Paymob · API Governance Rules

Paymob API Rules

Spectral linting rules defining API design standards and conventions for Paymob.

8 Rules error 5 warn 3
View Rules File View on GitHub

Rule Categories

paymob

Rules

error
paymob-operation-id-camel-case
Operation IDs must be camelCase to match Paymob's documented conventions.
$.paths[*][*].operationId
warn
paymob-summary-title-case
Operation summaries must use Title Case per API Evangelist convention.
$.paths[*][*].summary
error
paymob-tags-required
Every operation must have at least one tag.
$.paths[*][*]
error
paymob-secure-base-uri
All Paymob base URIs must use HTTPS.
$.servers[*].url
warn
paymob-amount-units-documented
Schemas exposing monetary amount fields must document the unit (cents/minor units).
$.components.schemas[?(@.properties)].properties[?(@property === 'amount_cents' || @property === 'amount')]
warn
paymob-currency-enum
Currency fields should be ISO 4217 strings constrained to supported markets.
$.components.schemas..properties.currency
error
paymob-no-pii-in-paths
Path segments must not contain raw PII like email or phone.
$.paths
error
paymob-bearer-or-token-auth
At least one path must declare bearer or API key security.
$.components.securitySchemes

Spectral Ruleset

Raw ↑ 
extends: [[spectral:oas, recommended]]
documentationUrl: https://developers.paymob.com
functions: []
rules:
  paymob-operation-id-camel-case:
    description: Operation IDs must be camelCase to match Paymob's documented conventions.
    given: $.paths[*][*].operationId
    severity: error
    then:
      function: pattern
      functionOptions:
        match: '^[a-z][a-zA-Z0-9]+$'
  paymob-summary-title-case:
    description: Operation summaries must use Title Case per API Evangelist convention.
    given: $.paths[*][*].summary
    severity: warn
    then:
      function: pattern
      functionOptions:
        match: '^[A-Z]'
  paymob-tags-required:
    description: Every operation must have at least one tag.
    given: $.paths[*][*]
    severity: error
    then:
      field: tags
      function: truthy
  paymob-secure-base-uri:
    description: All Paymob base URIs must use HTTPS.
    given: $.servers[*].url
    severity: error
    then:
      function: pattern
      functionOptions:
        match: '^https://'
  paymob-amount-units-documented:
    description: Schemas exposing monetary amount fields must document the unit (cents/minor units).
    given: $.components.schemas[?(@.properties)].properties[?(@property === 'amount_cents' || @property === 'amount')]
    severity: warn
    then:
      field: description
      function: truthy
  paymob-currency-enum:
    description: Currency fields should be ISO 4217 strings constrained to supported markets.
    given: $.components.schemas..properties.currency
    severity: warn
    then:
      field: type
      function: truthy
  paymob-no-pii-in-paths:
    description: Path segments must not contain raw PII like email or phone.
    given: $.paths
    severity: error
    then:
      function: pattern
      functionOptions:
        notMatch: '(email|phone|msisdn)'
  paymob-bearer-or-token-auth:
    description: At least one path must declare bearer or API key security.
    given: $.components.securitySchemes
    severity: error
    then:
      function: truthy