Allegion · API Governance Rules

Allegion API Rules

Spectral linting rules defining API design standards and conventions for Allegion.

7 Rules error 1 warn 6
View Rules File View on GitHub

Rule Categories

schlage

Rules

warn
schlage-home-summary-title-case
Operation summaries must use Title Case
$.paths[*][get,post,put,patch,delete].summary
warn
schlage-home-oauth-only
Every operation must require the OAuth2 security scheme registered against account.schlage.com
$.paths[*][get,post,put,patch,delete].security[*]
warn
schlage-home-async-202-on-writes
POST, PUT, and DELETE responses against /devices paths must declare 202 ACCEPTED (async command pattern).
$.paths[*][post,put,delete].responses
error
schlage-home-webhook-https
Webhook subscription URL fields must require HTTPS.
$.components.schemas.WebhookSubscription.properties.url
warn
schlage-home-access-code-name
AccessCode.name must be 1-12 alpha-numeric characters per Schlage Home documentation.
$.components.schemas.AccessCode.properties.name
warn
schlage-home-server-host
Servers must point at api.allegion.com.
$.servers[*].url
warn
schlage-home-oauth-token-url
OAuth2 token URL must be https://account.schlage.com/OAuth2/token.
$.components.securitySchemes.OAuth2.flows.authorizationCode.tokenUrl

Spectral Ruleset

Raw ↑ 
extends:
  - spectral:oas

rules:
  # Schlage Home API operation summaries use Title Case
  schlage-home-summary-title-case:
    description: Operation summaries must use Title Case
    message: "Summary '{{value}}' should start with an uppercase letter"
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].summary"
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z]"

  # Schlage Home uses OAuth 2.0 authorization code flow
  schlage-home-oauth-only:
    description: Every operation must require the OAuth2 security scheme registered against account.schlage.com
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete].security[*]"
    then:
      field: OAuth2
      function: truthy

  # Device write operations return 202 ACCEPTED
  schlage-home-async-202-on-writes:
    description: POST, PUT, and DELETE responses against /devices paths must declare 202 ACCEPTED (async command pattern).
    severity: warn
    given: "$.paths[*][post,put,delete].responses"
    then:
      field: "202"
      function: truthy

  # Webhook subscription URLs must be HTTPS
  schlage-home-webhook-https:
    description: Webhook subscription URL fields must require HTTPS.
    severity: error
    given: "$.components.schemas.WebhookSubscription.properties.url"
    then:
      field: pattern
      function: truthy

  # Access code names must obey 1-12 alpha-numeric
  schlage-home-access-code-name:
    description: AccessCode.name must be 1-12 alpha-numeric characters per Schlage Home documentation.
    severity: warn
    given: "$.components.schemas.AccessCode.properties.name"
    then:
      field: pattern
      function: truthy

  # Server base URL must be api.allegion.com
  schlage-home-server-host:
    description: Servers must point at api.allegion.com.
    severity: warn
    given: "$.servers[*].url"
    then:
      function: pattern
      functionOptions:
        match: "^https://api\\.allegion\\.com"

  # OAuth2 token endpoint must be account.schlage.com
  schlage-home-oauth-token-url:
    description: OAuth2 token URL must be https://account.schlage.com/OAuth2/token.
    severity: warn
    given: "$.components.securitySchemes.OAuth2.flows.authorizationCode.tokenUrl"
    then:
      function: pattern
      functionOptions:
        match: "^https://account\\.schlage\\.com/OAuth2/token$"