API Property URL HTTPS

api-property-url-https

info experience: security spec: schemas

API property url should use https.

API property URLs (documentation, OpenAPI, etc.) should be https.

Rule definition

The full Spotlight rule — drop it into a ruleset (.spotlight.yaml / .spectral.yaml) and run it with any Spotlight tool.

api-property-url-https:
  title: API Property URL HTTPS
  reference: https://spotlight-rules.com/spec/rules/apis-json/api-property-url-https/
  description: API property URLs (documentation, OpenAPI, etc.) should be https.
  message: API property url should use https.
  given: $.apis[*].properties[*].url
  severity: info
  then:
    function: pattern
    functionOptions:
      match: ^https://
  tags:
    - format:apis-json
    - spec:schemas
    - experience:security
  prompt: "You are editing an APIs.json document to satisfy the Spotlight API
    governance rule 'api-property-url-https' (API Property URL HTTPS).
    Requirement: API property URLs (documentation, OpenAPI, etc.) should be
    https. To fix: Ensure the targeted value matches the regular expression
    `^https://`; rewrite any value that does not. This rule is evaluated at the
    JSONPath `$.apis[*].properties[*].url` — inspect every location it matches
    and correct only what violates the rule. Make the smallest change that
    satisfies the rule, leave all unrelated content, key order, comments, and
    formatting unchanged, and keep the document valid APIs.json. Return only the
    complete corrected document, with no commentary."
AI fix prompt — send this to Claude, Gemini, or ChatGPT with your artifact to auto-fix this rule
You are editing an APIs.json document to satisfy the Spotlight API governance rule 'api-property-url-https' (API Property URL HTTPS). Requirement: API property URLs (documentation, OpenAPI, etc.) should be https. To fix: Ensure the targeted value matches the regular expression `^https://`; rewrite any value that does not. This rule is evaluated at the JSONPath `$.apis[*].properties[*].url` — inspect every location it matches and correct only what violates the rule. Make the smallest change that satisfies the rule, leave all unrelated content, key order, comments, and formatting unchanged, and keep the document valid APIs.json. Return only the complete corrected document, with no commentary.
ArtifactAPIs.json
Applies at (given)$.apis[*].properties[*].url
Severityinfo — educational by default; raise to warn/error to enforce
Referencehttps://spotlight-rules.com/spec/rules/apis-json/api-property-url-https/