Salesforce Automation · API Governance Rules
Salesforce Automation API Rules
Spectral linting rules defining API design standards and conventions for Salesforce Automation.
37 Rules
error 18
warn 12
info 7
Rule Categories
delete
examples
get
info
no
oauth2
openapi
operation
parameter
paths
post
request
response
schema
security
servers
tag
Rules
error
info-title-required
Info object must have a title.
$.info
warn
info-title-salesforce-prefix
Info title should start with "Salesforce".
$.info.title
error
info-description-required
Info object must have a description.
$.info
warn
info-description-min-length
Info description should be at least 50 characters.
$.info.description
error
info-version-required
Info object must have a version.
$.info
warn
info-contact-required
Info object should have contact information.
$.info
info
info-license-required
Info object should include license information.
$.info
warn
openapi-version
OpenAPI version should be 3.1.0.
$
error
servers-defined
At least one server must be defined.
$
error
servers-https
Server URLs should use HTTPS.
$.servers[*].url
warn
servers-description
Each server should have a description.
$.servers[*]
error
paths-no-trailing-slash
Paths must not have trailing slashes.
$.paths
error
paths-no-query-strings
Paths must not include query strings.
$.paths
info
paths-kebab-case
Path segments should use kebab-case or camelCase (no underscores).
$.paths
error
operation-operationid-required
Every operation must have an operationId.
$.paths[*][get,post,put,patch,delete]
warn
operation-operationid-camel-case
operationId should use camelCase.
$.paths[*][get,post,put,patch,delete].operationId
error
operation-summary-required
Every operation must have a summary.
$.paths[*][get,post,put,patch,delete]
warn
operation-summary-salesforce-prefix
Operation summaries should start with "Salesforce".
$.paths[*][get,post,put,patch,delete].summary
error
operation-description-required
Every operation must have a description.
$.paths[*][get,post,put,patch,delete]
error
operation-tags-required
Every operation must have at least one tag.
$.paths[*][get,post,put,patch,delete]
info
tag-description
Tags should have descriptions.
$.tags[*]
warn
parameter-description-required
Every parameter must have a description.
$.paths[*][*].parameters[*]
error
parameter-schema-required
Every parameter must have a schema.
$.paths[*][*].parameters[*]
warn
request-body-json-content
Request bodies should use application/json content type.
$.paths[*][post,put,patch].requestBody.content
error
response-success-required
Every operation must have at least one success response (2xx).
$.paths[*][get,post,put,patch,delete].responses
error
response-description-required
Every response must have a description.
$.paths[*][*].responses[*]
info
response-401-required
Authenticated endpoints should define a 401 response.
$.paths[*][get,post,put,patch,delete].responses
warn
schema-type-defined
Schemas must define a type.
$.components.schemas[*]
info
schema-description
Top-level schemas should have descriptions.
$.components.schemas[*]
error
security-defined
Global security must be defined.
$
error
security-schemes-defined
Security schemes must be defined in components.
$.components
error
get-no-request-body
GET operations must not have a request body.
$.paths[*].get
warn
delete-no-request-body
DELETE operations should not have a request body.
$.paths[*].delete
info
post-request-body-required
POST operations should have a request body.
$.paths[*].post
error
no-empty-descriptions
Descriptions must not be empty strings.
$..description
info
examples-encouraged
Schema properties should include example values.
$.components.schemas[*].properties[*]
warn
oauth2-security
Salesforce APIs should use OAuth 2.0 authentication.
$.components.securitySchemes