Secure Code Warrior · API Governance Rules

Secure Code Warrior API Rules

Spectral linting rules defining API design standards and conventions for Secure Code Warrior.

10 Rules error 2 warn 6 info 2
View Rules File View on GitHub

Rule Categories

scw

Rules

warn
scw-operation-ids-camel-case
Operation IDs must use camelCase
$.paths[*][*].operationId
error
scw-tags-required
All operations must have at least one tag
$.paths[*][*]
warn
scw-summaries-title-case
Operation summaries must use Title Case
$.paths[*][*].summary
error
scw-api-key-auth
All operations must require X-API-Key authentication
$.paths[*][*]
warn
scw-pagination-support
List/reporting endpoints should support page parameter
$.paths[*][get].parameters
warn
scw-delete-returns-204
DELETE operations should return 204 No Content
$.paths[*][delete].responses
warn
scw-post-create-returns-201
POST create operations should return 201 Created
$.paths[*][post].responses
info
scw-patch-partial-update
Partial updates should use PATCH not PUT
$.paths[*]
info
scw-search-endpoints-post
Search/filter endpoints should use POST with body filters
$.paths[~/search$][*]
warn
scw-date-params-iso8601
Date parameters should use ISO 8601 format
$.paths[*][*].parameters[?(@.name =~ /date|Date/)].schema

Spectral Ruleset

Raw ↑ 
extends: spectral:oas
rules:
  scw-operation-ids-camel-case:
    description: Operation IDs must use camelCase
    severity: warn
    given: "$.paths[*][*].operationId"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]*$"

  scw-tags-required:
    description: All operations must have at least one tag
    severity: error
    given: "$.paths[*][*]"
    then:
      field: tags
      function: truthy

  scw-summaries-title-case:
    description: Operation summaries must use Title Case
    severity: warn
    given: "$.paths[*][*].summary"
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z][a-zA-Z0-9]*(\\s[A-Z][a-zA-Z0-9]*)*$"

  scw-api-key-auth:
    description: All operations must require X-API-Key authentication
    severity: error
    given: "$.paths[*][*]"
    then:
      field: security
      function: truthy

  scw-pagination-support:
    description: List/reporting endpoints should support page parameter
    severity: warn
    given: "$.paths[*][get].parameters"
    then:
      function: truthy

  scw-delete-returns-204:
    description: DELETE operations should return 204 No Content
    severity: warn
    given: "$.paths[*][delete].responses"
    then:
      field: "204"
      function: truthy

  scw-post-create-returns-201:
    description: POST create operations should return 201 Created
    severity: warn
    given: "$.paths[*][post].responses"
    then:
      field: "201"
      function: truthy

  scw-patch-partial-update:
    description: Partial updates should use PATCH not PUT
    severity: info
    given: "$.paths[*]"
    then:
      function: truthy

  scw-search-endpoints-post:
    description: Search/filter endpoints should use POST with body filters
    severity: info
    given: "$.paths[~/search$][*]"
    then:
      function: pattern
      functionOptions:
        match: "post"

  scw-date-params-iso8601:
    description: Date parameters should use ISO 8601 format
    severity: warn
    given: "$.paths[*][*].parameters[?(@.name =~ /date|Date/)].schema"
    then:
      field: format
      function: enumeration
      functionOptions:
        values:
          - date
          - date-time