Spotify · API Governance Rules

Spotify API Rules

Spectral linting rules defining API design standards and conventions for Spotify.

14 Rules error 7 warn 4 info 3
View Rules File View on GitHub

Rule Categories

spotify

Rules

error
spotify-operation-ids-required
All operations must have an operationId
$.paths[*][get,post,put,patch,delete]
error
spotify-operation-summary-required
All operations must have a summary
$.paths[*][get,post,put,patch,delete]
error
spotify-tags-required
All operations must have at least one tag
$.paths[*][get,post,put,patch,delete]
error
spotify-response-200-get
GET operations must have a 200 response
$.paths[*].get
error
spotify-response-401-required
All operations must document 401 Unauthorized (OAuth required)
$.paths[*][get,post,put,patch,delete]
warn
spotify-response-403-required
All operations should document 403 Forbidden (scope missing)
$.paths[*][get,post,put,patch,delete]
error
spotify-response-429-required
All operations must document 429 Too Many Requests
$.paths[*][get,post,put,patch,delete]
error
spotify-oauth2-security
API must use OAuth 2.0 security scheme
$.components.securitySchemes.oauth_2_0
info
spotify-path-ids-use-kebab
Path parameters for IDs should use underscore_case naming
$.paths[*]~
warn
spotify-pagination-limit-param
List endpoints should support a 'limit' query parameter
$.paths[?(@property.match(/\/tracks$|\/albums$|\/artists$|\/playlists$|\/items$|\/episodes$/))]..parameters[?(@.name == 'limit')]
info
spotify-spotify-uri-format
Spotify URI fields should follow spotify:{type}:{id} pattern
$.components.schemas[*].properties.uri
info
spotify-market-param-naming
Market parameters should be named 'market' and use ISO 3166-1 codes
$.paths[*][get,post].parameters[?(@.name == 'market')]
warn
spotify-response-schema-required
Success responses must include a schema
$.paths[*].get.responses['200'].content.application/json
warn
spotify-description-required
Operations should have descriptions
$.paths[*][get,post,put,patch,delete]

Spectral Ruleset

Raw ↑ 
extends: spectral:oas
rules:
  spotify-operation-ids-required:
    description: All operations must have an operationId
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: operationId
      function: truthy

  spotify-operation-summary-required:
    description: All operations must have a summary
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: summary
      function: truthy

  spotify-tags-required:
    description: All operations must have at least one tag
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: tags
      function: truthy

  spotify-response-200-get:
    description: GET operations must have a 200 response
    severity: error
    given: "$.paths[*].get"
    then:
      field: responses.200
      function: truthy

  spotify-response-401-required:
    description: All operations must document 401 Unauthorized (OAuth required)
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: responses.401
      function: truthy

  spotify-response-403-required:
    description: All operations should document 403 Forbidden (scope missing)
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: responses.403
      function: truthy

  spotify-response-429-required:
    description: All operations must document 429 Too Many Requests
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: responses.429
      function: truthy

  spotify-oauth2-security:
    description: API must use OAuth 2.0 security scheme
    severity: error
    given: "$.components.securitySchemes.oauth_2_0"
    then:
      function: truthy

  spotify-path-ids-use-kebab:
    description: Path parameters for IDs should use underscore_case naming
    severity: info
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        match: "^(/[a-z_{}]+)+$"

  spotify-pagination-limit-param:
    description: List endpoints should support a 'limit' query parameter
    severity: warn
    given: "$.paths[?(@property.match(/\\/tracks$|\\/albums$|\\/artists$|\\/playlists$|\\/items$|\\/episodes$/))]..parameters[?(@.name == 'limit')]"
    then:
      function: truthy

  spotify-spotify-uri-format:
    description: Spotify URI fields should follow spotify:{type}:{id} pattern
    severity: info
    given: "$.components.schemas[*].properties.uri"
    then:
      function: truthy

  spotify-market-param-naming:
    description: Market parameters should be named 'market' and use ISO 3166-1 codes
    severity: info
    given: "$.paths[*][get,post].parameters[?(@.name == 'market')]"
    then:
      field: schema.type
      function: pattern
      functionOptions:
        match: "^string$"

  spotify-response-schema-required:
    description: Success responses must include a schema
    severity: warn
    given: "$.paths[*].get.responses['200'].content.application/json"
    then:
      field: schema
      function: truthy

  spotify-description-required:
    description: Operations should have descriptions
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: description
      function: truthy