BigID · API Governance Rules

BigID API Rules

Spectral linting rules defining API design standards and conventions for BigID.

6 Rules error 1 warn 4 info 1
View Rules File View on GitHub

Rule Categories

bigid

Rules

warn
bigid-operation-summary-title-case
Operation summaries should be Title Case, matching BigID developer-portal style.
$.paths[*][get,post,put,patch,delete].summary
error
bigid-operation-must-have-operation-id
All operations must declare an operationId so SDK generators and Naftiko bindings can resolve them.
$.paths[*][get,post,put,patch,delete]
warn
bigid-paths-kebab-or-snake-case
BigID API paths use either kebab-case or snake_case; mixed casing inside a segment is discouraged.
$.paths[*]~
warn
bigid-bearer-auth-declared
Each API must declare a Bearer JWT security scheme reflecting BigID's auth_token / systemToken pattern.
$.components.securitySchemes
warn
bigid-tags-required
Every operation should be tagged so the BigID developer portal can group it.
$.paths[*][get,post,put,patch,delete]
info
bigid-server-baseurl-includes-api-v1
BigID REST APIs are versioned under /api/v1; servers should reflect that prefix.
$.servers[*].url

Spectral Ruleset

Raw ↑ 
extends:
  - spectral:oas
overrides: []
rules:
  bigid-operation-summary-title-case:
    description: Operation summaries should be Title Case, matching BigID developer-portal style.
    message: '{{property}} summary should use Title Case.'
    severity: warn
    given: $.paths[*][get,post,put,patch,delete].summary
    then:
      function: pattern
      functionOptions:
        match: '^([A-Z][A-Za-z0-9]*)( [A-Z][A-Za-z0-9]*)*$'

  bigid-operation-must-have-operation-id:
    description: All operations must declare an operationId so SDK generators and Naftiko bindings can resolve them.
    message: 'Operation is missing operationId.'
    severity: error
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: operationId
      function: truthy

  bigid-paths-kebab-or-snake-case:
    description: BigID API paths use either kebab-case or snake_case; mixed casing inside a segment is discouraged.
    message: '{{property}} should be kebab-case or snake_case.'
    severity: warn
    given: $.paths[*]~
    then:
      function: pattern
      functionOptions:
        match: '^/[a-z0-9{}_/.:-]+$'

  bigid-bearer-auth-declared:
    description: Each API must declare a Bearer JWT security scheme reflecting BigID's auth_token / systemToken pattern.
    message: 'BearerAuth security scheme must be present.'
    severity: warn
    given: $.components.securitySchemes
    then:
      field: BearerAuth
      function: truthy

  bigid-tags-required:
    description: Every operation should be tagged so the BigID developer portal can group it.
    message: 'Operation must declare at least one tag.'
    severity: warn
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: tags
      function: truthy

  bigid-server-baseurl-includes-api-v1:
    description: BigID REST APIs are versioned under /api/v1; servers should reflect that prefix.
    message: 'Server URL should include /api/v1.'
    severity: info
    given: $.servers[*].url
    then:
      function: pattern
      functionOptions:
        match: '/api/v1'