Platform
Governance
Enterprise
// Platform
Core features for API management
6 Features
API Catalog
Central management and discovery of all APIs across your organization.
API Explorer
Interactive documentation with Try-it-out directly in the browser.
Developer Tools
CLI, CI/CD integration and automated workflows.
Versioning
Release management with changelog and version history.
Version Diff
Diff view for comparing API versions.
API Linter
Automated quality checks for your API specs.
// Governance
Security & Access Control
2 Features
Access Control
Roles, teams and granular permissions for every API.
Workflow Design
Design approval workflows and governance processes visually.
// Enterprise
Built for large organizations
2 Features
White-Label Portal
Your own branding, your own domain — fully customizable.
Enterprise Portals
Multi-tenant with SSO, SAML and SLA available on request.
All Features
// By Industry
API Portals for every industry
5 Industries
Automotive
Vehicle APIs, Connected Car and OTA updates for the automotive industry.
Banking & Fintech
PSD2, Open Banking and GDPR-compliant API portals.
Professional Services & Consulting
API Portal as a service — for consulting firms, system integrators and MSPs.
E-Commerce
Marketplace APIs and partner ecosystems.
Energy & Utilities
Smart grid, IoT and regulatory APIs.
// Article
Fundamentals
What Is an API Developer Portal?
Definition, building blocks, and value — concisely explained for architects and platform teams.
Read article
All Industries
Contact Sales
ESC
Popular searches
API Catalog
MCP Server
Getting Started
CI/CD Integration
White-Label
Product/ Platform/ API Linter
// API Linter

The API linter for
automated style guide enforcement.

API linter with configurable rules for OpenAPI, AsyncAPI, and GraphQL — also known as spec linter, quality gate, or OpenAPI validator. Enforce style guides automatically, catch security violations, and make spec quality measurable — straight in the merge request.

Free 14-day trial → See live demo
Rule coverage 150+ RULES
Style, security, and quality
OpenAPI · AsyncAPI · GraphQL · Custom rules
150+
Rules out of the box
Native
Engine without vendor lock-in
Quality gate CI/CD
<2s per spec validated
GitHub Actions · GitLab CI · Jenkins · Pre-commit hook
<2s
Validation
0
broken specs in production
100%
Audit coverage

// Definition

What an API linter does.

An API linter validates API specifications automatically against a rule set. Instead of manual senior reviews, a team defines its style guide once and every spec is validated on commit — in seconds, not hours.

Unlike a generic YAML validator, the API linter understands the semantics of OpenAPI 3.x, AsyncAPI 2.x, and GraphQL — a native lint engine enforces both bundled and custom rules.

Fast feedback in the merge request instead of comments long after the push: findings land as PR comments with line references and auto-fix suggestions.

Policy validation via linter →

Core capabilities

  • 150+ rules out of the box
  • Custom rules definable in YAML/JS
  • Multi-format: OpenAPI, AsyncAPI, GraphQL, Swagger
  • Severity classification (error, warning, info)
  • Quality score per spec
  • CI/CD integration (GitHub, GitLab, Jenkins)
  • Pre-commit hook and IDE plugin
Lint results in the explorer →

// Three problems

What the API linter solves structurally.

01

Inconsistent API specs

Every team brews its own — naming, path structures, auth schemas. The spec linter enforces a consistent style guide across teams.

02

Security shortcuts

Forgotten auth schemas, unprotected sensitive data, missing rate limits. The quality gate covers OWASP API Top 10 before every merge.

03

Late breaking-change discovery

Otherwise errors only surface in staging. In our Fortune-500 enterprise projects, style guide compliance typically reaches a very high level — by roughly 99% in our experience — backed by 15+ years of expertise in API governance.

// Rule categories

The API linter validates four quality dimensions.

A good API linter is more than a syntax check. Four rule categories cover style, security, performance, and compliance — each individually toggleable and tunable to team standards.

STYLE GUIDE
Naming, structure, consistency
camelCase vs. snake_case paths, consistent response schemas, consistent tag usage, required operation IDs. Enforce style guides without writing PR comments.
camelCase kebab-case operationId tags
Naming Conventions
12 Regeln

camelCase fuer Properties

Schema Validation
8 Regeln

Required Fields pruefen

Security Checks
6 Regeln

Auth auf allen Endpoints

Best Practices
15 Regeln

Response Examples vorhanden

SECURITY
Auth, sensitive data, OWASP API Top 10
Mandatory auth schemas, sensitive field detection, rate-limiting hints, OWASP API Top 10 checks.
OAuth2 API Key OWASP
PERFORMANCE
Pagination, caching, payload size
Cursor pagination recommendations, mandatory cache headers, response schema limits, N+1 pattern warnings.
pagination cache ETag
COMPLIANCE
GDPR, ISO 27001, and industry standards
Industry-specific rule sets for banking (PSD2/XS2A), healthcare (HL7 FHIR), manufacturing (UNECE R155), and public sector (XÖV).
GDPR PSD2 HL7 FHIR ISO 27001 TISAX

// API lint workflow

From spec commit to green quality gate.

The API linter runs as a quality gate in the CI/CD pipeline — three steps from push to approved merge.

1

Scan the spec

On push, the CI triggers the linter. OpenAPI, AsyncAPI, or GraphQL — format detected automatically. Validation runs in under 2 seconds, even for specs with 500+ endpoints.

2

Prioritize findings

Errors block the merge, warnings get commented in the PR, info notes feed the quality score. Every finding has a line reference, an explanation, and an auto-fix suggestion — no guesswork.

3

Fix or exempt

Developers fix straight in the editor (the IDE plugin suggests corrections), or architects approve exceptions with a reason. Quality score climbs, audit trail records every decision.

// Capabilities

What the API linter delivers.

Multi-format validation

Validate OpenAPI, AsyncAPI, RAML, SOAP, GraphQL, Swagger, and Arazzo specs — in a single linter run, no format switching.

Quality score

Automatic quality score (0–100) for every API spec. Track quality across versions, identify hotspots, set minimum thresholds.

CI/CD integration

GitHub Actions, GitLab CI, Jenkins, Azure DevOps — the API linter runs natively in any pipeline. Pre-commit hook and IDE plugin for instant feedback.

// Custom rules

Rules that match your own style guide.

150+ rules out of the box plus custom rules in YAML or JavaScript. Severity classification (error, warning, info) allows gradual rollout — from "hint" to "block merge" sprint by sprint, no wiki maintenance needed.

  • 150+ bundled rules out of the box
  • Custom rules definable in YAML or JavaScript
  • Severity classification (error / warning / info)
  • Auto-fix suggestions in the IDE plugin
Naming Conventions
12 Regeln

camelCase fuer Properties

Schema Validation
8 Regeln

Required Fields pruefen

Security Checks
6 Regeln

Auth auf allen Endpoints

Best Practices
15 Regeln

Response Examples vorhanden

// Comparison

API linter instead of manual code review or generic YAML validation.

Many API teams review specs by hand or rely on YAML syntax validators — without semantic understanding. A dedicated API linter validates OpenAPI semantics and enforces style guides. For platform engineers, API architects, and tech leads who want to scale governance — from 5 to 500 APIs.

Manual code review

A senior reviews every spec by hand. Works at 5 APIs, collapses at 50+. Subjective standards, long PR waits, missed edge cases.

API linter: automated quality gate, <2s per spec.

YAML syntax validators

Check syntax only, not semantics. A valid YAML file can describe a broken API — missing auth schemas, inconsistent naming, security gaps go undetected.

API linter: semantic OpenAPI/AsyncAPI/GraphQL validation.

Wiki-based style guides

A Confluence page titled "API standards" — read by 20%, followed by 40%. Standards drift, every team brews its own, compliance becomes theater.

API linter: style guide as code, automatically enforced.

// FAQ

Frequently asked questions about the API linter.

Short answers for platform engineers and API architects.

Get in touch
An API linter validates API specifications automatically against a configurable rule set — style guide, security, performance, and compliance. It replaces manual senior reviews with deterministic validation in under 2 seconds, runs as a quality gate in CI/CD pipelines, and enforces standards without wiki maintenance.
OpenAPI 3.0 and 3.1, Swagger 2.0, AsyncAPI 2.x, GraphQL, RAML, WSDL/SOAP, and Arazzo. Each format gets format-specific linting logic — OpenAPI rules differ from AsyncAPI or GraphQL rules. Custom rules are definable as format-agnostic or format-bound.
The API linter uses a native lint engine inside the API Portal. Out of the box, 150+ rules are available — from API style guides (modeled on Zalando RESTful API Guidelines, Google Cloud, Microsoft Azure) to OWASP API Top 10. Custom rules are defined in YAML or JavaScript. No external engine, no vendor lock-in, no plugin incompatibilities when new formats are added.
Native plugins for GitHub Actions, GitLab CI, and Jenkins. The CLI works with any other pipeline (Azure DevOps, CircleCI, Bitbucket). Pre-commit hooks catch findings before push, IDE plugins for VS Code and IntelliJ deliver live feedback while editing the spec.
Yes. The API linter ships industry-specific rule packs: PSD2/XS2A for banking, HL7 FHIR for healthcare, UNECE R155 and ISO 21434 for automotive, and XÖV for public sector. These packs are maintained continuously through our work with Fortune-500 enterprises and are available to customers — as a baseline for their own compliance extensions.

// Discover more

Related features.

Version Diff

Side-by-side API diff with breaking-change detection — track spec quality across versions.

Mehr erfahren →

Developer Tools

CLI, REST API, and CI/CD plugins — the API linter runs natively in GitHub Actions, GitLab CI, and Jenkins.

Mehr erfahren →

API Catalog

Centralized API management with quality score per API — linter findings visible in the catalog.

Mehr erfahren →

Versioning

Lifecycle management with SemVer and breaking-change detection — linter severity influences major bumps.

Mehr erfahren →

// Deep dive

Background articles on the API linter.

Practice know-how on style guides, spec-first workflows, and quality gates.

Ready for automated
style guide compliance?

Experience the API linter as a quality gate for OpenAPI, AsyncAPI, and GraphQL — catch spec errors before they reach production.

Free 14-day trial → See live demo