SWIFT · API Governance Rules

SWIFT API Rules

Spectral linting rules defining API design standards and conventions for SWIFT.

8 Rules warn 7
View Rules File View on GitHub

Rule Categories

swift

Rules

warn
swift-oauth2-security
SWIFT API endpoints must use OAuth2 security scheme
$.components.securitySchemes
warn
swift-identifier-pattern
Financial identifier path parameters must have regex pattern validation
$.components.parameters[?(@.in == 'path')].schema
warn
swift-versioned-paths
SWIFT API paths should include version prefix (/v2/)
$.paths
warn
swift-operation-id-camel-case
Operation IDs must use camelCase naming convention
$.paths[*][get,post,put,patch,delete]
warn
swift-summary-title-case
Operation summaries must use Title Case
$.paths[*][get,post,put,patch,delete].summary
hint
swift-validity-response
Validation endpoints should return a validity result with a 'valid' boolean
$.paths[?(@property.endsWith('validity'))].get.responses.200.content.application/json.schema
warn
swift-not-found-response
GET lookup endpoints should document 404 responses
$.paths[*].get.responses
warn
swift-operation-tags
All operations must have at least one tag
$.paths[*][get,post,put,patch,delete]

Spectral Ruleset

Raw ↑ 
extends: [[spectral:oas, all]]

rules:
  # SWIFT APIs use OAuth2 authentication
  swift-oauth2-security:
    description: SWIFT API endpoints must use OAuth2 security scheme
    severity: warn
    given: "$.components.securitySchemes"
    then:
      field: OAuth2
      function: truthy

  # All path parameters for financial identifiers must have patterns
  swift-identifier-pattern:
    description: Financial identifier path parameters must have regex pattern validation
    severity: warn
    given: "$.components.parameters[?(@.in == 'path')].schema"
    then:
      field: pattern
      function: truthy

  # All paths must be versioned with /v2/ prefix
  swift-versioned-paths:
    description: SWIFT API paths should include version prefix (/v2/)
    severity: warn
    given: "$.paths"
    then:
      function: pattern
      functionOptions:
        match: "^/v[0-9]+"

  # Operation IDs must use camelCase
  swift-operation-id-camel-case:
    description: Operation IDs must use camelCase naming convention
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: operationId
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]+$"

  # All operations must have summaries using Title Case
  swift-summary-title-case:
    description: Operation summaries must use Title Case
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].summary"
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z][A-Za-z0-9 ]+$"

  # GET endpoints for validation should return ValidityResult schema
  swift-validity-response:
    description: Validation endpoints should return a validity result with a 'valid' boolean
    severity: hint
    given: "$.paths[?(@property.endsWith('validity'))].get.responses.200.content.application/json.schema"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          required:
            - properties
          properties:
            properties:
              type: object
              required:
                - valid

  # 404 responses should be defined for lookup endpoints
  swift-not-found-response:
    description: GET lookup endpoints should document 404 responses
    severity: warn
    given: "$.paths[*].get.responses"
    then:
      field: '404'
      function: truthy

  # Operations must have at least one tag
  swift-operation-tags:
    description: All operations must have at least one tag
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: tags
      function: truthy