TM Forum · API Governance Rules

TM Forum API Rules

Spectral linting rules defining API design standards and conventions for TM Forum.

34 Rules error 10 warn 13 info 11
View Rules File View on GitHub

Rule Categories

delete deprecation examples get info no openapi operation parameter paths post request response schema security servers tag

Rules

error
info-title-required
Info object must have a title
$.info
warn
info-description-required
Info object must have a description of at least 20 characters
$.info
error
info-version-required
Info object must have a version
$.info
warn
openapi-version-3
Specs must use OpenAPI 3.x
$
error
servers-defined
Servers array must be defined and non-empty
$
warn
servers-https
Server URLs must use HTTPS
$.servers[*].url
warn
paths-kebab-case
Path segments must use kebab-case
$.paths[*]~
warn
paths-no-trailing-slash
Paths must not end with a trailing slash
$.paths[*]~
info
paths-versioned
Paths should include a version prefix
$.paths[*]~
error
operation-summary-required
Every operation must have a summary
$.paths[*][get,post,put,patch,delete,head,options]
warn
operation-description-required
Every operation should have a description
$.paths[*][get,post,put,patch,delete,head,options]
error
operation-operationid-required
Every operation must have an operationId
$.paths[*][get,post,put,patch,delete,head,options]
warn
operation-operationid-camel-case
OperationId must use camelCase
$.paths[*][get,post,put,patch,delete,head,options].operationId
error
operation-tags-required
Every operation must have at least one tag
$.paths[*][get,post,put,patch,delete,head,options]
info
operation-summary-tm-forum-prefix
Operation summaries should start with 'TM Forum'
$.paths[*][get,post,put,patch,delete,head,options].summary
info
tag-name-title-case
Tag names in the global tags array should use Title Case
$.tags[*].name
info
tag-description-required
All global tags should have a description
$.tags[*]
warn
parameter-description-required
All parameters must have a description
$.paths[*][get,post,put,patch,delete][parameters][*]
info
parameter-name-snake-case
Parameter names should use snake_case or camelCase
$.paths[*][get,post,put,patch,delete][parameters][*].name
warn
request-body-content-type-json
Request bodies should support application/json
$.paths[*][post,put,patch].requestBody.content
error
response-success-required
Operations must define at least one 2xx success response
$.paths[*][get,post,put,patch,delete].responses
error
response-description-required
All response objects must have a description
$.paths[*][get,post,put,patch,delete].responses[*]
info
response-400-defined
Operations should define a 400 Bad Request response
$.paths[*][post,put,patch].responses
info
response-401-defined
Operations should define a 401 Unauthorized response
$.paths[*][get,post,put,patch,delete].responses
info
schema-property-camel-case
Schema property names should use camelCase
$.components.schemas[*].properties[*]~
warn
schema-type-defined
Schema properties should have a type defined
$.components.schemas[*].properties[*]
info
schema-description-required
Top-level schemas should have a description
$.components.schemas[*]
warn
security-schemes-defined
Security schemes must be defined in components
$.components
error
get-no-request-body
GET operations must not have a request body
$.paths[*].get
warn
delete-no-request-body
DELETE operations should not have a request body
$.paths[*].delete
info
post-has-request-body
POST operations creating resources should have a request body
$.paths[*].post
error
no-empty-descriptions
Description fields must not be empty strings
$.info.description$.paths[*][get,post,put,patch,delete].description$.components.schemas[*].description
warn
deprecation-documented
Deprecated operations should have a description explaining the deprecation
$.paths[*][get,post,put,patch,delete][?(@.deprecated==true)]
info
examples-encouraged
Schema properties are encouraged to have example values
$.components.schemas[*].properties[*]

Spectral Ruleset

Raw ↑ 
rules:
  # INFO / METADATA
  info-title-required:
    description: Info object must have a title
    severity: error
    given: "$.info"
    then:
      field: title
      function: truthy

  info-description-required:
    description: Info object must have a description of at least 20 characters
    severity: warn
    given: "$.info"
    then:
      field: description
      function: minLength
      functionOptions:
        value: 20

  info-version-required:
    description: Info object must have a version
    severity: error
    given: "$.info"
    then:
      field: version
      function: truthy

  # OPENAPI VERSION
  openapi-version-3:
    description: Specs must use OpenAPI 3.x
    severity: warn
    given: "$"
    then:
      field: openapi
      function: pattern
      functionOptions:
        match: "^3\\."

  # SERVERS
  servers-defined:
    description: Servers array must be defined and non-empty
    severity: error
    given: "$"
    then:
      field: servers
      function: truthy

  servers-https:
    description: Server URLs must use HTTPS
    severity: warn
    given: "$.servers[*].url"
    then:
      function: pattern
      functionOptions:
        match: "^https://"

  # PATHS - NAMING CONVENTIONS
  paths-kebab-case:
    description: Path segments must use kebab-case
    severity: warn
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        match: "^(/[a-z0-9{][a-z0-9-{}]*)*$"

  paths-no-trailing-slash:
    description: Paths must not end with a trailing slash
    severity: warn
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        notMatch: "/$"

  paths-versioned:
    description: Paths should include a version prefix
    severity: info
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        match: "^/v[0-9]"

  # OPERATIONS
  operation-summary-required:
    description: Every operation must have a summary
    severity: error
    given: "$.paths[*][get,post,put,patch,delete,head,options]"
    then:
      field: summary
      function: truthy

  operation-description-required:
    description: Every operation should have a description
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete,head,options]"
    then:
      field: description
      function: truthy

  operation-operationid-required:
    description: Every operation must have an operationId
    severity: error
    given: "$.paths[*][get,post,put,patch,delete,head,options]"
    then:
      field: operationId
      function: truthy

  operation-operationid-camel-case:
    description: OperationId must use camelCase
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete,head,options].operationId"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]*$"

  operation-tags-required:
    description: Every operation must have at least one tag
    severity: error
    given: "$.paths[*][get,post,put,patch,delete,head,options]"
    then:
      field: tags
      function: truthy

  operation-summary-tm-forum-prefix:
    description: Operation summaries should start with 'TM Forum'
    severity: info
    given: "$.paths[*][get,post,put,patch,delete,head,options].summary"
    then:
      function: pattern
      functionOptions:
        match: "^TM Forum"

  # TAGS
  tag-name-title-case:
    description: Tag names in the global tags array should use Title Case
    severity: info
    given: "$.tags[*].name"
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z]"

  tag-description-required:
    description: All global tags should have a description
    severity: info
    given: "$.tags[*]"
    then:
      field: description
      function: truthy

  # PARAMETERS
  parameter-description-required:
    description: All parameters must have a description
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete][parameters][*]"
    then:
      field: description
      function: truthy

  parameter-name-snake-case:
    description: Parameter names should use snake_case or camelCase
    severity: info
    given: "$.paths[*][get,post,put,patch,delete][parameters][*].name"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9_.]*$"

  # REQUEST BODIES
  request-body-content-type-json:
    description: Request bodies should support application/json
    severity: warn
    given: "$.paths[*][post,put,patch].requestBody.content"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          required: ["application/json"]

  # RESPONSES
  response-success-required:
    description: Operations must define at least one 2xx success response
    severity: error
    given: "$.paths[*][get,post,put,patch,delete].responses"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          minProperties: 1

  response-description-required:
    description: All response objects must have a description
    severity: error
    given: "$.paths[*][get,post,put,patch,delete].responses[*]"
    then:
      field: description
      function: truthy

  response-400-defined:
    description: Operations should define a 400 Bad Request response
    severity: info
    given: "$.paths[*][post,put,patch].responses"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          required: ["400"]

  response-401-defined:
    description: Operations should define a 401 Unauthorized response
    severity: info
    given: "$.paths[*][get,post,put,patch,delete].responses"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          required: ["401"]

  # SCHEMAS - PROPERTY NAMING
  schema-property-camel-case:
    description: Schema property names should use camelCase
    severity: info
    given: "$.components.schemas[*].properties[*]~"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9@.]*$"

  schema-type-defined:
    description: Schema properties should have a type defined
    severity: warn
    given: "$.components.schemas[*].properties[*]"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          anyOf:
            - required: ["type"]
            - required: ["$ref"]
            - required: ["allOf"]

  schema-description-required:
    description: Top-level schemas should have a description
    severity: info
    given: "$.components.schemas[*]"
    then:
      field: description
      function: truthy

  # SECURITY
  security-schemes-defined:
    description: Security schemes must be defined in components
    severity: warn
    given: "$.components"
    then:
      field: securitySchemes
      function: truthy

  # HTTP METHOD CONVENTIONS
  get-no-request-body:
    description: GET operations must not have a request body
    severity: error
    given: "$.paths[*].get"
    then:
      field: requestBody
      function: falsy

  delete-no-request-body:
    description: DELETE operations should not have a request body
    severity: warn
    given: "$.paths[*].delete"
    then:
      field: requestBody
      function: falsy

  post-has-request-body:
    description: POST operations creating resources should have a request body
    severity: info
    given: "$.paths[*].post"
    then:
      field: requestBody
      function: truthy

  # GENERAL QUALITY
  no-empty-descriptions:
    description: Description fields must not be empty strings
    severity: error
    given:
      - "$.info.description"
      - "$.paths[*][get,post,put,patch,delete].description"
      - "$.components.schemas[*].description"
    then:
      function: pattern
      functionOptions:
        match: "\\S"

  deprecation-documented:
    description: Deprecated operations should have a description explaining the deprecation
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete][?(@.deprecated==true)]"
    then:
      field: description
      function: truthy

  examples-encouraged:
    description: Schema properties are encouraged to have example values
    severity: info
    given: "$.components.schemas[*].properties[*]"
    then:
      field: example
      function: truthy