University of Bath · API Governance Rules

University of Bath API Rules

Spectral linting rules defining API design standards and conventions for University of Bath.

6 Rules error 2 warn 3
View Rules File View on GitHub

Rule Categories

bath

Rules

error
bath-pure-api-key-security-defined
A reusable "api-key" security scheme must be declared.
$.components.securitySchemes
warn
bath-pure-server-ws-api
Server URL should be the Pure /ws/api base path.
$.servers[*].url
warn
bath-pure-operationid-snake-case
operationId should use Pure's snake/underscore convention (e.g. person_list).
$.paths[*][get,post,put,delete].operationId
hint
bath-pure-list-paging-params
List operations should document size/offset paging.
$.paths[?(@property.match(/s$/))].get.parameters[*].name
warn
bath-pure-operation-tagged
Each operation should be tagged with its Pure content family.
$.paths[*][get,post,put,delete]
error
bath-pure-info-description
API info must carry a description.
$.info

Spectral Ruleset

university-of-bath-rules.yml Raw ↑ 
---
# Spectral ruleset encoding patterns observed in the University of Bath
# Elsevier Pure research information API (Pure 5.33.3-3) OpenAPI 3.0 description.
# These rules reflect real conventions seen in the published spec.
formats:
  - oas3
extends:
  - spectral:oas
rules:
  # Pure secures every operation with the api-key security scheme.
  bath-pure-api-key-security-defined:
    description: A reusable "api-key" security scheme must be declared.
    severity: error
    given: $.components.securitySchemes
    then:
      field: api-key
      function: truthy

  # Pure serves resources under the /ws/api server base path.
  bath-pure-server-ws-api:
    description: Server URL should be the Pure /ws/api base path.
    severity: warn
    given: $.servers[*].url
    then:
      function: pattern
      functionOptions:
        match: "/ws/api"

  # Every operation in the Pure API carries an operationId (e.g. person_list).
  bath-pure-operationid-snake-case:
    description: operationId should use Pure's snake/underscore convention (e.g. person_list).
    severity: warn
    given: $.paths[*][get,post,put,delete].operationId
    then:
      function: pattern
      functionOptions:
        match: "^[a-zA-Z]+_[a-zA-Z-]+$"

  # List endpoints expose size + offset paging query parameters.
  bath-pure-list-paging-params:
    description: List operations should document size/offset paging.
    severity: hint
    given: $.paths[?(@property.match(/s$/))].get.parameters[*].name
    then:
      function: pattern
      functionOptions:
        match: "^(size|offset|order|q|.*)$"

  # Operations should be grouped by a Pure content tag (activity, person, etc.).
  bath-pure-operation-tagged:
    description: Each operation should be tagged with its Pure content family.
    severity: warn
    given: $.paths[*][get,post,put,delete]
    then:
      field: tags
      function: truthy

  # Pure objects are keyed by a UUID; descriptions should be present on info.
  bath-pure-info-description:
    description: API info must carry a description.
    severity: error
    given: $.info
    then:
      field: description
      function: truthy