# Clover API Spectral Ruleset # Opinionated rules enforcing the conventions observed across the Clover # Platform REST API (v3) and Clover Ecommerce API (v1) OpenAPI specifications. # Generated by the API Evangelist profiling pipeline. extends: [[spectral:oas, off]] rules: # ---------- INFO / METADATA ---------- info-title-clover-prefix: description: API title should start with "Clover". severity: warn given: $.info then: field: title function: pattern functionOptions: match: "^Clover" info-description-required: description: Info must have a description of reasonable length. severity: warn given: $.info then: field: description function: truthy info-version-required: description: Info must declare a version. severity: error given: $.info then: field: version function: truthy info-contact-required: description: Info should include contact information. severity: info given: $.info then: field: contact function: truthy # ---------- OPENAPI VERSION ---------- openapi-version-3-1: description: Specs should target OpenAPI 3.1.0. severity: warn given: $ then: field: openapi function: pattern functionOptions: match: "^3\\.1\\." # ---------- SERVERS ---------- servers-defined: description: At least one server must be defined. severity: error given: $ then: field: servers function: truthy servers-https-only: description: Server URLs must use HTTPS. severity: error given: $.servers[*] then: field: url function: pattern functionOptions: match: "^https://" server-description-required: description: Each server should have a description (Production, Sandbox, region). severity: info given: $.servers[*] then: field: description function: truthy # ---------- PATHS ---------- paths-version-prefix: description: Paths should carry a version prefix (/v3 for Platform, /v1 for Ecommerce). severity: warn given: $.paths[*]~ then: function: pattern functionOptions: match: "^/(v1|v3|invoicingcheckoutservice)" paths-no-trailing-slash: description: Paths must not end with a trailing slash. severity: error given: $.paths[*]~ then: function: pattern functionOptions: notMatch: ".+/$" paths-no-query-string: description: Paths must not contain a query string. severity: error given: $.paths[*]~ then: function: pattern functionOptions: notMatch: "\\?" # ---------- OPERATIONS ---------- operation-summary-required: description: Every operation must have a summary. severity: error given: $.paths[*][get,post,put,patch,delete] then: field: summary function: truthy operation-summary-clover-prefix: description: Operation summaries should begin with the provider name "Clover". severity: warn given: $.paths[*][get,post,put,patch,delete] then: field: summary function: pattern functionOptions: match: "^Clover " operation-description-required: description: Every operation must have a description. severity: warn given: $.paths[*][get,post,put,patch,delete] then: field: description function: truthy operation-operationid-required: description: Every operation must have an operationId. severity: error given: $.paths[*][get,post,put,patch,delete] then: field: operationId function: truthy operation-operationid-camelcase: description: operationId should be camelCase. severity: warn given: $.paths[*][get,post,put,patch,delete] then: field: operationId function: pattern functionOptions: match: "^[a-z][a-zA-Z0-9]+$" operation-tags-required: description: Every operation must declare at least one tag. severity: warn given: $.paths[*][get,post,put,patch,delete] then: field: tags function: truthy # ---------- TAGS ---------- tag-description-required: description: Global tags should have descriptions. severity: info given: $.tags[*] then: field: description function: truthy tag-title-case: description: Tag names should be Title Case. severity: warn given: $.tags[*] then: field: name function: pattern functionOptions: match: "^[A-Z][A-Za-z0-9]*( [A-Z][A-Za-z0-9]*)*$" # ---------- PARAMETERS ---------- parameter-description-required: description: Parameters should have descriptions. severity: warn given: $.paths[*][get,post,put,patch,delete].parameters[*] then: field: description function: truthy parameter-schema-typed: description: Parameters must define a schema with a type. severity: warn given: $.paths[*][get,post,put,patch,delete].parameters[*].schema then: field: type function: truthy # ---------- RESPONSES ---------- response-success-defined: description: Operations should define a 2xx success response. severity: warn given: $.paths[*][get,post,put,patch,delete].responses then: field: "200" function: truthy response-429-documented: description: Operations should document a 429 (rate limit) response. severity: info given: $.paths[*][get,post,put,patch,delete].responses then: field: "429" function: truthy response-description-required: description: Each response must have a description. severity: error given: $.paths[*][*].responses[*] then: field: description function: truthy # ---------- SCHEMAS ---------- schema-types-defined: description: Component schemas should define a type. severity: warn given: $.components.schemas[*] then: field: type function: truthy # ---------- SECURITY ---------- security-global-defined: description: A global security requirement should be declared. severity: warn given: $ then: field: security function: truthy security-schemes-defined: description: Security schemes must be defined in components. severity: error given: $.components then: field: securitySchemes function: truthy # ---------- HTTP METHOD CONVENTIONS ---------- get-no-request-body: description: GET operations must not declare a request body. severity: error given: $.paths[*].get then: field: requestBody function: falsy