Allianz Technology Standards · API Governance Rules
Allianz Technology Standards API Rules
Spectral linting rules defining API design standards and conventions for Allianz Technology Standards.
22 Rules
error 14
warn 7
info 1
Rule Categories
async
get
global
info
list
oauth2
openapi
operation
parameter
paths
response
security
servers
tags
Rules
warn
info-title-allianz-prefix
API title must start with "Allianz"
$.info.title
error
info-description-required
API info must have a description
$.info
error
info-version-required
API info must define a version
$.info
error
openapi-version-3
Specs must use OpenAPI 3.x (API-first standard)
$.openapi
error
servers-defined
At least one server must be defined
$
error
servers-https
Server URLs must use HTTPS (Allianz security standard)
$.servers[*].url
error
paths-no-trailing-slash
Paths must not have trailing slashes
$.paths
error
operation-summary-required
Every operation must have a summary
$.paths[*][get,post,put,patch,delete]
error
operation-description-required
Every operation must have a description
$.paths[*][get,post,put,patch,delete]
error
operation-id-required
Every operation must have an operationId
$.paths[*][get,post,put,patch,delete]
error
operation-tags-required
Every operation must have at least one tag
$.paths[*][get,post,put,patch,delete]
warn
list-operations-page-size
List operations should support pageSize query parameter (Allianz pagination standard)
$.paths[*].get.parameters[*].name
warn
list-operations-page-param
List operations should support page query parameter (Allianz pagination standard)
$.paths[*].get.parameters[*].name
info
async-post-returns-202
Async POST operations should return 202 Accepted (Allianz async pattern)
$.paths[*].post.responses
error
security-schemes-defined
Security schemes must be defined (OAuth2 standard)
$.components
warn
oauth2-scheme-required
OAuth2 security scheme should be defined (Allianz OAuth2 standard)
$.components.securitySchemes
warn
global-security-defined
Global security should be defined
$
error
get-no-request-body
GET operations must not have request bodies
$.paths[*].get
error
response-description-required
All responses must have descriptions
$.paths[*][get,post,put,patch,delete].responses[*]
warn
response-401-required
Operations should define a 401 response
$.paths[*][get,post,put,patch,delete].responses
warn
tags-defined
Global tags array should be defined
$
error
parameter-description-required
All parameters must have descriptions
$.paths[*][get,post,put,patch,delete].parameters[*]