Vanta · API Governance Rules

Vanta API Rules

Spectral linting rules defining API design standards and conventions for Vanta.

10 Rules error 3 warn 7
View Rules File View on GitHub

Rule Categories

vanta

Rules

warn
vanta-operation-summary-title-case
All operation summaries must use Title Case
$.paths[*][*].summary
error
vanta-operation-ids-present
All operations must have an operationId
$.paths[*][*]
warn
vanta-paths-versioned
All data paths must be versioned with /v1/ prefix
$.paths
warn
vanta-pagination-page-size
List endpoints must support pageSize query parameter
$.paths[*].get.parameters[?(@.name=='pageSize')]
warn
vanta-responses-have-content
Successful responses must define a content schema
$.paths[*][*].responses.200
warn
vanta-auth-documented
All operations should document their security requirements
$.paths[*][*]
warn
vanta-error-responses-defined
All operations must define 401 Unauthorized response
$.paths[*][*].responses
error
vanta-request-body-for-post
POST operations must have a request body
$.paths[*].post
warn
vanta-tags-singular-or-plural-consistent
Operation tags must match defined tag list
$.paths[*][*].tags[*]
error
vanta-path-params-in-path
Path parameters must be defined in the path segment
$.paths[*][*].parameters[?(@.in=='path')]

Spectral Ruleset

Raw ↑ 
extends: spectral:oas
rules:
  vanta-operation-summary-title-case:
    description: All operation summaries must use Title Case
    severity: warn
    given: "$.paths[*][*].summary"
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z][a-zA-Z0-9 ]*$"

  vanta-operation-ids-present:
    description: All operations must have an operationId
    severity: error
    given: "$.paths[*][*]"
    then:
      field: operationId
      function: truthy

  vanta-paths-versioned:
    description: All data paths must be versioned with /v1/ prefix
    severity: warn
    given: "$.paths"
    then:
      function: pattern
      functionOptions:
        match: "^\\/v1\\/"

  vanta-pagination-page-size:
    description: List endpoints must support pageSize query parameter
    severity: warn
    given: "$.paths[*].get.parameters[?(@.name=='pageSize')]"
    then:
      field: schema.maximum
      function: defined

  vanta-responses-have-content:
    description: Successful responses must define a content schema
    severity: warn
    given: "$.paths[*][*].responses.200"
    then:
      field: content
      function: truthy

  vanta-auth-documented:
    description: All operations should document their security requirements
    severity: warn
    given: "$.paths[*][*]"
    then:
      field: tags
      function: truthy

  vanta-error-responses-defined:
    description: All operations must define 401 Unauthorized response
    severity: warn
    given: "$.paths[*][*].responses"
    then:
      field: "401"
      function: defined

  vanta-request-body-for-post:
    description: POST operations must have a request body
    severity: error
    given: "$.paths[*].post"
    then:
      field: requestBody
      function: truthy

  vanta-tags-singular-or-plural-consistent:
    description: Operation tags must match defined tag list
    severity: warn
    given: "$.paths[*][*].tags[*]"
    then:
      function: enumeration
      functionOptions:
        values:
          - Authentication
          - Users
          - Vulnerabilities
          - Controls
          - Tests
          - Documents
          - Vendors
          - Resources
          - Integrations

  vanta-path-params-in-path:
    description: Path parameters must be defined in the path segment
    severity: error
    given: "$.paths[*][*].parameters[?(@.in=='path')]"
    then:
      field: required
      function: truthy