1Password · API Governance Rules
1Password API Rules
Spectral linting rules defining API design standards and conventions for 1Password.
30 Rules
error 13
warn 11
info 6
Rule Categories
delete
examples
get
info
no
openapi
operation
parameter
paths
request
response
schema
security
servers
tags
Rules
warn
info-title-pattern
Info title should follow "1Password ..." pattern.
$.info.title
warn
info-description-required
Info description must be present and at least 50 characters.
$.info
error
info-version-required
API version must be defined.
$.info
info
info-contact-required
Contact information should be provided.
$.info
error
openapi-version-3
Must use OpenAPI 3.0.x or 3.1.x.
$
error
servers-must-be-defined
Servers array must be defined and non-empty.
$
error
servers-https-required
Production server URLs must use HTTPS.
$.servers[*]
warn
paths-no-trailing-slash
Paths must not end with a trailing slash.
$.paths
info
paths-kebab-case
Path segments should use kebab-case.
$.paths
error
operation-summary-required
Every operation must have a summary.
$.paths[*][get,post,put,patch,delete,options,head]
warn
operation-description-required
Every operation should have a description.
$.paths[*][get,post,put,patch,delete,options,head]
warn
operation-summary-prefix
Every operation summary should start with "1Password".
$.paths[*][get,post,put,patch,delete,options,head].summary
error
operation-operationid-required
Every operation must have an operationId.
$.paths[*][get,post,put,patch,delete,options,head]
warn
operation-operationid-camelcase
OperationId should use camelCase.
$.paths[*][get,post,put,patch,delete,options,head].operationId
error
operation-tags-required
Every operation must have at least one tag.
$.paths[*][get,post,put,patch,delete,options,head]
warn
parameter-description-required
Every parameter must have a description.
$.paths[*][get,post,put,patch,delete,options,head].parameters[*]
error
parameter-schema-required
Every parameter must have a schema.
$.paths[*][get,post,put,patch,delete,options,head].parameters[*]
error
request-body-content-required
Request bodies must define content type.
$.paths[*][post,put,patch].requestBody
error
response-success-required
Every operation must define at least one success response.
$.paths[*][get,post,put,patch,delete].responses
error
response-description-required
Every response must have a description.
$.paths[*][get,post,put,patch,delete,options,head].responses[*]
warn
response-401-for-authenticated-apis
Authenticated APIs should define a 401 Unauthorized response.
$.paths[*][get,post,put,patch,delete].responses
info
schema-description-recommended
Component schemas should have descriptions.
$.components.schemas[*]
warn
schema-properties-typed
Schema properties should have explicit types.
$.components.schemas[*].properties[*]
error
security-schemes-defined
Security schemes must be defined in components.
$.components
info
security-bearer-format
Bearer token security should use HTTP Bearer scheme.
$.components.securitySchemes[?(@.type == 'http' && @.scheme == 'bearer')]
error
get-no-request-body
GET operations must not have a request body.
$.paths[*].get
info
delete-returns-204
DELETE operations should return 204 No Content.
$.paths[*].delete.responses
warn
no-empty-descriptions
Descriptions must not be empty.
$..description
info
examples-on-schemas
Schema properties should include example values.
$.components.schemas[*].properties[*]
warn
tags-title-case
Global tags should use Title Case naming.
$.tags[*].name