extends: - spectral:oas # Spectral linting tuned for the Cisco Control Hub / Webex Admin APIs # at webexapis.com. Validates HTTPS, /v1 base path, OAuth bearer auth, # operationId/tag conventions, and standard error responses. rules: webex-info-contact: description: API contact information must be present. severity: error given: "$.info" then: field: contact function: truthy webex-server-https: description: All server URLs must use HTTPS. severity: error given: "$.servers[*].url" then: function: pattern functionOptions: match: "^https://" webex-server-base-path: description: webexapis.com servers must include /v1. severity: warn given: "$.servers[?(@.url && @.url.indexOf('webexapis.com') > -1)].url" then: function: pattern functionOptions: match: "/v1" webex-oauth-security: description: An OAuth 2.0 security scheme must be defined. severity: warn given: "$.components.securitySchemes[*]" then: function: schema functionOptions: schema: type: object properties: type: enum: ["oauth2", "http"] webex-operation-id: description: Every operation must declare a unique operationId. severity: error given: "$.paths[*][get,post,put,patch,delete]" then: field: operationId function: truthy webex-operation-tags: description: Operations must declare at least one tag. severity: warn given: "$.paths[*][get,post,put,patch,delete]" then: field: tags function: schema functionOptions: schema: type: array minItems: 1 webex-pagination-cursor: description: List endpoints should support max/cursor or start pagination. severity: info given: "$.paths[*].get.parameters[*].name" then: function: enumeration functionOptions: values: - max - start - cursor - orgId - personId - email webex-error-responses: description: Mutating operations should declare 4xx/5xx error responses. severity: warn given: "$.paths[*][post,put,patch,delete].responses" then: function: schema functionOptions: schema: type: object anyOf: - required: ["400"] - required: ["401"] - required: ["403"] - required: ["404"] - required: ["409"]