wso2 · Oshanath · Feb 28, 2025
@@ -211,33 +211,6 @@ rulesetContent:
         functionOptions:
           min: 1
 
-    api-tags-alphabetical:
-      description: >
-        API tags should be in alphabetical order. For instance, `["alpha", "beta", "delta"]` is correct, while `["beta", "alpha"]` is incorrect.
-
-        **Correct Example**:
-        ```json
-        {
-          "data": {
-            "tags": ["alpha", "beta", "delta"]
-          }
-        }
-        ```
-
-        **Incorrect Example**:
-        ```json
-        {
-          "data": {
-            "tags": ["delta", "beta", "alpha"]
-          }
-        }
-        ```
-      message: "API tags should be in alphabetical order."
-      severity: warn
-      given: "$.data.tags"
-      then:
-        function: alphabetical
-
     api-business-owner-email:
       description: Checks that the business owner’s email is set
       message: "Business owner email is missing or empty."
@@ -315,23 +288,22 @@ rulesetContent:
         function: truthy
 
     api-no-unlimited-throttling-policy:
-      description: API should not have an unlimited throttling policy.
+      description: "API should not have an unlimited throttling policy."
       message: "API should not have an unlimited throttling policy."
-      severity: warn
+      severity: "warn"
+      given: "$.data.apiThrottlingPolicy"
+      then:
+        function: "pattern"
+        functionOptions:
+          notMatch: "^Unlimited$"
+
+    api-resources-security-required:
+      description: Checks that security is enabled for all resources.
+      message: "Security is not enabled for all resources."
+      severity: error
       given: "$.data.operations.*"
       then:
-        field: "throttlingPolicy"
+        field: "authType"
         function: pattern
         functionOptions:
-          notMatch: 'Unlimited'
-
-  api-resources-security-required:
-    description: Checks that security is enabled for all resources.
-    message: "Security is not enabled for all resources."
-    severity: error
-    given: "$.data.operations.*"
-    then:
-      field: "authType"
-      function: pattern
-      functionOptions:
-        notMatch: 'None'
+          notMatch: 'None'
@@ -107,17 +107,6 @@ rulesetContent:
             - "$.components.responses"
             - "#Operation_Responses"
             - "$..responses"
-    API_Server_URL:
-      description: API host urls defined in the API specification
-      targets:
-        - formats:
-            - oas3
-          given:
-            - "$.servers[*].url"
-        - formats:
-            - oas2
-          given:
-            - "$.host"
     Request_Parameter_All:
       description: All request parameters
       targets:
@@ -168,17 +157,6 @@ rulesetContent:
             - oas3
           given:
             - "$.tags[*]"
-    API_Server:
-      description: API hosts defined in the API specification
-      targets:
-        - formats:
-            - oas3
-          given:
-            - "$.servers"
-        - formats:
-            - oas2
-          given:
-            - "$.host"
     All_Array_Item:
       description: ''
       targets:
@@ -710,205 +688,6 @@ rulesetContent:
         ```
       message: Tag object should have "description".
 
-    api-servers:
-      given:
-        - "#API_Document"
-      severity: warn
-      then:
-        function: schema
-        field: "servers"
-        functionOptions:
-          schema:
-            type: array
-            minItems: 1
-            items:
-              type: object
-          dialect: draft7
-      description: |-
-        A server should be defined at the root document level. This can be localhost, a development server, or a production server.
-
-        **Valid OpenAPI V3 Example**
-
-        ```json
-        {
-          "servers": [
-            {
-              "url": "https://staging.myprodserver.com/v1",
-              "description": "Staging server"
-            },
-            {
-              "url": "https://myprodserver.com/v1",
-              "description": "Production server"
-            }
-          ]
-        }
-        ```
-
-        **Valid OpenAPI V2 Example**
-
-        ```json
-        {
-          "host": "myprodserver.com",
-          "basePath": "/v2",
-          "schemes": [
-            "https"
-          ]
-        }
-        ```
-      message: Server should be present.
-
-    server-trailing-slash:
-      given:
-        - "#API_Server_URL"
-      severity: warn
-      then:
-        function: pattern
-        functionOptions:
-          notMatch: '/$'
-      description: |-
-        Server URLs should not end in forward slashes. This is a best practice for working with web tooling, such as mock servers, code generators, application frameworks, and more.
-
-        **Invalid Example**
-
-        ```json
-        {
-          "servers": [
-            {
-              "url": "https://api.openweathermap.org/data/2.5/"
-            }
-          ]
-        }
-        ```
-
-        **Valid Example**
-
-        ```json
-        {
-          "servers": [
-            {
-              "url": "https://api.openweathermap.org/data/2.5"
-            }
-          ]
-        }
-        ```
-      message: Server URL should not have trailing slash.
-
-    server-lowercase:
-      given:
-        - "#API_Server_URL"
-      severity: error
-      then:
-        function: pattern
-        functionOptions:
-          match: '^[^A-Z]*$'
-      description: |-
-        Server URLs must be lowercase. This standard helps meet industry best practices.
-
-        **Invalid Example**
-
-        The `url` property uses uppercase letters.
-
-        ```json
-        {
-          "servers": [
-            {
-              "url": "https://ACME.com/api"
-            }
-          ]
-        }
-        ```
-
-        **Valid Example**
-
-        The `url` property is fully lowercase.
-
-        ```json
-        {
-          "servers": [
-            {
-              "url": "https://acme.com/api"
-            }
-          ]
-        }
-        ```
-      message: Server URL must be lowercase.
-      formats:
-        - oas3
-
-    oas2-api-schemes:
-      given:
-        - "#API_Document"
-      severity: error
-      then:
-        function: schema
-        functionOptions:
-          schema:
-            type: array
-            minItems: 1
-            items:
-              type: string
-          dialect: draft7
-        field: schemes
-      description: |
-        OpenAPI 2 host `schemes` reflect the transfer protocol of the API.
-        Host schemes must be present and an array with one or more of these values:
-        `http`, `https`, `ws`, or `wss`.
-
-        **Valid Example**
-
-        This example shows that host schemes are `http` and `https`.
-
-        ```json
-        {
-          "schemes": [
-            "http",
-            "https"
-          ]
-        }
-        ```
-      message: OpenAPI host "schemes" must be present and non-empty array
-      formats:
-        - oas2
-
-    server-not-example:
-      given:
-        - "#API_Server_URL"
-      severity: warn
-      then:
-        function: pattern
-        functionOptions:
-          notMatch: 'example.com'
-      description: |
-        Server URLs must not direct to example.com. This helps ensure URLs
-        are valid before you distribute your API document.
-
-        **Invalid Example**
-
-        ```json
-        {
-          "servers": [
-            {
-              ... ,
-              "url": "https://example.com"
-            }
-          ]
-        }
-        ```
-
-        **Valid Example**
-
-        ```json
-        {
-          "servers": [
-            {
-              ... ,
-              "url": "https://api.openweathermap.org/data/2.5"
-            }
-          ]
-        }
-        ```
-      message: Server URL must not point at example.com.
-
     parameter-description:
       given:
         - "#Request_Parameter_All"