RSC · API Governance Rules

RSC API Rules

Spectral linting rules defining API design standards and conventions for RSC.

8 Rules error 1 warn 6 info 1
View Rules File View on GitHub

Rule Categories

rsc

Rules

warn
rsc-operation-ids-camel-case
All operationIds must use camelCase naming convention.
$.paths.*[get,post,put,patch,delete].operationId
warn
rsc-tags-title-case
All tags must use Title Case.
$.tags[*].name
warn
rsc-api-key-auth
All operations must use apiKeyAuth security unless explicitly public.
$.paths.*[get,post,put,patch,delete]
warn
rsc-request-body-json
POST request bodies must use application/json content type.
$.paths.*.post.requestBody.content
info
rsc-filter-endpoints-return-query-id
Filter endpoints should return a queryId for async polling.
$.paths['/filter/*'].post.responses.200.content.application/json.schema
warn
rsc-paths-kebab-case
All path segments must use kebab-case.
$.paths
error
rsc-response-200-defined
All operations must define a 200 response.
$.paths.*[get,post,put,patch,delete].responses
warn
rsc-401-defined-for-secured
Secured operations should define a 401 response.
$.paths.*[get,post].responses

Spectral Ruleset

Raw ↑ 
rules:
  rsc-operation-ids-camel-case:
    description: All operationIds must use camelCase naming convention.
    severity: warn
    given: "$.paths.*[get,post,put,patch,delete].operationId"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]*$"

  rsc-tags-title-case:
    description: All tags must use Title Case.
    severity: warn
    given: "$.tags[*].name"
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z][a-zA-Z0-9 ]*$"

  rsc-api-key-auth:
    description: All operations must use apiKeyAuth security unless explicitly public.
    severity: warn
    given: "$.paths.*[get,post,put,patch,delete]"
    then:
      function: schema
      functionOptions:
        schema:
          properties:
            security:
              type: array
          required:
            - security

  rsc-request-body-json:
    description: POST request bodies must use application/json content type.
    severity: warn
    given: "$.paths.*.post.requestBody.content"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          properties:
            application/json:
              type: object

  rsc-filter-endpoints-return-query-id:
    description: Filter endpoints should return a queryId for async polling.
    severity: info
    given: "$.paths['/filter/*'].post.responses.200.content.application/json.schema"
    then:
      function: schema
      functionOptions:
        schema:
          properties:
            queryId:
              type: string

  rsc-paths-kebab-case:
    description: All path segments must use kebab-case.
    severity: warn
    given: "$.paths"
    then:
      function: pattern
      functionOptions:
        match: "^(/[a-z0-9{}-]+)+$"

  rsc-response-200-defined:
    description: All operations must define a 200 response.
    severity: error
    given: "$.paths.*[get,post,put,patch,delete].responses"
    then:
      function: schema
      functionOptions:
        schema:
          required:
            - "200"

  rsc-401-defined-for-secured:
    description: Secured operations should define a 401 response.
    severity: warn
    given: "$.paths.*[get,post].responses"
    then:
      function: schema
      functionOptions:
        schema:
          properties:
            "401":
              type: object