Zitadel · API Governance Rules

Zitadel API Rules

Spectral linting rules defining API design standards and conventions for Zitadel.

7 Rules error 3 warn 4
View Rules File View on GitHub

Rule Categories

zitadel

Rules

warn
zitadel-summary-prefix
All operation summaries must start with "Zitadel"
$.paths.*[get,post,put,delete,patch].summary
error
zitadel-operation-id
Every operation must have an operationId
$.paths.*[get,post,put,delete,patch]
warn
zitadel-operation-tags
Every operation must have at least one tag
$.paths.*[get,post,put,delete,patch]
warn
zitadel-operation-description
Every operation must have a description
$.paths.*[get,post,put,delete,patch]
error
zitadel-bearer-auth
Bearer auth security scheme must be defined
$.components.securitySchemes.bearerAuth
warn
zitadel-no-numeric-error-codes
Error responses must include 401, 403 references
$.paths.*[get,post,put,delete,patch].responses
error
zitadel-server-defined
Servers must be defined
$.servers

Spectral Ruleset

Raw ↑ 
extends:
  - spectral:oas
rules:
  zitadel-summary-prefix:
    description: All operation summaries must start with "Zitadel"
    severity: warn
    given: "$.paths.*[get,post,put,delete,patch].summary"
    then:
      function: pattern
      functionOptions:
        match: "^Zitadel "
  zitadel-operation-id:
    description: Every operation must have an operationId
    severity: error
    given: "$.paths.*[get,post,put,delete,patch]"
    then:
      field: operationId
      function: truthy
  zitadel-operation-tags:
    description: Every operation must have at least one tag
    severity: warn
    given: "$.paths.*[get,post,put,delete,patch]"
    then:
      field: tags
      function: truthy
  zitadel-operation-description:
    description: Every operation must have a description
    severity: warn
    given: "$.paths.*[get,post,put,delete,patch]"
    then:
      field: description
      function: truthy
  zitadel-bearer-auth:
    description: Bearer auth security scheme must be defined
    severity: error
    given: "$.components.securitySchemes.bearerAuth"
    then:
      function: truthy
  zitadel-no-numeric-error-codes:
    description: Error responses must include 401, 403 references
    severity: warn
    given: "$.paths.*[get,post,put,delete,patch].responses"
    then:
      function: truthy
  zitadel-server-defined:
    description: Servers must be defined
    severity: error
    given: "$.servers"
    then:
      function: truthy