API Standardization helps ensure that your OpenAPI definitions comply with your company’s API style guide. SwaggerHub provides various rules to check the operations, parameters and model definitions for compliance. Inconsistencies can be detected and fixed early in the API design process, before the actual implementations are developed and go live.
In addition to the SwaggerHub API standardization rules, you can create custom rules.
SwaggerHub On-Premise note: Organization-level API Standardization is available in v. 1.19.2 and later. Earlier versions include similar API-level Style Validation.
Plan availability
API Standardization is available for organizations on the Enterprise plan.
You can see your organization plan on the Plan tab in the Organization Settings. If you are interested in upgrading to the Enterprise plan, please contact us for details.
Enable API Standardization
Organization owners can enable and configure API Standardization in the organization settings:
-
Go to My Hub and click next to the organization name in the sidebar.
– or –
In SwaggerHub On-Premise 1.21 and earlier: click your username and select Settings. Then switch to the My Organizations tab and click
next to the organization name. -
Switch to the Standardization tab.
-
Select Enable API Standardization for this Organization.
Click the image to enlarge it.
-
Select the rules to apply, or add your own rules.
You will be able to change the selected rules at any time later.
-
(Optional.) To prevent organization members from publishing non-compliant APIs, select Require API to pass Standardization to be publishable.
-
Click Save at the top right.
After you click Save, SwaggerHub will scan your organization’s APIs for compliance with the selected rules. The scan may take some time depending on the number and size of your organization’s API definitions.
After the organization-wide scan is complete, individual APIs will be re-scanned when organization members do the following:
-
Save an API in the SwaggerHub Editor.
-
Change the default version of an API.
-
Create, import or fork an API in the organization.
Create custom rules
View results
Applies to: Organization Owners, Designers, non-member collaborators with the Editor role.
Organization-owned APIs that do not comply with standardization rules are displayed with the 
and 
badges in MY hub (or with a red "Standardization failed" badge if you use SwaggerHub On-Premise). You can also use the Standardization filter to find non-compliant APIs.
To view the error list, open an API in the SwaggerHub editor and check the Validation panel at the bottom.
 |
API Standardization scan is performed on save. This is different from the normal syntax validation which is performed dynamically as you make changes in the editor. |
Automated validation
This information applies to SwaggerHub SaaS, SwaggerHub On-Premise 1.26 and later.
You can automate standardization checks and get the error list by using SwaggerHub CLI and Registry API.
Using CLI
SwaggerHub CLI provides the api:validate command to scan a specific API version:
swaggerhub api:validate OWNER/API_NAME/VERSION - validate a specific version
swaggerhub api:validate OWNER/API_NAME - validate the default versionThe output is a list of standardization errors and warnings with line numbers:
line severity description
2: CRITICAL 'info.license.name' required -> API license must be present and non-empty string
2: CRITICAL 'info.license.url' required -> API license must be present and non-empty string
4: WARNING Semantic Versioning-Version must be MAJOR.MINOR.PATCH
15: CRITICAL 'delete a user' does not comply with the rule -> Summary should start with upper case and end with a dotThe exit codes are:
- 0 - no errors or warnings
- 0 - warnings but no errors
- 1 - at least one CRITICAL error
- 2 - generic error (for example, the specified API was not found)
Using Registry API
You can get the error list by sending a GET request to https://api.swaggerhub.com/apis/OWNER/API_NAME/VERSION/validation in SwaggerHub SaaS or http(s)://SERVER/v1/apis/OWNER/API_NAME/VERSION/validation in SwaggerHub On-Premise 1.26 and later. For example:
curl -H "Authorization: YOUR_API_KEY" https://api.swaggerhub.com/apis/MyOrg/MyApi/1.0.0/validationSample response:
{
"validation": [
{
"line": 2,
"description": "'info.license.url' required -> API license must be present and non-empty string",
"severity": "CRITICAL"
},
{
"line": 4,
"description": "Semantic Versioning-Version must be MAJOR.MINOR.PATCH",
"severity": "WARNING"
},
...
]
}Disable API Standardization
API Standardization is disabled automatically when an organization’s Enterprise plan is canceled.
If you need to disable it manually:
-
Go to My Hub and click next to the organization name in the sidebar.
– or –
In SwaggerHub On-Premise 1.21 and earlier: click your username and select Settings. Then switch to the My Organizations tab and click
next to the organization name. -
Switch to the API Standardization tab.
-
Clear the Enable API Standardization for this Organization check box. There is no need to unselect individual rules.
-
Click Save.
Rules
SwaggerHub includes the following built-in standardization rules. You can also create custom rules.
-
- OperationId must be present and non-empty string
- Operation summary must be present and non-empty string
- Summary should start with upper case and end with a dot
- Operation description must be present and non-empty string
- Operation must have one and only one tag
- Operation must have at least one 2xx response
- Operation must have a default response
- API title must be present and non-empty string
- API description must be present and non-empty string
- API contact must be present and non-empty string
- API license must be present and non-empty string
Operations
operationId must be present and non-empty string
Each operation should have an operationId. Code generators use operationId as method names, so use IDs that would be appropriate as method names. For example, GET /pets/{id} could have operationId: getPetById. API documentation also uses operationId to generate permalinks to individual operations.
| Note: | operationId values must be unique within an API definition. |
Operation summary must be present and non-empty string
Operation summary is a short explanation of what the operation does. Summaries are displayed next to the operation paths in the API docs, and are also used by code generators to produce the method documentation. A summary is an analog of the /** ... */ comments in Java or the <summary> element in C# XML comments.
Summary should start with upper case and end with a dot
Use this rule to ensure that the operation summaries are proper sentences.
# Good
summary: Upload user profile image.
# Bad
summary: upload user profile imageOperation description must be present and non-empty string
Use the description element to explain what this operation does and document any prerequisites and usage specifics. The description can be multiline and use Markdown for rich text representation. Detailed, up-to-date documentation helps developers use your API more effectively.
Operation must have a tag and non-empty string
Operation must have one and only one tag
Some code generators use tags to group operations into the same API class file. Using a single tag per operation ensures that the operations will not duplicate across several class files.
# Good
paths:
/pet:
post:
summary: Add a new pet to the store.
tags:
- pet # <-----
# Bad
paths:
/pet:
post:
summary: Add a new pet to the store.
tags:
- pet # <-----
- store # <-----Operation must have at least one 2xx response
Successful and error responses are an important part of an API definition. A successful response has an HTTP status code in the 2xx range, such as 200 OK or 201 Created. Each operation must have at least one successful response defined. In OpenAPI 3.0 definitions, the '2XX' keyword can be used to represent all successful responses.
Operation must have a default response
The default response covers possible HTTP response codes that are not defined individually for an operation. It is usually used to represent error responses without listing various 4xx codes individually. That said, it is a good idea to explicitly define any known errors, such as 401 Unauthorized or 404 Not Found.
responses:
200:
description: Successful operation
401:
description: Unauthorized
default: # <------
description: Unexpected errorAPI title must be present and non-empty string
The API title is specified by the info.title field. It appears at the top of API docs on SwaggerHub. Make sure the API title is descriptive and reflects the API purpose.
info:
title: Acme Reports API # <-------
version: 1.0.0API description must be present and non-empty string
Use the info.description field to provide an overview of the API. The description can be multiline and use Markdown for rich text representation. For example, you can include information about authentication, rate limits, pagination, filtering, date and time formats, common error codes, links to additional resources (such as blog posts or external examples), and any other details that would help other developers start using your API.
info:
title: Acme Reports API
version: 1.0.0
description: >-
Use the Acme Reports API to create and schedule a variety of reports from your Acme data.
Reports can be daily, weekly, monthly and quarterly.
## Authentication
...API license must be present and non-empty string
The API license lets the potential API consumers know how they are allowed to use your API. Use the info.license section to specify the license name and url. If you want an open-source license, visit https://choosealicense.com and https://opensource.org/licenses to find the most appropriate license for your needs.
info:
title: Acme Reports API
version: 1.0.0
license: # <-------
name: Apache 2.0
url: https://www.apache.org/licenses/LICENSE-2.0.htmlAPI contact must be present and non-empty string
This rule requires the info.contact.email field in API definitions. For public APIs, you can provide the email address of your support or API team. For internal APIs, provide the email of the responsible team or developer.
Note: While this rule requires just info.contact.email, it is a good idea to also provide info.contact.url (for example, a link to your support portal or your Slack channel) to give your API consumers multiple options to get in touch.
info:
title: Acme Reports API
version: 1.0.0
contact:
name: Acme Support
email: support@example.com # <-------
url: https://support.example.comOpenAPI 2.0 (Swagger 2.0)
All model properties must have examples
SwaggerHub uses property examples to display sample requests and responses in the API docs and also to generate mock responses. Use meaningful example values to help your API consumers understand what the actual data will look like.
definitions:
User:
type: object
properties:
id:
type: integer
format: int64
example: 1 # <-------
username:
type: string
example: demo-user # <-------Note that array properties require that an array-level example should be compliant:
# Good
definitions:
Product:
type: object
properties:
categories:
type: array
items:
type: string
example: # <------- Array example is on the same level as "type: array"
- clothes
- accessories
# Bad - no array-level example (item example is not enough)
definitions:
Product:
type: object
properties:
categories:
type: array
items:
type: string
example: clothesAPI must not have local definitions (i.e. only $refs are allowed)
To comply with this rule, APIs must not have the definitions section (even if these local definitions are not used). Instead, schemas should be kept in domains and referenced using domain references.
Good:
responses:
200:
description: A single inventory item
schema:
$ref: 'https://api.swaggerhub.com/domains/acme-org/common-models/1.0#/definitions/InventoryItem'Bad:
responses:
200:
description: A single inventory item
schema:
$ref: '#/definitions/InventoryItem'
definitions:
InventoryItem:
type: object
...Note that this rule still allows inline schemas such as
responses:
200:
description: An array of strings
schema:
type: array # <-----
items:
type: stringSee Also
Organizations, Projects, and Teams
Custom Rules for API Standardization
Managing APIs
SwaggerHub Integrations