StackHawk · API Governance Rules

StackHawk API Rules

Spectral linting rules defining API design standards and conventions for StackHawk.

7 Rules error 3 warn 4
View Rules File View on GitHub

Rule Categories

stackhawk

Rules

error
stackhawk-operation-ids
All operations must have a camelCase operationId
$.paths[*][*]
error
stackhawk-tags-required
All operations must have at least one tag
$.paths[*][*]
warn
stackhawk-api-versioned-path
All StackHawk API paths should begin with /api/v1/ or /api/v2/
$.paths[*]~
warn
stackhawk-bearer-auth
Non-login operations must use BearerAuth
$.paths[*][*]
warn
stackhawk-org-id-param
Organization-scoped endpoints must use orgId path parameter
$.paths['/api/v1/org/{orgId}'][*].parameters[?(@.in=='path')]
error
stackhawk-successful-response
All operations must define at least one success response
$.paths[*][*].responses
warn
stackhawk-delete-returns-204
DELETE operations should return 204 No Content
$.paths[*].delete.responses

Spectral Ruleset

Raw ↑ 
rules:
  stackhawk-operation-ids:
    description: All operations must have a camelCase operationId
    message: 'Operation must have a camelCase operationId: {{path}}'
    severity: error
    given: '$.paths[*][*]'
    then:
      field: operationId
      function: truthy

  stackhawk-tags-required:
    description: All operations must have at least one tag
    message: 'Operation at {{path}} must have at least one tag'
    severity: error
    given: '$.paths[*][*]'
    then:
      field: tags
      function: truthy

  stackhawk-api-versioned-path:
    description: All StackHawk API paths should begin with /api/v1/ or /api/v2/
    message: 'Path {{path}} must begin with /api/v1/ or /api/v2/'
    severity: warn
    given: '$.paths[*]~'
    then:
      function: pattern
      functionOptions:
        match: '^/api/v[12]/'

  stackhawk-bearer-auth:
    description: Non-login operations must use BearerAuth
    message: 'Operation at {{path}} must use BearerAuth security scheme'
    severity: warn
    given: '$.paths[*][*]'
    then:
      field: security
      function: truthy

  stackhawk-org-id-param:
    description: Organization-scoped endpoints must use orgId path parameter
    message: 'Organization endpoint should use orgId parameter name'
    severity: warn
    given: "$.paths['/api/v1/org/{orgId}'][*].parameters[?(@.in=='path')]"
    then:
      function: schema
      functionOptions:
        schema:
          properties:
            name:
              pattern: '^orgId$'

  stackhawk-successful-response:
    description: All operations must define at least one success response
    message: 'Operation at {{path}} must define a 200, 201, 202, or 204 response'
    severity: error
    given: '$.paths[*][*].responses'
    then:
      function: schema
      functionOptions:
        schema:
          anyOf:
            - required: ['200']
            - required: ['201']
            - required: ['202']
            - required: ['204']

  stackhawk-delete-returns-204:
    description: DELETE operations should return 204 No Content
    message: 'DELETE operation at {{path}} should return 204'
    severity: warn
    given: '$.paths[*].delete.responses'
    then:
      function: schema
      functionOptions:
        schema:
          required: ['204']