Bloom Credit · API Governance Rules

Bloom Credit API Rules

Spectral linting rules defining API design standards and conventions for Bloom Credit.

30 Rules error 11 warn 14 info 5
View Rules File View on GitHub

Rule Categories

bloom

Rules

error
bloom-credit-info-title
API must have a title
$.info
error
bloom-credit-info-description
API must have a description
$.info
error
bloom-credit-info-version
API must have a version
$.info
warn
bloom-credit-info-contact
API must have contact information
$.info
error
bloom-credit-servers-exist
API must have at least one server defined
$
error
bloom-credit-server-https
All servers must use HTTPS
$.servers[*]
warn
bloom-credit-server-description
Each server must have a description
$.servers[*]
warn
bloom-credit-path-kebab-case
Path segments must use kebab-case
$.paths[*]~
error
bloom-credit-path-no-trailing-slash
Paths must not have trailing slashes
$.paths[*]~
error
bloom-credit-operation-id-exists
Every operation must have an operationId
$.paths[*][get,post,put,patch,delete,head,options,trace]
warn
bloom-credit-operation-id-kebab-case
OperationId must use kebab-case
$.paths[*][get,post,put,patch,delete,head,options,trace]
error
bloom-credit-operation-summary-exists
Every operation must have a summary
$.paths[*][get,post,put,patch,delete,head,options,trace]
warn
bloom-credit-operation-summary-prefix
Operation summaries must start with Bloom Credit
$.paths[*][get,post,put,patch,delete,head,options,trace]
warn
bloom-credit-operation-description-exists
Every operation must have a description
$.paths[*][get,post,put,patch,delete,head,options,trace]
warn
bloom-credit-operation-tags
Every operation must have at least one tag
$.paths[*][get,post,put,patch,delete,head,options,trace]
warn
bloom-credit-parameter-description
All parameters must have a description
$.paths[*][*].parameters[*]
error
bloom-credit-parameter-schema
All parameters must have a schema
$.paths[*][*].parameters[*]
error
bloom-credit-response-success-exists
Operations must have at least one 2xx response
$.paths[*][get,post,put,patch,delete]
warn
bloom-credit-response-schema-exists
Success responses must have a content schema
$.paths[*][*].responses[200,201].content[*]
warn
bloom-credit-response-examples
Responses should include examples
$.paths[*][*].responses[200,201].content[*]
error
bloom-credit-security-scheme-defined
API must define security schemes
$.components
warn
bloom-credit-global-security
API should have global security defined
$
info
bloom-credit-apikey-auth
API should use API key authentication via X-API-Key header
$.components.securitySchemes[*]
warn
bloom-credit-schema-type
All schema objects must have a type
$.components.schemas[*]
warn
bloom-credit-schema-description
All schema components must have a description
$.components.schemas[*]
info
bloom-credit-property-description
Schema properties should have descriptions
$.components.schemas[*].properties[*]
info
bloom-credit-consumer-id-path
Consumer endpoints should be nested under /consumers/{consumer_id}
$.paths[/consumers/{consumer_id}*]~
info
bloom-credit-bureau-enum
Bureau fields should use valid bureau names
$.components.schemas[*].properties.bureau.enum
info
bloom-credit-score-range
Credit score schemas should define min/max range
$.components.schemas.CreditScore.properties.score
warn
bloom-credit-sandbox-server
API should have a sandbox server for testing
$.servers

Spectral Ruleset

Raw ↑ 
rules:
  # Info rules
  bloom-credit-info-title:
    description: API must have a title
    severity: error
    given: "$.info"
    then:
      field: title
      function: truthy

  bloom-credit-info-description:
    description: API must have a description
    severity: error
    given: "$.info"
    then:
      field: description
      function: truthy

  bloom-credit-info-version:
    description: API must have a version
    severity: error
    given: "$.info"
    then:
      field: version
      function: truthy

  bloom-credit-info-contact:
    description: API must have contact information
    severity: warn
    given: "$.info"
    then:
      field: contact
      function: truthy

  # Server rules
  bloom-credit-servers-exist:
    description: API must have at least one server defined
    severity: error
    given: "$"
    then:
      field: servers
      function: truthy

  bloom-credit-server-https:
    description: All servers must use HTTPS
    severity: error
    given: "$.servers[*]"
    then:
      field: url
      function: pattern
      functionOptions:
        match: "^https://"

  bloom-credit-server-description:
    description: Each server must have a description
    severity: warn
    given: "$.servers[*]"
    then:
      field: description
      function: truthy

  # Path rules
  bloom-credit-path-kebab-case:
    description: Path segments must use kebab-case
    severity: warn
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        match: "^(/[a-z0-9-{}]+)+$"

  bloom-credit-path-no-trailing-slash:
    description: Paths must not have trailing slashes
    severity: error
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        notMatch: "/$"

  # Operation rules
  bloom-credit-operation-id-exists:
    description: Every operation must have an operationId
    severity: error
    given: "$.paths[*][get,post,put,patch,delete,head,options,trace]"
    then:
      field: operationId
      function: truthy

  bloom-credit-operation-id-kebab-case:
    description: OperationId must use kebab-case
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete,head,options,trace]"
    then:
      field: operationId
      function: pattern
      functionOptions:
        match: "^[a-z][a-z0-9-]+$"

  bloom-credit-operation-summary-exists:
    description: Every operation must have a summary
    severity: error
    given: "$.paths[*][get,post,put,patch,delete,head,options,trace]"
    then:
      field: summary
      function: truthy

  bloom-credit-operation-summary-prefix:
    description: Operation summaries must start with Bloom Credit
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete,head,options,trace]"
    then:
      field: summary
      function: pattern
      functionOptions:
        match: "^Bloom Credit"

  bloom-credit-operation-description-exists:
    description: Every operation must have a description
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete,head,options,trace]"
    then:
      field: description
      function: truthy

  bloom-credit-operation-tags:
    description: Every operation must have at least one tag
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete,head,options,trace]"
    then:
      field: tags
      function: truthy

  # Parameter rules
  bloom-credit-parameter-description:
    description: All parameters must have a description
    severity: warn
    given: "$.paths[*][*].parameters[*]"
    then:
      field: description
      function: truthy

  bloom-credit-parameter-schema:
    description: All parameters must have a schema
    severity: error
    given: "$.paths[*][*].parameters[*]"
    then:
      field: schema
      function: truthy

  # Response rules
  bloom-credit-response-success-exists:
    description: Operations must have at least one 2xx response
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: responses
      function: schema
      functionOptions:
        schema:
          type: object
          anyOf:
            - required: ["200"]
            - required: ["201"]
            - required: ["202"]
            - required: ["204"]

  bloom-credit-response-schema-exists:
    description: Success responses must have a content schema
    severity: warn
    given: "$.paths[*][*].responses[200,201].content[*]"
    then:
      field: schema
      function: truthy

  bloom-credit-response-examples:
    description: Responses should include examples
    severity: warn
    given: "$.paths[*][*].responses[200,201].content[*]"
    then:
      field: examples
      function: truthy

  # Security rules
  bloom-credit-security-scheme-defined:
    description: API must define security schemes
    severity: error
    given: "$.components"
    then:
      field: securitySchemes
      function: truthy

  bloom-credit-global-security:
    description: API should have global security defined
    severity: warn
    given: "$"
    then:
      field: security
      function: truthy

  bloom-credit-apikey-auth:
    description: API should use API key authentication via X-API-Key header
    severity: info
    given: "$.components.securitySchemes[*]"
    then:
      function: truthy

  # Schema rules
  bloom-credit-schema-type:
    description: All schema objects must have a type
    severity: warn
    given: "$.components.schemas[*]"
    then:
      field: type
      function: truthy

  bloom-credit-schema-description:
    description: All schema components must have a description
    severity: warn
    given: "$.components.schemas[*]"
    then:
      field: description
      function: truthy

  bloom-credit-property-description:
    description: Schema properties should have descriptions
    severity: info
    given: "$.components.schemas[*].properties[*]"
    then:
      field: description
      function: truthy

  # Bloom Credit-specific rules
  bloom-credit-consumer-id-path:
    description: Consumer endpoints should be nested under /consumers/{consumer_id}
    severity: info
    given: "$.paths[/consumers/{consumer_id}*]~"
    then:
      function: truthy

  bloom-credit-bureau-enum:
    description: Bureau fields should use valid bureau names
    severity: info
    given: "$.components.schemas[*].properties.bureau.enum"
    then:
      function: truthy

  bloom-credit-score-range:
    description: Credit score schemas should define min/max range
    severity: info
    given: "$.components.schemas.CreditScore.properties.score"
    then:
      function: truthy

  bloom-credit-sandbox-server:
    description: API should have a sandbox server for testing
    severity: warn
    given: "$.servers"
    then:
      function: schema
      functionOptions:
        schema:
          type: array
          minItems: 2