Citizens Financial Group · API Governance Rules

Citizens Financial Group API Rules

Spectral linting rules defining API design standards and conventions for Citizens Financial Group.

6 Rules error 3 warn 3
View Rules File View on GitHub

Rule Categories

citizens

Rules

error
citizens-https-only
All Citizens API servers MUST use HTTPS.
$.servers[*].url
error
citizens-oauth-required
Citizens APIs MUST declare an OAuth 2.0 security scheme for consented data access.
$.components.securitySchemes
error
citizens-operation-id
Operations MUST have an operationId.
$.paths[*][get,post,put,delete,patch]
warn
citizens-tag-required
Operations MUST be tagged for product domain grouping.
$.paths[*][get,post,put,delete,patch].tags
warn
citizens-info-contact
API info MUST contain a contact for security disclosures.
$.info
warn
citizens-fdx-alignment
Open banking endpoints SHOULD align with Financial Data Exchange (FDX) field names.
$.components.schemas

Spectral Ruleset

citizens-financial-group-rules.yml Raw ↑ 
extends:
  - spectral:oas
rules:
  citizens-https-only:
    description: All Citizens API servers MUST use HTTPS.
    severity: error
    given: $.servers[*].url
    then:
      function: pattern
      functionOptions:
        match: '^https://'
  citizens-oauth-required:
    description: Citizens APIs MUST declare an OAuth 2.0 security scheme for consented data access.
    severity: error
    given: $.components.securitySchemes
    then:
      function: truthy
  citizens-operation-id:
    description: Operations MUST have an operationId.
    severity: error
    given: $.paths[*][get,post,put,delete,patch]
    then:
      field: operationId
      function: truthy
  citizens-tag-required:
    description: Operations MUST be tagged for product domain grouping.
    severity: warn
    given: $.paths[*][get,post,put,delete,patch].tags
    then:
      function: truthy
  citizens-info-contact:
    description: API info MUST contain a contact for security disclosures.
    severity: warn
    given: $.info
    then:
      field: contact
      function: truthy
  citizens-fdx-alignment:
    description: Open banking endpoints SHOULD align with Financial Data Exchange (FDX) field names.
    severity: warn
    given: $.components.schemas
    then:
      function: truthy