Trabex · API Governance Rules

Trabex API Rules

Spectral linting rules defining API design standards and conventions for Trabex.

11 Rules error 5 warn 6
View Rules File View on GitHub

Rule Categories

trabex

Rules

warn
trabex-operation-summary-title-case
Operation summaries must use Title Case.
$.paths[*][*].summary
error
trabex-operation-ids-required
All operations must have an operationId.
$.paths[*][*]
warn
trabex-operation-description-required
All operations must have a description.
$.paths[*][*]
warn
trabex-api-key-in-header
API key authentication must use X-API-Key header.
$.components.securitySchemes.apiKeyAuth
warn
trabex-tags-required
All operations must be tagged for categorization.
$.paths[*][*]
error
trabex-versioned-paths
All API paths must be versioned with /v1/ prefix.
$.paths[*]~
error
trabex-shipment-id-path-param
Paths with shipmentId must define it as a path parameter.
$.paths[*][*].parameters[?(@.name=='shipmentId')]
error
trabex-response-2xx-defined
All operations must define a 200 or 201 success response.
$.paths[*][*].responses
warn
trabex-response-401-defined
All operations should define a 401 unauthorized response.
$.paths[*][*].responses
error
trabex-post-request-body
POST and PUT operations must define a requestBody.
$.paths[*][post,put]
warn
trabex-screening-response-risk-level
Screening responses must include riskLevel field.
$.components.schemas.ScreeningResponse.properties

Spectral Ruleset

Raw ↑ 
extends: spectral:oas
rules:
  trabex-operation-summary-title-case:
    description: Operation summaries must use Title Case.
    severity: warn
    given: "$.paths[*][*].summary"
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z][a-zA-Z0-9]*(\\s[A-Z][a-zA-Z0-9]*)*$"

  trabex-operation-ids-required:
    description: All operations must have an operationId.
    severity: error
    given: "$.paths[*][*]"
    then:
      field: operationId
      function: defined

  trabex-operation-description-required:
    description: All operations must have a description.
    severity: warn
    given: "$.paths[*][*]"
    then:
      field: description
      function: defined

  trabex-api-key-in-header:
    description: API key authentication must use X-API-Key header.
    severity: warn
    given: "$.components.securitySchemes.apiKeyAuth"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          properties:
            in:
              const: header
            name:
              const: X-API-Key

  trabex-tags-required:
    description: All operations must be tagged for categorization.
    severity: warn
    given: "$.paths[*][*]"
    then:
      field: tags
      function: defined

  trabex-versioned-paths:
    description: All API paths must be versioned with /v1/ prefix.
    severity: error
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        match: "^/v[0-9]+"

  trabex-shipment-id-path-param:
    description: Paths with shipmentId must define it as a path parameter.
    severity: error
    given: "$.paths[*][*].parameters[?(@.name=='shipmentId')]"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          properties:
            in:
              const: path
            required:
              const: true

  trabex-response-2xx-defined:
    description: All operations must define a 200 or 201 success response.
    severity: error
    given: "$.paths[*][*].responses"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          anyOf:
            - required: ["200"]
            - required: ["201"]

  trabex-response-401-defined:
    description: All operations should define a 401 unauthorized response.
    severity: warn
    given: "$.paths[*][*].responses"
    then:
      field: "401"
      function: defined

  trabex-post-request-body:
    description: POST and PUT operations must define a requestBody.
    severity: error
    given: "$.paths[*][post,put]"
    then:
      field: requestBody
      function: defined

  trabex-screening-response-risk-level:
    description: Screening responses must include riskLevel field.
    severity: warn
    given: "$.components.schemas.ScreeningResponse.properties"
    then:
      field: riskLevel
      function: defined