Vehicle Databases · API Governance Rules

Vehicle Databases API Rules

Spectral linting rules defining API design standards and conventions for Vehicle Databases.

21 Rules error 10 warn 10 info 1
View Rules File View on GitHub

Rule Categories

get info no openapi operation parameter paths response schema security servers

Rules

error
info-title-required
Info title must be defined.
$.info
warn
info-description-required
Info description must be non-empty.
$.info
error
info-version-required
API version must be defined.
$.info
error
openapi-version-3
Must use OpenAPI 3.x.
$
error
servers-defined
At least one server must be defined.
$
error
servers-https
Server URLs must use HTTPS.
$.servers[*].url
warn
paths-kebab-case
Path segments should use kebab-case.
$.paths[*]~
error
operation-summary-required
Every operation must have a summary.
$.paths[*][get,post,put,delete,patch]
warn
operation-summary-prefix
Operation summaries must start with "Vehicle Databases".
$.paths[*][get,post,put,delete,patch].summary
warn
operation-description-required
Every operation must have a description.
$.paths[*][get,post,put,delete,patch]
error
operation-operationid-required
Every operation must have an operationId.
$.paths[*][get,post,put,delete,patch]
warn
operation-operationid-camelcase
operationId must use camelCase.
$.paths[*][get,post,put,delete,patch].operationId
warn
operation-tags-required
Every operation must have at least one tag.
$.paths[*][get,post,put,delete,patch]
warn
parameter-description-required
All parameters must have a description.
$..parameters[*]
error
response-success-required
Every operation must have a 2xx response.
$.paths[*][get,post,put,delete,patch].responses
warn
response-404-defined
Operations with path parameters should define 404 responses.
$.paths[*][get].responses
warn
schema-description-required
Component schemas must have descriptions.
$.components.schemas[*]
error
security-schemes-defined
Security schemes must be defined.
$.components
info
security-apikey-header
API key authentication should use header placement (X-API-Key).
$.components.securitySchemes[?(@.type == 'apiKey')]
error
get-no-request-body
GET operations must not have a request body.
$.paths[*].get
warn
no-empty-descriptions
Descriptions must not be empty.
$..description

Spectral Ruleset

Raw ↑ 
rules:

  # INFO
  info-title-required:
    description: Info title must be defined.
    severity: error
    given: "$.info"
    then:
      field: title
      function: truthy

  info-description-required:
    description: Info description must be non-empty.
    severity: warn
    given: "$.info"
    then:
      field: description
      function: truthy

  info-version-required:
    description: API version must be defined.
    severity: error
    given: "$.info"
    then:
      field: version
      function: truthy

  # OPENAPI VERSION
  openapi-version-3:
    description: Must use OpenAPI 3.x.
    severity: error
    given: "$"
    then:
      field: openapi
      function: pattern
      functionOptions:
        match: "^3\\."

  # SERVERS
  servers-defined:
    description: At least one server must be defined.
    severity: error
    given: "$"
    then:
      field: servers
      function: truthy

  servers-https:
    description: Server URLs must use HTTPS.
    severity: error
    given: "$.servers[*].url"
    then:
      function: pattern
      functionOptions:
        match: "^https://"

  # PATHS
  paths-kebab-case:
    description: Path segments should use kebab-case.
    severity: warn
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        match: "^(/[a-z0-9{}_/-]+)+$"

  # OPERATIONS
  operation-summary-required:
    description: Every operation must have a summary.
    severity: error
    given: "$.paths[*][get,post,put,delete,patch]"
    then:
      field: summary
      function: truthy

  operation-summary-prefix:
    description: Operation summaries must start with "Vehicle Databases".
    severity: warn
    given: "$.paths[*][get,post,put,delete,patch].summary"
    then:
      function: pattern
      functionOptions:
        match: "^Vehicle Databases "

  operation-description-required:
    description: Every operation must have a description.
    severity: warn
    given: "$.paths[*][get,post,put,delete,patch]"
    then:
      field: description
      function: truthy

  operation-operationid-required:
    description: Every operation must have an operationId.
    severity: error
    given: "$.paths[*][get,post,put,delete,patch]"
    then:
      field: operationId
      function: truthy

  operation-operationid-camelcase:
    description: operationId must use camelCase.
    severity: warn
    given: "$.paths[*][get,post,put,delete,patch].operationId"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]+$"

  operation-tags-required:
    description: Every operation must have at least one tag.
    severity: warn
    given: "$.paths[*][get,post,put,delete,patch]"
    then:
      field: tags
      function: truthy

  # PARAMETERS
  parameter-description-required:
    description: All parameters must have a description.
    severity: warn
    given: "$..parameters[*]"
    then:
      field: description
      function: truthy

  # RESPONSES
  response-success-required:
    description: Every operation must have a 2xx response.
    severity: error
    given: "$.paths[*][get,post,put,delete,patch].responses"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          anyOf:
            - required: ["200"]
            - required: ["201"]

  response-404-defined:
    description: Operations with path parameters should define 404 responses.
    severity: warn
    given: "$.paths[*][get].responses"
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          required: ["404"]

  # SCHEMAS
  schema-description-required:
    description: Component schemas must have descriptions.
    severity: warn
    given: "$.components.schemas[*]"
    then:
      field: description
      function: truthy

  # SECURITY
  security-schemes-defined:
    description: Security schemes must be defined.
    severity: error
    given: "$.components"
    then:
      field: securitySchemes
      function: truthy

  security-apikey-header:
    description: API key authentication should use header placement (X-API-Key).
    severity: info
    given: "$.components.securitySchemes[?(@.type == 'apiKey')]"
    then:
      field: in
      function: pattern
      functionOptions:
        match: "^header$"

  # HTTP METHODS
  get-no-request-body:
    description: GET operations must not have a request body.
    severity: error
    given: "$.paths[*].get"
    then:
      field: requestBody
      function: falsy

  # GENERAL
  no-empty-descriptions:
    description: Descriptions must not be empty.
    severity: warn
    given: "$..description"
    then:
      function: pattern
      functionOptions:
        match: ".+"