SAP API Management · API Governance Rules

SAP API Management API Rules

Spectral linting rules defining API design standards and conventions for SAP API Management.

7 Rules error 3 warn 3 info 1
View Rules File View on GitHub

Rule Categories

sap

Rules

error
sap-apimgmt-oauth2-required
SAP API Management endpoints require OAuth 2.0 authentication
$.paths[*][*]
error
sap-apimgmt-https-only
All SAP API Management servers must use HTTPS
$.servers[*]
error
sap-apimgmt-operation-id-required
All operations must have operationId for automation tooling
$.paths[*][*]
warn
sap-apimgmt-tags-required
All operations must have tags for grouping in developer portal
$.paths[*][*]
info
sap-apimgmt-odata-response-format
OData responses should use the d.results envelope format
$.paths[*].get.responses.200.content.application/json.schema
warn
sap-apimgmt-description-required
All operations must have descriptions
$.paths[*][*]
warn
sap-apimgmt-204-on-delete
DELETE operations should return 204 No Content
$.paths[*].delete.responses

Spectral Ruleset

Raw ↑ 
rules:
  sap-apimgmt-oauth2-required:
    description: SAP API Management endpoints require OAuth 2.0 authentication
    message: "Endpoint {{path}} must use OAuth2 security scheme"
    severity: error
    given: "$.paths[*][*]"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          properties:
            security:
              type: array

  sap-apimgmt-https-only:
    description: All SAP API Management servers must use HTTPS
    message: "Server URL must use HTTPS"
    severity: error
    given: "$.servers[*]"
    then:
      field: url
      function: pattern
      functionOptions:
        match: "^https://"

  sap-apimgmt-operation-id-required:
    description: All operations must have operationId for automation tooling
    message: "Operation at {{path}} must have an operationId"
    severity: error
    given: "$.paths[*][*]"
    then:
      field: operationId
      function: truthy

  sap-apimgmt-tags-required:
    description: All operations must have tags for grouping in developer portal
    message: "Operation {{operationId}} must have at least one tag"
    severity: warn
    given: "$.paths[*][*]"
    then:
      field: tags
      function: truthy

  sap-apimgmt-odata-response-format:
    description: OData responses should use the d.results envelope format
    message: "OData response at {{path}} should use d.results envelope"
    severity: info
    given: "$.paths[*].get.responses.200.content.application/json.schema"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          properties:
            d:
              type: object

  sap-apimgmt-description-required:
    description: All operations must have descriptions
    message: "Operation {{operationId}} must have a description"
    severity: warn
    given: "$.paths[*][*]"
    then:
      field: description
      function: truthy

  sap-apimgmt-204-on-delete:
    description: DELETE operations should return 204 No Content
    message: "DELETE operation at {{path}} should return 204"
    severity: warn
    given: "$.paths[*].delete.responses"
    then:
      field: "204"
      function: truthy