Stigg · API Governance Rules

Stigg API Rules

Spectral linting rules defining API design standards and conventions for Stigg.

7 Rules error 5 warn 2
View Rules File View on GitHub

Rule Categories

stigg

Rules

error
stigg-x-api-key-required
All Stigg API operations must require the X-API-KEY header for authentication.
$.components.securitySchemes
error
stigg-graphql-endpoint-post-only
The Stigg GraphQL endpoint (/graphql) must only accept POST requests, following GraphQL convention.
$.paths./graphql
error
stigg-request-body-required-for-graphql
All POST operations to the GraphQL endpoint must define a request body.
$.paths./graphql.post
error
stigg-response-200-required
All Stigg operations must define a 200 success response.
$.paths[*][*]
warn
stigg-operationid-camel-case
OperationIds must use camelCase.
$.paths[*][*].operationId
warn
stigg-tags-title-case
All tags must use Title Case.
$.paths[*][*].tags[*]
error
stigg-server-https
The Stigg API server must use HTTPS.
$.servers[*].url

Spectral Ruleset

Raw ↑ 
extends: spectral:oas
rules:
  stigg-x-api-key-required:
    description: >-
      All Stigg API operations must require the X-API-KEY header for
      authentication.
    message: "Operations must declare X-API-KEY security scheme."
    severity: error
    given: "$.components.securitySchemes"
    then:
      field: ApiKey
      function: defined

  stigg-graphql-endpoint-post-only:
    description: >-
      The Stigg GraphQL endpoint (/graphql) must only accept POST requests,
      following GraphQL convention.
    message: "GraphQL endpoint must use POST method."
    severity: error
    given: "$.paths./graphql"
    then:
      field: post
      function: defined

  stigg-request-body-required-for-graphql:
    description: All POST operations to the GraphQL endpoint must define a request body.
    message: "GraphQL POST operation must define a requestBody."
    severity: error
    given: "$.paths./graphql.post"
    then:
      field: requestBody
      function: defined

  stigg-response-200-required:
    description: All Stigg operations must define a 200 success response.
    message: "Operation '{{operationId}}' is missing a 200 response."
    severity: error
    given: "$.paths[*][*]"
    then:
      field: responses.200
      function: defined

  stigg-operationid-camel-case:
    description: OperationIds must use camelCase.
    message: "OperationId '{{value}}' must be camelCase."
    severity: warn
    given: "$.paths[*][*].operationId"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]*$"

  stigg-tags-title-case:
    description: All tags must use Title Case.
    message: "Tag '{{value}}' must use Title Case."
    severity: warn
    given: "$.paths[*][*].tags[*]"
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z][a-zA-Z0-9 &-]*$"

  stigg-server-https:
    description: The Stigg API server must use HTTPS.
    message: "Server URL must use HTTPS."
    severity: error
    given: "$.servers[*].url"
    then:
      function: pattern
      functionOptions:
        match: "^https://"