Alchemy · API Governance Rules
Alchemy API Rules
Spectral linting rules defining API design standards and conventions for Alchemy.
32 Rules
error 13
warn 15
info 4
Rule Categories
examples
http
info
no
openapi
operation
parameter
paths
request
response
schema
security
servers
tags
Rules
warn
info-title-pattern
API title must start with "Alchemy" to follow provider naming convention.
$.info.title
error
info-description-required
API info must have a description.
$.info
error
info-version-required
API info must declare a version.
$.info
warn
info-contact-required
API info should include contact information.
$.info
error
openapi-version-3
Specs must use OpenAPI 3.0.x.
$.openapi
error
servers-defined
At least one server must be defined.
$
error
servers-https-only
All server URLs must use HTTPS.
$.servers[*].url
warn
servers-description-required
Each server must have a description.
$.servers[*]
warn
paths-no-trailing-slash
Paths must not end with a trailing slash.
$.paths[*]~
error
paths-no-query-strings
Paths must not contain query strings.
$.paths[*]~
error
operation-summary-required
Every operation must have a summary.
$.paths[*][get,post,put,patch,delete,options,head]
warn
operation-summary-title-case
Operation summaries must start with "Alchemy" and use Title Case.
$.paths[*][get,post,put,patch,delete].summary
warn
operation-description-required
Every operation must have a description.
$.paths[*][get,post,put,patch,delete,options,head]
error
operation-id-required
Every operation must have an operationId.
$.paths[*][get,post,put,patch,delete,options,head]
warn
operation-id-camel-case
operationId must use camelCase.
$.paths[*][get,post,put,patch,delete].operationId
warn
operation-tags-required
Every operation must have at least one tag.
$.paths[*][get,post,put,patch,delete,options,head]
warn
tags-global-defined
Global tags array must be defined.
$
warn
tags-description-required
Each global tag should have a description.
$.tags[*]
warn
parameter-description-required
All parameters must have a description.
$.paths[*][get,post,put,patch,delete].parameters[*]
info
request-body-json
Request bodies should use application/json content type.
$.paths[*][post,put,patch].requestBody.content
info
request-body-description
Request bodies should have a description.
$.paths[*][post,put,patch].requestBody
error
response-success-required
Every operation must define at least one 2xx response.
$.paths[*][get,post,put,patch,delete].responses
error
response-description-required
Every response must have a description.
$.paths[*][get,post,put,patch,delete].responses[*]
warn
response-401-for-secured
Operations with security should define a 401 response.
$.paths[*][get,post,put,patch,delete][?(@.security)]
warn
schema-description-on-top-level
Top-level component schemas should have a description.
$.components.schemas[*]
info
schema-type-defined
Schemas should define a type.
$.components.schemas[*]
error
security-schemes-defined
Security schemes must be defined in components.
$.components
warn
security-scheme-description
Security schemes should have a description.
$.components.securitySchemes[*]
error
http-get-no-body
GET operations must not have a request body.
$.paths[*].get
warn
http-delete-no-body
DELETE operations should not have a request body.
$.paths[*].delete
error
no-empty-descriptions
Descriptions must not be empty strings.
$..description
info
examples-encouraged
Operations should include request/response examples.
$.paths[*][post,get].responses[*].content[*]