WordPress · API Governance Rules

WordPress API Rules

Spectral linting rules defining API design standards and conventions for WordPress.

41 Rules error 10 warn 18 info 13
View Rules File View on GitHub

Rule Categories

delete get info no openapi operation pagination parameter paths post request response schema security servers tag tags

Rules

warn
info-title-wordpress-prefix
$.info.title
error
info-description-required
$.info
error
info-version-required
$.info
warn
info-contact-required
$.info
warn
info-license-required
$.info
error
openapi-version-3
$.openapi
error
servers-defined
$
warn
servers-https-only
$.servers[*].url
warn
paths-kebab-case
$.paths[*]~
warn
paths-no-trailing-slash
$.paths[*]~
info
paths-version-prefix
$.paths[*]~
error
operation-summary-required
$.paths[*][get,post,put,patch,delete]
warn
operation-description-required
$.paths[*][get,post,put,patch,delete]
error
operation-id-required
$.paths[*][get,post,put,patch,delete]
warn
operation-id-camel-case
$.paths[*][get,post,put,patch,delete].operationId
warn
operation-tags-required
$.paths[*][get,post,put,patch,delete]
warn
operation-summary-wordpress-prefix
$.paths[*][get,post,put,patch,delete].summary
info
tags-defined
$
info
tag-description-required
$.tags[*]
warn
parameter-description-required
$.paths[*][get,post,put,patch,delete].parameters[*]
info
parameter-snake-case
$.paths[*][get,post,put,patch,delete].parameters[*].name
error
parameter-schema-required
$.paths[*][get,post,put,patch,delete].parameters[*]
info
request-body-description
$.paths[*][post,put,patch].requestBody
warn
request-body-json-content
$.paths[*][post,put,patch].requestBody.content
error
response-success-required
$.paths[*][get,post,put,patch,delete].responses
error
response-description-required
$.paths[*][get,post,put,patch,delete].responses[*]
info
response-401-for-auth
$.paths[*][post,put,delete].responses
info
response-404-for-get-by-id
$.paths[*~'\\{id\\}'][get].responses
warn
schema-description-required
$.components.schemas[*]
warn
schema-type-defined
$.components.schemas[*]
info
schema-property-snake-case
$.components.schemas[*].properties[*]~
info
schema-property-description
$.components.schemas[*].properties[*]
info
schema-property-example
$.components.schemas[*].properties[*]
warn
security-schemes-defined
$.components
warn
security-scheme-description
$.components.securitySchemes[*]
error
get-no-request-body
$.paths[*].get
warn
delete-no-request-body
$.paths[*].delete
info
post-should-have-request-body
$.paths[*].post
info
operation-microcks-extension
$.paths[*][get,post,put,patch,delete]
warn
no-empty-descriptions
$..description
info
pagination-parameters-standard
$.paths[*][get].parameters[?(@.name == 'limit')]

Spectral Ruleset

Raw ↑ 
rules:
  # INFO / METADATA
  info-title-wordpress-prefix:
    message: API title must begin with "WordPress"
    severity: warn
    given: $.info.title
    then:
      function: pattern
      functionOptions:
        match: '^WordPress'

  info-description-required:
    message: Info object must have a non-empty description
    severity: error
    given: $.info
    then:
      field: description
      function: truthy

  info-version-required:
    message: Info object must have a version
    severity: error
    given: $.info
    then:
      field: version
      function: truthy

  info-contact-required:
    message: Info object should have contact information
    severity: warn
    given: $.info
    then:
      field: contact
      function: truthy

  info-license-required:
    message: Info object should have license information
    severity: warn
    given: $.info
    then:
      field: license
      function: truthy

  # OPENAPI VERSION
  openapi-version-3:
    message: Must use OpenAPI 3.0.x
    severity: error
    given: $.openapi
    then:
      function: pattern
      functionOptions:
        match: '^3\.0\.'

  # SERVERS
  servers-defined:
    message: At least one server must be defined
    severity: error
    given: $
    then:
      field: servers
      function: truthy

  servers-https-only:
    message: Server URLs must use HTTPS
    severity: warn
    given: $.servers[*].url
    then:
      function: pattern
      functionOptions:
        match: '^https://'

  # PATHS — NAMING CONVENTIONS
  paths-kebab-case:
    message: Path segments must use kebab-case
    severity: warn
    given: $.paths[*]~
    then:
      function: pattern
      functionOptions:
        match: '^(/[a-z0-9{][a-z0-9\-._{}]*)*$'

  paths-no-trailing-slash:
    message: Paths must not end with a trailing slash
    severity: warn
    given: $.paths[*]~
    then:
      function: pattern
      functionOptions:
        notMatch: '/$'

  paths-version-prefix:
    message: WordPress REST API paths should start with /wp/v2/
    severity: info
    given: $.paths[*]~
    then:
      function: pattern
      functionOptions:
        match: '^/wp/v[0-9]+/'

  # OPERATIONS
  operation-summary-required:
    message: Operations must have a summary
    severity: error
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: summary
      function: truthy

  operation-description-required:
    message: Operations must have a description
    severity: warn
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: description
      function: truthy

  operation-id-required:
    message: Operations must have an operationId
    severity: error
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: operationId
      function: truthy

  operation-id-camel-case:
    message: operationId must use camelCase
    severity: warn
    given: $.paths[*][get,post,put,patch,delete].operationId
    then:
      function: pattern
      functionOptions:
        match: '^[a-z][a-zA-Z0-9]*$'

  operation-tags-required:
    message: Operations must have at least one tag
    severity: warn
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: tags
      function: truthy

  operation-summary-wordpress-prefix:
    message: Operation summaries must start with "WordPress"
    severity: warn
    given: $.paths[*][get,post,put,patch,delete].summary
    then:
      function: pattern
      functionOptions:
        match: '^WordPress'

  # TAGS
  tags-defined:
    message: Global tags array must be defined
    severity: info
    given: $
    then:
      field: tags
      function: truthy

  tag-description-required:
    message: Tags must have a description
    severity: info
    given: $.tags[*]
    then:
      field: description
      function: truthy

  # PARAMETERS
  parameter-description-required:
    message: Parameters must have a description
    severity: warn
    given: $.paths[*][get,post,put,patch,delete].parameters[*]
    then:
      field: description
      function: truthy

  parameter-snake-case:
    message: Parameter names should use snake_case
    severity: info
    given: $.paths[*][get,post,put,patch,delete].parameters[*].name
    then:
      function: pattern
      functionOptions:
        match: '^[a-z][a-z0-9_]*$'

  parameter-schema-required:
    message: Parameters must have a schema
    severity: error
    given: $.paths[*][get,post,put,patch,delete].parameters[*]
    then:
      field: schema
      function: truthy

  # REQUEST BODIES
  request-body-description:
    message: Request bodies should have a description
    severity: info
    given: $.paths[*][post,put,patch].requestBody
    then:
      field: description
      function: truthy

  request-body-json-content:
    message: Request bodies should use application/json content type
    severity: warn
    given: $.paths[*][post,put,patch].requestBody.content
    then:
      field: application/json
      function: truthy

  # RESPONSES
  response-success-required:
    message: Operations must have a success response (2xx)
    severity: error
    given: $.paths[*][get,post,put,patch,delete].responses
    then:
      function: schema
      functionOptions:
        schema:
          type: object
          anyOf:
            - required: ['200']
            - required: ['201']
            - required: ['204']

  response-description-required:
    message: All responses must have a description
    severity: error
    given: $.paths[*][get,post,put,patch,delete].responses[*]
    then:
      field: description
      function: truthy

  response-401-for-auth:
    message: Authenticated endpoints should document 401 response
    severity: info
    given: $.paths[*][post,put,delete].responses
    then:
      field: '401'
      function: truthy

  response-404-for-get-by-id:
    message: GET by ID endpoints should document 404 response
    severity: info
    given: $.paths[*~'\\{id\\}'][get].responses
    then:
      field: '404'
      function: truthy

  # SCHEMAS — PROPERTY NAMING
  schema-description-required:
    message: Top-level schemas must have a description
    severity: warn
    given: $.components.schemas[*]
    then:
      field: description
      function: truthy

  schema-type-defined:
    message: Schemas must have a type defined
    severity: warn
    given: $.components.schemas[*]
    then:
      field: type
      function: truthy

  schema-property-snake-case:
    message: Schema properties should use snake_case
    severity: info
    given: $.components.schemas[*].properties[*]~
    then:
      function: pattern
      functionOptions:
        match: '^[a-z][a-z0-9_]*$'

  schema-property-description:
    message: Schema properties should have descriptions
    severity: info
    given: $.components.schemas[*].properties[*]
    then:
      field: description
      function: truthy

  schema-property-example:
    message: Schema properties should have examples
    severity: info
    given: $.components.schemas[*].properties[*]
    then:
      field: example
      function: truthy

  # SECURITY
  security-schemes-defined:
    message: Security schemes must be defined in components
    severity: warn
    given: $.components
    then:
      field: securitySchemes
      function: truthy

  security-scheme-description:
    message: Security schemes must have a description
    severity: warn
    given: $.components.securitySchemes[*]
    then:
      field: description
      function: truthy

  # HTTP METHOD CONVENTIONS
  get-no-request-body:
    message: GET operations must not have a request body
    severity: error
    given: $.paths[*].get
    then:
      field: requestBody
      function: falsy

  delete-no-request-body:
    message: DELETE operations should not have a request body
    severity: warn
    given: $.paths[*].delete
    then:
      field: requestBody
      function: falsy

  post-should-have-request-body:
    message: POST operations creating resources should have a request body
    severity: info
    given: $.paths[*].post
    then:
      field: requestBody
      function: truthy

  # MICROCKS COMPATIBILITY
  operation-microcks-extension:
    message: Operations should have x-microcks-operation extension for mock compatibility
    severity: info
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: x-microcks-operation
      function: truthy

  # GENERAL QUALITY
  no-empty-descriptions:
    message: Descriptions must not be empty strings
    severity: warn
    given: $..description
    then:
      function: pattern
      functionOptions:
        match: '.+'

  pagination-parameters-standard:
    message: Pagination parameters should use page and per_page (WordPress convention)
    severity: info
    given: $.paths[*][get].parameters[?(@.name == 'limit')]
    then:
      function: undefined