Cisco Control Hub · API Governance Rules

Cisco Control Hub API Rules

Spectral linting rules defining API design standards and conventions for Cisco Control Hub.

8 Rules error 3 warn 4 info 1
View Rules File View on GitHub

Rule Categories

webex

Rules

error
webex-info-contact
API contact information must be present.
$.info
error
webex-server-https
All server URLs must use HTTPS.
$.servers[*].url
warn
webex-server-base-path
webexapis.com servers must include /v1.
$.servers[?(@.url && @.url.indexOf('webexapis.com') > -1)].url
warn
webex-oauth-security
An OAuth 2.0 security scheme must be defined.
$.components.securitySchemes[*]
error
webex-operation-id
Every operation must declare a unique operationId.
$.paths[*][get,post,put,patch,delete]
warn
webex-operation-tags
Operations must declare at least one tag.
$.paths[*][get,post,put,patch,delete]
info
webex-pagination-cursor
List endpoints should support max/cursor or start pagination.
$.paths[*].get.parameters[*].name
warn
webex-error-responses
Mutating operations should declare 4xx/5xx error responses.
$.paths[*][post,put,patch,delete].responses

Spectral Ruleset

Raw ↑ 
extends:
  - spectral:oas

# Spectral linting tuned for the Cisco Control Hub / Webex Admin APIs
# at webexapis.com. Validates HTTPS, /v1 base path, OAuth bearer auth,
# operationId/tag conventions, and standard error responses.
rules:
  webex-info-contact:
    description: API contact information must be present.
    severity: error
    given: "$.info"
    then:
      field: contact
      function: truthy

  webex-server-https:
    description: All server URLs must use HTTPS.
    severity: error
    given: "$.servers[*].url"
    then:
      function: pattern
      functionOptions:
        match: "^https://"

  webex-server-base-path:
    description: webexapis.com servers must include /v1.
    severity: warn
    given: "$.servers[?(@.url && @.url.indexOf('webexapis.com') > -1)].url"
    then:
      function: pattern
      functionOptions:
        match: "/v1"

  webex-oauth-security:
    description: An OAuth 2.0 security scheme must be defined.
    severity: warn
    given: "$.components.securitySchemes[*]"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          properties:
            type:
              enum: ["oauth2", "http"]

  webex-operation-id:
    description: Every operation must declare a unique operationId.
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: operationId
      function: truthy

  webex-operation-tags:
    description: Operations must declare at least one tag.
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: tags
      function: schema
      functionOptions:
        schema:
          type: array
          minItems: 1

  webex-pagination-cursor:
    description: List endpoints should support max/cursor or start pagination.
    severity: info
    given: "$.paths[*].get.parameters[*].name"
    then:
      function: enumeration
      functionOptions:
        values:
          - max
          - start
          - cursor
          - orgId
          - personId
          - email

  webex-error-responses:
    description: Mutating operations should declare 4xx/5xx error responses.
    severity: warn
    given: "$.paths[*][post,put,patch,delete].responses"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          anyOf:
            - required: ["400"]
            - required: ["401"]
            - required: ["403"]
            - required: ["404"]
            - required: ["409"]