Roivant Sciences · API Governance Rules

Roivant Sciences API Rules

Spectral linting rules defining API design standards and conventions for Roivant Sciences.

8 Rules error 4 warn 4
View Rules File View on GitHub

Rule Categories

client oauth operation patient servers summary tag

Rules

error
summary-required
Every operation must have a summary.
$.paths[*][get,post,put,patch,delete]
warn
summary-title-case
Operation summaries must use Title Case.
$.paths[*][get,post,put,patch,delete].summary
error
operation-id-camel-case
operationId must be camelCase (Datavant convention).
$.paths[*][get,post,put,patch,delete].operationId
warn
patient-id-snake-case
Patient identifiers must use snake_case (patient_id, external_patient_id).
$.paths[?(@property.match(/patient/i))]
warn
client-id-required-on-list
List endpoints should accept a client_id query parameter scoping to a connected practice.
$.paths[?(@property.match(/^\/(patients|encounters|vitals|allergies|immunizations|medications|diagnoses|procedures|labs|documents|appointments|providers)$/))].get.parameters[*].name
error
oauth-required
Every operation should be protected by OAuth2 clientCredentials flow.
$.security
error
servers-versioned
Server URLs must include an explicit /v{n} path segment.
$.servers[*].url
warn
tag-title-case
Tags must use Title Case.
$.tags[*].name

Spectral Ruleset

Raw ↑ 
extends: [[spectral:oas, all]]
rules:
  summary-required:
    description: Every operation must have a summary.
    given: $.paths[*][get,post,put,patch,delete]
    severity: error
    then:
      field: summary
      function: truthy

  summary-title-case:
    description: Operation summaries must use Title Case.
    given: $.paths[*][get,post,put,patch,delete].summary
    severity: warn
    then:
      function: pattern
      functionOptions:
        match: '^[A-Z][A-Za-z0-9]*( [A-Z][A-Za-z0-9]*)*$'

  operation-id-camel-case:
    description: operationId must be camelCase (Datavant convention).
    given: $.paths[*][get,post,put,patch,delete].operationId
    severity: error
    then:
      function: pattern
      functionOptions:
        match: '^[a-z][a-zA-Z0-9]*$'

  patient-id-snake-case:
    description: Patient identifiers must use snake_case (patient_id, external_patient_id).
    given: $.paths[?(@property.match(/patient/i))]
    severity: warn
    then:
      function: pattern
      functionOptions:
        match: '^.*/{?patient_id}?.*$'

  client-id-required-on-list:
    description: List endpoints should accept a client_id query parameter scoping to a connected practice.
    given: $.paths[?(@property.match(/^\/(patients|encounters|vitals|allergies|immunizations|medications|diagnoses|procedures|labs|documents|appointments|providers)$/))].get.parameters[*].name
    severity: warn
    then:
      function: enumeration
      functionOptions:
        values: [client_id, patient_id, modified_since, limit, cursor]

  oauth-required:
    description: Every operation should be protected by OAuth2 clientCredentials flow.
    given: $.security
    severity: error
    then:
      function: truthy

  servers-versioned:
    description: Server URLs must include an explicit /v{n} path segment.
    given: $.servers[*].url
    severity: error
    then:
      function: pattern
      functionOptions:
        match: '/v[0-9]+(/|$)'

  tag-title-case:
    description: Tags must use Title Case.
    given: $.tags[*].name
    severity: warn
    then:
      function: pattern
      functionOptions:
        match: '^[A-Z][A-Za-z0-9]*( [A-Z][A-Za-z0-9]*)*$'