Astrum rules are the common set of directives that the user can define to identify the occurrences of suspicious and inept data in the open API specification.

There are two types of rules which the Astrum supports which can be represented using JSON.

• Regex Rule
• Assertion Rule

Regex Rule

A Regex rule takes a regular expression and matches it against the open API definition. Let's say as an API designer I want to style all my operation Ids to follow camel casing, we can represent it using the regex rule as below.

This rule applies the regex value defined in the "regex" field against the value present in the object path of the operation id and reports if they don't match the camel casing.

{  
  "name": "Operation Id should be Camel Case",  
  "description": "Operation Id should be Camel Case ",  
  "oasVersion": "2.0",  
  "status": "ACTIVE",  
  "objectPath": "$.paths.*.*.operationId",  
  "severity": "INFO",  
  "ruleType": {  
    "type": "REGEX",  
  "operation": "MATCHES",  
  "regex": "^[a-zA-Z]*$"  
  }  
}

Assertion Rule

Assertion rules are forceful statements that can be applied against the open API definitions. For example, As an API security expert, I want all my APIs to be designed to run only using HTTPS protocol. Let's see how they can be achieved using the Assertion rule.

{  
  "name": "All Schemes Should be https",  
  "description": "All Schemes Should be https",  
  "oasVersion": 2.0,  
  "status": "ACTIVE",  
  "objectPath": "$.schemes.*",  
  "severity": "WARN",  
  "ruleType": {  
    "type": "ASSERT",  
  "operation": "equalTo",  
  "value": "https"  
  }

The above assertion rule takes the operation 'equalTo' and checks whether all my schemes are represented as 'HTTPS' failure of this assertion is captured in the linting report.

Assertion Rules support the below operations which can be used to apply against the API definitions

• equalTo
• present
• doesNotContain
• absent
• contains
• doesNotMatch

Astrum lets you sync your open API specifications with a source control of your choice. Once the swagger is generated , goto the spec in the API reference and hit the View Swagger option. You will now see a few options on the top right of the dashboard, one of which is the sync with SCM feature. Clicking that prompts you to enter your version control connection information.

Astrum supports generating snippets in:

• cURL
• Java
• PHP
• NodeJs
• C#
• JavaScript

Astrum currently supports API keys, bearer tokens, and basic authentication in the header and params across its collection requests.

You need to have a registered workspace with APIwiz in order to access the Astrum dashboard. If you don't have one, you can get one now by clicking here.

If you are looking to auto-generate your open API specs, you will also need a copy of all your collections to import and generate the catalog.

Currently, Astrum supports generating specs in the latest OAS 3.0. You can read more on the OAS 3.0 specification here

• Select the Collections side panel icon.
• Import your collection if it doesn't already exist.
• Right-click on the collection of your choice and select the Generate Swagger option.
• The generated swagger will automatically get added to your API catalog and you can view the same in the API reference section of the Astrum dashboard.

You can use your APIwiz workspace login credentials to access the Astrum dashboard. If you don't have one, you can register for a workspace now by clicking here.

Astrum lets you:

• Auto discover and generate ALL of your API specs
• Genarate a catalogue from the auto generated specs
• Define custom rulesets to enforce governance
• Lint all your existing specs against your custom rule sets
• Catch gaps in governance right at the design stage
• Generate open api specs from collections and vice-versa
• Sync your specs to a source control of your choice
• Seamlessly test your apis
• View live request transaction audits with historic request reruns
• Monitor your weekly request creation velocity
• Manage all the above in a neat intuitive dashboard