extends: ["spectral:oas"] documentationUrl: https://docs.coresignal.com/multi-source-company-api/ rules: coresignal-info-contact: description: API info object should declare contact information. given: "$.info" severity: error then: field: contact function: truthy coresignal-server-https: description: Servers must use HTTPS. given: "$.servers[*].url" severity: error then: function: pattern functionOptions: match: "^https://" coresignal-base-url: description: Base URL must reference api.coresignal.com. given: "$.servers[*].url" severity: error then: function: pattern functionOptions: match: "api.coresignal.com" coresignal-apikey-security: description: Operations must require apikey authentication. given: "$.components.securitySchemes.apiKey" severity: error then: field: name function: pattern functionOptions: match: "^apikey$" coresignal-search-collect-paths: description: API should expose search and collect paths. given: "$.paths" severity: warn then: function: schema functionOptions: schema: type: object required: - /search/filter - /search/es_dsl - /collect/{id} coresignal-operation-id: description: Operations must define an operationId. given: "$.paths.*[get,post]" severity: error then: field: operationId function: truthy coresignal-operation-tags: description: Operations must define tags. given: "$.paths.*[get,post]" severity: error then: field: tags function: truthy coresignal-credits-error: description: Search operations should document a 402 credits-exhausted response. given: "$.paths['/search/filter','/search/es_dsl'].post.responses" severity: warn then: field: '402' function: truthy coresignal-rate-limit-error: description: Search operations should document a 429 rate-limit response. given: "$.paths['/search/filter','/search/es_dsl'].post.responses" severity: warn then: field: '429' function: truthy