Toast · API Governance Rules

Toast API Rules

Spectral linting rules defining API design standards and conventions for Toast.

29 Rules error 10 warn 6 info 13
View Rules File View on GitHub

Rule Categories

delete examples get info no operation parameter paths response schema security servers toast

Rules

error
info-title-required
Info object must have a title
$.info
warn
info-title-toast-prefix
API title should start with 'Toast'
$.info.title
warn
info-description-required
Info object must have a description
$.info
error
info-version-required
Info object must have a version
$.info
error
servers-defined
Servers array must be defined
$
error
servers-https
Server URLs must use HTTPS
$.servers[*].url
warn
paths-no-trailing-slash
Paths must not end with a trailing slash
$.paths[*]~
info
paths-guid-parameters
Path parameters for identifiers should use 'guid' naming
$.paths[*]~
error
operation-summary-required
Every operation must have a summary
$.paths[*][get,post,put,patch,delete]
info
operation-summary-toast-prefix
Operation summaries should start with 'Toast'
$.paths[*][get,post,put,patch,delete].summary
error
operation-operationid-required
Every operation must have an operationId
$.paths[*][get,post,put,patch,delete]
warn
operation-operationid-camel-case
OperationId should use camelCase
$.paths[*][get,post,put,patch,delete].operationId
warn
operation-tags-required
Every operation must have at least one tag
$.paths[*][get,post,put,patch,delete]
info
operation-description-required
Operations should have a description
$.paths[*][get,post,put,patch,delete]
warn
parameter-description-required
All parameters must have a description
$.paths[*][get,post,put,patch,delete][parameters][*]
info
parameter-restaurant-guid-header
Restaurant GUID should be passed as a header named Toast-Restaurant-External-ID
$.paths[*][get,post,put,patch,delete][parameters][*][?(@.name=='restaurantGuid')]
error
response-success-required
Operations must define at least one 2xx response
$.paths[*][get,post,put,patch,delete].responses
error
response-description-required
All response objects must have a description
$.paths[*][get,post,put,patch,delete].responses[*]
info
response-401-defined
Secured operations should define a 401 Unauthorized response
$.paths[*][get,post,put,patch,delete].responses
info
response-404-on-get-by-id
GET by ID operations should define a 404 Not Found response
$.paths[*~*Guid*][get].responses
info
schema-property-camel-case
Schema property names should use camelCase
$.definitions[*].properties[*]~
info
schema-description-required
Top-level schemas should have a description
$.definitions[*]
info
schema-guid-property-format
Properties named 'guid' should have format uuid
$.definitions[*].properties[?(@property === 'guid')]
info
security-defined
Security should be defined at the API level
$
error
get-no-request-body
GET operations must not have a request body
$.paths[*].get
info
delete-returns-no-content
DELETE operations should return 204 No Content
$.paths[*].delete.responses
info
toast-restaurant-guid-required
Most Toast APIs require Toast-Restaurant-External-ID header
$.paths[*][get,post,put,patch].parameters
error
no-empty-descriptions
Description fields must not be empty
$.info.description$.paths[*][get,post,put,patch,delete].description
info
examples-encouraged
Schema properties should have example values
$.definitions[*].properties[*]

Spectral Ruleset

Raw ↑ 
rules:
  # INFO / METADATA
  info-title-required:
    description: Info object must have a title
    severity: error
    given: "$.info"
    then:
      field: title
      function: truthy

  info-title-toast-prefix:
    description: API title should start with 'Toast'
    severity: warn
    given: "$.info.title"
    then:
      function: pattern
      functionOptions:
        match: "^Toast"

  info-description-required:
    description: Info object must have a description
    severity: warn
    given: "$.info"
    then:
      field: description
      function: truthy

  info-version-required:
    description: Info object must have a version
    severity: error
    given: "$.info"
    then:
      field: version
      function: truthy

  # SERVERS
  servers-defined:
    description: Servers array must be defined
    severity: error
    given: "$"
    then:
      field: servers
      function: truthy

  servers-https:
    description: Server URLs must use HTTPS
    severity: error
    given: "$.servers[*].url"
    then:
      function: pattern
      functionOptions:
        match: "^https://"

  # PATHS - NAMING CONVENTIONS
  paths-no-trailing-slash:
    description: Paths must not end with a trailing slash
    severity: warn
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        notMatch: "/$"

  paths-guid-parameters:
    description: Path parameters for identifiers should use 'guid' naming
    severity: info
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        notMatch: "\\{id\\}"

  # OPERATIONS
  operation-summary-required:
    description: Every operation must have a summary
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: summary
      function: truthy

  operation-summary-toast-prefix:
    description: Operation summaries should start with 'Toast'
    severity: info
    given: "$.paths[*][get,post,put,patch,delete].summary"
    then:
      function: pattern
      functionOptions:
        match: "^Toast"

  operation-operationid-required:
    description: Every operation must have an operationId
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: operationId
      function: truthy

  operation-operationid-camel-case:
    description: OperationId should use camelCase
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].operationId"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]*$"

  operation-tags-required:
    description: Every operation must have at least one tag
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: tags
      function: truthy

  operation-description-required:
    description: Operations should have a description
    severity: info
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: description
      function: truthy

  # PARAMETERS
  parameter-description-required:
    description: All parameters must have a description
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete][parameters][*]"
    then:
      field: description
      function: truthy

  parameter-restaurant-guid-header:
    description: Restaurant GUID should be passed as a header named Toast-Restaurant-External-ID
    severity: info
    given: "$.paths[*][get,post,put,patch,delete][parameters][*][?(@.name=='restaurantGuid')]"
    then:
      field: in
      function: enumeration
      functionOptions:
        values: ["header"]

  # RESPONSES
  response-success-required:
    description: Operations must define at least one 2xx response
    severity: error
    given: "$.paths[*][get,post,put,patch,delete].responses"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          minProperties: 1

  response-description-required:
    description: All response objects must have a description
    severity: error
    given: "$.paths[*][get,post,put,patch,delete].responses[*]"
    then:
      field: description
      function: truthy

  response-401-defined:
    description: Secured operations should define a 401 Unauthorized response
    severity: info
    given: "$.paths[*][get,post,put,patch,delete].responses"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          required: ["401"]

  response-404-on-get-by-id:
    description: GET by ID operations should define a 404 Not Found response
    severity: info
    given: "$.paths[*~*Guid*][get].responses"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          required: ["404"]

  # SCHEMAS - PROPERTY NAMING
  schema-property-camel-case:
    description: Schema property names should use camelCase
    severity: info
    given: "$.definitions[*].properties[*]~"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]*$"

  schema-description-required:
    description: Top-level schemas should have a description
    severity: info
    given: "$.definitions[*]"
    then:
      field: description
      function: truthy

  schema-guid-property-format:
    description: Properties named 'guid' should have format uuid
    severity: info
    given: "$.definitions[*].properties[?(@property === 'guid')]"
    then:
      field: format
      function: enumeration
      functionOptions:
        values: ["uuid"]

  # SECURITY
  security-defined:
    description: Security should be defined at the API level
    given: "$"
    severity: info
    then:
      field: securityDefinitions
      function: truthy

  # HTTP METHOD CONVENTIONS
  get-no-request-body:
    description: GET operations must not have a request body
    severity: error
    given: "$.paths[*].get"
    then:
      field: body
      function: falsy

  delete-returns-no-content:
    description: DELETE operations should return 204 No Content
    severity: info
    given: "$.paths[*].delete.responses"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          required: ["204"]

  # TOAST-SPECIFIC CONVENTIONS
  toast-restaurant-guid-required:
    description: Most Toast APIs require Toast-Restaurant-External-ID header
    severity: info
    given: "$.paths[*][get,post,put,patch].parameters"
    then:
      function: schema
      functionOptions:
        schema:
          type: array
          contains:
            type: object
            properties:
              name:
                enum: ["Toast-Restaurant-External-ID"]

  # GENERAL QUALITY
  no-empty-descriptions:
    description: Description fields must not be empty
    severity: error
    given:
      - "$.info.description"
      - "$.paths[*][get,post,put,patch,delete].description"
    then:
      function: pattern
      functionOptions:
        match: "\\S"

  examples-encouraged:
    description: Schema properties should have example values
    severity: info
    given: "$.definitions[*].properties[*]"
    then:
      field: example
      function: truthy