US Bancorp · API Governance Rules

US Bancorp API Rules

Spectral linting rules defining API design standards and conventions for US Bancorp.

9 Rules error 2 warn 6 info 1
View Rules File View on GitHub

Rule Categories

usbank

Rules

warn
usbank-operations-have-tags
All US Bank API operations must have at least one tag for grouping
$.paths[*][get,post,put,patch,delete]
warn
usbank-correlation-id-required
All US Bank API operations must accept a Correlation-ID header for tracing
$.paths[*][get,post,put,patch,delete].parameters[?(@.name == 'Correlation-ID')]
error
usbank-https-servers
All US Bank API servers must use HTTPS
$.servers[*].url
warn
usbank-operations-have-operation-ids
All operations must have operationId for SDK generation
$.paths[*][get,post,put,patch,delete]
info
usbank-operation-ids-camel-case
US Bank operation IDs should use camelCase
$.paths[*][get,post,put,patch,delete].operationId
warn
usbank-responses-have-content
All 200/201 responses should define content schema
$.paths[*][*].responses[?(@property == '200' || @property == '201')]
warn
usbank-error-responses-defined
All POST/PUT/PATCH operations should define 400 error responses
$.paths[*][post,put,patch]
error
usbank-security-defined
US Bank API operations should have security defined (OAuth MFA)
$.security
warn
usbank-parameters-have-descriptions
All parameters should include descriptions
$.paths[*][*].parameters[*]

Spectral Ruleset

Raw ↑ 
extends: spectral:oas
rules:
  usbank-operations-have-tags:
    description: All US Bank API operations must have at least one tag for grouping
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: tags
      function: truthy

  usbank-correlation-id-required:
    description: All US Bank API operations must accept a Correlation-ID header for tracing
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].parameters[?(@.name == 'Correlation-ID')]"
    then:
      field: required
      function: truthy

  usbank-https-servers:
    description: All US Bank API servers must use HTTPS
    severity: error
    given: "$.servers[*].url"
    then:
      function: pattern
      functionOptions:
        match: "^https://"

  usbank-operations-have-operation-ids:
    description: All operations must have operationId for SDK generation
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: operationId
      function: truthy

  usbank-operation-ids-camel-case:
    description: US Bank operation IDs should use camelCase
    severity: info
    given: "$.paths[*][get,post,put,patch,delete].operationId"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]*$"

  usbank-responses-have-content:
    description: All 200/201 responses should define content schema
    severity: warn
    given: "$.paths[*][*].responses[?(@property == '200' || @property == '201')]"
    then:
      field: content
      function: truthy

  usbank-error-responses-defined:
    description: All POST/PUT/PATCH operations should define 400 error responses
    severity: warn
    given: "$.paths[*][post,put,patch]"
    then:
      field: responses.400
      function: truthy

  usbank-security-defined:
    description: US Bank API operations should have security defined (OAuth MFA)
    severity: error
    given: "$.security"
    then:
      function: truthy

  usbank-parameters-have-descriptions:
    description: All parameters should include descriptions
    severity: warn
    given: "$.paths[*][*].parameters[*]"
    then:
      field: description
      function: truthy