Shippo · API Governance Rules

Shippo API Rules

Spectral linting rules defining API design standards and conventions for Shippo.

14 Rules error 3 warn 7 info 4
View Rules File View on GitHub

Rule Categories

shippo

Rules

warn
shippo-operation-id-camel-case
Operation IDs must use camelCase
$.paths[*][get,post,put,patch,delete].operationId
warn
shippo-path-kebab-case
Path segments must use kebab-case or curly-brace parameters
$.paths
info
shippo-object-id-suffix
Resource identifiers in paths should use Id suffix (e.g., AddressId, ParcelId)
$.paths
error
shippo-must-have-summary
All operations must have a summary
$.paths[*][get,post,put,patch,delete]
warn
shippo-must-have-tags
All operations must have at least one tag
$.paths[*][get,post,put,patch,delete]
error
shippo-must-have-operation-id
All operations must have an operationId
$.paths[*][get,post,put,patch,delete]
warn
shippo-response-200-must-have-schema
200 responses must have a content schema
$.paths[*][get,post,put,patch,delete].responses[200]
warn
shippo-post-must-have-request-body
POST operations should have a request body
$.paths[*].post
warn
shippo-security-defined
All operations should have security defined at root or operation level
$.paths[*][get,post,put,patch,delete]
info
shippo-bearer-token-auth
Shippo uses bearer token authentication (ShippoToken prefix)
$.components.securitySchemes[*]
info
shippo-paginated-response-fields
Paginated list responses should include count, next, previous, and results fields
$.components.schemas[*PaginatedList]
error
shippo-no-trailing-slash
Paths must not have trailing slashes
$.paths
info
shippo-parameters-have-description
All parameters should have a description
$.paths[*][get,post,put,patch,delete].parameters[*]
warn
shippo-components-schemas-exist
OpenAPI spec should define component schemas
$.components

Spectral Ruleset

Raw ↑ 
extends: spectral:oas
rules:
  # Shippo API Naming Conventions
  shippo-operation-id-camel-case:
    description: Operation IDs must use camelCase
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].operationId"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]+$"

  shippo-path-kebab-case:
    description: Path segments must use kebab-case or curly-brace parameters
    severity: warn
    given: "$.paths"
    then:
      function: pattern
      functionOptions:
        match: "^(/[a-z0-9{}_-]+)+$"

  shippo-object-id-suffix:
    description: Resource identifiers in paths should use Id suffix (e.g., AddressId, ParcelId)
    severity: info
    given: "$.paths"
    then:
      function: pattern
      functionOptions:
        match: "^.*$"

  shippo-must-have-summary:
    description: All operations must have a summary
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: summary
      function: defined

  shippo-must-have-tags:
    description: All operations must have at least one tag
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: tags
      function: defined

  shippo-must-have-operation-id:
    description: All operations must have an operationId
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: operationId
      function: defined

  shippo-response-200-must-have-schema:
    description: 200 responses must have a content schema
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].responses[200]"
    then:
      field: content
      function: defined

  shippo-post-must-have-request-body:
    description: POST operations should have a request body
    severity: warn
    given: "$.paths[*].post"
    then:
      field: requestBody
      function: defined

  shippo-security-defined:
    description: All operations should have security defined at root or operation level
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      function: schema
      functionOptions:
        schema:
          oneOf:
            - required: [security]

  shippo-bearer-token-auth:
    description: Shippo uses bearer token authentication (ShippoToken prefix)
    severity: info
    given: "$.components.securitySchemes[*]"
    then:
      function: schema
      functionOptions:
        schema:
          type: object

  shippo-paginated-response-fields:
    description: Paginated list responses should include count, next, previous, and results fields
    severity: info
    given: "$.components.schemas[*PaginatedList]"
    then:
      field: properties
      function: defined

  shippo-no-trailing-slash:
    description: Paths must not have trailing slashes
    severity: error
    given: "$.paths"
    then:
      function: pattern
      functionOptions:
        notMatch: ".*/$"

  shippo-parameters-have-description:
    description: All parameters should have a description
    severity: info
    given: "$.paths[*][get,post,put,patch,delete].parameters[*]"
    then:
      field: description
      function: defined

  shippo-components-schemas-exist:
    description: OpenAPI spec should define component schemas
    severity: warn
    given: "$.components"
    then:
      field: schemas
      function: defined