Roivant Sciences · API Governance Rules

Roivant Sciences API Rules

Spectral linting rules defining API design standards and conventions for Roivant Sciences.

Roivant Sciences API Rules is a Spectral governance ruleset published by Roivant Sciences on the APIs.io network, containing 8 lint rules.

The ruleset includes 4 error-severity rules and 4 warning-severity rules.

Tagged areas include Biotech, Pharmaceutical, Drug Development, Clinical Trials, and Health Data.

Rulesets can be applied to your own OpenAPI specs via Spectral to enforce the same governance standards.

8 Rules error 4 warn 4
View Rules File View on GitHub

Rule Categories

client oauth operation patient servers summary tag

Rules

error
summary-required
Every operation must have a summary.
$.paths[*][get,post,put,patch,delete]
warn
summary-title-case
Operation summaries must use Title Case.
$.paths[*][get,post,put,patch,delete].summary
error
operation-id-camel-case
operationId must be camelCase (Datavant convention).
$.paths[*][get,post,put,patch,delete].operationId
warn
patient-id-snake-case
Patient identifiers must use snake_case (patient_id, external_patient_id).
$.paths[?(@property.match(/patient/i))]
warn
client-id-required-on-list
List endpoints should accept a client_id query parameter scoping to a connected practice.
$.paths[?(@property.match(/^\/(patients|encounters|vitals|allergies|immunizations|medications|diagnoses|procedures|labs|documents|appointments|providers)$/))].get.parameters[*].name
error
oauth-required
Every operation should be protected by OAuth2 clientCredentials flow.
$.security
error
servers-versioned
Server URLs must include an explicit /v{n} path segment.
$.servers[*].url
warn
tag-title-case
Tags must use Title Case.
$.tags[*].name

Spectral Ruleset

Raw ↑ 
extends: [[spectral:oas, all]]
rules:
  summary-required:
    description: Every operation must have a summary.
    given: $.paths[*][get,post,put,patch,delete]
    severity: error
    then:
      field: summary
      function: truthy

  summary-title-case:
    description: Operation summaries must use Title Case.
    given: $.paths[*][get,post,put,patch,delete].summary
    severity: warn
    then:
      function: pattern
      functionOptions:
        match: '^[A-Z][A-Za-z0-9]*( [A-Z][A-Za-z0-9]*)*$'

  operation-id-camel-case:
    description: operationId must be camelCase (Datavant convention).
    given: $.paths[*][get,post,put,patch,delete].operationId
    severity: error
    then:
      function: pattern
      functionOptions:
        match: '^[a-z][a-zA-Z0-9]*$'

  patient-id-snake-case:
    description: Patient identifiers must use snake_case (patient_id, external_patient_id).
    given: $.paths[?(@property.match(/patient/i))]
    severity: warn
    then:
      function: pattern
      functionOptions:
        match: '^.*/{?patient_id}?.*$'

  client-id-required-on-list:
    description: List endpoints should accept a client_id query parameter scoping to a connected practice.
    given: $.paths[?(@property.match(/^\/(patients|encounters|vitals|allergies|immunizations|medications|diagnoses|procedures|labs|documents|appointments|providers)$/))].get.parameters[*].name
    severity: warn
    then:
      function: enumeration
      functionOptions:
        values: [client_id, patient_id, modified_since, limit, cursor]

  oauth-required:
    description: Every operation should be protected by OAuth2 clientCredentials flow.
    given: $.security
    severity: error
    then:
      function: truthy

  servers-versioned:
    description: Server URLs must include an explicit /v{n} path segment.
    given: $.servers[*].url
    severity: error
    then:
      function: pattern
      functionOptions:
        match: '/v[0-9]+(/|$)'

  tag-title-case:
    description: Tags must use Title Case.
    given: $.tags[*].name
    severity: warn
    then:
      function: pattern
      functionOptions:
        match: '^[A-Z][A-Za-z0-9]*( [A-Z][A-Za-z0-9]*)*$'