WooCommerce · API Governance Rules

WooCommerce API Rules

Spectral linting rules defining API design standards and conventions for WooCommerce.

37 Rules error 11 warn 21 info 5
View Rules File View on GitHub

Rule Categories

delete external get info microcks openapi operation parameter paths post put request response schema security servers tag tags

Rules

error
info-title-required
API title must be present and start with "WooCommerce".
$.info
error
info-description-required
API description must be present and at least 100 characters.
$.info
error
info-version-required
API version must be specified.
$.info
warn
info-contact-required
Contact information must be present.
$.info
warn
info-terms-of-service
Terms of service URL must be present.
$.info
warn
openapi-version-31
OpenAPI version must be 3.1.0.
$
error
servers-required
At least one server must be defined.
$
warn
servers-description-required
Each server should have a description.
$.servers[*]
warn
paths-use-kebab-case
Path segments must use kebab-case (lowercase letters, digits, hyphens).
$.paths[*]~
warn
paths-no-trailing-slash
Paths must not have trailing slashes.
$.paths[*]~
info
paths-plural-resource-nouns
Collection resource paths should use plural nouns.
$.paths[*]~
error
operation-operationid-required
Every operation must have an operationId.
$.paths[*][get,post,put,patch,delete]
warn
operation-operationid-camelcase
operationId must use camelCase.
$.paths[*][get,post,put,patch,delete].operationId
error
operation-summary-required
Every operation must have a summary.
$.paths[*][get,post,put,patch,delete]
warn
operation-summary-woocommerce-prefix
Operation summaries must start with "WooCommerce ".
$.paths[*][get,post,put,patch,delete].summary
warn
operation-description-required
Every operation must have a description.
$.paths[*][get,post,put,patch,delete]
warn
operation-tags-required
Every operation must have at least one tag.
$.paths[*][get,post,put,patch,delete]
warn
parameter-description-required
All parameters must have descriptions.
$.paths[*][get,post,put,patch,delete][*].parameters[*]
warn
parameter-naming-snake-case
Parameter names must use snake_case.
$.paths[*][get,post,put,patch,delete].parameters[*].name
info
parameter-pagination-standard
Pagination parameters should be named page and per_page.
$.paths[*][get].parameters[*]
warn
request-body-json-content-type
Request bodies should use application/json content type.
$.paths[*][post,put,patch].requestBody.content
error
response-success-required
Operations must define at least a 200 or 201 success response.
$.paths[*][get,post,put,patch,delete].responses
error
response-description-required
All responses must have descriptions.
$.paths[*][get,post,put,patch,delete].responses[*]
warn
response-json-content-type
Successful responses should return application/json.
$.paths[*][get,post,put,patch].responses['200'].content
info
response-error-401-defined
Protected endpoints should define a 401 unauthorized response.
$.paths[*][get,post,put,patch,delete].responses
warn
schema-property-snake-case
Schema property names must use snake_case.
$.components.schemas[*].properties[*]~
warn
schema-description-required
Top-level component schemas should have descriptions.
$.components.schemas[*]
warn
schema-type-defined
Schemas should define an explicit type.
$.components.schemas[*]
error
security-schemes-defined
Security schemes must be defined in components.
$.components.securitySchemes
error
get-no-request-body
GET operations must not have request bodies.
$.paths[*].get
warn
delete-returns-200-or-204
DELETE operations should return 200 or 204.
$.paths[*].delete.responses
warn
post-has-request-body
POST operations that create resources should have request bodies.
$.paths[*].post
error
put-has-request-body
PUT operations must have request bodies.
$.paths[*].put
warn
tags-global-defined
Global tags array should be defined with all tags used in operations.
$
warn
tag-descriptions-required
Global tag definitions must include descriptions.
$.tags[*]
info
microcks-operation-extension
Operations should include x-microcks-operation for mock server compatibility.
$.paths[*][get,post,put,patch,delete]
info
external-docs-encouraged
APIs should reference external documentation.
$

Spectral Ruleset

Raw ↑ 
rules:
  # INFO / METADATA
  info-title-required:
    description: API title must be present and start with "WooCommerce".
    message: "info.title must be present and start with 'WooCommerce'."
    severity: error
    given: $.info
    then:
      - field: title
        function: truthy
      - field: title
        function: pattern
        functionOptions:
          match: "^WooCommerce"

  info-description-required:
    description: API description must be present and at least 100 characters.
    severity: error
    given: $.info
    then:
      field: description
      function: minLength
      functionOptions:
        value: 100

  info-version-required:
    description: API version must be specified.
    severity: error
    given: $.info
    then:
      field: version
      function: truthy

  info-contact-required:
    description: Contact information must be present.
    severity: warn
    given: $.info
    then:
      field: contact
      function: truthy

  info-terms-of-service:
    description: Terms of service URL must be present.
    severity: warn
    given: $.info
    then:
      field: termsOfService
      function: truthy

  # OPENAPI VERSION
  openapi-version-31:
    description: OpenAPI version must be 3.1.0.
    severity: warn
    given: $
    then:
      field: openapi
      function: pattern
      functionOptions:
        match: "^3\\.1\\."

  # SERVERS
  servers-required:
    description: At least one server must be defined.
    severity: error
    given: $
    then:
      field: servers
      function: truthy

  servers-description-required:
    description: Each server should have a description.
    severity: warn
    given: $.servers[*]
    then:
      field: description
      function: truthy

  # PATHS - NAMING CONVENTIONS
  paths-use-kebab-case:
    description: Path segments must use kebab-case (lowercase letters, digits, hyphens).
    severity: warn
    given: $.paths[*]~
    then:
      function: pattern
      functionOptions:
        match: "^(/([a-z0-9][a-z0-9-]*[a-z0-9]|[a-z0-9]|\\{[a-z_]+\\}|wc/v[0-9]|wc/store/v[0-9]))*$"

  paths-no-trailing-slash:
    description: Paths must not have trailing slashes.
    severity: warn
    given: $.paths[*]~
    then:
      function: pattern
      functionOptions:
        notMatch: "/$"

  paths-plural-resource-nouns:
    description: Collection resource paths should use plural nouns.
    severity: info
    given: $.paths[*]~
    then:
      function: pattern
      functionOptions:
        notMatch: "/(product|order|customer|coupon|webhook|setting|tax-rate|shipping-zone|payment-gateway)$"

  # OPERATIONS
  operation-operationid-required:
    description: Every operation must have an operationId.
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: operationId
      function: truthy

  operation-operationid-camelcase:
    description: operationId must use camelCase.
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].operationId"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]*$"

  operation-summary-required:
    description: Every operation must have a summary.
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: summary
      function: truthy

  operation-summary-woocommerce-prefix:
    description: Operation summaries must start with "WooCommerce ".
    message: "Operation summary must start with 'WooCommerce '."
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].summary"
    then:
      function: pattern
      functionOptions:
        match: "^WooCommerce "

  operation-description-required:
    description: Every operation must have a description.
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: description
      function: truthy

  operation-tags-required:
    description: Every operation must have at least one tag.
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: tags
      function: truthy

  # PARAMETERS
  parameter-description-required:
    description: All parameters must have descriptions.
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete][*].parameters[*]"
    then:
      field: description
      function: truthy

  parameter-naming-snake-case:
    description: Parameter names must use snake_case.
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].parameters[*].name"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-z0-9_]*$"

  parameter-pagination-standard:
    description: Pagination parameters should be named page and per_page.
    severity: info
    given: "$.paths[*][get].parameters[*]"
    then:
      function: schema
      functionOptions:
        schema:
          if:
            properties:
              name:
                pattern: "page"
          then:
            properties:
              name:
                enum: [page, per_page]

  # REQUEST BODIES
  request-body-json-content-type:
    description: Request bodies should use application/json content type.
    severity: warn
    given: "$.paths[*][post,put,patch].requestBody.content"
    then:
      function: schema
      functionOptions:
        schema:
          required: ['application/json']

  # RESPONSES
  response-success-required:
    description: Operations must define at least a 200 or 201 success response.
    severity: error
    given: "$.paths[*][get,post,put,patch,delete].responses"
    then:
      function: schema
      functionOptions:
        schema:
          anyOf:
            - required: ['200']
            - required: ['201']

  response-description-required:
    description: All responses must have descriptions.
    severity: error
    given: "$.paths[*][get,post,put,patch,delete].responses[*]"
    then:
      field: description
      function: truthy

  response-json-content-type:
    description: Successful responses should return application/json.
    severity: warn
    given: "$.paths[*][get,post,put,patch].responses['200'].content"
    then:
      function: schema
      functionOptions:
        schema:
          required: ['application/json']

  response-error-401-defined:
    description: Protected endpoints should define a 401 unauthorized response.
    severity: info
    given: "$.paths[*][get,post,put,patch,delete].responses"
    then:
      function: schema
      functionOptions:
        schema:
          anyOf:
            - required: ['401']
            - required: ['403']

  # SCHEMAS - PROPERTY NAMING
  schema-property-snake-case:
    description: Schema property names must use snake_case.
    severity: warn
    given: "$.components.schemas[*].properties[*]~"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-z0-9_]*$"

  schema-description-required:
    description: Top-level component schemas should have descriptions.
    severity: warn
    given: $.components.schemas[*]
    then:
      field: description
      function: truthy

  schema-type-defined:
    description: Schemas should define an explicit type.
    severity: warn
    given: $.components.schemas[*]
    then:
      field: type
      function: truthy

  # SECURITY
  security-schemes-defined:
    description: Security schemes must be defined in components.
    severity: error
    given: $.components.securitySchemes
    then:
      function: truthy

  # HTTP METHOD CONVENTIONS
  get-no-request-body:
    description: GET operations must not have request bodies.
    severity: error
    given: "$.paths[*].get"
    then:
      field: requestBody
      function: falsy

  delete-returns-200-or-204:
    description: DELETE operations should return 200 or 204.
    severity: warn
    given: "$.paths[*].delete.responses"
    then:
      function: schema
      functionOptions:
        schema:
          anyOf:
            - required: ['200']
            - required: ['204']

  post-has-request-body:
    description: POST operations that create resources should have request bodies.
    severity: warn
    given: "$.paths[*].post"
    then:
      field: requestBody
      function: truthy

  put-has-request-body:
    description: PUT operations must have request bodies.
    severity: error
    given: "$.paths[*].put"
    then:
      field: requestBody
      function: truthy

  # GENERAL QUALITY
  tags-global-defined:
    description: Global tags array should be defined with all tags used in operations.
    severity: warn
    given: $
    then:
      field: tags
      function: truthy

  tag-descriptions-required:
    description: Global tag definitions must include descriptions.
    severity: warn
    given: $.tags[*]
    then:
      field: description
      function: truthy

  microcks-operation-extension:
    description: Operations should include x-microcks-operation for mock server compatibility.
    severity: info
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: x-microcks-operation
      function: truthy

  external-docs-encouraged:
    description: APIs should reference external documentation.
    severity: info
    given: $
    then:
      field: externalDocs
      function: truthy