SimpleLocalize · API Governance Rules

SimpleLocalize API Rules

Spectral linting rules defining API design standards and conventions for SimpleLocalize.

8 Rules error 4 warn 4
View Rules File View on GitHub

Rule Categories

simplelocalize

Rules

error
simplelocalize-api-key-header
All translation management endpoints must require the X-SimpleLocalize-Token API key header
$.paths[?([email protected](/\/api\/v2\/projects/))].*.security
error
simplelocalize-versioned-paths
All paths must be versioned with /api/v1/ or /api/v2/ prefix
$.paths[*]~
warn
simplelocalize-response-envelope
All success responses must use SimpleLocalize envelope with status, message, and data fields
$.paths.*.*.responses.200.content.application/json.schema
error
simplelocalize-operation-ids
All operations must have camelCase operationId values
$.paths.*.*.operationId
warn
simplelocalize-tag-usage
All operations must have at least one tag
$.paths.*.*
warn
simplelocalize-customer-key-length
Customer key schema must enforce max length of 40 characters
$.components.schemas.Customer.properties.key
warn
simplelocalize-language-key-length
Language key schema must enforce max length of 20 characters
$.components.schemas.Language.properties.key
error
simplelocalize-security-schemes
Security schemes must define both ApiKeyAuth and BearerAuth
$.components.securitySchemes

Spectral Ruleset

Raw ↑ 
rules:
  simplelocalize-api-key-header:
    description: All translation management endpoints must require the X-SimpleLocalize-Token API key header
    message: "Translation management endpoint is missing X-SimpleLocalize-Token security requirement"
    severity: error
    given: "$.paths[?([email protected](/\\/api\\/v2\\/projects/))].*.security"
    then:
      function: truthy

  simplelocalize-versioned-paths:
    description: All paths must be versioned with /api/v1/ or /api/v2/ prefix
    message: "API path '{{value}}' must be versioned with /api/v1/ or /api/v2/"
    severity: error
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        match: "^/api/v[0-9]+/"

  simplelocalize-response-envelope:
    description: All success responses must use SimpleLocalize envelope with status, message, and data fields
    message: "Response schema should include status (integer), message (string), and data fields"
    severity: warn
    given: "$.paths.*.*.responses.200.content.application/json.schema"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          required:
            - status
            - message

  simplelocalize-operation-ids:
    description: All operations must have camelCase operationId values
    message: "operationId '{{value}}' should use camelCase"
    severity: error
    given: "$.paths.*.*.operationId"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]+$"

  simplelocalize-tag-usage:
    description: All operations must have at least one tag
    message: "Operation is missing a tag"
    severity: warn
    given: "$.paths.*.*"
    then:
      field: tags
      function: truthy

  simplelocalize-customer-key-length:
    description: Customer key schema must enforce max length of 40 characters
    message: "Customer key should have maxLength of 40"
    severity: warn
    given: "$.components.schemas.Customer.properties.key"
    then:
      field: maxLength
      function: truthy

  simplelocalize-language-key-length:
    description: Language key schema must enforce max length of 20 characters
    message: "Language key should have maxLength of 20"
    severity: warn
    given: "$.components.schemas.Language.properties.key"
    then:
      field: maxLength
      function: truthy

  simplelocalize-security-schemes:
    description: Security schemes must define both ApiKeyAuth and BearerAuth
    message: "Missing required security scheme definition"
    severity: error
    given: "$.components.securitySchemes"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          required:
            - ApiKeyAuth
            - BearerAuth