AT&T Developer Hub · API Governance Rules

AT&T Developer Hub API Rules

Spectral linting rules defining API design standards and conventions for AT&T Developer Hub.

26 Rules error 14 warn 9 info 3
View Rules File View on GitHub

Rule Categories

camara get info microcks no openapi operation parameter paths post response schema security servers

Rules

warn
info-title-pattern
API title must start with "AT&T"
$.info.title
error
info-description-required
API info must have a description
$.info
error
info-version-required
API info must have a version
$.info
warn
info-contact-required
API info should have contact information
$.info
error
openapi-version-3
Must use OpenAPI 3.0.x
$.openapi
error
servers-required
At least one server must be defined
$
error
servers-https
Server URLs must use HTTPS
$.servers[*].url
warn
paths-kebab-case
Path segments should use kebab-case
$.paths
error
operation-summary-required
Every operation must have a summary
$.paths[*][get,post,put,patch,delete]
warn
operation-summary-att-prefix
Summaries must start with "AT&T"
$.paths[*][get,post,put,patch,delete].summary
error
operation-description-required
Every operation must have a description
$.paths[*][get,post,put,patch,delete]
error
operation-operationid-required
Every operation must have an operationId
$.paths[*][get,post,put,patch,delete]
warn
operation-operationid-camelcase
operationId must use camelCase
$.paths[*][get,post,put,patch,delete].operationId
error
operation-tags-required
Every operation must have at least one tag
$.paths[*][get,post,put,patch,delete]
warn
camara-error-schema
API should define an ErrorInfo schema in components for CAMARA compliance
$.components.schemas
info
camara-phone-number-e164
Phone number parameters should document E.164 format requirement
$.components.schemas[*].properties.phoneNumber
error
parameter-description-required
Every parameter must have a description
$.paths[*][*].parameters[*]
error
response-description-required
Every response must have a description
$.paths[*][*].responses[*]
warn
response-401-defined
Operations using security should document 401 responses
$.paths[*][post,get,delete][?(@.security)]
info
response-429-defined
Operations should document 429 Too Many Requests responses for rate limiting
$.paths[*][post]
warn
schema-description-required
Component schemas should have descriptions
$.components.schemas[*]
error
security-schemes-defined
Security schemes must be defined
$.components
error
get-no-request-body
GET operations must not have a request body
$.paths[*].get
warn
post-has-request-body
POST operations should have a request body
$.paths[*].post
info
microcks-operation-extension
Operations should include x-microcks-operation for mock server support
$.paths[*][post,get,delete]
error
no-empty-descriptions
Descriptions must not be empty strings
$..description

Spectral Ruleset

Raw ↑
rules:
  # ===========================
  # INFO / METADATA
  # ===========================
  info-title-pattern:
    description: API title must start with "AT&T"
    severity: warn
    given: $.info.title
    then:
      function: pattern
      functionOptions:
        match: '^AT&T '

  info-description-required:
    description: API info must have a description
    severity: error
    given: $.info
    then:
      field: description
      function: truthy

  info-version-required:
    description: API info must have a version
    severity: error
    given: $.info
    then:
      field: version
      function: truthy

  info-contact-required:
    description: API info should have contact information
    severity: warn
    given: $.info
    then:
      field: contact
      function: truthy

  # ===========================
  # OPENAPI VERSION
  # ===========================
  openapi-version-3:
    description: Must use OpenAPI 3.0.x
    severity: error
    given: $.openapi
    then:
      function: pattern
      functionOptions:
        match: '^3\.0\.'

  # ===========================
  # SERVERS
  # ===========================
  servers-required:
    description: At least one server must be defined
    severity: error
    given: $
    then:
      field: servers
      function: truthy

  servers-https:
    description: Server URLs must use HTTPS
    severity: error
    given: $.servers[*].url
    then:
      function: pattern
      functionOptions:
        match: '^https://'

  # ===========================
  # PATHS
  # ===========================
  paths-kebab-case:
    description: Path segments should use kebab-case
    severity: warn
    given: $.paths
    then:
      function: pattern
      functionOptions:
        match: '^(\/[a-z0-9{}\-]+)+$'

  # ===========================
  # OPERATIONS
  # ===========================
  operation-summary-required:
    description: Every operation must have a summary
    severity: error
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: summary
      function: truthy

  operation-summary-att-prefix:
    description: Summaries must start with "AT&T"
    severity: warn
    given: $.paths[*][get,post,put,patch,delete].summary
    then:
      function: pattern
      functionOptions:
        match: '^AT&T '

  operation-description-required:
    description: Every operation must have a description
    severity: error
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: description
      function: truthy

  operation-operationid-required:
    description: Every operation must have an operationId
    severity: error
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: operationId
      function: truthy

  operation-operationid-camelcase:
    description: operationId must use camelCase
    severity: warn
    given: $.paths[*][get,post,put,patch,delete].operationId
    then:
      function: pattern
      functionOptions:
        match: '^[a-z][a-zA-Z0-9]+$'

  operation-tags-required:
    description: Every operation must have at least one tag
    severity: error
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: tags
      function: truthy

  # ===========================
  # CAMARA COMPLIANCE
  # ===========================
  camara-error-schema:
    description: API should define an ErrorInfo schema in components for CAMARA compliance
    severity: warn
    given: $.components.schemas
    then:
      field: ErrorInfo
      function: truthy

  camara-phone-number-e164:
    description: Phone number parameters should document E.164 format requirement
    severity: info
    given: $.components.schemas[*].properties.phoneNumber
    then:
      field: description
      function: truthy

  # ===========================
  # PARAMETERS
  # ===========================
  parameter-description-required:
    description: Every parameter must have a description
    severity: error
    given: $.paths[*][*].parameters[*]
    then:
      field: description
      function: truthy

  # ===========================
  # RESPONSES
  # ===========================
  response-description-required:
    description: Every response must have a description
    severity: error
    given: $.paths[*][*].responses[*]
    then:
      field: description
      function: truthy

  response-401-defined:
    description: Operations using security should document 401 responses
    severity: warn
    given: $.paths[*][post,get,delete][?(@.security)]
    then:
      field: responses.401
      function: truthy

  response-429-defined:
    description: Operations should document 429 Too Many Requests responses for rate limiting
    severity: info
    given: $.paths[*][post]
    then:
      field: responses.429
      function: truthy

  # ===========================
  # SCHEMAS
  # ===========================
  schema-description-required:
    description: Component schemas should have descriptions
    severity: warn
    given: $.components.schemas[*]
    then:
      field: description
      function: truthy

  # ===========================
  # SECURITY
  # ===========================
  security-schemes-defined:
    description: Security schemes must be defined
    severity: error
    given: $.components
    then:
      field: securitySchemes
      function: truthy

  # ===========================
  # HTTP METHOD CONVENTIONS
  # ===========================
  get-no-request-body:
    description: GET operations must not have a request body
    severity: error
    given: $.paths[*].get
    then:
      field: requestBody
      function: falsy

  post-has-request-body:
    description: POST operations should have a request body
    severity: warn
    given: $.paths[*].post
    then:
      field: requestBody
      function: truthy

  # ===========================
  # MICROCKS COMPATIBILITY
  # ===========================
  microcks-operation-extension:
    description: Operations should include x-microcks-operation for mock server support
    severity: info
    given: $.paths[*][post,get,delete]
    then:
      field: x-microcks-operation
      function: truthy

  # ===========================
  # GENERAL QUALITY
  # ===========================
  no-empty-descriptions:
    description: Descriptions must not be empty strings
    severity: error
    given: $..description
    then:
      function: pattern
      functionOptions:
        match: '.+'