Yelp · API Governance Rules

Yelp API Rules

Spectral linting rules defining API design standards and conventions for Yelp.

32 Rules error 6 warn 17 info 9
View Rules File View on GitHub

Rule Categories

get global info openapi operation parameter paths request response schema security server servers tag

Rules

warn
info-title-yelp
API title should identify Yelp.
$.info
warn
info-description-required
API must have a description of reasonable length.
$.info
info
info-contact-required
API should declare a contact.
$.info
error
info-version-required
API must declare a version.
$.info
warn
openapi-3-1
Specs should target OpenAPI 3.1.x.
$
error
servers-defined
At least one server must be defined.
$
error
servers-https
Server URLs must use HTTPS.
$.servers[*]
info
server-is-yelp-host
Production server should be api.yelp.com.
$.servers[*]
warn
paths-versioned
Paths should be versioned under /v3 or /ai.
$.paths[*]~
error
paths-no-trailing-slash
Paths must not end with a trailing slash.
$.paths[*]~
warn
paths-snake-or-kebab-segments
Static path segments use lowercase letters, digits, underscores or hyphens.
$.paths[*]~
error
operation-operationId-required
Every operation must have an operationId.
$.paths[*][get,post,put,patch,delete]
warn
operation-operationId-camelcase-verb
operationId should be camelCase starting with a verb (get, list, search, create, update, delete, match, autocomplete, ai).
$.paths[*][get,post,put,patch,delete]
warn
operation-summary-required
Every operation must have a summary.
$.paths[*][get,post,put,patch,delete]
info
operation-summary-title-case
Operation summaries should be Title Case.
$.paths[*][get,post,put,patch,delete]
info
operation-description-required
Every operation should have a description.
$.paths[*][get,post,put,patch,delete]
warn
operation-tags-required
Every operation must be tagged.
$.paths[*][get,post,put,patch,delete]
info
global-tags-defined
A global tags array should be present.
$
warn
tag-title-case
Tag names should be Title Case.
$.tags[*]
warn
parameter-description-required
Parameters should have a description.
$.paths[*][get,post,put,patch,delete].parameters[*]
warn
parameter-snake-case
Parameter names should be snake_case (Yelp convention).
$.paths[*][get,post,put,patch,delete].parameters[*]
info
parameter-pagination-offset-limit
Pagination should use offset and limit (Yelp convention), not page/size.
$.paths[*][get,post,put,patch,delete].parameters[*]
warn
request-body-json
Request bodies should offer application/json content.
$.paths[*][post,put,patch].requestBody.content
warn
response-200-present
Read operations should define a 200 response.
$.paths[*][get].responses
info
response-401-present
Operations should document a 401 unauthorized response.
$.paths[*][get,post,put,patch,delete].responses
info
response-429-present
Operations should document a 429 rate-limit response.
$.paths[*][get,post,put,patch,delete].responses
warn
response-description-required
Every response must have a description.
$.paths[*][get,post,put,patch,delete].responses[*]
warn
schema-property-snake-case
Schema properties should be snake_case (Yelp convention).
$.components.schemas[*].properties[*]~
info
schema-error-has-code
The Error schema should expose an error object with a code/description.
$.components.schemas.Error.properties
warn
global-security-defined
A global security requirement should be declared.
$
warn
security-scheme-bearer
A bearer security scheme should be defined (Yelp API key as bearer token).
$.components.securitySchemes[*]
error
get-no-request-body
GET operations must not declare a request body.
$.paths[*].get

Spectral Ruleset

Raw ↑ 
# Spectral ruleset for the Yelp Fusion API
# Enforces the conventions observed across the Yelp Fusion OpenAPI definition:
# snake_case query parameters, /v3 (and /ai) versioned paths, Title Case tags,
# bearer authentication, camelCase operationIds with verb prefixes, and
# snake_case schema properties.
rules:

  # ── INFO / METADATA ──────────────────────────────────────────────
  info-title-yelp:
    description: API title should identify Yelp.
    severity: warn
    given: $.info
    then:
      field: title
      function: pattern
      functionOptions:
        match: "^Yelp"
  info-description-required:
    description: API must have a description of reasonable length.
    severity: warn
    given: $.info
    then:
      field: description
      function: truthy
  info-contact-required:
    description: API should declare a contact.
    severity: info
    given: $.info
    then:
      field: contact
      function: truthy
  info-version-required:
    description: API must declare a version.
    severity: error
    given: $.info
    then:
      field: version
      function: truthy

  # ── OPENAPI VERSION ──────────────────────────────────────────────
  openapi-3-1:
    description: Specs should target OpenAPI 3.1.x.
    severity: warn
    given: $
    then:
      field: openapi
      function: pattern
      functionOptions:
        match: "^3\\.1\\."

  # ── SERVERS ──────────────────────────────────────────────────────
  servers-defined:
    description: At least one server must be defined.
    severity: error
    given: $
    then:
      field: servers
      function: truthy
  servers-https:
    description: Server URLs must use HTTPS.
    severity: error
    given: $.servers[*]
    then:
      field: url
      function: pattern
      functionOptions:
        match: "^https://"
  server-is-yelp-host:
    description: Production server should be api.yelp.com.
    severity: info
    given: $.servers[*]
    then:
      field: url
      function: pattern
      functionOptions:
        match: "api\\.yelp\\.com"

  # ── PATHS ────────────────────────────────────────────────────────
  paths-versioned:
    description: Paths should be versioned under /v3 or /ai.
    severity: warn
    given: $.paths[*]~
    then:
      function: pattern
      functionOptions:
        match: "^/(v3|ai)/"
  paths-no-trailing-slash:
    description: Paths must not end with a trailing slash.
    severity: error
    given: $.paths[*]~
    then:
      function: pattern
      functionOptions:
        notMatch: ".+/$"
  paths-snake-or-kebab-segments:
    description: Static path segments use lowercase letters, digits, underscores or hyphens.
    severity: warn
    given: $.paths[*]~
    then:
      function: pattern
      functionOptions:
        match: "^(/(\\{[a-z_]+\\}|[a-z0-9_-]+))+$"

  # ── OPERATIONS ───────────────────────────────────────────────────
  operation-operationId-required:
    description: Every operation must have an operationId.
    severity: error
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: operationId
      function: truthy
  operation-operationId-camelcase-verb:
    description: operationId should be camelCase starting with a verb (get, list, search, create, update, delete, match, autocomplete, ai).
    severity: warn
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: operationId
      function: pattern
      functionOptions:
        match: "^(get|list|search|create|update|delete|match|autocomplete|ai)[A-Za-z0-9]*$"
  operation-summary-required:
    description: Every operation must have a summary.
    severity: warn
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: summary
      function: truthy
  operation-summary-title-case:
    description: Operation summaries should be Title Case.
    severity: info
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: summary
      function: pattern
      functionOptions:
        match: "^[A-Z][A-Za-z0-9]*( [A-Za-z0-9/+-]+)*$"
  operation-description-required:
    description: Every operation should have a description.
    severity: info
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: description
      function: truthy
  operation-tags-required:
    description: Every operation must be tagged.
    severity: warn
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: tags
      function: truthy

  # ── TAGS ─────────────────────────────────────────────────────────
  global-tags-defined:
    description: A global tags array should be present.
    severity: info
    given: $
    then:
      field: tags
      function: truthy
  tag-title-case:
    description: Tag names should be Title Case.
    severity: warn
    given: $.tags[*]
    then:
      field: name
      function: pattern
      functionOptions:
        match: "^[A-Z][A-Za-z0-9]*( [A-Z][A-Za-z0-9]*)*$"

  # ── PARAMETERS ───────────────────────────────────────────────────
  parameter-description-required:
    description: Parameters should have a description.
    severity: warn
    given: $.paths[*][get,post,put,patch,delete].parameters[*]
    then:
      field: description
      function: truthy
  parameter-snake-case:
    description: Parameter names should be snake_case (Yelp convention).
    severity: warn
    given: $.paths[*][get,post,put,patch,delete].parameters[*]
    then:
      field: name
      function: pattern
      functionOptions:
        match: "^[a-z][a-z0-9_]*$"
  parameter-pagination-offset-limit:
    description: Pagination should use offset and limit (Yelp convention), not page/size.
    severity: info
    given: $.paths[*][get,post,put,patch,delete].parameters[*]
    then:
      field: name
      function: pattern
      functionOptions:
        notMatch: "^(page|page_size|per_page)$"

  # ── REQUEST BODIES ───────────────────────────────────────────────
  request-body-json:
    description: Request bodies should offer application/json content.
    severity: warn
    given: $.paths[*][post,put,patch].requestBody.content
    then:
      field: application/json
      function: truthy

  # ── RESPONSES ────────────────────────────────────────────────────
  response-200-present:
    description: Read operations should define a 200 response.
    severity: warn
    given: $.paths[*][get].responses
    then:
      field: "200"
      function: truthy
  response-401-present:
    description: Operations should document a 401 unauthorized response.
    severity: info
    given: $.paths[*][get,post,put,patch,delete].responses
    then:
      field: "401"
      function: truthy
  response-429-present:
    description: Operations should document a 429 rate-limit response.
    severity: info
    given: $.paths[*][get,post,put,patch,delete].responses
    then:
      field: "429"
      function: truthy
  response-description-required:
    description: Every response must have a description.
    severity: warn
    given: $.paths[*][get,post,put,patch,delete].responses[*]
    then:
      field: description
      function: truthy

  # ── SCHEMAS ──────────────────────────────────────────────────────
  schema-property-snake-case:
    description: Schema properties should be snake_case (Yelp convention).
    severity: warn
    given: $.components.schemas[*].properties[*]~
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-z0-9_]*$"
  schema-error-has-code:
    description: The Error schema should expose an error object with a code/description.
    severity: info
    given: $.components.schemas.Error.properties
    then:
      field: error
      function: truthy

  # ── SECURITY ─────────────────────────────────────────────────────
  global-security-defined:
    description: A global security requirement should be declared.
    severity: warn
    given: $
    then:
      field: security
      function: truthy
  security-scheme-bearer:
    description: A bearer security scheme should be defined (Yelp API key as bearer token).
    severity: warn
    given: $.components.securitySchemes[*]
    then:
      field: scheme
      function: pattern
      functionOptions:
        match: "^bearer$"

  # ── HTTP METHOD CONVENTIONS ──────────────────────────────────────
  get-no-request-body:
    description: GET operations must not declare a request body.
    severity: error
    given: $.paths[*].get
    then:
      field: requestBody
      function: falsy