy

  bentley-summary-title-case:
    description: iTwin operation summaries should use Title Case
    message: "Summary '{{value}}' should use Title Case"
    given: "$.paths[*][get,post,put,patch,delete].summary"
    severity: warn
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z][a-zA-Z0-9]*( [A-Z][a-zA-Z0-9]*)*"

  bentley-response-200-or-201:
    description: All iTwin operations must define a 2xx success response
    message: "Operation at {{path}} must define a 2xx response"
    given: "$.paths[*][get,post,put,patch,delete].responses"
    severity: error
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          anyOf:
            - required: ["200"]
            - required: ["201"]
            - required: ["202"]
            - required: ["204"]

  bentley-uuid-path-params:
    description: iTwin resource id path parameters should be uuid-typed
    message: "Path parameter '{{property}}' that ends in 'Id' should declare format=uuid"
    given: "$.paths[*].parameters[?(@.in=='path' && @.name=~/Id$/)].schema"
    severity: warn
    then:
      field: format
      function: pattern
      functionOptions:
        match: "^uuid$"

  bentley-itwin-id-required:
    description: Top-level collection GETs should accept iTwinId query parameter for scoping
    message: "Collection endpoint at {{path}} should support iTwinId query parameter"
    given: "$.paths[?(@property==/)].get.parameters[?(@.name=='iTwinId')]"
    severity: info
    then:
      function: truthy

  bentley-external-docs-required:
    description: iTwin Platform API specs should reference developer.bentley.com via externalDocs
    message: "Spec should include externalDocs pointing to developer.bentley.com"
    given: "$.externalDocs.url"
    severity: warn
    then:
      function: pattern
      functionOptions:
        match: "^https://developer\\.bentley\\.com/"

  bentley-info-contact-required:
    description: Spec info.contact must reference Bentley Developer Relations
    message: "info.contact must be defined and reference Bentley Developer Relations"
    given: "$.info.contact"
    severity: warn
    then:
      field: name
      function: pattern
      functionOptions:
        match: "Bentley"

  bentley-license-required:
    description: Spec info.license should reference the Bentley Developer Portal terms
    message: "info.license should point to https://developer.bentley.com/legal/"
    given: "$.info.license.url"
    severity: info
    then:
      function: pattern
      functionOptions:
        match: "^https://developer\\.bentley\\.com/legal/"