Bud Financial · API Governance Rules

Bud Financial API Rules

Spectral linting rules defining API design standards and conventions for Bud Financial.

6 Rules error 1 warn 4
View Rules File View on GitHub

Rule Categories

bud

Rules

warn
bud-paths-kebab-case
Bud API paths use kebab-case segments (e.g. /open-banking/v2/refresh, /account-access-consents).
$.paths.*~
warn
bud-versioned-paths
Bud API paths must contain a version segment such as v1, v2, v3, or beta.
$.paths.*~
warn
bud-operation-summary-title-case
Bud operation summaries should be in Title Case (matches the existing API reference style).
$.paths[*][get,post,put,patch,delete].summary
error
bud-operation-tag-required
Every operation must have at least one tag to anchor it under a Bud product surface.
$.paths[*][get,post,put,patch,delete]
warn
bud-oauth2-security
Non-OAuth endpoints (everything except /v1/oauth/token) must declare a security requirement.
$.paths[?(@property != '/v1/oauth/token')][get,post,put,patch,delete]
hint
bud-task-id-pattern
Asynchronous endpoints expose the task identifier as `{task_id}` consistently.
$.paths.*~

Spectral Ruleset

Raw ↑ 
extends:
- spectral:oas
rules:
  bud-paths-kebab-case:
    description: Bud API paths use kebab-case segments (e.g. /open-banking/v2/refresh, /account-access-consents).
    given: $.paths.*~
    severity: warn
    then:
      function: pattern
      functionOptions:
        match: '^(/[a-z0-9-]+|/\{[a-z_]+\})+$'
  bud-versioned-paths:
    description: Bud API paths must contain a version segment such as v1, v2, v3, or beta.
    given: $.paths.*~
    severity: warn
    then:
      function: pattern
      functionOptions:
        match: '/(v[0-9]+|beta)(/|$)'
  bud-operation-summary-title-case:
    description: Bud operation summaries should be in Title Case (matches the existing API reference style).
    given: $.paths[*][get,post,put,patch,delete].summary
    severity: warn
    then:
      function: pattern
      functionOptions:
        match: '^[A-Z]'
  bud-operation-tag-required:
    description: Every operation must have at least one tag to anchor it under a Bud product surface.
    given: $.paths[*][get,post,put,patch,delete]
    severity: error
    then:
      field: tags
      function: truthy
  bud-oauth2-security:
    description: Non-OAuth endpoints (everything except /v1/oauth/token) must declare a security requirement.
    given: $.paths[?(@property != '/v1/oauth/token')][get,post,put,patch,delete]
    severity: warn
    then:
      field: security
      function: truthy
  bud-task-id-pattern:
    description: Asynchronous endpoints expose the task identifier as `{task_id}` consistently.
    given: $.paths.*~
    severity: hint
    then:
      function: pattern
      functionOptions:
        notMatch: '\{taskId\}'