# Spectral ruleset for Restaurant Brands International (RBI) — Partners API # # Derived from the published RBI Developer Portal OpenAPI specifications # (Burger King's Partners API v1 "channel" and v2 "menu"). These rules encode # the conventions observed across RBI's own specs so that future RBI / brand # (Burger King, Tim Hortons, Popeyes, Firehouse Subs) API definitions stay # consistent with the platform contract. # # Usage: spectral lint openapi/*.yml --ruleset rules/restaurant-brands-spectral-rules.yml extends: - "spectral:oas" rules: # ── INFO / METADATA ───────────────────────────────────────────── info-title-required: description: API must declare a title. severity: error given: $.info then: field: title function: truthy info-description-required: description: API must have a description of at least 40 characters. severity: warn given: $.info then: field: description function: length functionOptions: min: 40 info-version-required: description: API must declare a version. severity: error given: $.info then: field: version function: truthy info-version-semver: description: API version should be semantic (e.g. 1.0.0). severity: warn given: $.info.version then: function: pattern functionOptions: match: "^[0-9]+\\.[0-9]+\\.[0-9]+$" # ── OPENAPI VERSION ───────────────────────────────────────────── openapi-version-31: description: RBI Partners specs are authored against OpenAPI 3.1.0. severity: warn given: $ then: field: openapi function: pattern functionOptions: match: "^3\\.1\\." # ── SERVERS ───────────────────────────────────────────────────── servers-defined: description: At least one server must be defined. severity: error given: $ then: field: servers function: truthy servers-https: description: Server URLs must use HTTPS. severity: error given: $.servers[*].url then: function: pattern functionOptions: match: "^https://" servers-rbictg-host: description: Production/sandbox servers should resolve to an rbictg.com host. severity: info given: $.servers[*].url then: function: pattern functionOptions: match: "rbictg\\.com" # ── PATHS — NAMING ────────────────────────────────────────────── paths-no-trailing-slash: description: Paths must not end with a trailing slash. severity: warn given: $.paths[*]~ then: function: pattern functionOptions: notMatch: ".+/$" paths-version-prefix: description: RBI Partners resources are served under an /api/v{n} server prefix; path keys stay version-relative. severity: info given: $.paths[*]~ then: function: pattern functionOptions: notMatch: "^/api/v[0-9]" # ── OPERATIONS ────────────────────────────────────────────────── operation-operationId-required: description: Every operation must declare an operationId. severity: error given: $.paths[*][get,post,put,patch,delete] then: field: operationId function: truthy operation-operationId-camel: description: operationId must be camelCase (e.g. priceOrder, getStores). severity: warn given: $.paths[*][get,post,put,patch,delete].operationId then: function: pattern functionOptions: match: "^[a-z][a-zA-Z0-9]*$" operation-summary-required: description: Every operation must have a summary. severity: warn given: $.paths[*][get,post,put,patch,delete] then: field: summary function: truthy operation-summary-title-case: description: Operation summaries should be Title Case (first letter uppercase). severity: warn given: $.paths[*][get,post,put,patch,delete].summary then: function: pattern functionOptions: match: "^[A-Z]" operation-tags-required: description: Every operation must be tagged for grouping. severity: warn given: $.paths[*][get,post,put,patch,delete] then: field: tags function: truthy # ── TAGS ──────────────────────────────────────────────────────── tag-name-defined: description: Tags used on operations should be declared in the global tags array. severity: info given: $.tags[*] then: field: name function: truthy # ── PARAMETERS ────────────────────────────────────────────────── parameter-description-required: description: Parameters should be described. severity: warn given: $.paths[*][*].parameters[*] then: field: description function: truthy parameter-region-header: description: Region context is conveyed via the x-region header on the loyalty middleware surface. severity: info given: $..parameters[?(@.in=='header')].name then: function: pattern functionOptions: match: "^[a-z][a-z0-9-]*$" # ── REQUEST BODIES ────────────────────────────────────────────── request-body-json: description: Request bodies should offer application/json content. severity: warn given: $.paths[*][post,put,patch].requestBody.content then: field: application/json function: truthy # ── RESPONSES ─────────────────────────────────────────────────── response-2xx-required: description: Every operation must define at least one success (2xx) response. severity: warn given: $.paths[*][get,post,put,patch,delete].responses then: function: schema functionOptions: schema: type: object minProperties: 1 response-error-coverage: description: Operations should document error responses (400/401/404). severity: info given: $.paths[*][get,post,put,patch,delete].responses then: function: schema functionOptions: schema: type: object # ── SECURITY ──────────────────────────────────────────────────── security-scheme-defined: description: A security scheme must be defined; RBI Partners uses bearer JWT. severity: error given: $.components.securitySchemes then: function: truthy security-bearer-jwt: description: HTTP bearer schemes should declare the JWT bearerFormat. severity: info given: $.components.securitySchemes[?(@.scheme=='bearer')] then: field: bearerFormat function: truthy # ── SCHEMAS ───────────────────────────────────────────────────── schema-type-defined: description: Component schemas should declare a type. severity: info given: $.components.schemas[*] then: function: schema functionOptions: schema: type: object # ── GENERAL QUALITY ───────────────────────────────────────────── no-empty-descriptions: description: Descriptions, when present, must not be empty. severity: warn given: $..description then: function: truthy