Mercedes-Benz Mercedes me · API Governance Rules

Mercedes-Benz Mercedes me API Rules

Spectral linting rules defining API design standards and conventions for Mercedes-Benz Mercedes me.

8 Rules error 2 warn 6
View Rules File View on GitHub

Rule Categories

mercedes

Rules

warn
mercedes-me-operation-id-camel-case
Mercedes-Benz operationIds follow the lowerCamelCase pattern with a method suffix (e.g. marketsGET, modelConfigurationsGET, onlineCodePOST).
$.paths[*][get,post,put,delete,patch].operationId
warn
mercedes-me-vehicleid-param
Vehicle-keyed paths must accept a `vehicleId` (VIN/FIN) path parameter.
$.paths[?(@property.match(/vehicles\//))]
warn
mercedes-me-summary-title-case
Operation summaries should use Title Case for consistency across Mercedes-Benz API products.
$.paths[*][get,post,put,delete,patch].summary
error
mercedes-me-host-must-be-mercedes
Mercedes-Benz APIs must be hosted at api.mercedes-benz.com.
$.host
error
mercedes-me-https-only
All Mercedes-Benz APIs must be served over HTTPS only.
$.schemes
warn
mercedes-me-apikey-or-oauth
Mercedes-Benz APIs must declare apiKey (for sandbox/reference APIs) or oauth2 (for vehicle APIs) security definitions.
$.securityDefinitions
warn
mercedes-me-error-codes-documented
Every operation should document 401, 429, and 500 in addition to its happy-path response.
$.paths[*][get,post,put,delete,patch].responses
warn
mercedes-me-no-trailing-slash
Mercedes-Benz API paths should not have a trailing slash.
$.paths[*]~

Spectral Ruleset

Raw ↑ 
extends:
  - spectral:oas
rules:
  mercedes-me-operation-id-camel-case:
    description: Mercedes-Benz operationIds follow the lowerCamelCase pattern with a method suffix (e.g. marketsGET, modelConfigurationsGET, onlineCodePOST).
    message: "{{property}} should match Mercedes-Benz operationId convention (lowerCamelCase ending in GET/POST/PUT/DELETE/PATCH)"
    severity: warn
    given: $.paths[*][get,post,put,delete,patch].operationId
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]+(GET|POST|PUT|DELETE|PATCH)$"

  mercedes-me-vehicleid-param:
    description: Vehicle-keyed paths must accept a `vehicleId` (VIN/FIN) path parameter.
    message: Mercedes-Benz vehicle paths must use {vehicleId} as the VIN/FIN identifier.
    severity: warn
    given: $.paths[?(@property.match(/vehicles\//))]
    then:
      function: truthy

  mercedes-me-summary-title-case:
    description: Operation summaries should use Title Case for consistency across Mercedes-Benz API products.
    severity: warn
    given: $.paths[*][get,post,put,delete,patch].summary
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z]"

  mercedes-me-host-must-be-mercedes:
    description: Mercedes-Benz APIs must be hosted at api.mercedes-benz.com.
    severity: error
    given: $.host
    then:
      function: pattern
      functionOptions:
        match: "^api\\.mercedes-benz\\.com$"

  mercedes-me-https-only:
    description: All Mercedes-Benz APIs must be served over HTTPS only.
    severity: error
    given: $.schemes
    then:
      function: schema
      functionOptions:
        schema:
          type: array
          items:
            enum: [https]

  mercedes-me-apikey-or-oauth:
    description: Mercedes-Benz APIs must declare apiKey (for sandbox/reference APIs) or oauth2 (for vehicle APIs) security definitions.
    severity: warn
    given: $.securityDefinitions
    then:
      function: truthy

  mercedes-me-error-codes-documented:
    description: Every operation should document 401, 429, and 500 in addition to its happy-path response.
    severity: warn
    given: $.paths[*][get,post,put,delete,patch].responses
    then:
      - field: "401"
        function: truthy
      - field: "429"
        function: truthy

  mercedes-me-no-trailing-slash:
    description: Mercedes-Benz API paths should not have a trailing slash.
    severity: warn
    given: $.paths[*]~
    then:
      function: pattern
      functionOptions:
        notMatch: ".+/$"