MetaMap · API Governance Rules

MetaMap API Rules

Spectral linting rules defining API design standards and conventions for MetaMap.

6 Rules error 1 warn 4
View Rules File View on GitHub

Rule Categories

metamap

Rules

warn
metamap-server-url
All paths must be served from api.prod.metamap.com (or the documented media / legacy hosts).
$.servers[*].url
error
metamap-operation-tagged
Every operation must be assigned to exactly one of the MetaMap business surfaces.
$.paths[*][get,post,put,delete,patch]
warn
metamap-known-tag
Operation tags must be one of the canonical MetaMap categories.
$.paths[*][get,post,put,delete,patch].tags[*]
warn
metamap-operation-id-kebab
operationId must be lowercase kebab-case (or snake_case fallback).
$.paths[*][get,post,put,delete,patch].operationId
warn
metamap-bearer-security
Non-OAuth-token-exchange operations must declare bearerAuth or inherit a global bearerAuth security requirement.
$.paths[?(@path !~ '/oauth')][*].security
hint
metamap-summary-title-case
Operation summary should be Title Case.
$.paths[*][get,post,put,delete,patch].summary

Spectral Ruleset

Raw ↑ 
extends:
  - [spectral:oas, all]
rules:
  metamap-server-url:
    description: All paths must be served from api.prod.metamap.com (or the documented media / legacy hosts).
    given: $.servers[*].url
    severity: warn
    then:
      function: pattern
      functionOptions:
        match: "^https://(api\\.prod\\.metamap\\.com|media\\.prod\\.metamap\\.com|api\\.getmati\\.com)(/|$)"

  metamap-operation-tagged:
    description: Every operation must be assigned to exactly one of the MetaMap business surfaces.
    given: $.paths[*][get,post,put,delete,patch]
    severity: error
    then:
      - field: tags
        function: truthy
      - field: tags
        function: length
        functionOptions:
          min: 1
          max: 1

  metamap-known-tag:
    description: Operation tags must be one of the canonical MetaMap categories.
    given: $.paths[*][get,post,put,delete,patch].tags[*]
    severity: warn
    then:
      function: enumeration
      functionOptions:
        values:
          - Authentication
          - Verifications
          - Webhooks
          - Custom Watchlists
          - Watchlist Checks
          - Email Checks
          - Phone Checks
          - GovChecks
          - Credit Checks
          - Background Checks

  metamap-operation-id-kebab:
    description: operationId must be lowercase kebab-case (or snake_case fallback).
    given: $.paths[*][get,post,put,delete,patch].operationId
    severity: warn
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-z0-9_-]*$"

  metamap-bearer-security:
    description: Non-OAuth-token-exchange operations must declare bearerAuth or inherit a global bearerAuth security requirement.
    given: $.paths[?(@path !~ '/oauth')][*].security
    severity: warn
    then:
      function: schema
      functionOptions:
        schema:
          type: array
          items:
            type: object
            patternProperties:
              "^bearerAuth$":
                type: array

  metamap-summary-title-case:
    description: Operation summary should be Title Case.
    given: $.paths[*][get,post,put,delete,patch].summary
    severity: hint
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z][A-Za-z0-9 /:&'\\-]+$"