Salesforce Experience Cloud · API Governance Rules

Salesforce Experience Cloud API Rules

Spectral linting rules defining API design standards and conventions for Salesforce Experience Cloud.

9 Rules error 4 warn 3
View Rules File View on GitHub

Rule Categories

experience

Rules

error
experience-cloud-operation-id-required
All operations must have an operationId.
$.paths[*][*]
error
experience-cloud-summary-not-empty
All operations must have a non-empty summary.
$.paths[*][*]
warn
experience-cloud-tags-required
All operations must have at least one tag.
$.paths[*][*]
error
experience-cloud-response-200-required
All operations must define a 200 or 201 response.
$.paths[*][*].responses
error
experience-cloud-oauth2-security
All Salesforce APIs require OAuth2 authentication.
$.components.securitySchemes
warn
experience-cloud-versioned-server
Server URL should include Salesforce API version.
$.servers[*].url
hint
experience-cloud-path-kebab-case
Path segments should use lowercase or camelCase (Salesforce convention).
$.paths[*]~
hint
experience-cloud-description-required
Operations should include descriptions.
$.paths[*][*]
warn
experience-cloud-content-type-json
JSON request bodies should use application/json.
$.paths[*][*].requestBody.content

Spectral Ruleset

Raw ↑ 
extends: spectral:oas
rules:

  experience-cloud-operation-id-required:
    description: All operations must have an operationId.
    message: "Operation is missing operationId."
    severity: error
    given: "$.paths[*][*]"
    then:
      field: operationId
      function: truthy

  experience-cloud-summary-not-empty:
    description: All operations must have a non-empty summary.
    message: "Operation must have a summary."
    severity: error
    given: "$.paths[*][*]"
    then:
      field: summary
      function: truthy

  experience-cloud-tags-required:
    description: All operations must have at least one tag.
    message: "Operation must have at least one tag."
    severity: warn
    given: "$.paths[*][*]"
    then:
      field: tags
      function: truthy

  experience-cloud-response-200-required:
    description: All operations must define a 200 or 201 response.
    message: "Operation must define a success response."
    severity: error
    given: "$.paths[*][*].responses"
    then:
      function: schema
      functionOptions:
        schema:
          anyOf:
            - required: ["200"]
            - required: ["201"]

  experience-cloud-oauth2-security:
    description: All Salesforce APIs require OAuth2 authentication.
    message: "API must declare OAuth2 security scheme."
    severity: error
    given: "$.components.securitySchemes"
    then:
      function: schema
      functionOptions:
        schema:
          required: ["oauth2"]

  experience-cloud-versioned-server:
    description: Server URL should include Salesforce API version.
    message: "Server URL should include API version (e.g., /v59.0)."
    severity: warn
    given: "$.servers[*].url"
    then:
      function: pattern
      functionOptions:
        match: "/v[0-9]"

  experience-cloud-path-kebab-case:
    description: Path segments should use lowercase or camelCase (Salesforce convention).
    message: "Path segments should be lowercase."
    severity: hint
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        match: "^(/[a-zA-Z0-9{}/._-]*)*$"

  experience-cloud-description-required:
    description: Operations should include descriptions.
    message: "Operation should have a description."
    severity: hint
    given: "$.paths[*][*]"
    then:
      field: description
      function: truthy

  experience-cloud-content-type-json:
    description: JSON request bodies should use application/json.
    message: "Request body must declare application/json."
    severity: warn
    given: "$.paths[*][*].requestBody.content"
    then:
      function: schema
      functionOptions:
        schema:
          anyOf:
            - required: ["application/json"]
            - required: ["multipart/form-data"]