Rule Sets

Rule sets are collections of Spectral linting rules that API specifications are validated against. The Control Plane includes two built-in rule sets: Spectral OpenAPI (general best practices for OpenAPI documents) and Spectral OWASP (security-focused rules based on the OWASP API Security Top 10). You can also create custom rule sets by uploading Spectral-compatible rule definitions in YAML or JSON format.

Each rule set is classified by type — either QUALITY or SECURITY — which determines whether its results contribute to an API's quality score or security score. Rule sets can be activated or deactivated; only active rule sets are applied during linting. When you modify a rule set, all API specifications are automatically re-evaluated against the updated rules.

List rule sets

curl -X GET "https://<your-subdomain>.backend.<region>.controlplane.boomi.com/ruleSets?page=1&size=10" \
  -H "Authorization: Bearer <your-token>"

Create a rule set

curl -X POST "https://<your-subdomain>.backend.<region>.controlplane.boomi.com/ruleSets" \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "api-standards",
    "displayName": "API Standards"
  }'

Get a rule set

curl -X GET "https://<your-subdomain>.backend.<region>.controlplane.boomi.com/ruleSets/<ruleset-id>" \
  -H "Authorization: Bearer <your-token>"

Update a rule set

curl -X PUT "https://<your-subdomain>.backend.<region>.controlplane.boomi.com/ruleSets/<ruleset-id>" \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "api-standards",
    "displayName": "API Standards v2"
  }'

Delete a rule set

curl -X DELETE "https://<your-subdomain>.backend.<region>.controlplane.boomi.com/ruleSets/<ruleset-id>" \
  -H "Authorization: Bearer <your-token>"

Validate a rule set

Check if a rule set configuration is valid:

curl -X POST "https://<your-subdomain>.backend.<region>.controlplane.boomi.com/ruleSets/<ruleset-id>/validate" \
  -H "Authorization: Bearer <your-token>"

Upload rule set content

curl -X PUT "https://<your-subdomain>.backend.<region>.controlplane.boomi.com/ruleSets/<ruleset-id>/content" \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d @ruleset-content.json

Download rule set content

curl -X GET "https://<your-subdomain>.backend.<region>.controlplane.boomi.com/ruleSets/<ruleset-id>/content" \
  -H "Authorization: Bearer <your-token>"

List available rules

Get a list of all available linting rules:

curl -X GET "https://<your-subdomain>.backend.<region>.controlplane.boomi.com/ruleSets/rules" \
  -H "Authorization: Bearer <your-token>"

List rule sets​

Create a rule set​

Get a rule set​

Update a rule set​

Delete a rule set​

Validate a rule set​

Upload rule set content​

Download rule set content​

List available rules​