rules: # INFO / METADATA info-title-required: description: API info must have a title. severity: error given: "$.info" then: field: title function: truthy info-description-required: description: API info must have a description. severity: warn given: "$.info" then: field: description function: truthy info-version-required: description: API info must have a version. severity: error given: "$.info" then: field: version function: truthy # OPENAPI VERSION openapi-version-3: description: APIs should use OpenAPI 3.x specification. severity: warn given: "$" then: field: openapi function: pattern functionOptions: match: "^3\\." # SERVERS servers-defined: description: At least one server must be defined. severity: error given: "$" then: field: servers function: truthy servers-https-only: description: All server URLs must use HTTPS. severity: error given: "$.servers[*]" then: field: url function: pattern functionOptions: match: "^https://" servers-description-required: description: Each server should have a description. severity: info given: "$.servers[*]" then: field: description function: truthy # PATHS — NAMING CONVENTIONS paths-no-trailing-slash: description: Path must not have a trailing slash. severity: warn given: "$.paths[*]~" then: function: pattern functionOptions: notMatch: "/$" paths-no-query-string: description: Path must not contain a query string. severity: error given: "$.paths[*]~" then: function: pattern functionOptions: notMatch: "\\?" # OPERATIONS operation-summary-required: description: Every operation must have a summary. severity: error given: "$.paths[*][get,post,put,patch,delete,head,options]" then: field: summary function: truthy operation-summary-adyen-prefix: description: Operation summaries should start with "Adyen". severity: warn given: "$.paths[*][get,post,put,patch,delete,head,options].summary" then: function: pattern functionOptions: match: "^Adyen " operation-description-required: description: Every operation should have a description. severity: warn given: "$.paths[*][get,post,put,patch,delete,head,options]" then: field: description function: truthy operation-id-required: description: Every operation must have an operationId. severity: error given: "$.paths[*][get,post,put,patch,delete,head,options]" then: field: operationId function: truthy operation-id-camel-case: description: operationId should use camelCase. severity: warn given: "$.paths[*][get,post,put,patch,delete,head,options].operationId" then: function: pattern functionOptions: match: "^[a-z][a-zA-Z0-9]*$" operation-tags-required: description: Every operation must have at least one tag. severity: warn given: "$.paths[*][get,post,put,patch,delete,head,options]" then: field: tags function: truthy # PARAMETERS parameter-description-required: description: Every parameter must have a description. severity: warn given: "$.paths[*][get,post,put,patch,delete,head,options].parameters[*]" then: field: description function: truthy parameter-schema-required: description: Every parameter must have a schema. severity: error given: "$.paths[*][get,post,put,patch,delete,head,options].parameters[*]" then: field: schema function: truthy parameter-api-key-in-header: description: API keys should be passed in headers, not query parameters. severity: warn given: "$.components.securitySchemes[?(@.type=='apiKey')]" then: field: in function: enumeration functionOptions: values: - header # REQUEST BODIES request-body-description: description: Request body should have a description. severity: info given: "$.paths[*][post,put,patch].requestBody" then: field: description function: truthy request-body-content-json: description: Request body should support application/json content type. severity: warn given: "$.paths[*][post,put,patch].requestBody.content" then: function: truthy # RESPONSES response-success-required: description: Every operation must have at least one 2xx response. severity: error given: "$.paths[*][get,post,put,patch,delete]" then: field: responses function: truthy response-description-required: description: Every response must have a description. severity: error given: "$.paths[*][get,post,put,patch,delete].responses[*]" then: field: description function: truthy response-401-defined: description: Operations with authentication should define a 401 response. severity: info given: "$.paths[*][get,post,put,patch,delete].responses" then: function: truthy # SCHEMAS — PROPERTY NAMING schema-description-required: description: Top-level schemas should have a description. severity: info given: "$.components.schemas[*]" then: field: description function: truthy schema-type-defined: description: Schema properties should define a type. severity: warn given: "$.components.schemas[*].properties[*]" then: field: type function: truthy # SECURITY security-schemes-defined: description: Security schemes must be defined in components. severity: error given: "$.components" then: field: securitySchemes function: truthy security-scheme-description: description: Security schemes should have a description. severity: info given: "$.components.securitySchemes[*]" then: field: description function: truthy security-api-key-header-name: description: Adyen API key header should be named X-API-Key. severity: warn given: "$.components.securitySchemes[?(@.type=='apiKey')]" then: field: name function: enumeration functionOptions: values: - X-API-Key # HTTP METHOD CONVENTIONS get-no-request-body: description: GET operations must not have a request body. severity: error given: "$.paths[*].get" then: field: requestBody function: falsy delete-no-request-body: description: DELETE operations should not have a request body. severity: warn given: "$.paths[*].delete" then: field: requestBody function: falsy # GENERAL QUALITY no-empty-descriptions: description: Descriptions must not be empty strings. severity: warn given: "$..[description]" then: function: pattern functionOptions: match: ".+" microcks-operation-present: description: Each operation should have x-microcks-operation for mock server support. severity: info given: "$.paths[*][get,post,put,patch,delete]" then: field: x-microcks-operation function: truthy