10 More on API consistency: Custom linting and security checks
This chapter covers
- Writing custom linting functions
- Running OWASP API linting checks
- Validating API requests and responses in the gateway
- Generating OpenAPI from traffic
Having automated ways of keeping your APIs compliant with your API style guide is important in order to maintain an easy-to-use and secure developer experience for developers integrating with your APIs. API linting is a big part of maintaining that API consistency at design time. In chapter 3, I introduced API linting and discussed how to write custom linting rules in Spectral using its built-in functions. But using the core functions that come with a linting tool can only take you so far. To implement a linting rule based on your API style guide, you need to write a custom function because the built-in functions may not meet your requirements. In this chapter, I discuss creating custom functions.
Another aspect of API consistency that you need to keep in mind is API security. Your API style guide should have guidelines on how to design secure APIs. And if it doesn’t, you need to update the style guide! In this chapter, I discuss some common security threats APIs face and how you can run linting checks to catch aspects of them at design time. I also touch on how you can ensure that you integrate security into every aspect of your application development life cycle.