United Natural Foods (UNFI) · API Governance Rules

United Natural Foods (UNFI) API Rules

Spectral linting rules defining API design standards and conventions for United Natural Foods (UNFI).

15 Rules error 4 warn 9 info 2
View Rules File View on GitHub

Rule Categories

info list operation parameter path product response security servers unfi

Rules

error
operation-operationId
Every operation must have a unique operationId.
$.paths.*[get,post,put,patch,delete,options,head]
warn
operation-summary-title-case
Operation summaries must use Title Case.
$.paths.*[get,post,put,patch,delete].summary
warn
operation-tags
Every operation must include at least one tag.
$.paths.*[get,post,put,patch,delete]
warn
operation-description
Every operation must have a description.
$.paths.*[get,post,put,patch,delete]
warn
path-kebab-case
Path segments must use kebab-case (lowercase with hyphens).
$.paths[*]~
error
path-no-trailing-slash
Paths must not end with a trailing slash.
$.paths[*]~
warn
response-descriptions
All response status codes must include a description.
$.paths.*[get,post,put,patch,delete].responses.*
error
security-apikey-required
UNFI APIs use X-API-Key authentication. Security must be defined.
$.paths.*[get,post,put,patch,delete]
warn
operation-request-body-required
POST, PUT, and PATCH operations should have a requestBody.
$.paths.*[post,put,patch]
info
list-operation-pagination
GET operations on collections should support page and pageSize parameters.
$.paths.*[?(@parentProperty.match(/^\/(products|orders|insights)$/))]
info
unfi-product-id-format
UNFI product ID examples should follow the UNFI-XXXXXXX format.
$.components.schemas.Product.properties.productId.description
warn
product-upc-format
Product UPC should be exactly 12 numeric digits.
$.components.schemas.Product.properties.upc
warn
info-contact
API info must include contact information.
$.info
error
servers-defined
API must define at least one server.
$
warn
parameter-description
All parameters must have a description.
$.paths.*[get,post,put,patch,delete].parameters.*

Spectral Ruleset

Raw ↑ 
extends: spectral:oas
rules:

  # Require operationId on every operation
  operation-operationId:
    description: Every operation must have a unique operationId.
    severity: error
    given: "$.paths.*[get,post,put,patch,delete,options,head]"
    then:
      field: operationId
      function: truthy

  # Require operation summary in Title Case
  operation-summary-title-case:
    description: Operation summaries must use Title Case.
    message: "Summary '{{value}}' should be in Title Case."
    severity: warn
    given: "$.paths.*[get,post,put,patch,delete].summary"
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z][a-zA-Z0-9 ]*$"

  # Require tags on every operation
  operation-tags:
    description: Every operation must include at least one tag.
    severity: warn
    given: "$.paths.*[get,post,put,patch,delete]"
    then:
      field: tags
      function: truthy

  # Require description on every operation
  operation-description:
    description: Every operation must have a description.
    severity: warn
    given: "$.paths.*[get,post,put,patch,delete]"
    then:
      field: description
      function: truthy

  # Paths must use kebab-case
  path-kebab-case:
    description: Path segments must use kebab-case (lowercase with hyphens).
    severity: warn
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        match: "^(/[a-z0-9{}-]+)+$"

  # Paths must not have a trailing slash
  path-no-trailing-slash:
    description: Paths must not end with a trailing slash.
    severity: error
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        notMatch: ".+/$"

  # All response codes must have descriptions
  response-descriptions:
    description: All response status codes must include a description.
    severity: warn
    given: "$.paths.*[get,post,put,patch,delete].responses.*"
    then:
      field: description
      function: truthy

  # API must use API key authentication
  security-apikey-required:
    description: UNFI APIs use X-API-Key authentication. Security must be defined.
    severity: error
    given: "$.paths.*[get,post,put,patch,delete]"
    then:
      field: security
      function: truthy

  # POST/PUT/PATCH must have a requestBody
  operation-request-body-required:
    description: POST, PUT, and PATCH operations should have a requestBody.
    severity: warn
    given: "$.paths.*[post,put,patch]"
    then:
      field: requestBody
      function: truthy

  # Pagination parameters on list operations
  list-operation-pagination:
    description: GET operations on collections should support page and pageSize parameters.
    message: "List operation '{{path}}' should include pagination parameters."
    severity: info
    given: "$.paths.*[?(@parentProperty.match(/^\\/(products|orders|insights)$/))]"
    then:
      field: parameters
      function: truthy

  # UNFI product IDs follow UNFI-XXXXXXX format
  unfi-product-id-format:
    description: UNFI product ID examples should follow the UNFI-XXXXXXX format.
    severity: info
    given: "$.components.schemas.Product.properties.productId.description"
    then:
      function: truthy

  # UPC must be 12 digits
  product-upc-format:
    description: Product UPC should be exactly 12 numeric digits.
    severity: warn
    given: "$.components.schemas.Product.properties.upc"
    then:
      field: description
      function: truthy

  # Require info contact
  info-contact:
    description: API info must include contact information.
    severity: warn
    given: "$.info"
    then:
      field: contact
      function: truthy

  # Servers must be defined
  servers-defined:
    description: API must define at least one server.
    severity: error
    given: "$"
    then:
      field: servers
      function: truthy

  # Parameters must have descriptions
  parameter-description:
    description: All parameters must have a description.
    severity: warn
    given: "$.paths.*[get,post,put,patch,delete].parameters.*"
    then:
      field: description
      function: truthy