Toys R Us · API Governance Rules

Toys R Us API Rules

Spectral linting rules defining API design standards and conventions for Toys R Us.

10 Rules error 3 warn 6

View Rules File View on GitHub

Rule Categories

toys

Rules

warn

toys-r-us-operation-summary-title-case

Operation summaries must use Title Case.

$.paths[*][*].summary

error

toys-r-us-operation-ids-required

All operations must have an operationId.

$.paths[*][*]

warn

toys-r-us-operation-description-required

All operations must have a description.

$.paths[*][*]

warn

toys-r-us-api-key-security

The API must use subscription-key authentication.

$.components.securitySchemes.apiKeyAuth

warn

toys-r-us-tags-required

All operations must be tagged for categorization.

$.paths[*][*]

hint

toys-r-us-pagination-params

GET collection endpoints should support page and pageSize parameters.

$.paths[?([email protected](/{.*}/))][get].parameters

error

toys-r-us-response-200-defined

All operations must define a 200 or 201 success response.

$.paths[*][*].responses

warn

toys-r-us-response-401-defined

All operations should define a 401 unauthorized response.

$.paths[*][*].responses

error

toys-r-us-import-endpoints-use-post

Document import endpoints (*/import) must use POST method.

$.paths[?(@property.match('/import$'))][*]

warn

toys-r-us-error-schema-consistent

Error response schemas should reference the shared Error schema.

$.paths[*][*].responses[401,400,404].content.application/json.schema

Spectral Ruleset

extends: spectral:oas
rules:
  toys-r-us-operation-summary-title-case:
    description: Operation summaries must use Title Case.
    severity: warn
    given: "$.paths[*][*].summary"
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z][a-zA-Z0-9]*(\\s[A-Z][a-zA-Z0-9]*)*$"

  toys-r-us-operation-ids-required:
    description: All operations must have an operationId.
    severity: error
    given: "$.paths[*][*]"
    then:
      field: operationId
      function: defined

  toys-r-us-operation-description-required:
    description: All operations must have a description.
    severity: warn
    given: "$.paths[*][*]"
    then:
      field: description
      function: defined

  toys-r-us-api-key-security:
    description: The API must use subscription-key authentication.
    severity: warn
    given: "$.components.securitySchemes.apiKeyAuth"
    then:
      function: defined

  toys-r-us-tags-required:
    description: All operations must be tagged for categorization.
    severity: warn
    given: "$.paths[*][*]"
    then:
      field: tags
      function: defined

  toys-r-us-pagination-params:
    description: GET collection endpoints should support page and pageSize parameters.
    severity: hint
    given: "$.paths[?([email protected](/{.*}/))][get].parameters"
    then:
      function: schema
      functionOptions:
        schema:
          type: array

  toys-r-us-response-200-defined:
    description: All operations must define a 200 or 201 success response.
    severity: error
    given: "$.paths[*][*].responses"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          anyOf:
            - required: ["200"]
            - required: ["201"]

  toys-r-us-response-401-defined:
    description: All operations should define a 401 unauthorized response.
    severity: warn
    given: "$.paths[*][*].responses"
    then:
      field: "401"
      function: defined

  toys-r-us-import-endpoints-use-post:
    description: Document import endpoints (*/import) must use POST method.
    severity: error
    given: "$.paths[?(@property.match('/import$'))][*]"
    then:
      field: post
      function: defined

  toys-r-us-error-schema-consistent:
    description: Error response schemas should reference the shared Error schema.
    severity: warn
    given: "$.paths[*][*].responses[401,400,404].content.application/json.schema"
    then:
      function: defined