To improve API interoperability between more than 10’000 Italian agencies, we are working on a validator tool for OpenAPI 3+ (aka OAS) specifications.
The repository contains the source for the in-browser validator that verifies some of the Interoperability Framework (Modello di Interoperabilità) rules for REST APIs.
Provided rules are not specific to the public sector, and can help private companies to produce quality APIs.
We are now working to cover more and more sections of the Interoperability Rules:
and add some Security Checks too.
Remember that the checker is not a certification tool, but helps your organization to increase the quality of your APIs and quickly fix the major issues in your specs, such as:
- missing OpenAPI3+ properties or headers;
- bad or unused schemas or inconsistent examples;
- use of the unencrypted “http” protocol;
- design pitfalls, like using the old Swagger 2 specifications, or general-purpose media-types together with the PATCH method.
To help the integration in your CI, we are working to a github action based on the spectral one; you can have a look at the preview here
The validator is based on the opensource project Spectral, which we preferred over other good validators:
- Zally - Spectral can be web-packed and run in your (browser) without using a database;
- openapi-cli - because while slower, Spectral allows to describe rules YAML files, while openapi-cli rules are written in javascript
Moreover Spectral is the default OAS validator in the github super-linter thus you can easily add it to your current Continuous Integration pipeline.
Use it, have your say and contribute to the project!