Tamara · API Governance Rules

Tamara API Rules

Spectral linting rules defining API design standards and conventions for Tamara.

6 Rules warn 6
View Rules File View on GitHub

Rule Categories

tamara

Rules

warn
tamara-info-contact
All Tamara OpenAPI specs must include an info.contact block pointing to https://docs.tamara.co/.
$.info
warn
tamara-servers-include-production
Tamara specs must declare https://api.tamara.co (or https://partner-api.tamara.co for Channel Partners) as a server.
$.servers
warn
tamara-bearer-auth
Tamara endpoints must use bearer auth (the merchant or partner API token).
$.components.securitySchemes[*]
warn
tamara-currency-enum
Money objects must restrict currency to Tamara's supported GCC currencies (SAR, AED, BHD, KWD, OMR).
$..properties.currency
warn
tamara-operation-summary-title-case
OpenAPI operation summaries must be Title Case.
$.paths[*][get,post,put,patch,delete].summary
warn
tamara-operation-id-camelcase
operationId values should be camelCase.
$.paths[*][get,post,put,patch,delete].operationId

Spectral Ruleset

Raw ↑ 
extends:
- spectral:oas
formats:
- oas3
rules:
  tamara-info-contact:
    description: All Tamara OpenAPI specs must include an info.contact block pointing to https://docs.tamara.co/.
    severity: warn
    given: $.info
    then:
      field: contact
      function: truthy
  tamara-servers-include-production:
    description: Tamara specs must declare https://api.tamara.co (or https://partner-api.tamara.co for Channel Partners) as a server.
    severity: warn
    given: $.servers
    then:
      function: schema
      functionOptions:
        schema:
          type: array
          minItems: 1
          contains:
            type: object
            properties:
              url:
                type: string
                pattern: '^https://(api|partner-api)(-sandbox)?\.tamara\.co$'
            required: [url]
  tamara-bearer-auth:
    description: Tamara endpoints must use bearer auth (the merchant or partner API token).
    severity: warn
    given: $.components.securitySchemes[*]
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          properties:
            type: { const: http }
            scheme: { const: bearer }
          required: [type, scheme]
  tamara-currency-enum:
    description: Money objects must restrict currency to Tamara's supported GCC currencies (SAR, AED, BHD, KWD, OMR).
    severity: warn
    given: $..properties.currency
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          properties:
            enum:
              type: array
              contains:
                enum: [SAR, AED, BHD, KWD, OMR]
  tamara-operation-summary-title-case:
    description: OpenAPI operation summaries must be Title Case.
    severity: warn
    given: $.paths[*][get,post,put,patch,delete].summary
    then:
      function: pattern
      functionOptions:
        match: '^[A-Z][A-Za-z0-9]*(\s+[A-Z0-9][A-Za-z0-9]*)*$'
  tamara-operation-id-camelcase:
    description: operationId values should be camelCase.
    severity: warn
    given: $.paths[*][get,post,put,patch,delete].operationId
    then:
      function: pattern
      functionOptions:
        match: '^[a-z][A-Za-z0-9]*$'