SpotHero · API Governance Rules

SpotHero API Rules

Spectral linting rules defining API design standards and conventions for SpotHero.

14 Rules error 6 warn 7 info 1
View Rules File View on GitHub

Rule Categories

spothero

Rules

error
spothero-operation-ids-required
All operations must have an operationId
$.paths[*][get,post,put,patch,delete]
error
spothero-operation-summary-required
All operations must have a summary
$.paths[*][get,post,put,patch,delete]
warn
spothero-operation-summary-title-case
Operation summaries must use Title Case
$.paths[*][get,post,put,patch,delete].summary
error
spothero-tags-required
All operations must have at least one tag
$.paths[*][get,post,put,patch,delete]
error
spothero-response-200-required
GET operations must have a 200 response
$.paths[*].get
warn
spothero-response-201-post
POST operations that create resources should return 201
$.paths[*].post
warn
spothero-error-401-required
All operations must document 401 Unauthorized response
$.paths[*][get,post,put,patch,delete]
warn
spothero-error-429-required
All operations must document 429 Too Many Requests response
$.paths[*][get,post,put,patch,delete]
warn
spothero-path-kebab-case
Path segments must use kebab-case
$.paths[*]~
error
spothero-api-key-auth
API must use API key authentication
$.components.securitySchemes.ApiKeyAuth
error
spothero-request-body-content-type
Request bodies must specify application/json content type
$.paths[*][post,put,patch].requestBody.content
warn
spothero-response-schema-required
Success responses must include a schema
$.paths[*][get,post].responses[200,201].content.application/json
warn
spothero-parameters-have-descriptions
Parameters must have descriptions
$.paths[*][get,post,put,patch,delete].parameters[*]
info
spothero-schemas-have-descriptions
Schema properties should have descriptions
$.components.schemas[*].properties[*]

Spectral Ruleset

Raw ↑ 
extends: spectral:oas
rules:
  spothero-operation-ids-required:
    description: All operations must have an operationId
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: operationId
      function: truthy

  spothero-operation-summary-required:
    description: All operations must have a summary
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: summary
      function: truthy

  spothero-operation-summary-title-case:
    description: Operation summaries must use Title Case
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].summary"
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z][a-z]*(\\s[A-Z][a-z]*)*$"

  spothero-tags-required:
    description: All operations must have at least one tag
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: tags
      function: truthy

  spothero-response-200-required:
    description: GET operations must have a 200 response
    severity: error
    given: "$.paths[*].get"
    then:
      field: responses.200
      function: truthy

  spothero-response-201-post:
    description: POST operations that create resources should return 201
    severity: warn
    given: "$.paths[*].post"
    then:
      field: responses.201
      function: truthy

  spothero-error-401-required:
    description: All operations must document 401 Unauthorized response
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: responses.401
      function: truthy

  spothero-error-429-required:
    description: All operations must document 429 Too Many Requests response
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: responses.429
      function: truthy

  spothero-path-kebab-case:
    description: Path segments must use kebab-case
    severity: warn
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        match: "^(/[a-z0-9{}-]+)+$"

  spothero-api-key-auth:
    description: API must use API key authentication
    severity: error
    given: "$.components.securitySchemes.ApiKeyAuth"
    then:
      function: truthy

  spothero-request-body-content-type:
    description: Request bodies must specify application/json content type
    severity: error
    given: "$.paths[*][post,put,patch].requestBody.content"
    then:
      field: application/json
      function: truthy

  spothero-response-schema-required:
    description: Success responses must include a schema
    severity: warn
    given: "$.paths[*][get,post].responses[200,201].content.application/json"
    then:
      field: schema
      function: truthy

  spothero-parameters-have-descriptions:
    description: Parameters must have descriptions
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].parameters[*]"
    then:
      field: description
      function: truthy

  spothero-schemas-have-descriptions:
    description: Schema properties should have descriptions
    severity: info
    given: "$.components.schemas[*].properties[*]"
    then:
      field: description
      function: truthy