IPGeolocation.io · API Governance Rules

IPGeolocation.io API Rules

Spectral linting rules defining API design standards and conventions for IPGeolocation.io.

40 Rules error 18 warn 17 info 5
View Rules File View on GitHub

Rule Categories

bulk contact delete get info license no openapi operation parameter path request response schema security server servers tag tags

Rules

error
info-title-prefix
Info title must start with "IPGeolocation.io".
$.info
error
info-version-required
Info must declare an API version.
$.info
warn
info-description-required
Info must include a description of at least 40 characters.
$.info
error
openapi-version-3
Specs must declare OpenAPI 3.0.x or 3.1.x.
$
error
servers-required
A servers array must be defined.
$
error
server-must-be-https
All server URLs must use HTTPS.
$.servers[*]
warn
server-must-be-ipgeolocation-host
Server URL must be https://api.ipgeolocation.io.
$.servers[*]
error
path-must-be-versioned
All operation paths must begin with /v3/.
$.paths
error
path-no-trailing-slash
Paths must not end with a trailing slash.
$.paths
warn
path-kebab-or-camel
Path segments are kebab-case (preferred) or camelCase. No snake_case, no PascalCase, no spaces.
$.paths
error
operation-summary-required
Every operation must have a summary.
$.paths[*][get,post,put,patch,delete]
warn
operation-description-required
Every operation must have a description.
$.paths[*][get,post,put,patch,delete]
error
operation-operationid-required
Every operation must define an operationId.
$.paths[*][get,post,put,patch,delete]
warn
operation-operationid-camelcase
operationId must be camelCase (e.g. lookupIpGeolocation).
$.paths[*][get,post,put,patch,delete]
error
operation-tags-required
Every operation must declare at least one tag.
$.paths[*][get,post,put,patch,delete]
info
operation-microcks-extension
Operations should declare x-microcks-operation for mock-server use.
$.paths[*][get,post,put,patch,delete]
warn
tags-must-be-defined-globally
A global tags array must exist.
$
warn
tag-title-case
Tag names use Title Case (e.g. "IP Geolocation", "User Agent", "Astronomy"). No kebab-case, no snake_case.
$.tags[*]
warn
tag-description-required
Each global tag must include a description.
$.tags[*]
warn
parameter-description-required
Each parameter must include a description.
$.paths[*][get,post,put,patch,delete].parameters[*]
error
parameter-schema-required
Each parameter must declare a schema with type.
$.paths[*][get,post,put,patch,delete].parameters[*]
warn
parameter-name-camelcase
Parameter names use camelCase (e.g. ip, apiKey, lang).
$.paths[*][get,post,put,patch,delete].parameters[*]
warn
request-body-json-content-type
Request bodies must support application/json.
$.paths[*][post,put,patch].requestBody.content
info
request-body-description-required
Each request body should have a description.
$.paths[*][post,put,patch].requestBody
error
response-success-required
Every operation must define at least one 2xx response.
$.paths[*][get,post,put,patch,delete].responses
warn
response-401-required
All operations must document a 401 unauthorized response.
$.paths[*][get,post,put,patch,delete].responses
info
response-429-recommended
Operations should document a 429 throttling response.
$.paths[*][get,post,put,patch,delete].responses
error
response-description-required
Every response must include a description.
$.paths[*][get,post,put,patch,delete].responses[*]
warn
response-json-content-type
Success responses must offer application/json.
$.paths[*][get,post,put,patch,delete].responses['200','201'].content
warn
schema-property-snake-or-camel
Schema property names use snake_case (preferred) or camelCase across IPGeolocation responses. No PascalCase or kebab-case.
$.components.schemas[*].properties
warn
schema-description-required
Top-level schemas should include a description.
$.components.schemas[*]
error
security-scheme-required
The spec must define at least one security scheme.
$.components.securitySchemes
warn
security-apikey-scheme
Security scheme must be the apiKey query parameter named apiKey.
$.components.securitySchemes.ApiKeyAuth
warn
security-global-required
A global security requirement must be declared.
$
error
get-no-request-body
GET operations must not declare a request body.
$.paths[*].get
error
delete-no-request-body
DELETE operations must not declare a request body.
$.paths[*].delete
error
bulk-must-be-post
Bulk endpoints must use POST.
$.paths[?(@property.match(/-bulk$/i))]
error
no-empty-summary
Operation summaries must be non-empty.
$.paths[*][get,post,put,patch,delete].summary
info
contact-recommended
Info should include a contact block for support routing.
$.info
info
license-recommended
Info should declare a license.
$.info

Spectral Ruleset

Raw ↑ 
# Spectral ruleset for IPGeolocation.io OpenAPI specifications.
# Enforces conventions observed across the seven per-product specs
# (IP Geolocation, IP Security, ASN, Abuse, Timezone, Astronomy, User Agent).
rules:

  # ── INFO / METADATA ─────────────────────────────────────────────────────
  info-title-prefix:
    description: Info title must start with "IPGeolocation.io".
    severity: error
    given: $.info
    then:
      field: title
      function: pattern
      functionOptions:
        match: '^IPGeolocation\.io'
  info-version-required:
    description: Info must declare an API version.
    severity: error
    given: $.info
    then:
      field: version
      function: truthy
  info-description-required:
    description: Info must include a description of at least 40 characters.
    severity: warn
    given: $.info
    then:
      field: description
      function: length
      functionOptions:
        min: 40

  # ── OPENAPI VERSION ────────────────────────────────────────────────────
  openapi-version-3:
    description: Specs must declare OpenAPI 3.0.x or 3.1.x.
    severity: error
    given: $
    then:
      field: openapi
      function: pattern
      functionOptions:
        match: '^3\.'

  # ── SERVERS ────────────────────────────────────────────────────────────
  servers-required:
    description: A servers array must be defined.
    severity: error
    given: $
    then:
      field: servers
      function: truthy
  server-must-be-https:
    description: All server URLs must use HTTPS.
    severity: error
    given: $.servers[*]
    then:
      field: url
      function: pattern
      functionOptions:
        match: '^https://'
  server-must-be-ipgeolocation-host:
    description: Server URL must be https://api.ipgeolocation.io.
    severity: warn
    given: $.servers[*]
    then:
      field: url
      function: pattern
      functionOptions:
        match: '^https://api\.ipgeolocation\.io'

  # ── PATHS — NAMING CONVENTIONS ─────────────────────────────────────────
  path-must-be-versioned:
    description: All operation paths must begin with /v3/.
    severity: error
    given: $.paths
    then:
      field: '@key'
      function: pattern
      functionOptions:
        match: '^/v3/'
  path-no-trailing-slash:
    description: Paths must not end with a trailing slash.
    severity: error
    given: $.paths
    then:
      field: '@key'
      function: pattern
      functionOptions:
        notMatch: '.+/$'
  path-kebab-or-camel:
    description: >-
      Path segments are kebab-case (preferred) or camelCase. No snake_case,
      no PascalCase, no spaces.
    severity: warn
    given: $.paths
    then:
      field: '@key'
      function: pattern
      functionOptions:
        match: '^(/[a-z][a-zA-Z0-9-]*)+$'

  # ── OPERATIONS ─────────────────────────────────────────────────────────
  operation-summary-required:
    description: Every operation must have a summary.
    severity: error
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: summary
      function: truthy
  operation-description-required:
    description: Every operation must have a description.
    severity: warn
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: description
      function: truthy
  operation-operationid-required:
    description: Every operation must define an operationId.
    severity: error
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: operationId
      function: truthy
  operation-operationid-camelcase:
    description: operationId must be camelCase (e.g. lookupIpGeolocation).
    severity: warn
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: operationId
      function: pattern
      functionOptions:
        match: '^[a-z][a-zA-Z0-9]*$'
  operation-tags-required:
    description: Every operation must declare at least one tag.
    severity: error
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: tags
      function: schema
      functionOptions:
        schema:
          type: array
          minItems: 1
  operation-microcks-extension:
    description: Operations should declare x-microcks-operation for mock-server use.
    severity: info
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: x-microcks-operation
      function: truthy

  # ── TAGS ───────────────────────────────────────────────────────────────
  tags-must-be-defined-globally:
    description: A global tags array must exist.
    severity: warn
    given: $
    then:
      field: tags
      function: truthy
  tag-title-case:
    description: >-
      Tag names use Title Case (e.g. "IP Geolocation", "User Agent",
      "Astronomy"). No kebab-case, no snake_case.
    severity: warn
    given: $.tags[*]
    then:
      field: name
      function: pattern
      functionOptions:
        match: '^[A-Z][A-Za-z0-9]*( [A-Z][A-Za-z0-9]*)*$'
  tag-description-required:
    description: Each global tag must include a description.
    severity: warn
    given: $.tags[*]
    then:
      field: description
      function: truthy

  # ── PARAMETERS ─────────────────────────────────────────────────────────
  parameter-description-required:
    description: Each parameter must include a description.
    severity: warn
    given: $.paths[*][get,post,put,patch,delete].parameters[*]
    then:
      field: description
      function: truthy
  parameter-schema-required:
    description: Each parameter must declare a schema with type.
    severity: error
    given: $.paths[*][get,post,put,patch,delete].parameters[*]
    then:
      field: schema
      function: truthy
  parameter-name-camelcase:
    description: Parameter names use camelCase (e.g. ip, apiKey, lang).
    severity: warn
    given: $.paths[*][get,post,put,patch,delete].parameters[*]
    then:
      field: name
      function: pattern
      functionOptions:
        match: '^[a-z][a-zA-Z0-9]*$'

  # ── REQUEST BODIES ─────────────────────────────────────────────────────
  request-body-json-content-type:
    description: Request bodies must support application/json.
    severity: warn
    given: $.paths[*][post,put,patch].requestBody.content
    then:
      field: application/json
      function: truthy
  request-body-description-required:
    description: Each request body should have a description.
    severity: info
    given: $.paths[*][post,put,patch].requestBody
    then:
      field: description
      function: truthy

  # ── RESPONSES ──────────────────────────────────────────────────────────
  response-success-required:
    description: Every operation must define at least one 2xx response.
    severity: error
    given: $.paths[*][get,post,put,patch,delete].responses
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          patternProperties:
            '^2[0-9][0-9]$': {}
          minProperties: 1
  response-401-required:
    description: All operations must document a 401 unauthorized response.
    severity: warn
    given: $.paths[*][get,post,put,patch,delete].responses
    then:
      field: '401'
      function: truthy
  response-429-recommended:
    description: Operations should document a 429 throttling response.
    severity: info
    given: $.paths[*][get,post,put,patch,delete].responses
    then:
      field: '429'
      function: truthy
  response-description-required:
    description: Every response must include a description.
    severity: error
    given: $.paths[*][get,post,put,patch,delete].responses[*]
    then:
      field: description
      function: truthy
  response-json-content-type:
    description: Success responses must offer application/json.
    severity: warn
    given: $.paths[*][get,post,put,patch,delete].responses['200','201'].content
    then:
      field: application/json
      function: truthy

  # ── SCHEMAS — PROPERTY NAMING ──────────────────────────────────────────
  schema-property-snake-or-camel:
    description: >-
      Schema property names use snake_case (preferred) or camelCase across
      IPGeolocation responses. No PascalCase or kebab-case.
    severity: warn
    given: $.components.schemas[*].properties
    then:
      field: '@key'
      function: pattern
      functionOptions:
        match: '^[a-z][a-zA-Z0-9_]*$'
  schema-description-required:
    description: Top-level schemas should include a description.
    severity: warn
    given: $.components.schemas[*]
    then:
      field: description
      function: truthy

  # ── SECURITY ───────────────────────────────────────────────────────────
  security-scheme-required:
    description: The spec must define at least one security scheme.
    severity: error
    given: $.components.securitySchemes
    then:
      function: truthy
  security-apikey-scheme:
    description: Security scheme must be the apiKey query parameter named apiKey.
    severity: warn
    given: $.components.securitySchemes.ApiKeyAuth
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          properties:
            type: { const: apiKey }
            in: { const: query }
            name: { const: apiKey }
          required: [type, in, name]
  security-global-required:
    description: A global security requirement must be declared.
    severity: warn
    given: $
    then:
      field: security
      function: truthy

  # ── HTTP METHOD CONVENTIONS ────────────────────────────────────────────
  get-no-request-body:
    description: GET operations must not declare a request body.
    severity: error
    given: $.paths[*].get
    then:
      field: requestBody
      function: falsy
  delete-no-request-body:
    description: DELETE operations must not declare a request body.
    severity: error
    given: $.paths[*].delete
    then:
      field: requestBody
      function: falsy
  bulk-must-be-post:
    description: Bulk endpoints must use POST.
    severity: error
    given: $.paths[?(@property.match(/-bulk$/i))]
    then:
      field: get
      function: falsy

  # ── GENERAL QUALITY ────────────────────────────────────────────────────
  no-empty-summary:
    description: Operation summaries must be non-empty.
    severity: error
    given: $.paths[*][get,post,put,patch,delete].summary
    then:
      function: truthy
  contact-recommended:
    description: Info should include a contact block for support routing.
    severity: info
    given: $.info
    then:
      field: contact
      function: truthy
  license-recommended:
    description: Info should declare a license.
    severity: info
    given: $.info
    then:
      field: license
      function: truthy