OpenAPI Specification: Difference between revisions
Line 158: | Line 158: | ||
===<tt>schemas</tt>=== | ===<tt>schemas</tt>=== | ||
The <code>/components/schemas</code> section of the OpenAPI specification defines reusable objects a client or server code generator creates programming language types for. | The <code>/components/schemas</code> section of the OpenAPI specification defines reusable objects a client or server code generator creates programming language types for. | ||
{{Internal|OpenAPI Specification Schemas#Overview|OpenAPI Specification Schemas}} | |||
==<tt>webhooks</tt>== | ==<tt>webhooks</tt>== |
Revision as of 01:23, 26 January 2024
External
- OpenAPI 3.1.0 Specification https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.0.md
- https://swagger.io/specification/
Internal
Overview
OpenAPI Specification (OAS), formerly Swagger Specification, is an API description format and a specification standard for HTTP REST APIs. The specification for an API can be expressed in a single file, which provides the source of truth for the API, starting with the API design phase, then continuing with client and server code generation, documentation and testing. The specification format is programming language agnostic, it is machine-readable and it can be used to generate code in different languages. API specifications are typically written in YAML or JSON. The latest version at the time of this writing is OpenAPI 3.1.0.
The OpenAPI specification describes endpoints and operations for each endpoint, input and output parameters for each operation, authentication methods, contact information, licenses, etc.
Endpoints
An endpoint is exposed in the OpenAPI specification by its relative path, declared in the paths
map.
Refactor this.
Document Structure
openapi: 3.1.0 info: [...] servers: [...] paths: [...] components: [...] webhooks: [...] security: [...] tags: [...]
openapi
The string following the openapi
element is the version number of the OpenAPI specification this document uses.
info
info: title: OpenAPI Example version: 0.2.0 summary: An OpenAPI example application description: termsOfService: contact: license:
title
Required element. Represents the title of the API. When imported in AWS API Gateway, the title provides the API name, unless the AWS::ApiGateway::RestApi resource explicitly specifies a title, in which case the title specified by AWS::ApiGateway::RestApi will take priority.
version
Required element. Represents the version of the API document. It is different from openapi
version string.
summary
A short summary of the API.
description
A description of the API. CommonMark syntax may be used for rich text representation.
servers
servers:
- url: https://petstore.swagger.io/v2
paths
paths: /a: summary: description: get: [...] put: [...] post: [...] delete: [...] options: [...] head: [...] patch: [...] trace: [...] servers: parameters: /b: [...] /c: [...]
Contains a map of relative paths to individual endpoints.
Each path name must start with a forward slash "/". The path is appended to the expanded URL from the server object url
field in order to construct the full URL. Path templating is allowed. Each path accepts zero or more of the available operations (get
, put
, post
, delete
, options
, head
, patch
, trace
) and parameters
, which is a list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at operation level but cannot be removed there. A unique parameter is defined by a combination of a name and a location.
Operations
An operation represents a single HTTP operation on a path.
get|put|post|delete|options|head|patch|trace: summary: | A short description of the operation. operationId: someOperationId description: '...' parameters: [...] responses: [...] tags: [...] requestBody: callbacks: security: servers: deprecated:
operationId
A unique string, among all operations described by this API, used to identify the operation. The operationId
value is case-sensitive. Tools and libraries may use operationId
to uniquely identify an operation, therefore, it is recommended to follow common programming naming conventions.
Responses
The responses
field is required and lists all possible HTTP responses that may result from executing this operation. The element must contain at least one response code. The definition is not expected to cover all possible HTTP response codes, because they may not be known in advance. However, the definition should cover a successful operation response and any known errors. The "default" map key may be used as a default response object for all HTTP codes that are not covered individually in the definition.
paths:
/a:
get:
responses:
200:
[...]
default:
[...]
RequestBody
Also see:
Tags
Each operation can be annotated with a list of tags. Tagged operations may be handled differently by tools and libraries. Optionally, each tag can get a "description" and an "externalDocs" in the global "tags" section on the root level. The tag names here should match those used in operations. The tag order in the global tags section also controls the default sorting in the UI. It is possible to use a tag at operation level even if it is not specified on the root level.
tags:
- name: tag-a
description: Something that would shed light on tag-a semantics
externalDocs:
url: https://example.com/my-docs/tag-a.html
paths:
/a:
get:
tags:
- tag-a
- other-tag
components
components: schemas: Pet: [...] Error: [...]
schemas
The /components/schemas
section of the OpenAPI specification defines reusable objects a client or server code generator creates programming language types for.
webhooks
A map of path item objects or reference objects.
security
tags
Parameters
get: [...] parameters: - name: id in: path|query|header|cookie description: required: true|false deprecated: true|false allowEmptyValue: true|false schema: [...] - [...]
An operation accepts multiple parameters.
A unique parameter is defined by a combination of its name, defined as value of the name
field, and its location, defined as value of the in
field. The name
value is required and case sensitive.
There are four possible parameter locations: "query", "header", "path", "cookie".
Parameter Locations
Path Parameters
A path parameter is declared as in: path
in the OpenAPI specification file, and is a URL fragment at the left side of the question mark in the URL. For "path" parameters, the parameter name must correspond to a template expression occurring in the path
field. The parameter value is actually part of the operation's URL. Also, the required
property is required and the value must be true
.
/query/{id}
paths:
/query/{id}:
get:
- name: id
in: path
required: true
[...]
Also see:
Query Parameters
A query parameter is declared as in: query
in the OpenAPI specification file, and it is an URL fragment that follows the question mark in the full URL.
allowEmptyValue
field is valid only for query parameters and allows sending a parameter with an empty value. The default value is false
. Use of this property is not recommended and it is likely to be removed in a later revision.
Also see:
Header Parameters
Header parameters are key value pairs that can be used to configure the behavior of the API.
Also see:
Cookie Parameters
Parameter Schema
Path Templating
Path templating refers to the usage of curly braces {}
to mark a section of a URL path as replaceable using path parameters.
Examples
GET with Empty Response Body
paths:
/a:
get:
parameters:
- name: test
in: query
type: string
responses:
200:
schema:
$ref: '#/definitions/Empty'
definitions:
Empty:
type: object
A Simple CRUD REST Application with OpenAPI
TODEPLETE
Response
A response is defined by its HTTP status code and the data returned in the response body and/or headers.
200:
description: 200 response
schema:
$ref: '#/definitions/Empty'
originalRef: '#/definitions/Empty'
headers:
Access-Control-Allow-Origin:
type: 'string'
Access-Control-Allow-Methods:
type: 'string'
Access-Control-Allow-Headers:
type: 'string'
description
The description is required. Represents a short description of the response.
Response Body
schema
The schema keyword is used to describe the response body. A schema may define:
- a primitive type such as "string" or "number", used for plain text responses. Note that Amazon API Gateway warns if it encounters a primitive type.
- an object
- an array – typically used with JSON and XML APIs
- a file
- a reference - the schema can be defined in-line or defined at the root level of the document and referenced via $ref. This is useful if multiple responses share the same schema.
For reference models (RefModel
), model.setReference("RefName") puts the model in the correct state to refer to:
definitions:
RefName:
type: ...
In-line schema:
responses:
200:
description: something
schema:
type: object
properties:
id:
type: integer
description: The user ID.
username:
type: string
description: The user name.
This is an example that uses references:
responses:
200:
description: something
schema:
$ref: '#/definitions/User'
...
definitions:
User:
type: object
properties:
id:
type: integer
description: The user ID.
username:
type: string
description: The user name.
"responseSchema" is sometimes used, but that seems to be deprecated.
Empty Response Body
For responses that have no body, like 204 No Content, no "schema" should be specified. This is conventionally treated as no-body response.
Response Headers
Responses can include custom headers, or headers that implement a protocol like CORS.
headers
The custom headers must be declared, under the "headers" section of the response. For OpenAPI 2.0, there is no way in Swagger to define common response headers for different response codes or different API operations. You need to define the headers for each response individually. "headers" is aA container that maps a header name to its definition. The header names are case insensitive. If a header is specified by the an extension, such as x-amazon-apigateway-integration, it has to be declared in the headers section for the corresponding response, otherwise a template error is generated.
200:
description: 200 response
...
headers:
Access-Control-Allow-Origin:
type: 'string'
Access-Control-Allow-Methods:
type: 'string'
Access-Control-Allow-Headers:
type: 'string'
schema:
$ref: '#/definitions/Empty'
originalRef: '#/definitions/Empty'
Reference Object
$ref
Data Types
Basic Types
string
number
integer
boolean
array
object
CORS
More:
x-nullable
Appears in automatically generated Swagger files, as such:
definitions: LibraryAccount: type: object required: - name properties: name: type: string x-nullable: true
definitions: A: type: string title: A x-nullable: true
When used for an API Gateway import, it errors out as:
Unable to create model for 'LibraryAccount': Invalid model specified: Validation Result: warnings : [], errors : [Invalid model schema specified. Unsupported keyword(s): ["x-nullable"]]