pax_global_header00006660000000000000000000000064150633011300014502gustar00rootroot0000000000000052 comment=99710bcb26cbe4be646565eebeb04348f02374b5 OpenAPI-Specification-3.2.0/000077500000000000000000000000001506330113000155155ustar00rootroot00000000000000OpenAPI-Specification-3.2.0/.gitattributes000066400000000000000000000000311506330113000204020ustar00rootroot00000000000000*.md linguist-detectable OpenAPI-Specification-3.2.0/.github/000077500000000000000000000000001506330113000170555ustar00rootroot00000000000000OpenAPI-Specification-3.2.0/.github/CODEOWNERS000066400000000000000000000003361506330113000204520ustar00rootroot00000000000000# Global Repo Owners * @oai/openapi-maintainers @oai/tsc # Specification Versions /versions/ @oai/tsc # Protect specific top level files /MAINTAINERS.md @oai/tsc /TOB.md @oai/tsc /GOVERNANCE.md @oai/tsc /LICENSE @oai/tscOpenAPI-Specification-3.2.0/.github/ISSUE_TEMPLATE/000077500000000000000000000000001506330113000212405ustar00rootroot00000000000000OpenAPI-Specification-3.2.0/.github/ISSUE_TEMPLATE/config.yml000066400000000000000000000015341506330113000232330ustar00rootroot00000000000000blank_issues_enabled: false contact_links: - name: Have a question about using OpenAPI? url: https://communityinviter.com/apps/open-api/openapi about: Ask us on our Slack! - name: Have a question about OpenAPI Tooling? url: https://tools.openapis.org/ about: Please ask your tooling vendor! - name: Want to add to our list of OpenAPI Tools? url: https://tools.openapis.org/ about: Please take a look at our tooling site's instructions! - name: Want to suggest more how-to documentation and examples? url: https://github.com/OAI/learn.openapis.org/issues/new about: Please open an issue on our learning site! - name: Want to request a new feature in the specification? url: https://github.com/OAI/OpenAPI-Specification/discussions/new?category=enhancements about: Please start a discussion in this repository! OpenAPI-Specification-3.2.0/.github/ISSUE_TEMPLATE/registry_feature_request.md000066400000000000000000000020331506330113000267130ustar00rootroot00000000000000--- name: Contribute to the registries at spec.openapis.org/registry about: Add a new registry entry, or edit an existing one title: 'Registry: ...' labels: registries assignees: '' --- **Which registry do you want to contribute to** - [ ] [Alternative Schema Type Registry](https://spec.openapis.org/registry/alternative-schema) - [ ] [Draft Features Registry](https://spec.openapis.org/registry/draft-feature) - [ ] [Specification Extension Registry](https://spec.openapis.org/registry/extension) - [ ] [Format Registry](https://spec.openapis.org/registry/format) - [ ] [Extension Namespace Registry](https://spec.openapis.org/registry/namespace) - [ ] [Tag Kind Registry](https://spec.openapis.org/registry/tag-kind) **Describe your contribution** A clear and concise description of what you want to add or change. **Describe alternatives you've considered** A clear and concise description of any alternative solutions or features you've considered. **Additional context** Add any other context or screenshots about the feature request here. OpenAPI-Specification-3.2.0/.github/ISSUE_TEMPLATE/spec_bug_report.md000066400000000000000000000010141506330113000247400ustar00rootroot00000000000000--- name: Report an error in the specification about: Create a report to help us improve the specification title: 'vX.Y: ...' labels: '' assignees: '' --- **Describe the error in the specification** A clear and concise description of - what the error is, - which specification versions are affected, - what you would expect the specification to say instead, and - a link to the corresponding specification section in the "oldest" affected version. **Additional context** Add any other context about the problem here. OpenAPI-Specification-3.2.0/.github/dependabot.yml000066400000000000000000000003611506330113000217050ustar00rootroot00000000000000version: 2 updates: - package-ecosystem: github-actions directory: "/" schedule: interval: daily open-pull-requests-limit: 10 - package-ecosystem: npm directory: "/" schedule: interval: daily open-pull-requests-limit: 10 OpenAPI-Specification-3.2.0/.github/pull_request_template.md000066400000000000000000000014621506330113000240210ustar00rootroot00000000000000 - [ ] schema changes are included in this pull request - [ ] schema changes are needed for this pull request but not done yet - [ ] no schema changes are needed for this pull request OpenAPI-Specification-3.2.0/.github/templates/000077500000000000000000000000001506330113000210535ustar00rootroot00000000000000OpenAPI-Specification-3.2.0/.github/templates/agenda.md000066400000000000000000000046311506330113000226200ustar00rootroot00000000000000## Weekly meetings happen on Thursdays at 9am - 10am Pacific This agenda gives visibility into discussion topics for the weekly Technical Developer Community (TDC) meetings. Sharing agenda items in advance allows people to plan to attend meetings where they have an interest in specific topics. Whether attending or not, **anyone can comment on this issue prior to the meeting to suggest topics or to add comments on planned topics or proposals**. Meetings take place over Zoom: [https://zoom.us/j/975841675](https://zoom.us/j/975841675?pwd=SUh4MjRLaEFKNlI3RElpWTdhRDVVUT09), dial-in passcode: 763054 ### Accessibility & Etiquette * Participants must abide by our [Code-of-Conduct](https://github.com/OAI/OpenAPI-Specification?tab=coc-ov-file). * Meetings are recorded for future reference, and for those who are not able to attend in-person. * We invite you to feel comfortable to challenge any language or behaviour that is harmful or not inclusive during this meeting. * We look forward to your participation, but please consider these acts of etiquette: * Remain on mute when not speaking to prevent interruptions. * Blur your background to reduce visual distractions. * Use the Zoom meeting "Raise Hand" feature to notify the group when you wish to speak. | Blur My Background | Raise Hand | |-|-| | Screenshot of Zoom UI showing the 'Stop Video' and 'Blur My Background' control | Screenshot of Zoom UI showing the 'Reaction' and 'Raise Hand' control | ### Agenda Structure | Topic | Owner | Decision/NextStep | |-|-|-| Intros and governance meta-topics (5 mins) | TDC | | Reports from Special Interest Groups (5 mins) | SIG members | | Any other business (add comments below to suggest topics) | TDC | | [Approved spec PRs](https://github.com/OAI/OpenAPI-Specification/pulls?q=is%3Apr+is%3Aopen+review%3Aapproved) | @OAI/tsc | | [Active Projects](https://github.com/OAI/OpenAPI-Specification/projects?query=is%3Aopen) | @OAI/openapi-maintainers | | [New issues needing attention](https://github.com/search?q=repo%3Aoai%2Fopenapi-specification+is%3Aissue+comments%3A0+no%3Alabel+is%3Aopen) | @OAI/triage | | /cc [@OAI/tsc](https://github.com/orgs/OAI/teams/tsc) please suggest items for inclusion. OpenAPI-Specification-3.2.0/.github/workflows/000077500000000000000000000000001506330113000211125ustar00rootroot00000000000000OpenAPI-Specification-3.2.0/.github/workflows/agenda.yaml000066400000000000000000000033441506330113000232210ustar00rootroot00000000000000name: agenda # author: @MikeRalphson # issue: various # # This workflow creates the agenda issue each week. It runs on a cron every # Monday morning, raising an issue for the following Thursday. # It can also be run manually, in case GitHub Actions has a failure. # on: schedule: - cron: '0 16 * * 4' workflow_dispatch: {} permissions: issues: write contents: read jobs: agenda: if: github.repository == 'OAI/OpenAPI-Specification' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} TITLE_PREFIX: "Open Community (TDC) Meeting, " LABEL: "Housekeeping" POST_MEETING_CLOSE_DURATION_IN_DAYS: 10 runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 # checkout repo content # we want to close old agenda issues before creating a new one because there's a limit of 3 pinned items on a repo - name: Close old agenda issues run: gh issue list -l ${{ env.LABEL }} --author "app/github-actions" --json number,title | ConvertFrom-Json | Where-Object { $_.title -like "${{ env.TITLE_PREFIX }}*" -and ([datetime]::UtcNow - [datetime]::Parse([regex]::Replace($_.title.Replace("${{ env.TITLE_PREFIX }}", ""), "\([^)]+\)", ""))) -ge [timespan]::FromDays([int]::Parse("${{ env.POST_MEETING_CLOSE_DURATION_IN_DAYS }}"))} | ForEach-Object { gh issue close $_.number && gh issue unpin $_.number } shell: pwsh - name: Create agenda issue run: | $nextThursday = @(@(1..8) | % {$(Get-Date).AddDays($_)} | ? {$_.DayOfWeek -ieq "Thursday"})[0].ToString("dddd dd MMMM yyyy", [CultureInfo]::InvariantCulture) $result = gh issue create -l ${{ env.LABEL }} -t "${{ env.TITLE_PREFIX }}$nextThursday" -F .github/templates/agenda.md gh issue pin $result shell: pwsh OpenAPI-Specification-3.2.0/.github/workflows/check-restricted-files.yaml000066400000000000000000000030331506330113000263200ustar00rootroot00000000000000name: check-restricted-files # Author: @ralfhandl # Issue: https://github.com/OAI/OpenAPI-Specification/issues/3432 # This workflow fails if restricted files are changed in a pull request on: pull_request: paths: - 'schemas/**/*.yaml' - 'versions/*.md' jobs: check-files: runs-on: ubuntu-latest steps: - name: Check changed files shell: bash run: | if [[ "${{ github.event.pull_request.head.repo.full_name }}" == "OAI/OpenAPI-Specification" ]] && \ [[ "${{ github.event.pull_request.base.repo.full_name }}" == "OAI/OpenAPI-Specification" ]]; then if [[ "${{ github.event.pull_request.head.ref }}" == "main" ]] && \ [[ "${{ github.event.pull_request.base.ref }}" == "dev" ]]; then echo Sync from main to dev exit 0 fi if [[ "${{ github.event.pull_request.head.ref }}" == "dev" ]] && \ [[ "${{ github.event.pull_request.base.ref }}" =~ ^v[0-9]+\.[0-9]+-dev$ ]]; then echo Sync from dev to ${{ github.event.pull_request.base.ref }} exit 0 fi if [[ "${{ github.event.pull_request.head.ref }}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-rel$ ]] && \ [[ "${{ github.event.pull_request.base.ref }}" == "main" ]]; then echo Release from ${{ github.event.pull_request.head.ref }} to main exit 0 fi fi echo This PR contains changes to files that should not be changed exit 1 OpenAPI-Specification-3.2.0/.github/workflows/inactive-issues.yml000066400000000000000000000021761506330113000247560ustar00rootroot00000000000000on: issues: types: labeled workflow_dispatch: schedule: - cron: '*/5 * * * *' permissions: issues: write contents: read name: Label and close issues with no recent activity env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} NEEDS_ATTENTION_LABEL: "Needs attention" NEEDS_AUTHOR_FEEDBACK_LABEL: "Needs author feedback" NO_RECENT_ACTIVITY_LABEL: "No recent activity" NO_RECENT_ACTIVITY_DURATION_IN_DAYS: 7 NO_RECENT_ACTIVITY_DURATION_CLOSE_IN_DAYS: 28 ORG_NAME: ${{ github.repository_owner }} REPO_NAME: ${{ github.event.repository.name }} NO_RECENT_ACTIVITY_COMMENT: "This issue has been labeled with `No recent activity` because there has been no recent activity. It will be closed if no further activity occurs within 28 days. Please re-open this issue or open a new one after this delay if you need to." jobs: run: if: github.repository == 'OAI/OpenAPI-Specification' runs-on: ubuntu-latest name: Label issues with no recent activity steps: - uses: actions/checkout@v5 - run: scripts/label-no-recent.ps1 shell: pwsh - run: scripts/close-no-recent.ps1 shell: pwsh OpenAPI-Specification-3.2.0/.github/workflows/respec.yaml000066400000000000000000000030471506330113000232630ustar00rootroot00000000000000name: respec # author: @MikeRalphson # issue: https://github.com/OAI/OpenAPI-Specification/issues/1564 # # This workflow updates the respec 'pretty' rendered versions of the spec # on the gh-pages branch when the corresponding markdown files change. # # run this manually from main on: workflow_dispatch: {} jobs: respec: if: github.ref == 'refs/heads/main' runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 # checkout main branch with: fetch-depth: 0 - uses: actions/setup-node@v5 # setup Node.js with: node-version: '20.x' - name: Install dependencies run: npm ci - uses: actions/checkout@v5 # checkout gh-pages branch with: ref: gh-pages path: deploy - name: run main script run: scripts/md2html/build.sh - name: Create Pull Request uses: peter-evans/create-pull-request@v6 with: token: ${{ secrets.GITHUB_TOKEN }} branch: update-respec-version base: gh-pages delete-branch: true path: deploy labels: Housekeeping reviewers: darrelmiller,webron,earth2marsh,lornajane,mikekistler,miqui,ralfhandl,handrews,karenetheridge title: Update ReSpec-rendered specification versions commit-message: Update ReSpec-rendered specification versions signoff: true body: | This pull request is automatically triggered by GitHub action `respec`. The `versions/*.md` files have changed, so the HTML files are automatically being regenerated. OpenAPI-Specification-3.2.0/.github/workflows/schema-publish.yaml000066400000000000000000000033051506330113000247030ustar00rootroot00000000000000name: schema-publish # author: @ralfhandl # issue: https://github.com/OAI/OpenAPI-Specification/issues/3715 # # This workflow creates a pull request for publishing schema iterations to the gh-pages branch # # run this on push to vX.Y-dev branches or manually on: push: branches: - 'v[0-9].[0-9]-dev' paths: - 'src/schemas/validation/*.yaml' - 'scripts/schema-publish.sh' - '.github/workflows/schema-publish.yaml' workflow_dispatch: {} jobs: publish: runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 # checkout main branch with: fetch-depth: 0 - uses: actions/setup-node@v5 # setup Node.js with: node-version: '22.x' - name: Install dependencies run: npm ci - uses: actions/checkout@v5 # checkout gh-pages branch with: ref: gh-pages path: deploy - name: run main script run: scripts/schema-publish.sh - name: Create Pull Request uses: peter-evans/create-pull-request@v6 with: token: ${{ secrets.GITHUB_TOKEN }} branch: ${{ github.ref_name }}-publish-schema-iteration base: gh-pages delete-branch: true path: deploy labels: Housekeeping,Schema reviewers: darrelmiller,webron,earth2marsh,lornajane,mikekistler,miqui,ralfhandl,handrews,karenetheridge title: '${{ github.ref_name }}: publish OpenAPI schema iterations' commit-message: New OpenAPI schema iterations signoff: true body: | This pull request is automatically generated by GitHub action `schema-publish`. The `src/schemas/validation/*.yaml` files have changed and JSON files are automatically generated. OpenAPI-Specification-3.2.0/.github/workflows/schema-tests.yaml000066400000000000000000000013661506330113000244040ustar00rootroot00000000000000name: schema-test # Author: @MikeRalphson / runs @jdesrosiers tests # Issue: https://github.com/OAI/OpenAPI-Specification/pull/2489 # # This workflow runs the npm test script to validate passing and failing # testcases for the metaschemas # # run this on push to any branch and creation of pull-requests on: pull_request: {} workflow_dispatch: {} jobs: test: runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 # checkout repo content with: fetch-depth: 0 - uses: actions/setup-node@v5 # setup Node.js with: node-version: '20.x' - name: Install dependencies run: npm ci - name: Run tests run: npm run test env: BASE: ${{ github.event.pull_request.base.ref }} OpenAPI-Specification-3.2.0/.github/workflows/sync-dev-to-vX.Y-dev.yaml000066400000000000000000000032371506330113000255310ustar00rootroot00000000000000name: sync-dev-to-vX.Y-dev # author: @ralfhandl # # This workflow creates PRs to update the vX.Y-dev branch with the latest changes from dev # # run this on push to dev on: push: branches: - dev jobs: sync-branches: runs-on: ubuntu-latest steps: - name: Generate access token id: generate-token uses: actions/create-github-app-token@v2 with: app-id: ${{ secrets.OAI_SPEC_PUBLISHER_APPID }} private-key: ${{ secrets.OAI_SPEC_PUBLISHER_PRIVATE_KEY }} - name: Checkout repository uses: actions/checkout@v5 with: fetch-depth: 0 - name: Create pull requests id: pull_requests shell: bash run: | DEV_BRANCHES=$(git branch -r --list origin/v?.?-dev) for DEV_BRANCH in $DEV_BRANCHES; do BASE=${DEV_BRANCH:7} EXISTS=$(gh pr list --base $BASE --head $HEAD \ --json number --jq '.[] | .number') if [ ! -z "$EXISTS" ]; then echo "PR #$EXISTS already wants to merge $HEAD into $BASE" continue fi PR=$(gh pr create --base $BASE --head $HEAD \ --label "Housekeeping" \ --title "$BASE: update from $HEAD" \ --body "Merge \`$HEAD\` into \`$BASE\`.") echo "" echo "PR to sync $DEV_BRANCH: $PR" sleep 10 # allow status checks to be triggered gh pr checks $PR --watch --required || continue gh pr merge $PR --merge --admin done env: GH_TOKEN: ${{ steps.generate-token.outputs.token }} HEAD: dev OpenAPI-Specification-3.2.0/.github/workflows/sync-main-to-dev.yaml000066400000000000000000000023231506330113000250700ustar00rootroot00000000000000name: sync-main-to-dev # author: @ralfhandl # # This workflow creates PRs to update the dev branch with the latest changes from main # # run this on push to main on: push: branches: - main jobs: sync-branch: runs-on: ubuntu-latest steps: - name: Generate access token id: generate-token uses: actions/create-github-app-token@v2 with: app-id: ${{ secrets.OAI_SPEC_PUBLISHER_APPID }} private-key: ${{ secrets.OAI_SPEC_PUBLISHER_PRIVATE_KEY }} - name: Checkout repository uses: actions/checkout@v5 - name: Create pull request id: pull_request shell: bash run: | EXISTS=$(gh pr list --base $BASE --head $HEAD \ --json number --jq '.[] | .number') if [ ! -z "$EXISTS" ]; then echo "PR #$EXISTS already wants to merge $HEAD into $BASE" exit 0 fi gh pr create --base $BASE --head $HEAD \ --label "Housekeeping" \ --title "$BASE: update from $HEAD" \ --body "Merge \`$HEAD\` into \`$BASE\`." env: GH_TOKEN: ${{ steps.generate-token.outputs.token }} HEAD: main BASE: dev OpenAPI-Specification-3.2.0/.github/workflows/validate-markdown.yaml000066400000000000000000000014521506330113000254110ustar00rootroot00000000000000name: validate-markdown # Author: @MikeRalphson # Issue: https://github.com/OAI/OpenAPI-Specification/issues/2130 # # This workflow validates markdown files in the project root. # It also validates the work-in-progress specification file src/oas.md with slightly different rules. # # run this on push to any branch and creation of pull-requests on: [push, pull_request] jobs: lint: runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 # checkout repo content with: fetch-depth: 0 - uses: actions/setup-node@v5 # setup Node.js with: node-version: '20.x' - name: Lint work-in-progress spec run: npx --yes markdownlint-cli2 --config spec.markdownlint.yaml src/oas.md - name: Lint other files run: npx --yes markdownlint-cli2 *.md OpenAPI-Specification-3.2.0/.gitignore000066400000000000000000000001741506330113000175070ustar00rootroot00000000000000.idea *.iml *.ipr *.iws target atlassian-ide-plugin.xml node_modules/ deploy/ deploy-preview/ coverage/ _site/ Gemfile.lock OpenAPI-Specification-3.2.0/.gitmodules000066400000000000000000000000001506330113000176600ustar00rootroot00000000000000OpenAPI-Specification-3.2.0/.markdownlint.yaml000066400000000000000000000010151506330113000211650ustar00rootroot00000000000000# First heading is a top-level heading MD002: true # Heading style (ATX is leading # symbols) MD003: style: atx # Unordered list symbol can be anything MD004: false # Unordered list indentation size MD007: indent: 2 # Allow additional blank lines MD012: false # Maximum line length MD013: line_length: 800 tables: false # Headings need blank lines before and after MD022: true # Duplicate headings are allowed MD024: false # Surround lists with blank lines MD032: true # Allow inline HTML MD033: false OpenAPI-Specification-3.2.0/CONTRIBUTING.md000066400000000000000000000653631506330113000177630ustar00rootroot00000000000000# Contribute to the OpenAPI Specification ## Key information This project is covered by our [Code of Conduct](https://github.com/OAI/OpenAPI-Specification?tab=coc-ov-file#readme). All participants are expected to read and follow this code. No changes, however trivial, are ever made to the contents of published specifications (the files in the `versions/` folder). Exceptions may be made when links to external URLs have been changed by a 3rd party, in order to keep our documents accurate. Published versions of the specification are in the `versions/` folder. The under-development versions of the specification are in the file `src/oas.md` on the appropriately-versioned branch. For example, work on the next release for 3.2 is on `v3.2-dev` in the file `src/oas.md`. The [spec site](https://spec.openapis.org) is the source of truth for the OpenAPI specification as it contains all the citations and author credits (the markdown in this repository was previously the authoritative version until 2024). The OpenAPI project is almost entirely staffed by volunteers. Please be patient with the people in this project, who all have other jobs and are active here because we believe this project has a positive impact in the world. ### Active branches The current active specification releases are: | Version | Branch | Notes | | ------- | ------ | ----- | | 3.1.2 | `v3.1-dev` | active patch release line | | 3.2.0 | `v3.2-dev` | minor release in development | | 4.0.0 | [OAI/sig-moonwalk](https://github.com/OAI/sig-moonwalk) | [discussions only](https://github.com/OAI/sig-moonwalk/discussions) | ## How to contribute We welcome new contributors to the project whether you have changes to suggest, problems to report, or some feedback for us. Please jump to the most relevant section from the list below: - Ask a question or offer feedback: use a [discussion](#discussions) - Suggest a change or report a problem: open an [issue](#issues) - Contribute a change to the repository: open a [pull request](#pull-requests) - Or just [get in touch](#get-in-touch) ## Discussions We use [discussions](https://github.com/OAI/OpenAPI-Specification/discussions?discussions_q=is%3Aopen) for anything that doesn't (yet) have a specific action associated with it. Most ideas start as discussions. Please do come and start a discussion to: - ask questions - make suggestions - give feedback Anyone can start a discussion and you're very welcome to do so! Write a message and pick a relevant discussion category. ### Discussion management Participation in discussions and especially answering of questions is encouraged (and appreciated) by everyone. Discussions are closed when: - the question has been answered. - no further action or conversation would be useful. - there has been no engagement for a while, or a previously popular thread has been inactive for an extended period. - activity is now taking place elsewhere, such as in an issue. - the discussion is out of scope for the project. ## Issues Issues are for planned tasks, problems to solve, or requests for (specific) changes. Most issues should have a clear outcome; something will be fixed, improved or otherwise measurably different when the issue is complete. We use [discussions](#discussions) for ideas and early-stage suggestions. > [!NOTE] > For larger or more extensive changes, we have a formal [proposal process](#propose-a-specification-change) to give more structure where it's needed. The best issues give a clear and concise explanation of the problem at hand, and ideally some examples of what the problem is. Suggested solutions are also welcome, but it is very important that the issue outlines the problem that is being solved as well as the solution. Some issues may be a backlog of a task that needs to be done; other issues might be automatically created as part of the project processes. ### Issue management We have some issue automation to close inactive issues and create/pin/archive the weekly meeting issues. More information is in the [Appendix: Issue automation](#appendix-issue-automation) section. Everyone is encouraged to open and comment on issues in the project. If you want to tag/assign/close something and you don't have enough permissions, add a comment and someone will help. Issues are managed by the [Triage](#triage), [Maintainers](#maintainers) and [TSC](#tsc) teams. They may move issues to other repositories within the project as needed. In order to keep the issues list manageable and realistic for a relatively small group of volunteers, issues are proactively closed when it's not clear that they can be completed. Issues may be closed when: - they have been inactive for a long time - they are out of scope or no further constructive action can be taken - they are complete (yay!) - they are unclear and more details are not forthcoming - as a group, there is agreement that no further action will be taken When issues are closed, a comment is added about why. Closing issues is a reversible action, and it is always acceptable to comment and explain (politely) why an issue should not have been closed. ### Labels We make extensive use of labels. The main categories are: - [Housekeeping](https://github.com/OAI/OpenAPI-Specification/labels/Housekeeping) for meetings, project logistics, etc. - [approved pr port](https://github.com/OAI/OpenAPI-Specification/labels/approved%20pr%20port) for pull requests that repeat a change from one version to another - most other tags are used to group similar or related issues into topic areas; this list is ever-changing Labels related to [issue automation](#appendix-issue-automation) - [Needs attention](https://github.com/OAI/OpenAPI-Specification/labels/Needs%20attention) automated tag when an issue is updated - [Needs author feedback](https://github.com/OAI/OpenAPI-Specification/labels/Needs%20author%20feedback) used to indicate that more information is needed from the issue creator - [No recent activity](https://github.com/OAI/OpenAPI-Specification/labels/No%20recent%20activity) if no information is received, the issue is marked for closure (automatic after 30 days) ### Milestones We use milestones in GitHub to plan what should be included in future releases. Issues and pull requests should both be added to the earliest milestone we expect they will be released in. Any changes that aren't ready in time for release should be moved to the next milestone or untagged. The milestones and items assigned to them are under constant review and subject to change. ### Projects The OpenAPI Initiative uses GitHub Projects to manage work _outside_ of the specification development process. There are currently two active projects: * [Contributor Guidance](https://github.com/orgs/OAI/projects/5/views/1) * [Automation & Infrastructure](https://github.com/orgs/OAI/projects/4/views/1) ## Pull requests > [!NOTE] > Since the 3.0.4 and 3.1.1 releases (October 2024), the OAS is developed in the `src/oas.md` file. > Check the [Appendix: Branch Strategy](#appendix-branch-strategy) for more information about the updated branching strategy. Changes to the next version of the specification are welcome and can be proposed by anyone. For large changes that will need discussion, please use the [Proposal process](#propose-a-specification-change). For other changes, we recommend [opening an issue](#issues) first, so that you can get some feedback and any extra input you need before spending a lot of time on something. Schema changes are made on the same branch, but can be released independently. When making a specification change for a new minor or major release that has a schema impact, including the schema change in the PR is preferred. Patch releases cannot contain changes that _require_ a schema update. ### Use a fork All work **MUST be done on a fork** and be submitted as a pull request. ### Target the earliest active `*-dev` branch Branch from and submit pull requests to the a branch from the _earliest relevant and [active](#active-branches)_ `vX.Y-dev` branch. For example, if a change applies to both 3.1 and 3.2, the PR would go to the `v3.1-dev` branch, which will be merged up to `v3.2-dev` before the next 3.2 release. All changes to the specification must conform to the [style guide](./style-guide.md). Both specification and schema changes follow this approach. For changes to repository files that affect all versions, use the `main` branch. This might apply to, for example, Markdown files, automation, and scripts. For all pull requests, if they should not be merged yet for any reason (they depend on something else, you would like feedback from a specific reviewer), mark them as draft and they will not be merged while in that state. Draft pull requests can still be reviewed while in draft state. ### Preview specification HTML locally > [!NOTE] > `npm run build-src` calls bash scripts. Use [Git Bash](https://gitforwindows.org/) on Windows, or use the Windows Subsystem for Linux (WSL). The markdown source files are converted to HTML before publishing. To do this locally, please 1. Install [Node.js](https://nodejs.org/) 2. Check out this repo, go to the repo root, and switch to a development branch 3. Execute `npm install` (once, repeat after merging upstream changes) 4. Execute `npm run build-src` after changing `src/oas.md` (this first executes `npm run validate-markdown`, which can also be run separately) 5. Open output file `deploy-preview/oas.html` with a browser and check your changes Please make sure the markdown validates and builds using the above steps before creating a pull request or marking a draft pull request as ready for review. ## Reviewers > [!NOTE] > See also the detailed team outlines in the [roles section](#roles). All pull requests must be reviewed and approved by one member of the TSC or Maintainers teams. Reviews from other contributors are always welcome. Additionally, all pull requests that change the specification file `src/oas.md` must be approved by two TSC members. Reviews requesting changes should have their changes addressed regardless of how many other approvers there are. ## Publishing ### Specification Versions The specification versions are published to the [spec site](https://spec.openapis.org) by creating an `vX.Y.Z-rel` branch where `src/oas.md` is renamed to the appropriate `versions/X.Y.Z.md` file and then merged to `main`. This renaming on the `vX.Y.Z-rel` branch preserves the commit history for the published file on `main` when using `git log --follow` (as is the case for all older published files). The steps for creating a `vX.Y.Z-rel` branch are: 1. Update `EDITORS.md` on `main` 2. Merge `main` into `dev` and `dev` into `vX.Y-dev` via PRs - sync PRs are automatically created by workflows `sync-main-to-dev` and `sync-dev-to-vX.Y-dev` 3. Prepare spec files in `vX.Y-dev` - `npm run format-markdown` - `npm run build-src` - open `deploy-preview/oas.html` in browser and verify correct formatting - adjust and repeat until done - merge changes to `src/oas.md` back into `vX.Y-dev` via PR 4. Create `vX.Y.Z-rel` from `vX.Y-dev` and adjust it - the bash script `scripts/adjust-release-branch.sh` does this: - move file `src/oas.md` to `versions/X.Y.Z.md` - copy file `EDITORS.md` to `versions/X.Y.Z-editors.md` - delete folder `src/schemas` - delete version-specific files and folders from `tests/schema` - file `schema.test.mjs` - folders `pass` and `fail` 5. Merge `vX.Y.Z-rel` into `main` via PR - this PR should only add files `versions/X.Y.Z.md` and `versions/X.Y.Z-editors.md` The HTML renderings of the specification versions are generated from the `versions` directory on `main` by manually triggering the [`respec` workflow](https://github.com/OAI/OpenAPI-Specification/blob/main/.github/workflows/respec.yaml), which generates a pull request for publishing the HTML renderings to the [spec site](https://spec.openapis.org). ### Schema Iterations The schema iterations are published independently from the specification releases [in the schema section on the spec site](https://spec.openapis.org/#openapi-specification-schemas). Schemas are updated in and directly published from the `vX.Y-dev` branches. As part of the publishing process, the YAML source files are converted to JSON, renamed to the relevant last-changed dates, and `WORK-IN-PROGRESS` placeholders are replaced with these dates as appropriate. This is usually done by the `schema-publish` workflow which detects changes on each `vX.Y-dev` branch, which generates a pull request for publishing the new schema iterations to the [spec site](https://spec.openapis.org). The workflow can also be run manually if required. ## Release Process and Scope This section relates to the 3.x versions only. ### Minor Releases Our roadmap for 3.x releases is community-driven, meaning the specification is open for proposed additions by anyone (see [Propose a Specification Change](#propose-a-specification-change)), in addition to the issues already on the project backlog. Changes in minor releases (such as 3.2, 3.3) meet the following criteria: * Are **backwards-compatible** and be reasonably easy to implement in tooling that already supports the previous minor version. For example, new optional fields can be added. * Drive quality-of-life improvements to support how OpenAPI is used by practitioners, so that OpenAPI evolves to continue to meet user needs. For example, adding fields to support changes in other standards, or adopting common `x-*` extension fields into the specification. * Bring the future closer by making changes that are in line with future 3.x releases and the planned OpenAPI 4.x (Moonwalk) specification as the details of that become available. * Make the specification document clearer or easier to understand. A minor release is due when there are some meaningful features (including one or a small number of headline features). ### Patch Releases Patch releases reflect a constant quest for improving the active minor versions of OpenAPI. Since we do not edit specification documents after publication, even the smallest change has to be in a new release. Changes in patch releases meet the following criteria: * Editorial changes such as spelling or formatting fixes, including link updates. * Clarifications or additions that do not change the meaning of the specification. Patch releases are created as often as there are changes to the specification worth releasing. ### Release Process A release requires a vote on the specification at a particular version and the associated release notes by TSC members within the voting period. Major or minor release voting periods will be announced in the Slack channel and noted on the calendar at least 6 days in advance. During this time, TSC members who have not yet voted must note their approval by leaving a comment on the GitHub pull request proposing the release; release notes should be included with the description. TSC members are responsible for coordinating the information about the release to the outreach team as appropriate. * Patch-level releases require majority approval by TSC members. (Max voting period 3 days) * Minor: requires approval by 66% of TSC members. (Max voting period 7 days) * Major: requires approval by 66% of TSC members. (Max voting period 14 days) During the voting period, further changes should not be made to the specification being considered. Once the threshold of approvals is met, the release can be performed by any TSC member. ## Propose a Specification Change As an organisation, we're open to changes, and these can be proposed by anyone. The specification is very widely adopted, and there is an appropriately high bar for wide appeal and due scrutiny as a result. We do not accept changes lightly (but we will consider any that we can). Small changes are welcome as pull requests. Bigger changes require a more formal process. 1. Start a [discussion](https://github.com/OAI/OpenAPI-Specification/discussions) of type "Enhancements". The discussion entry must include some use cases, your proposed solution and the alternatives you have considered. If there is engagement and support for the proposal over time, then it can be considered as a candidate to move to the next stage. 2. It really helps to see the proposed change in action. Start using it as a `x-*` extension if that's appropriate, or try to bring other evidence of your proposed solution being adopted. 3. If you are adding support for something from another specification (such as OAuth), please point to implementations of that specification so that we can understand how, and to what degree, it is being used. 4. If the suggested change has good support, you will be asked to create a formal proposal. Use the [template in the proposals directory](https://github.com/OAI/OpenAPI-Specification/tree/main/proposals), copy it to a new file, and complete it. Once you the document is ready, open a pull request on the main branch. 5. The proposal will be more closely reviewed and commented on or amended until it is either rejected or accepted. At that point, the proposal is merged into the `main` branch and a pull request is opened to add the feature to the appropriate `dev` version of the specification. Questions are welcome on the process at any time. Use the discussions feature or find us in Slack. ## Roles The OpenAPI project has some key roles that are played by multiple people. ### TSC The Technical Steering Committee are listed in the [MAINTAINERS file](./MAINTAINERS.md). They are the maintainers of the OpenAPI Specification itself and every other aspect of the project operation and direction. TSC members can review changes to all parts of the repository and make decisions about the project. ### Maintainers The maintainers have write access to the repository and play a key role in the project. They review pull requests to non-specification parts of the repository, and take on other strategic tasks around project planning and maintenance. ### Triage The triage team are active OpenAPI members who help with discussion and issue management. They respond to new issues and discussions, direct people to our existing resources or raise conversations to a wider audience. The triage team keeps an eye on the backlog and closes issues and discussions that are no longer active or needed. ## Get in touch To get in touch with other people on the project, ask questions, or anything else: - Find us [on the OpenAPI Slack](https://communityinviter.com/apps/open-api/openapi). - Start a [GitHub Discussion](https://github.com/OAI/OpenAPI-Specification/discussions/). - Join one of our weekly meetings by checking the [issues list for an upcoming meetings](https://github.com/OAI/OpenAPI-Specification/issues?q=is%3Aissue%20state%3Aopen%20label%3AHousekeeping). ## Appendix: Branch strategy For information on the branch and release strategy for OAS 3.0.4 and 3.1.1 and earlier, see the comments in [issue #3677](https://github.com/OAI/OpenAPI-Specification/issues/3677). ### Branch roles * `main` is used to publish finished work and hold the authoritative versions of general documentation such as this document, which can be merged out to other branches as needed. The `src` tree is _**not**_ present on `main`. * `dev` is the primary branch for working with the `src` tree. Development infrastructure that is not needed on `main` is maintained here, and can be merged out to other non-`main` branches as needed. Changes on `main` are automatically included in a pull request to `dev` (see the (section on [branch sync](#branch-sync-automation)). * `vX.Y-dev` is the minor release line development branch for X.Y, including both the initial X.Y.0 minor version and all subsequent X.Y.Z patch versions. All PRs are made to oldest active `vX.Y-dev` branch to which the change is relevant, and then merged forward as shown in the diagram further down in this document. * `vX.Y.Z-rel` is the release branch for an X.Y.Z release (including when Z == 0). It exists primarily for `git mv`-ing `src/oas.md` to the appropriate `versions/X.Y.Z.md` location and removing schema-related files before merging back to `main`, and can also be used for any emergency post-release fixes that come up, such as when a 3rd party changes URLs in a way that breaks published links. ### Branching and merging (3.1.2, 3.2.0, and later) Upon release: * Pre-release steps: * The most recent _published_ patch release from the previous line is merged up to `vX.Y-dev`, if relevant * If doing simultaneous releases on multiple lines, do them from the oldest to newest line * For example, if releasing 3.1.3 and 3.2.0: * release 3.1.3 first * release 3.2.0 second * Release branching and merging: * branch `vX.Y.Z-rel` from `vX.Y-dev` (same commit that was merged to `dev` if relevant) * After renaming `src/oas.md` to `versions/X.Y.Z.md` and [other adjustments](#specification-versions), merge `vX.Y.Z-rel` to `main` * Publishing to the [spec site](https://spec.openapis.org) is triggered by the merge to `main` * Post-release steps: * If this was a major or minor release (Z == 0), branch `vX.Y+1-dev` from `vX.Y-dev` _Release lines are grouped by color, although the colors of `dev` and `main` are not significant as these diagrams are limited to only 8 colors._ ```mermaid --- config: themeVariables: git0: "#5588bb" git1: "#cc8899" git2: "#eedd88" git3: "#ccbb66" git4: "#aa9944" git5: "#887722" git6: "#99ccff" git7: "#77aadd" gitBranchLabel1: "#000000" gitBranchLabel2: "#000000" gitBranchLabel3: "#000000" gitBranchLabel4: "#000000" gitBranchLabel5: "#ffffff" gitBranchLabel6: "#000000" gitBranchLabel7: "#000000" --- gitGraph TB: commit id:"merge 3.1.1.md to main" tag:"3.1.1" branch dev order:1 commit id:"rename 3.1.1.md to src/oas.md" branch v3.1-dev order:2 commit id:"update version in src/oas.md to 3.1.2" checkout dev branch v3.2-dev order:6 commit id:"update version in src/oas.md to 3.2.0" commit id:"some 3.2.0 work" checkout v3.1-dev commit id:"a 3.1.x fix" checkout v3.2-dev merge v3.1-dev id:"merge 3.1.2 fixes" checkout v3.1-dev branch v3.1.2-rel order:3 commit id:"rename src/oas.md to versions/3.1.2.md" checkout main merge v3.1.2-rel tag:"3.1.2" checkout dev merge main id:"auto-sync from main" checkout v3.1-dev merge dev id:"auto-sync from dev" checkout v3.2-dev merge dev id:"auto-sync from dev " commit id:"more 3.2.0 work" checkout v3.1-dev commit id:"update version in src/oas.md to 3.1.3" commit id:"another 3.1.x fix" checkout v3.2-dev commit id:"still more 3.2.0 work" merge v3.1-dev id:"merge 3.1.3 fixes before releasing" checkout v3.1-dev branch v3.1.3-rel order:4 commit id:"rename src/oas.md to versions/3.1.3.md" checkout v3.2-dev branch v3.2.0-rel order:7 commit id:"rename src/oas.md to versions/3.2.0.md" checkout main merge v3.1.3-rel tag:"3.1.3" checkout dev merge main id:" auto-sync from main" checkout v3.1-dev merge dev id:" auto-sync from dev" checkout v3.2-dev merge dev id:" auto-sync from dev " checkout main merge v3.2.0-rel tag:"3.2.0" checkout dev merge main id:" auto-sync from main" checkout v3.1-dev merge dev id:" auto-sync from dev" checkout v3.2-dev merge dev id:" auto-sync from dev " checkout v3.2-dev branch v3.3-dev order:9 checkout v3.1-dev commit id:"update version in src/oas.md to 3.1.4" checkout v3.2-dev commit id:"update version in src/oas.md to 3.2.1" checkout v3.3-dev commit id:"update version in src/oas.md to 3.3.0" checkout v3.1-dev commit id:"a 3.1.4 fix" checkout v3.2-dev commit id:"a 3.2.1 fix" merge v3.1-dev id:"merge 3.1.4 fixes before releasing" checkout v3.3-dev merge v3.2-dev id:"merge 3.1.4 / 3.2.1 fixes" checkout v3.1-dev branch v3.1.4-rel order:5 commit id:"rename src/oas.md to versions/3.1.4.md" checkout v3.2-dev branch v3.2.1-rel order:8 commit id:"rename src/oas.md to versions/3.2.1.md" checkout main merge v3.1.4-rel tag:"3.1.4" checkout dev merge main id:" auto-sync from main" checkout v3.1-dev merge dev id:" auto-sync from dev" checkout v3.2-dev merge dev id:" auto-sync from dev " checkout v3.3-dev merge dev id:" auto-sync from dev " checkout main merge v3.2.1-rel tag:"3.2.1" checkout dev merge main id:" auto-sync from main" checkout v3.1-dev merge dev id:" auto-sync from dev" checkout v3.2-dev merge dev id:" auto-sync from dev " checkout v3.3-dev merge dev id:" auto-sync from dev " checkout v3.2-dev commit id:"update version in src/oas.md to 3.2.2" checkout v3.3-dev commit id:"3.3 work" ``` ### Branch sync automation To keep changes in sync, we have some GitHub actions that open pull requests to take changes from `main` onto the `dev` branch, and from `dev` to each active version branch. - `sync-main-to-dev` opens a pull request with all the changes from the `main` branch that aren't yet included on `dev`. - `sync-dev-to-vX.Y-dev` opens pull requests with all the changes from `dev` that aren't yet included on the corresponding `vX.Y-dev` branch. These need a single approval from either maintainers or TSC and can be merged. The aim is to bring build script and repository documentation changes to the other branches. Published versions of the specifications and schemas will also move across branches with this approach. ## Appendix: Issue Automation ### Automated closure of issues Process In an effort to keep the list of issues up to date and easier to navigate through, issues get closed automatically when they become inactive. This process makes use of the following labels: * `Needs author feedback`: the issue has been replied to by the triage team and is awaiting a follow up from the issue's author. This label needs to be added manually by people doing triage/experts whenever they reply. It's removed automatically by the workflow. * `No recent activity`: the issue hasn't received a reply from its author within the last 10 days since `Needs author feedback` was added and will be closed within 28 days if the author doesn't follow up. This label is added/removed automatically by the workflow. * `Needs attention`: The issue's author has replied since the `Needs author feedback` label was set and the triage team will reply as soon as possible. This label needs to be removed manually by people doing triage/experts whenever they reply. It's added automatically by the workflow. ### Automated TDC agenda issues Process An issue is opened every week, 7 days in advance, for the Technical Developer Community (TDC), it provides the information to connect the meeting, and serves as a placeholder to build the agenda for the meeting. Anyone is welcome to attend the meeting, or to add items to the agenda as long as they plan on attending to present the item. These issues are also automatically pinned for visibility and labeled with "Housekeeping". Ten (10) days after the meeting date is passed (date in the title of the issue), it gets closed and unpinned automatically. OpenAPI-Specification-3.2.0/EDITORS.md000066400000000000000000000016401506330113000171510ustar00rootroot00000000000000# OpenAPI Specification Editors ## Active * Henry Andrews [@handrews](https://github.com/handrews) * Jeremy Whitlock [@whitlockjc](https://github.com/whitlockjc) * Karen Etheridge [@karenetheridge](https://github.com/karenetheridge) * Lorna Mitchell [@lornajane](https://github.com/lornajane) * Marsh Gardiner [@earth2marsh](https://github.com/earth2marsh) * Miguel Quintero [@miqui](https://github.com/miqui) * Mike Kistler [@mikekistler](https://github.com/mikekistler) * Ralf Handl [@ralfhandl](https://github.com/ralfhandl) * Vincent Biret [@baywet](https://github.com/baywet) ## Emeritus * Ron Ratovsky [@webron](https://github.com/webron) * Darrel Miller [@darrelmiller](https://github.com/darrelmiller) * Mike Ralphson [@MikeRalphson](https://github.com/MikeRalphson) * Uri Sarid [@usarid](https://github.com/usarid) * Jason Harmon [@jharmn](https://github.com/jharmn) * Tony Tam [@fehguy](https://github.com/fehguy) OpenAPI-Specification-3.2.0/GOVERNANCE.md000066400000000000000000000070171506330113000174730ustar00rootroot00000000000000# Governance The OpenAPI Specification is a project of the OpenAPI Initiative (OAI), under the auspices of the Linux Foundation. For governance of the OAI, review the [OAI's charter](https://www.openapis.org/participate/how-to-contribute/governance). ## Processes and procedures of the Technical Steering Committee (TSC) The TSC is a self-organizing sub-group of the OAI. Herein are its principles and guidelines. ### 1. The establishment of roles and the responsibilities for each role Roles: * [Liaison](https://www.merriam-webster.com/dictionary/liaison) — Elected by TSC members in a plurality vote (oral count). Liaison represents the TSC to the OAI's Business Governing Board (BGB) at board meetings (though this itself does not confer voting rights) and is the public facing mouthpiece of the TSC. * [Maintainer](https://www.merriam-webster.com/dictionary/maintainer) — all and only members of the TSC are maintainers, and are responsible for approving proposed changes to the specification. If membership drops below 3, work is suspended until the BGB can re-establish the minimum. To maintain agility, the TSC should be capped at a maximum 9 members, though that number can be reconsidered by the TSC in the future. Past members will be noted as emeritus status once they are no longer members. * [Community Manager](https://en.wikipedia.org/wiki/Online_community_manager) — responsible for onboarding of new contributors, dealing with antisocial behaviour before it becomes a code of conduct violation, and managing the issue triage team. * [Rick](https://www.youtube.com/watch?v=dQw4w9WgXcQ) — Responsible for not giving up or letting down. Requires plurality vote of TSC members. ### 2. Adding members to the TSC A call-for-nominations period may be agreed upon by the TSC voting members and announced in a timely manner on a weekly TDC call (and documented on the agenda issue), assuming the TSC membership is not already at its maximum. A candidate may be nominated through a motion by a voting TSC member in a closed TSC meeting. A nominee must not receive opposition votes of more than 25% of the TSC voting membership via a confidential vote held electronically within a week following the nomination meeting. Approved nominees become provisional members and are expected to comport themselves as full members of the TSC during the provisional period of 6 months. The provisional period is concluded by a second, confidential vote similar to the nomination period's vote, after which newly confirmed members gain their voting rights. At most there are four voting periods per year (no more than one every three months), with a minimum of one per year. ### 3. Removal of membership from the TSC Occasionally it may be necessary to remove a TSC member, such as behavior that violates the code of conduct or prolonged absenteeism. A 66% vote (confidential, electronic) of the other TSC members is required to remove a member. Otherwise, TSC members are removed when they renounce their position by informing the TSC of their effective resignation date via email. ### 4. Criteria for decisions The group will strive to achieve all decisions via unopposed consensus. When not possible, unresolved conflicts will be raised to the OAI's Technical Oversight Board (TOB). The TSC will maintain a publicly available document specifying the process in the contributor guidelines for how proposed changes are merged into the specification. The TSC will document and publicize the schedule of merge parties and release parties for the benefit of the developer community. OpenAPI-Specification-3.2.0/IMPLEMENTATIONS.md000066400000000000000000000004771506330113000203170ustar00rootroot00000000000000# Implementations The list of implementations formerly in this file is no-longer maintained here. You may find a more comprehensive list at Instructions on listing your projects are contained in These tools are not endorsed by the OAI. OpenAPI-Specification-3.2.0/LICENSE000066400000000000000000000261211506330113000165240ustar00rootroot00000000000000 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "{}" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright The Linux Foundation Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. OpenAPI-Specification-3.2.0/MAINTAINERS.md000066400000000000000000000014051506330113000176110ustar00rootroot00000000000000# OpenAPI Initiative Technical Steering Committee Members ## Active * Jeremy Whitlock [@whitlockjc](https://github.com/whitlockjc) * Marsh Gardiner [@earth2marsh](https://github.com/earth2marsh) * Lorna Mitchell [@lornajane](https://github.com/lornajane) * Mike Kistler [@mikekistler](https://github.com/mikekistler) * Miguel Quintero [@miqui](https://github.com/miqui) * Ralf Handl [@ralfhandl](https://github.com/ralfhandl) ## Emeritus * Ron Ratovsky [@webron](https://github.com/webron) * Darrel Miller [@darrelmiller](https://github.com/darrelmiller) * Mike Ralphson [@MikeRalphson](https://github.com/MikeRalphson) * Uri Sarid [@usarid](https://github.com/usarid) * Jason Harmon [@jharmn](https://github.com/jharmn) * Tony Tam [@fehguy](https://github.com/fehguy) OpenAPI-Specification-3.2.0/README.md000066400000000000000000000126231506330113000170000ustar00rootroot00000000000000# The OpenAPI Specification ![Build Status](https://github.com/OAI/OpenAPI-Specification/workflows/validate-markdown/badge.svg) [![Issue triagers](https://www.codetriage.com/oai/openapi-specification/badges/users.svg)](https://www.codetriage.com/oai/openapi-specification) ![OpenAPI logo](https://avatars3.githubusercontent.com/u/16343502?v=3&s=200) The OpenAPI Specification is a community-driven open specification within the [OpenAPI Initiative](https://www.openapis.org/), a Linux Foundation Collaborative Project. The OpenAPI Specification (OAS) defines a standard, programming language-agnostic interface description for HTTP APIs. This allows both humans and computers to discover and understand the capabilities of a service without requiring access to source code, additional documentation, or inspection of network traffic. When properly defined via OpenAPI, a consumer can understand and interact with the remote service with a minimal amount of implementation logic. Similar to what interface descriptions have done for lower-level programming, the OpenAPI Specification removes guesswork in calling a service. Use cases for machine-readable API definition documents include, but are not limited to: interactive documentation; code generation for documentation, clients, and servers; and automation of test cases. OpenAPI documents describe API services and are represented in YAML or JSON formats. These documents may be produced and served statically or generated dynamically from an application. The OpenAPI Specification does not require rewriting existing APIs. It does not require binding any software to a service – the described service may not even be owned by the creator of its description. It does, however, require that the service's capabilities be described in the structure of the OpenAPI Specification. Not all services can be described by OpenAPI – this specification is not intended to cover every possible style of HTTP APIs, but does include support for [REST APIs](https://en.wikipedia.org/wiki/Representational_state_transfer). The OpenAPI Specification does not mandate a specific development process such as design-first or code-first. It does facilitate either technique by establishing clear interactions with an HTTP API. This GitHub project is the starting point for OpenAPI. Here you will find the information you need about the OpenAPI Specification, simple examples of what it looks like, and some general information regarding the project. ## Versions This repository contains [the Markdown sources](versions) for [all published OpenAPI Specification versions](https://spec.openapis.org/). For release notes and release candidate versions, refer to the [releases page](https://github.com/OAI/OpenAPI-Specification/releases). ## See It in Action If you just want to see it work, check out the [list of current examples](https://learn.openapis.org/examples/). ## Tools and Libraries Looking to see how you can create your own OpenAPI definition, present it, or otherwise use it? Check out the growing [list of implementations](IMPLEMENTATIONS.md). ## Participation The current process for developing the OpenAPI Specification is described in the [Contributing Guidelines](CONTRIBUTING.md). Developing the next version of the OpenAPI Specification is guided by the [Technical Steering Committee (TSC)](https://www.openapis.org/participate/how-to-contribute/governance#TDC). This group of committers bring their API expertise, incorporate feedback from the community, and expand the group of committers as appropriate. All development activity on the future specification will be performed as features and merged into this branch. Upon release of the future specification, this branch will be merged to `main`. The TSC holds weekly web conferences to review open pull requests and discuss open issues related to the evolving OpenAPI Specification. Participation in weekly calls and scheduled working sessions is open to the community. You can view the entire OpenAPI [technical meeting calendar](https://calendar.google.com/calendar/u/0/embed?src=c_fue82vsncog6ahhjvuokjo8qsk@group.calendar.google.com) online. The OpenAPI Initiative encourages participation from individuals and companies alike. If you want to participate in the evolution of the OpenAPI Specification, consider taking the following actions: * Review the specification [markdown sources](versions) and [authoritative _source-of-truth_ HTML renderings](https://spec.openapis.org/), including full credits and citations. * Review the [contributing](CONTRIBUTING.md) process so you understand how the spec is evolving. * Check the [discussions](https://github.com/OAI/OpenAPI-Specification/discussions), [issues](https://github.com/OAI/OpenAPI-Specification/issues) and [pull requests](https://github.com/OAI/OpenAPI-Specification/pulls) to see if someone has already documented your idea or feedback on the specification. You can follow an existing conversation by subscribing to the existing issue or PR. * Subscribe to an open issue a day (or a week) in your inbox via [CodeTriage.com](https://www.codetriage.com/oai/openapi-specification). * Create a discussion to describe a new concern, ideally with clear explanations of related use cases. Not all feedback can be accommodated, and there may be solid arguments for or against a change being appropriate for the specification. ## Licensing See: [License (Apache-2.0)](https://github.com/OAI/OpenAPI-Specification/blob/main/LICENSE) OpenAPI-Specification-3.2.0/SECURITY_CONSIDERATIONS.md000066400000000000000000000037621506330113000215220ustar00rootroot00000000000000# Security Considerations ## OpenAPI Document Formats OpenAPI documents use JSON, YAML, and JSON Schema, and therefore share their security considerations: - [JSON](https://www.iana.org/assignments/media-types/application/json) - [YAML](https://www.iana.org/assignments/media-types/application/yaml) - [JSON Schema Core](https://json-schema.org/draft/2020-12/json-schema-core#section-13) - [JSON Schema Validation](https://json-schema.org/draft/2020-12/json-schema-validation#name-security-considerations) ## Tooling and Usage Scenarios In addition, OpenAPI documents are processed by a wide variety of tooling for numerous different purposes, such as client code generation, documentation generation, server side routing, and API testing. OpenAPI document authors must consider the risks of the scenarios where the OpenAPI document may be used. ## Security Schemes An OpenAPI document describes the security schemes used to protect the resources it defines. The security schemes available offer varying degrees of protection. Factors such as the sensitivity of the data and the potential impact of a security breach should guide the selection of security schemes for the API resources. Some security schemes, such as basic auth and OAuth Implicit flow, are supported for compatibility with existing APIs. However, their inclusion in OpenAPI does not constitute an endorsement of their use, particularly for highly sensitive data or operations. ## Handling External Resources OpenAPI documents may contain references to external resources that may be dereferenced automatically by consuming tools. External resources may be hosted on different domains that may be untrusted. References in an OpenAPI document, or across OpenAPI documents may cause a cycle. Tooling must detect and handle cycles to prevent resource exhaustion. ## Markdown and HTML Sanitization Certain properties allow the use of Markdown which can contain HTML including script. It is the responsibility of tooling to appropriately sanitize the Markdown. OpenAPI-Specification-3.2.0/SPECIAL_INTEREST_GROUPS.md000066400000000000000000000011301506330113000215260ustar00rootroot00000000000000# OpenAPI Special Interest Groups (SIGs) OpenAPI Special Interest Groups, or "SIGs", are the OpenAPI Initiative's way of focusing work in particular areas. SIGs may start with just a Slack channel to gauge interest. SIGs with enough traction to produce work may have their own GitHub repositories and regular Zoom calls, and ultimately produce work that becomes part of, or a companion to, the OpenAPI Specification. See the [OAS community repository](https://github.com/OAI/community/blob/main/SPECIAL_INTEREST_GROUPS.md) for a complete list of SIGs, and for more information about forming a SIG. OpenAPI-Specification-3.2.0/TOB.md000066400000000000000000000010211506330113000164550ustar00rootroot00000000000000# Technical Oversight Board ("TOB") ## Description > The TOB is responsible for managing conflicts, violations of procedures or guidelines or other issues that cannot be resolved in the TSC for the OAS. For further details please consult the OpenAPI Project Charter. ## TSC Elected - terms through May 2023 Isabelle Mauny @isamauny Uri Sarid @usarid Marsh Gardiner @earth2marsh Ron Ratovsky @webron ## BGB Elected - terms through May 2022 Darrel Miller @darrelmiller Jerome Louvel @jlouvel Jeremy Whitlock @whitlockjc OpenAPI-Specification-3.2.0/_archive_/000077500000000000000000000000001506330113000174345ustar00rootroot00000000000000OpenAPI-Specification-3.2.0/_archive_/README.md000066400000000000000000000001161506330113000207110ustar00rootroot00000000000000# Archive This folder contains files that are no longer actively maintained. OpenAPI-Specification-3.2.0/_archive_/schemas/000077500000000000000000000000001506330113000210575ustar00rootroot00000000000000OpenAPI-Specification-3.2.0/_archive_/schemas/README.md000066400000000000000000000007021506330113000223350ustar00rootroot00000000000000# Archive of outdated JSON Schema Files > [!TIP] > JSON Schema files for validating OpenAPI descriptions using current OpenAPI versions are available on https://spec.openapis.org/#openapi-specification-schemas. > > These schema files are maintained in the `src/schemas` folder of the corresponding `vX.Y-dev` branch in this repository. > [!CAUTION] > Schema files in this folder are not maintained any more and are not intended for productive use. OpenAPI-Specification-3.2.0/_archive_/schemas/v1.2/000077500000000000000000000000001506330113000215455ustar00rootroot00000000000000OpenAPI-Specification-3.2.0/_archive_/schemas/v1.2/README.md000066400000000000000000000005051506330113000230240ustar00rootroot00000000000000# Swagger Specification JSON Schemas The work on the JSON Schema for the Swagger Specification was donated to the community by [Francis Galiegue](https://github.com/fge)! Keep in mind that due to some JSON Schema limitations, not all constraints can be described. The missing constraints will be listed here in the future. OpenAPI-Specification-3.2.0/_archive_/schemas/v1.2/apiDeclaration.json000066400000000000000000000036161506330113000253650ustar00rootroot00000000000000{ "id": "https://raw.githubusercontent.com/OAI/OpenAPI-Specification/master/schemas/v1.2/apiDeclaration.json#", "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "required": [ "swaggerVersion", "basePath", "apis" ], "properties": { "swaggerVersion": { "enum": [ "1.2" ] }, "apiVersion": { "type": "string" }, "basePath": { "type": "string", "format": "uri", "pattern": "^https?://" }, "resourcePath": { "type": "string", "format": "uri", "pattern": "^/" }, "apis": { "type": "array", "items": { "$ref": "#/definitions/apiObject" } }, "models": { "type": "object", "additionalProperties": { "$ref": "modelsObject.json#" } }, "produces": { "$ref": "#/definitions/mimeTypeArray" }, "consumes": { "$ref": "#/definitions/mimeTypeArray" }, "authorizations": { "$ref": "authorizationObject.json#" } }, "additionalProperties": false, "definitions": { "apiObject": { "type": "object", "required": [ "path", "operations" ], "properties": { "path": { "type": "string", "format": "uri-template", "pattern": "^/" }, "description": { "type": "string" }, "operations": { "type": "array", "items": { "$ref": "operationObject.json#" } } }, "additionalProperties": false }, "mimeTypeArray": { "type": "array", "items": { "type": "string", "format": "mime-type" }, "uniqueItems": true } } } OpenAPI-Specification-3.2.0/_archive_/schemas/v1.2/authorizationObject.json000066400000000000000000000034311506330113000264700ustar00rootroot00000000000000{ "id": "https://raw.githubusercontent.com/OAI/OpenAPI-Specification/master/schemas/v1.2/authorizationObject.json#", "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "additionalProperties": { "oneOf": [ { "$ref": "#/definitions/basicAuth" }, { "$ref": "#/definitions/apiKey" }, { "$ref": "#/definitions/oauth2" } ] }, "definitions": { "basicAuth": { "required": [ "type" ], "properties": { "type": { "enum": [ "basicAuth" ] } }, "additionalProperties": false }, "apiKey": { "required": [ "type", "passAs", "keyname" ], "properties": { "type": { "enum": [ "apiKey" ] }, "passAs": { "enum": [ "header", "query" ] }, "keyname": { "type": "string" } }, "additionalProperties": false }, "oauth2": { "type": "object", "required": [ "type", "grantTypes" ], "properties": { "type": { "enum": [ "oauth2" ] }, "scopes": { "type": "array", "items": { "$ref": "#/definitions/oauth2Scope" } }, "grantTypes": { "$ref": "oauth2GrantType.json#" } }, "additionalProperties": false }, "oauth2Scope": { "type": "object", "required": [ "scope" ], "properties": { "scope": { "type": "string" }, "description": { "type": "string" } }, "additionalProperties": false } } } OpenAPI-Specification-3.2.0/_archive_/schemas/v1.2/dataType.json000066400000000000000000000107101506330113000242120ustar00rootroot00000000000000{ "id": "https://raw.githubusercontent.com/OAI/OpenAPI-Specification/master/schemas/v1.2/dataType.json#", "$schema": "http://json-schema.org/draft-04/schema#", "description": "Data type as described by the specification (version 1.2)", "type": "object", "oneOf": [ { "$ref": "#/definitions/refType" }, { "$ref": "#/definitions/voidType" }, { "$ref": "#/definitions/primitiveType" }, { "$ref": "#/definitions/modelType" }, { "$ref": "#/definitions/arrayType" } ], "definitions": { "refType": { "required": [ "$ref" ], "properties": { "$ref": { "type": "string" } }, "additionalProperties": false }, "voidType": { "enum": [ { "type": "void" } ] }, "modelType": { "required": [ "type" ], "properties": { "type": { "type": "string", "not": { "enum": [ "boolean", "integer", "number", "string", "array" ] } } }, "additionalProperties": false }, "primitiveType": { "required": [ "type" ], "properties": { "type": { "enum": [ "boolean", "integer", "number", "string" ] }, "format": { "type": "string" }, "defaultValue": { "not": { "type": [ "array", "object", "null" ] } }, "enum": { "type": "array", "items": { "type": "string" }, "minItems": 1, "uniqueItems": true }, "minimum": { "type": "string" }, "maximum": { "type": "string" } }, "additionalProperties": false, "dependencies": { "format": { "oneOf": [ { "properties": { "type": { "enum": [ "integer" ] }, "format": { "enum": [ "int32", "int64" ] } } }, { "properties": { "type": { "enum": [ "number" ] }, "format": { "enum": [ "float", "double" ] } } }, { "properties": { "type": { "enum": [ "string" ] }, "format": { "enum": [ "byte", "date", "date-time" ] } } } ] }, "enum": { "properties": { "type": { "enum": [ "string" ] } } }, "minimum": { "properties": { "type": { "enum": [ "integer", "number" ] } } }, "maximum": { "properties": { "type": { "enum": [ "integer", "number" ] } } } } }, "arrayType": { "required": [ "type", "items" ], "properties": { "type": { "enum": [ "array" ] }, "items": { "type": "array", "items": { "$ref": "#/definitions/itemsObject" } }, "uniqueItems": { "type": "boolean" } }, "additionalProperties": false }, "itemsObject": { "oneOf": [ { "$ref": "#/definitions/refType" }, { "allOf": [ { "$ref": "#/definitions/primitiveType" }, { "properties": { "type": {}, "format": {} }, "additionalProperties": false } ] } ] } } }OpenAPI-Specification-3.2.0/_archive_/schemas/v1.2/dataTypeBase.json000066400000000000000000000050321506330113000250060ustar00rootroot00000000000000{ "id": "https://raw.githubusercontent.com/OAI/OpenAPI-Specification/master/schemas/v1.2/dataTypeBase.json#", "$schema": "http://json-schema.org/draft-04/schema#", "description": "Data type fields (section 4.3.3)", "type": "object", "oneOf": [ { "required": [ "type" ] }, { "required": [ "$ref" ] } ], "properties": { "type": { "type": "string" }, "$ref": { "type": "string" }, "format": { "type": "string" }, "defaultValue": { "not": { "type": [ "array", "object", "null" ] } }, "enum": { "type": "array", "items": { "type": "string" }, "uniqueItems": true, "minItems": 1 }, "minimum": { "type": "string" }, "maximum": { "type": "string" }, "items": { "$ref": "#/definitions/itemsObject" }, "uniqueItems": { "type": "boolean" } }, "dependencies": { "format": { "oneOf": [ { "properties": { "type": { "enum": [ "integer" ] }, "format": { "enum": [ "int32", "int64" ] } } }, { "properties": { "type": { "enum": [ "number" ] }, "format": { "enum": [ "float", "double" ] } } }, { "properties": { "type": { "enum": [ "string" ] }, "format": { "enum": [ "byte", "date", "date-time" ] } } } ] } }, "definitions": { "itemsObject": { "oneOf": [ { "type": "object", "required": [ "$ref" ], "properties": { "$ref": { "type": "string" } }, "additionalProperties": false }, { "allOf": [ { "$ref": "#" }, { "required": [ "type" ], "properties": { "type": {}, "format": {} }, "additionalProperties": false } ] } ] } } } OpenAPI-Specification-3.2.0/_archive_/schemas/v1.2/infoObject.json000066400000000000000000000012251506330113000245220ustar00rootroot00000000000000{ "id": "https://raw.githubusercontent.com/OAI/OpenAPI-Specification/master/schemas/v1.2/infoObject.json#", "$schema": "http://json-schema.org/draft-04/schema#", "description": "info object (section 5.1.3)", "type": "object", "required": [ "title", "description" ], "properties": { "title": { "type": "string" }, "description": { "type": "string" }, "termsOfServiceUrl": { "type": "string", "format": "uri" }, "contact": { "type": "string", "format": "email" }, "license": { "type": "string" }, "licenseUrl": { "type": "string", "format": "uri" } }, "additionalProperties": false }OpenAPI-Specification-3.2.0/_archive_/schemas/v1.2/modelsObject.json000066400000000000000000000017601506330113000250560ustar00rootroot00000000000000{ "id": "https://raw.githubusercontent.com/OAI/OpenAPI-Specification/master/schemas/v1.2/modelsObject.json#", "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "required": [ "id", "properties" ], "properties": { "id": { "type": "string" }, "description": { "type": "string" }, "properties": { "type": "object", "additionalProperties": { "$ref": "#/definitions/propertyObject" } }, "subTypes": { "type": "array", "items": { "type": "string" }, "uniqueItems": true }, "discriminator": { "type": "string" } }, "dependencies": { "subTypes": [ "discriminator" ] }, "definitions": { "propertyObject": { "allOf": [ { "not": { "$ref": "#" } }, { "$ref": "dataTypeBase.json#" } ] } } } OpenAPI-Specification-3.2.0/_archive_/schemas/v1.2/oauth2GrantType.json000066400000000000000000000037641506330113000255120ustar00rootroot00000000000000{ "id": "https://raw.githubusercontent.com/OAI/OpenAPI-Specification/master/schemas/v1.2/oauth2GrantType.json#", "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "minProperties": 1, "properties": { "implicit": { "$ref": "#/definitions/implicit" }, "authorization_code": { "$ref": "#/definitions/authorizationCode" } }, "definitions": { "implicit": { "type": "object", "required": [ "loginEndpoint" ], "properties": { "loginEndpoint": { "$ref": "#/definitions/loginEndpoint" }, "tokenName": { "type": "string" } }, "additionalProperties": false }, "authorizationCode": { "type": "object", "required": [ "tokenEndpoint", "tokenRequestEndpoint" ], "properties": { "tokenEndpoint": { "$ref": "#/definitions/tokenEndpoint" }, "tokenRequestEndpoint": { "$ref": "#/definitions/tokenRequestEndpoint" } }, "additionalProperties": false }, "loginEndpoint": { "type": "object", "required": [ "url" ], "properties": { "url": { "type": "string", "format": "uri" } }, "additionalProperties": false }, "tokenEndpoint": { "type": "object", "required": [ "url" ], "properties": { "url": { "type": "string", "format": "uri" }, "tokenName": { "type": "string" } }, "additionalProperties": false }, "tokenRequestEndpoint": { "type": "object", "required": [ "url" ], "properties": { "url": { "type": "string", "format": "uri" }, "clientIdName": { "type": "string" }, "clientSecretName": { "type": "string" } }, "additionalProperties": false } } }OpenAPI-Specification-3.2.0/_archive_/schemas/v1.2/operationObject.json000066400000000000000000000044451506330113000255760ustar00rootroot00000000000000{ "id": "https://raw.githubusercontent.com/OAI/OpenAPI-Specification/master/schemas/v1.2/operationObject.json#", "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "allOf": [ { "$ref": "dataTypeBase.json#" }, { "required": [ "method", "nickname", "parameters" ], "properties": { "method": { "enum": [ "GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "OPTIONS" ] }, "summary": { "type": "string" }, "notes": { "type": "string" }, "nickname": { "type": "string", "pattern": "^[a-zA-Z0-9_]+$" }, "authorizations": { "type": "object", "additionalProperties": { "type": "array", "items": { "$ref": "authorizationObject.json#/definitions/oauth2Scope" } } }, "parameters": { "type": "array", "items": { "$ref": "parameterObject.json#" } }, "responseMessages": { "type": "array", "items": { "$ref": "#/definitions/responseMessageObject"} }, "produces": { "$ref": "#/definitions/mimeTypeArray" }, "consumes": { "$ref": "#/definitions/mimeTypeArray" }, "deprecated": { "enum": [ "true", "false" ] } } } ], "definitions": { "responseMessageObject": { "type": "object", "required": [ "code", "message" ], "properties": { "code": { "$ref": "#/definitions/rfc2616section10" }, "message": { "type": "string" }, "responseModel": { "type": "string" } } }, "rfc2616section10": { "type": "integer", "minimum": 100, "maximum": 600, "exclusiveMaximum": true }, "mimeTypeArray": { "type": "array", "items": { "type": "string", "format": "mime-type" }, "uniqueItems": true } } } OpenAPI-Specification-3.2.0/_archive_/schemas/v1.2/parameterObject.json000066400000000000000000000024061506330113000255510ustar00rootroot00000000000000{ "id": "https://raw.githubusercontent.com/OAI/OpenAPI-Specification/master/schemas/v1.2/parameterObject.json#", "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "allOf": [ { "$ref": "dataTypeBase.json#" }, { "required": [ "paramType", "name" ], "properties": { "paramType": { "enum": [ "path", "query", "body", "header", "form" ] }, "name": { "type": "string" }, "description": { "type": "string" }, "required": { "type": "boolean" }, "allowMultiple": { "type": "boolean" } } }, { "description": "type File requires special paramType and consumes", "oneOf": [ { "properties": { "type": { "not": { "enum": [ "File" ] } } } }, { "properties": { "type": { "enum": [ "File" ] }, "paramType": { "enum": [ "form" ] }, "consumes": { "enum": [ "multipart/form-data" ] } } } ] } ] } OpenAPI-Specification-3.2.0/_archive_/schemas/v1.2/resourceListing.json000066400000000000000000000011201506330113000256130ustar00rootroot00000000000000{ "id": "https://raw.githubusercontent.com/OAI/OpenAPI-Specification/master/schemas/v1.2/resourceListing.json#", "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "required": [ "swaggerVersion", "apis" ], "properties": { "swaggerVersion": { "enum": [ "1.2" ] }, "apis": { "type": "array", "items": { "$ref": "resourceObject.json#" } }, "apiVersion": { "type": "string" }, "info": { "$ref": "infoObject.json#" }, "authorizations": { "$ref": "authorizationObject.json#" } } } OpenAPI-Specification-3.2.0/_archive_/schemas/v1.2/resourceObject.json000066400000000000000000000006011506330113000254130ustar00rootroot00000000000000{ "id": "https://raw.githubusercontent.com/OAI/OpenAPI-Specification/master/schemas/v1.2/resourceObject.json#", "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "required": [ "path" ], "properties": { "path": { "type": "string", "format": "uri" }, "description": { "type": "string" } }, "additionalProperties": false }OpenAPI-Specification-3.2.0/_archive_/schemas/v2.0/000077500000000000000000000000001506330113000215445ustar00rootroot00000000000000OpenAPI-Specification-3.2.0/_archive_/schemas/v2.0/README.md000066400000000000000000000003701506330113000230230ustar00rootroot00000000000000# OpenAPI Specification v2.0 JSON Schema This is the JSON Schema file for the OpenAPI Specification version 2.0. Download and install it via NPM. ## Install via NPM ```shell npm install --save swagger-schema-official ``` ## License Apache-2.0 OpenAPI-Specification-3.2.0/_archive_/schemas/v2.0/schema.json000066400000000000000000001164671506330113000237160ustar00rootroot00000000000000{ "title": "A JSON Schema for Swagger 2.0 API.", "id": "http://swagger.io/v2/schema.json#", "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "required": [ "swagger", "info", "paths" ], "additionalProperties": false, "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } }, "properties": { "swagger": { "type": "string", "enum": [ "2.0" ], "description": "The Swagger version of this document." }, "info": { "$ref": "#/definitions/info" }, "host": { "type": "string", "pattern": "^[^{}/ :\\\\]+(?::\\d+)?$", "description": "The host (name or ip) of the API. Example: 'swagger.io'" }, "basePath": { "type": "string", "pattern": "^/", "description": "The base path to the API. Example: '/api'." }, "schemes": { "$ref": "#/definitions/schemesList" }, "consumes": { "description": "A list of MIME types accepted by the API.", "allOf": [ { "$ref": "#/definitions/mediaTypeList" } ] }, "produces": { "description": "A list of MIME types the API can produce.", "allOf": [ { "$ref": "#/definitions/mediaTypeList" } ] }, "paths": { "$ref": "#/definitions/paths" }, "definitions": { "$ref": "#/definitions/definitions" }, "parameters": { "$ref": "#/definitions/parameterDefinitions" }, "responses": { "$ref": "#/definitions/responseDefinitions" }, "security": { "$ref": "#/definitions/security" }, "securityDefinitions": { "$ref": "#/definitions/securityDefinitions" }, "tags": { "type": "array", "items": { "$ref": "#/definitions/tag" }, "uniqueItems": true }, "externalDocs": { "$ref": "#/definitions/externalDocs" } }, "definitions": { "info": { "type": "object", "description": "General information about the API.", "required": [ "version", "title" ], "additionalProperties": false, "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } }, "properties": { "title": { "type": "string", "description": "A unique and precise title of the API." }, "version": { "type": "string", "description": "A semantic version number of the API." }, "description": { "type": "string", "description": "A longer description of the API. Should be different from the title. GitHub Flavored Markdown is allowed." }, "termsOfService": { "type": "string", "description": "The terms of service for the API." }, "contact": { "$ref": "#/definitions/contact" }, "license": { "$ref": "#/definitions/license" } } }, "contact": { "type": "object", "description": "Contact information for the owners of the API.", "additionalProperties": false, "properties": { "name": { "type": "string", "description": "The identifying name of the contact person/organization." }, "url": { "type": "string", "description": "The URL pointing to the contact information.", "format": "uri" }, "email": { "type": "string", "description": "The email address of the contact person/organization.", "format": "email" } }, "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } } }, "license": { "type": "object", "required": [ "name" ], "additionalProperties": false, "properties": { "name": { "type": "string", "description": "The name of the license type. It's encouraged to use an OSI compatible license." }, "url": { "type": "string", "description": "The URL pointing to the license.", "format": "uri" } }, "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } } }, "paths": { "type": "object", "description": "Relative paths to the individual endpoints. They must be relative to the 'basePath'.", "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" }, "^/": { "$ref": "#/definitions/pathItem" } }, "additionalProperties": false }, "definitions": { "type": "object", "additionalProperties": { "$ref": "#/definitions/schema" }, "description": "One or more JSON objects describing the schemas being consumed and produced by the API." }, "parameterDefinitions": { "type": "object", "additionalProperties": { "$ref": "#/definitions/parameter" }, "description": "One or more JSON representations for parameters" }, "responseDefinitions": { "type": "object", "additionalProperties": { "$ref": "#/definitions/response" }, "description": "One or more JSON representations for responses" }, "externalDocs": { "type": "object", "additionalProperties": false, "description": "information about external documentation", "required": [ "url" ], "properties": { "description": { "type": "string" }, "url": { "type": "string", "format": "uri" } }, "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } } }, "examples": { "type": "object", "additionalProperties": true }, "mimeType": { "type": "string", "description": "The MIME type of the HTTP message." }, "operation": { "type": "object", "required": [ "responses" ], "additionalProperties": false, "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } }, "properties": { "tags": { "type": "array", "items": { "type": "string" }, "uniqueItems": true }, "summary": { "type": "string", "description": "A brief summary of the operation." }, "description": { "type": "string", "description": "A longer description of the operation, GitHub Flavored Markdown is allowed." }, "externalDocs": { "$ref": "#/definitions/externalDocs" }, "operationId": { "type": "string", "description": "A unique identifier of the operation." }, "produces": { "description": "A list of MIME types the API can produce.", "allOf": [ { "$ref": "#/definitions/mediaTypeList" } ] }, "consumes": { "description": "A list of MIME types the API can consume.", "allOf": [ { "$ref": "#/definitions/mediaTypeList" } ] }, "parameters": { "$ref": "#/definitions/parametersList" }, "responses": { "$ref": "#/definitions/responses" }, "schemes": { "$ref": "#/definitions/schemesList" }, "deprecated": { "type": "boolean", "default": false }, "security": { "$ref": "#/definitions/security" } } }, "pathItem": { "type": "object", "additionalProperties": false, "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } }, "properties": { "$ref": { "type": "string" }, "get": { "$ref": "#/definitions/operation" }, "put": { "$ref": "#/definitions/operation" }, "post": { "$ref": "#/definitions/operation" }, "delete": { "$ref": "#/definitions/operation" }, "options": { "$ref": "#/definitions/operation" }, "head": { "$ref": "#/definitions/operation" }, "patch": { "$ref": "#/definitions/operation" }, "parameters": { "$ref": "#/definitions/parametersList" } } }, "responses": { "type": "object", "description": "Response objects names can either be any valid HTTP status code or 'default'.", "minProperties": 1, "additionalProperties": false, "patternProperties": { "^([0-9]{3})$|^(default)$": { "$ref": "#/definitions/responseValue" }, "^x-": { "$ref": "#/definitions/vendorExtension" } }, "not": { "type": "object", "additionalProperties": false, "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } } } }, "responseValue": { "oneOf": [ { "$ref": "#/definitions/response" }, { "$ref": "#/definitions/jsonReference" } ] }, "response": { "type": "object", "required": [ "description" ], "properties": { "description": { "type": "string" }, "schema": { "oneOf": [ { "$ref": "#/definitions/schema" }, { "$ref": "#/definitions/fileSchema" } ] }, "headers": { "$ref": "#/definitions/headers" }, "examples": { "$ref": "#/definitions/examples" } }, "additionalProperties": false, "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } } }, "headers": { "type": "object", "additionalProperties": { "$ref": "#/definitions/header" } }, "header": { "type": "object", "additionalProperties": false, "required": [ "type" ], "properties": { "type": { "type": "string", "enum": [ "string", "number", "integer", "boolean", "array" ] }, "format": { "type": "string" }, "items": { "$ref": "#/definitions/primitivesItems" }, "collectionFormat": { "$ref": "#/definitions/collectionFormat" }, "default": { "$ref": "#/definitions/default" }, "maximum": { "$ref": "#/definitions/maximum" }, "exclusiveMaximum": { "$ref": "#/definitions/exclusiveMaximum" }, "minimum": { "$ref": "#/definitions/minimum" }, "exclusiveMinimum": { "$ref": "#/definitions/exclusiveMinimum" }, "maxLength": { "$ref": "#/definitions/maxLength" }, "minLength": { "$ref": "#/definitions/minLength" }, "pattern": { "$ref": "#/definitions/pattern" }, "maxItems": { "$ref": "#/definitions/maxItems" }, "minItems": { "$ref": "#/definitions/minItems" }, "uniqueItems": { "$ref": "#/definitions/uniqueItems" }, "enum": { "$ref": "#/definitions/enum" }, "multipleOf": { "$ref": "#/definitions/multipleOf" }, "description": { "type": "string" } }, "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } } }, "vendorExtension": { "description": "Any property starting with x- is valid.", "additionalProperties": true, "additionalItems": true }, "bodyParameter": { "type": "object", "required": [ "name", "in", "schema" ], "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } }, "properties": { "description": { "type": "string", "description": "A brief description of the parameter. This could contain examples of use. GitHub Flavored Markdown is allowed." }, "name": { "type": "string", "description": "The name of the parameter." }, "in": { "type": "string", "description": "Determines the location of the parameter.", "enum": [ "body" ] }, "required": { "type": "boolean", "description": "Determines whether or not this parameter is required or optional.", "default": false }, "schema": { "$ref": "#/definitions/schema" } }, "additionalProperties": false }, "headerParameterSubSchema": { "additionalProperties": false, "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } }, "properties": { "required": { "type": "boolean", "description": "Determines whether or not this parameter is required or optional.", "default": false }, "in": { "type": "string", "description": "Determines the location of the parameter.", "enum": [ "header" ] }, "description": { "type": "string", "description": "A brief description of the parameter. This could contain examples of use. GitHub Flavored Markdown is allowed." }, "name": { "type": "string", "description": "The name of the parameter." }, "type": { "type": "string", "enum": [ "string", "number", "boolean", "integer", "array" ] }, "format": { "type": "string" }, "items": { "$ref": "#/definitions/primitivesItems" }, "collectionFormat": { "$ref": "#/definitions/collectionFormat" }, "default": { "$ref": "#/definitions/default" }, "maximum": { "$ref": "#/definitions/maximum" }, "exclusiveMaximum": { "$ref": "#/definitions/exclusiveMaximum" }, "minimum": { "$ref": "#/definitions/minimum" }, "exclusiveMinimum": { "$ref": "#/definitions/exclusiveMinimum" }, "maxLength": { "$ref": "#/definitions/maxLength" }, "minLength": { "$ref": "#/definitions/minLength" }, "pattern": { "$ref": "#/definitions/pattern" }, "maxItems": { "$ref": "#/definitions/maxItems" }, "minItems": { "$ref": "#/definitions/minItems" }, "uniqueItems": { "$ref": "#/definitions/uniqueItems" }, "enum": { "$ref": "#/definitions/enum" }, "multipleOf": { "$ref": "#/definitions/multipleOf" } } }, "queryParameterSubSchema": { "additionalProperties": false, "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } }, "properties": { "required": { "type": "boolean", "description": "Determines whether or not this parameter is required or optional.", "default": false }, "in": { "type": "string", "description": "Determines the location of the parameter.", "enum": [ "query" ] }, "description": { "type": "string", "description": "A brief description of the parameter. This could contain examples of use. GitHub Flavored Markdown is allowed." }, "name": { "type": "string", "description": "The name of the parameter." }, "allowEmptyValue": { "type": "boolean", "default": false, "description": "allows sending a parameter by name only or with an empty value." }, "type": { "type": "string", "enum": [ "string", "number", "boolean", "integer", "array" ] }, "format": { "type": "string" }, "items": { "$ref": "#/definitions/primitivesItems" }, "collectionFormat": { "$ref": "#/definitions/collectionFormatWithMulti" }, "default": { "$ref": "#/definitions/default" }, "maximum": { "$ref": "#/definitions/maximum" }, "exclusiveMaximum": { "$ref": "#/definitions/exclusiveMaximum" }, "minimum": { "$ref": "#/definitions/minimum" }, "exclusiveMinimum": { "$ref": "#/definitions/exclusiveMinimum" }, "maxLength": { "$ref": "#/definitions/maxLength" }, "minLength": { "$ref": "#/definitions/minLength" }, "pattern": { "$ref": "#/definitions/pattern" }, "maxItems": { "$ref": "#/definitions/maxItems" }, "minItems": { "$ref": "#/definitions/minItems" }, "uniqueItems": { "$ref": "#/definitions/uniqueItems" }, "enum": { "$ref": "#/definitions/enum" }, "multipleOf": { "$ref": "#/definitions/multipleOf" } } }, "formDataParameterSubSchema": { "additionalProperties": false, "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } }, "properties": { "required": { "type": "boolean", "description": "Determines whether or not this parameter is required or optional.", "default": false }, "in": { "type": "string", "description": "Determines the location of the parameter.", "enum": [ "formData" ] }, "description": { "type": "string", "description": "A brief description of the parameter. This could contain examples of use. GitHub Flavored Markdown is allowed." }, "name": { "type": "string", "description": "The name of the parameter." }, "allowEmptyValue": { "type": "boolean", "default": false, "description": "allows sending a parameter by name only or with an empty value." }, "type": { "type": "string", "enum": [ "string", "number", "boolean", "integer", "array", "file" ] }, "format": { "type": "string" }, "items": { "$ref": "#/definitions/primitivesItems" }, "collectionFormat": { "$ref": "#/definitions/collectionFormatWithMulti" }, "default": { "$ref": "#/definitions/default" }, "maximum": { "$ref": "#/definitions/maximum" }, "exclusiveMaximum": { "$ref": "#/definitions/exclusiveMaximum" }, "minimum": { "$ref": "#/definitions/minimum" }, "exclusiveMinimum": { "$ref": "#/definitions/exclusiveMinimum" }, "maxLength": { "$ref": "#/definitions/maxLength" }, "minLength": { "$ref": "#/definitions/minLength" }, "pattern": { "$ref": "#/definitions/pattern" }, "maxItems": { "$ref": "#/definitions/maxItems" }, "minItems": { "$ref": "#/definitions/minItems" }, "uniqueItems": { "$ref": "#/definitions/uniqueItems" }, "enum": { "$ref": "#/definitions/enum" }, "multipleOf": { "$ref": "#/definitions/multipleOf" } } }, "pathParameterSubSchema": { "additionalProperties": false, "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } }, "required": [ "required" ], "properties": { "required": { "type": "boolean", "enum": [ true ], "description": "Determines whether or not this parameter is required or optional." }, "in": { "type": "string", "description": "Determines the location of the parameter.", "enum": [ "path" ] }, "description": { "type": "string", "description": "A brief description of the parameter. This could contain examples of use. GitHub Flavored Markdown is allowed." }, "name": { "type": "string", "description": "The name of the parameter." }, "type": { "type": "string", "enum": [ "string", "number", "boolean", "integer", "array" ] }, "format": { "type": "string" }, "items": { "$ref": "#/definitions/primitivesItems" }, "collectionFormat": { "$ref": "#/definitions/collectionFormat" }, "default": { "$ref": "#/definitions/default" }, "maximum": { "$ref": "#/definitions/maximum" }, "exclusiveMaximum": { "$ref": "#/definitions/exclusiveMaximum" }, "minimum": { "$ref": "#/definitions/minimum" }, "exclusiveMinimum": { "$ref": "#/definitions/exclusiveMinimum" }, "maxLength": { "$ref": "#/definitions/maxLength" }, "minLength": { "$ref": "#/definitions/minLength" }, "pattern": { "$ref": "#/definitions/pattern" }, "maxItems": { "$ref": "#/definitions/maxItems" }, "minItems": { "$ref": "#/definitions/minItems" }, "uniqueItems": { "$ref": "#/definitions/uniqueItems" }, "enum": { "$ref": "#/definitions/enum" }, "multipleOf": { "$ref": "#/definitions/multipleOf" } } }, "nonBodyParameter": { "type": "object", "required": [ "name", "in", "type" ], "oneOf": [ { "$ref": "#/definitions/headerParameterSubSchema" }, { "$ref": "#/definitions/formDataParameterSubSchema" }, { "$ref": "#/definitions/queryParameterSubSchema" }, { "$ref": "#/definitions/pathParameterSubSchema" } ] }, "parameter": { "oneOf": [ { "$ref": "#/definitions/bodyParameter" }, { "$ref": "#/definitions/nonBodyParameter" } ] }, "schema": { "type": "object", "description": "A deterministic version of a JSON Schema object.", "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } }, "properties": { "$ref": { "type": "string" }, "format": { "type": "string" }, "title": { "$ref": "http://json-schema.org/draft-04/schema#/properties/title" }, "description": { "$ref": "http://json-schema.org/draft-04/schema#/properties/description" }, "default": { "$ref": "http://json-schema.org/draft-04/schema#/properties/default" }, "multipleOf": { "$ref": "http://json-schema.org/draft-04/schema#/properties/multipleOf" }, "maximum": { "$ref": "http://json-schema.org/draft-04/schema#/properties/maximum" }, "exclusiveMaximum": { "$ref": "http://json-schema.org/draft-04/schema#/properties/exclusiveMaximum" }, "minimum": { "$ref": "http://json-schema.org/draft-04/schema#/properties/minimum" }, "exclusiveMinimum": { "$ref": "http://json-schema.org/draft-04/schema#/properties/exclusiveMinimum" }, "maxLength": { "$ref": "http://json-schema.org/draft-04/schema#/definitions/positiveInteger" }, "minLength": { "$ref": "http://json-schema.org/draft-04/schema#/definitions/positiveIntegerDefault0" }, "pattern": { "$ref": "http://json-schema.org/draft-04/schema#/properties/pattern" }, "maxItems": { "$ref": "http://json-schema.org/draft-04/schema#/definitions/positiveInteger" }, "minItems": { "$ref": "http://json-schema.org/draft-04/schema#/definitions/positiveIntegerDefault0" }, "uniqueItems": { "$ref": "http://json-schema.org/draft-04/schema#/properties/uniqueItems" }, "maxProperties": { "$ref": "http://json-schema.org/draft-04/schema#/definitions/positiveInteger" }, "minProperties": { "$ref": "http://json-schema.org/draft-04/schema#/definitions/positiveIntegerDefault0" }, "required": { "$ref": "http://json-schema.org/draft-04/schema#/definitions/stringArray" }, "enum": { "$ref": "http://json-schema.org/draft-04/schema#/properties/enum" }, "additionalProperties": { "anyOf": [ { "$ref": "#/definitions/schema" }, { "type": "boolean" } ], "default": {} }, "type": { "$ref": "http://json-schema.org/draft-04/schema#/properties/type" }, "items": { "anyOf": [ { "$ref": "#/definitions/schema" }, { "type": "array", "minItems": 1, "items": { "$ref": "#/definitions/schema" } } ], "default": {} }, "allOf": { "type": "array", "minItems": 1, "items": { "$ref": "#/definitions/schema" } }, "properties": { "type": "object", "additionalProperties": { "$ref": "#/definitions/schema" }, "default": {} }, "discriminator": { "type": "string" }, "readOnly": { "type": "boolean", "default": false }, "xml": { "$ref": "#/definitions/xml" }, "externalDocs": { "$ref": "#/definitions/externalDocs" }, "example": {} }, "additionalProperties": false }, "fileSchema": { "type": "object", "description": "A deterministic version of a JSON Schema object.", "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } }, "required": [ "type" ], "properties": { "format": { "type": "string" }, "title": { "$ref": "http://json-schema.org/draft-04/schema#/properties/title" }, "description": { "$ref": "http://json-schema.org/draft-04/schema#/properties/description" }, "default": { "$ref": "http://json-schema.org/draft-04/schema#/properties/default" }, "required": { "$ref": "http://json-schema.org/draft-04/schema#/definitions/stringArray" }, "type": { "type": "string", "enum": [ "file" ] }, "readOnly": { "type": "boolean", "default": false }, "externalDocs": { "$ref": "#/definitions/externalDocs" }, "example": {} }, "additionalProperties": false }, "primitivesItems": { "type": "object", "additionalProperties": false, "properties": { "type": { "type": "string", "enum": [ "string", "number", "integer", "boolean", "array" ] }, "format": { "type": "string" }, "items": { "$ref": "#/definitions/primitivesItems" }, "collectionFormat": { "$ref": "#/definitions/collectionFormat" }, "default": { "$ref": "#/definitions/default" }, "maximum": { "$ref": "#/definitions/maximum" }, "exclusiveMaximum": { "$ref": "#/definitions/exclusiveMaximum" }, "minimum": { "$ref": "#/definitions/minimum" }, "exclusiveMinimum": { "$ref": "#/definitions/exclusiveMinimum" }, "maxLength": { "$ref": "#/definitions/maxLength" }, "minLength": { "$ref": "#/definitions/minLength" }, "pattern": { "$ref": "#/definitions/pattern" }, "maxItems": { "$ref": "#/definitions/maxItems" }, "minItems": { "$ref": "#/definitions/minItems" }, "uniqueItems": { "$ref": "#/definitions/uniqueItems" }, "enum": { "$ref": "#/definitions/enum" }, "multipleOf": { "$ref": "#/definitions/multipleOf" } }, "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } } }, "security": { "type": "array", "items": { "$ref": "#/definitions/securityRequirement" }, "uniqueItems": true }, "securityRequirement": { "type": "object", "additionalProperties": { "type": "array", "items": { "type": "string" }, "uniqueItems": true } }, "xml": { "type": "object", "additionalProperties": false, "properties": { "name": { "type": "string" }, "namespace": { "type": "string" }, "prefix": { "type": "string" }, "attribute": { "type": "boolean", "default": false }, "wrapped": { "type": "boolean", "default": false } }, "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } } }, "tag": { "type": "object", "additionalProperties": false, "required": [ "name" ], "properties": { "name": { "type": "string" }, "description": { "type": "string" }, "externalDocs": { "$ref": "#/definitions/externalDocs" } }, "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } } }, "securityDefinitions": { "type": "object", "additionalProperties": { "oneOf": [ { "$ref": "#/definitions/basicAuthenticationSecurity" }, { "$ref": "#/definitions/apiKeySecurity" }, { "$ref": "#/definitions/oauth2ImplicitSecurity" }, { "$ref": "#/definitions/oauth2PasswordSecurity" }, { "$ref": "#/definitions/oauth2ApplicationSecurity" }, { "$ref": "#/definitions/oauth2AccessCodeSecurity" } ] } }, "basicAuthenticationSecurity": { "type": "object", "additionalProperties": false, "required": [ "type" ], "properties": { "type": { "type": "string", "enum": [ "basic" ] }, "description": { "type": "string" } }, "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } } }, "apiKeySecurity": { "type": "object", "additionalProperties": false, "required": [ "type", "name", "in" ], "properties": { "type": { "type": "string", "enum": [ "apiKey" ] }, "name": { "type": "string" }, "in": { "type": "string", "enum": [ "header", "query" ] }, "description": { "type": "string" } }, "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } } }, "oauth2ImplicitSecurity": { "type": "object", "additionalProperties": false, "required": [ "type", "flow", "authorizationUrl" ], "properties": { "type": { "type": "string", "enum": [ "oauth2" ] }, "flow": { "type": "string", "enum": [ "implicit" ] }, "scopes": { "$ref": "#/definitions/oauth2Scopes" }, "authorizationUrl": { "type": "string", "format": "uri" }, "description": { "type": "string" } }, "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } } }, "oauth2PasswordSecurity": { "type": "object", "additionalProperties": false, "required": [ "type", "flow", "tokenUrl" ], "properties": { "type": { "type": "string", "enum": [ "oauth2" ] }, "flow": { "type": "string", "enum": [ "password" ] }, "scopes": { "$ref": "#/definitions/oauth2Scopes" }, "tokenUrl": { "type": "string", "format": "uri" }, "description": { "type": "string" } }, "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } } }, "oauth2ApplicationSecurity": { "type": "object", "additionalProperties": false, "required": [ "type", "flow", "tokenUrl" ], "properties": { "type": { "type": "string", "enum": [ "oauth2" ] }, "flow": { "type": "string", "enum": [ "application" ] }, "scopes": { "$ref": "#/definitions/oauth2Scopes" }, "tokenUrl": { "type": "string", "format": "uri" }, "description": { "type": "string" } }, "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } } }, "oauth2AccessCodeSecurity": { "type": "object", "additionalProperties": false, "required": [ "type", "flow", "authorizationUrl", "tokenUrl" ], "properties": { "type": { "type": "string", "enum": [ "oauth2" ] }, "flow": { "type": "string", "enum": [ "accessCode" ] }, "scopes": { "$ref": "#/definitions/oauth2Scopes" }, "authorizationUrl": { "type": "string", "format": "uri" }, "tokenUrl": { "type": "string", "format": "uri" }, "description": { "type": "string" } }, "patternProperties": { "^x-": { "$ref": "#/definitions/vendorExtension" } } }, "oauth2Scopes": { "type": "object", "additionalProperties": { "type": "string" } }, "mediaTypeList": { "type": "array", "items": { "$ref": "#/definitions/mimeType" }, "uniqueItems": true }, "parametersList": { "type": "array", "description": "The parameters needed to send a valid API call.", "additionalItems": false, "items": { "oneOf": [ { "$ref": "#/definitions/parameter" }, { "$ref": "#/definitions/jsonReference" } ] }, "uniqueItems": true }, "schemesList": { "type": "array", "description": "The transfer protocol of the API.", "items": { "type": "string", "enum": [ "http", "https", "ws", "wss" ] }, "uniqueItems": true }, "collectionFormat": { "type": "string", "enum": [ "csv", "ssv", "tsv", "pipes" ], "default": "csv" }, "collectionFormatWithMulti": { "type": "string", "enum": [ "csv", "ssv", "tsv", "pipes", "multi" ], "default": "csv" }, "title": { "$ref": "http://json-schema.org/draft-04/schema#/properties/title" }, "description": { "$ref": "http://json-schema.org/draft-04/schema#/properties/description" }, "default": { "$ref": "http://json-schema.org/draft-04/schema#/properties/default" }, "multipleOf": { "$ref": "http://json-schema.org/draft-04/schema#/properties/multipleOf" }, "maximum": { "$ref": "http://json-schema.org/draft-04/schema#/properties/maximum" }, "exclusiveMaximum": { "$ref": "http://json-schema.org/draft-04/schema#/properties/exclusiveMaximum" }, "minimum": { "$ref": "http://json-schema.org/draft-04/schema#/properties/minimum" }, "exclusiveMinimum": { "$ref": "http://json-schema.org/draft-04/schema#/properties/exclusiveMinimum" }, "maxLength": { "$ref": "http://json-schema.org/draft-04/schema#/definitions/positiveInteger" }, "minLength": { "$ref": "http://json-schema.org/draft-04/schema#/definitions/positiveIntegerDefault0" }, "pattern": { "$ref": "http://json-schema.org/draft-04/schema#/properties/pattern" }, "maxItems": { "$ref": "http://json-schema.org/draft-04/schema#/definitions/positiveInteger" }, "minItems": { "$ref": "http://json-schema.org/draft-04/schema#/definitions/positiveIntegerDefault0" }, "uniqueItems": { "$ref": "http://json-schema.org/draft-04/schema#/properties/uniqueItems" }, "enum": { "$ref": "http://json-schema.org/draft-04/schema#/properties/enum" }, "jsonReference": { "type": "object", "required": [ "$ref" ], "additionalProperties": false, "properties": { "$ref": { "type": "string" } } } } }OpenAPI-Specification-3.2.0/_archive_/schemas/v3.0/000077500000000000000000000000001506330113000215455ustar00rootroot00000000000000OpenAPI-Specification-3.2.0/_archive_/schemas/v3.0/README.md000066400000000000000000000041641506330113000230310ustar00rootroot00000000000000# OpenAPI 3.0.X JSON Schema This directory contains the YAML source for generating the JSON Schema for validating OpenAPI definitions of versions 3.0.X, which is published on [https://spec.openapis.org](https://spec.openapis.org). Due to limitations of GitHub pages, the schemas on the spec site are served with `Content-Type: application/octet-stream`, but should be interpreted as `application/schema+json`. The source in this directory, which has `WORK-IN-PROGRESS` in its `id`, is _not intended for direct use_. ## Schema `id` dates The published schemas on the spec site have an _iteration date_ in their `id`s. This allows the schemas for a release line (in this case 3.0) to be updated independent of the spec patch release cycle. The iteration version of the JSON Schema can be found in the `id` field. For example, the value of `id: https://spec.openapis.org/oas/3.0/schema/2019-04-02` means this iteration was created on April 2nd, 2019. We are [working on](https://github.com/OAI/OpenAPI-Specification/issues/4152) how to best provide programmatic access for determining the latest date for each schema. ## Improving the schema As a reminder, the JSON Schema is not the source of truth for the Specification. In cases of conflicts between the Specification itself and the JSON Schema, the Specification wins. Also, some Specification constraints cannot be represented with the JSON Schema so it's highly recommended to employ other methods to ensure compliance. The schema only validates the mandatory aspects of the OAS. Validating requirements that are optional, or field usage that has undefined or ignored behavior are not within the scope of this schema. Schemas to perform additional optional validation are [under consideration](https://github.com/OAI/OpenAPI-Specification/issues/4141). Improvements can be submitted by opening a PR against the `main` branch. Modify the `schema.yaml` file and add test cases for your changes. The TSC will then: - Run tests on the updated schema - Update the iteration version - Publish the new version The [test suite](../../tests/v3.0) is part of this package. ```bash npm install npm test ``` OpenAPI-Specification-3.2.0/_archive_/schemas/v3.0/pass/000077500000000000000000000000001506330113000225135ustar00rootroot00000000000000OpenAPI-Specification-3.2.0/_archive_/schemas/v3.0/pass/api-with-examples.yaml000066400000000000000000000144541506330113000267450ustar00rootroot00000000000000openapi: "3.0.0" info: title: Simple API overview version: 2.0.0 paths: /: get: operationId: listVersionsv2 summary: List API versions responses: '200': description: |- 200 response content: application/json: examples: foo: value: { "versions": [ { "status": "CURRENT", "updated": "2011-01-21T11:33:21Z", "id": "v2.0", "links": [ { "href": "http://127.0.0.1:8774/v2/", "rel": "self" } ] }, { "status": "EXPERIMENTAL", "updated": "2013-07-23T11:33:21Z", "id": "v3.0", "links": [ { "href": "http://127.0.0.1:8774/v3/", "rel": "self" } ] } ] } '300': description: |- 300 response content: application/json: examples: foo: value: | { "versions": [ { "status": "CURRENT", "updated": "2011-01-21T11:33:21Z", "id": "v2.0", "links": [ { "href": "http://127.0.0.1:8774/v2/", "rel": "self" } ] }, { "status": "EXPERIMENTAL", "updated": "2013-07-23T11:33:21Z", "id": "v3.0", "links": [ { "href": "http://127.0.0.1:8774/v3/", "rel": "self" } ] } ] } /v2: get: operationId: getVersionDetailsv2 summary: Show API version details responses: '200': description: |- 200 response content: application/json: examples: foo: value: { "version": { "status": "CURRENT", "updated": "2011-01-21T11:33:21Z", "media-types": [ { "base": "application/xml", "type": "application/vnd.openstack.compute+xml;version=2" }, { "base": "application/json", "type": "application/vnd.openstack.compute+json;version=2" } ], "id": "v2.0", "links": [ { "href": "http://127.0.0.1:8774/v2/", "rel": "self" }, { "href": "http://docs.openstack.org/api/openstack-compute/2/os-compute-devguide-2.pdf", "type": "application/pdf", "rel": "describedby" }, { "href": "http://docs.openstack.org/api/openstack-compute/2/wadl/os-compute-2.wadl", "type": "application/vnd.sun.wadl+xml", "rel": "describedby" }, { "href": "http://docs.openstack.org/api/openstack-compute/2/wadl/os-compute-2.wadl", "type": "application/vnd.sun.wadl+xml", "rel": "describedby" } ] } } '203': description: |- 203 response content: application/json: examples: foo: value: { "version": { "status": "CURRENT", "updated": "2011-01-21T11:33:21Z", "media-types": [ { "base": "application/xml", "type": "application/vnd.openstack.compute+xml;version=2" }, { "base": "application/json", "type": "application/vnd.openstack.compute+json;version=2" } ], "id": "v2.0", "links": [ { "href": "http://23.253.228.211:8774/v2/", "rel": "self" }, { "href": "http://docs.openstack.org/api/openstack-compute/2/os-compute-devguide-2.pdf", "type": "application/pdf", "rel": "describedby" }, { "href": "http://docs.openstack.org/api/openstack-compute/2/wadl/os-compute-2.wadl", "type": "application/vnd.sun.wadl+xml", "rel": "describedby" } ] } } OpenAPI-Specification-3.2.0/_archive_/schemas/v3.0/pass/callback-example.yaml000066400000000000000000000041561506330113000265720ustar00rootroot00000000000000openapi: 3.0.0 info: title: Callback Example version: 1.0.0 paths: /streams: post: description: subscribes a client to receive out-of-band data parameters: - name: callbackUrl in: query required: true description: | the location where data will be sent. Must be network accessible by the source server schema: type: string format: uri example: https://tonys-server.com responses: '201': description: subscription successfully created content: application/json: schema: description: subscription information required: - subscriptionId properties: subscriptionId: description: this unique identifier allows management of the subscription type: string example: 2531329f-fb09-4ef7-887e-84e648214436 callbacks: # the name `onData` is a convenience locator onData: # when data is sent, it will be sent to the `callbackUrl` provided # when making the subscription PLUS the suffix `/data` '{$request.query.callbackUrl}/data': post: requestBody: description: subscription payload content: application/json: schema: type: object properties: timestamp: type: string format: date-time userData: type: string responses: '202': description: | Your server implementation should return this HTTP status code if the data was received successfully '204': description: | Your server should return this HTTP status code if no longer interested in further updates OpenAPI-Specification-3.2.0/_archive_/schemas/v3.0/pass/link-example.yaml000066400000000000000000000122401506330113000257640ustar00rootroot00000000000000openapi: 3.0.0 info: title: Link Example version: 1.0.0 paths: /2.0/users/{username}: get: operationId: getUserByName parameters: - name: username in: path required: true schema: type: string responses: '200': description: The User content: application/json: schema: $ref: '#/components/schemas/user' links: userRepositories: $ref: '#/components/links/UserRepositories' /2.0/repositories/{username}: get: operationId: getRepositoriesByOwner parameters: - name: username in: path required: true schema: type: string responses: '200': description: repositories owned by the supplied user content: application/json: schema: type: array items: $ref: '#/components/schemas/repository' links: userRepository: $ref: '#/components/links/UserRepository' /2.0/repositories/{username}/{slug}: get: operationId: getRepository parameters: - name: username in: path required: true schema: type: string - name: slug in: path required: true schema: type: string responses: '200': description: The repository content: application/json: schema: $ref: '#/components/schemas/repository' links: repositoryPullRequests: $ref: '#/components/links/RepositoryPullRequests' /2.0/repositories/{username}/{slug}/pullrequests: get: operationId: getPullRequestsByRepository parameters: - name: username in: path required: true schema: type: string - name: slug in: path required: true schema: type: string - name: state in: query schema: type: string enum: - open - merged - declined responses: '200': description: an array of pull request objects content: application/json: schema: type: array items: $ref: '#/components/schemas/pullrequest' /2.0/repositories/{username}/{slug}/pullrequests/{pid}: get: operationId: getPullRequestsById parameters: - name: username in: path required: true schema: type: string - name: slug in: path required: true schema: type: string - name: pid in: path required: true schema: type: string responses: '200': description: a pull request object content: application/json: schema: $ref: '#/components/schemas/pullrequest' links: pullRequestMerge: $ref: '#/components/links/PullRequestMerge' /2.0/repositories/{username}/{slug}/pullrequests/{pid}/merge: post: operationId: mergePullRequest parameters: - name: username in: path required: true schema: type: string - name: slug in: path required: true schema: type: string - name: pid in: path required: true schema: type: string responses: '204': description: the PR was successfully merged components: links: UserRepositories: # returns array of '#/components/schemas/repository' operationId: getRepositoriesByOwner parameters: username: $response.body#/username UserRepository: # returns '#/components/schemas/repository' operationId: getRepository parameters: username: $response.body#/owner/username slug: $response.body#/slug RepositoryPullRequests: # returns '#/components/schemas/pullrequest' operationId: getPullRequestsByRepository parameters: username: $response.body#/owner/username slug: $response.body#/slug PullRequestMerge: # executes /2.0/repositories/{username}/{slug}/pullrequests/{pid}/merge operationId: mergePullRequest parameters: username: $response.body#/author/username slug: $response.body#/repository/slug pid: $response.body#/id schemas: user: type: object properties: username: type: string uuid: type: string repository: type: object properties: slug: type: string owner: $ref: '#/components/schemas/user' pullrequest: type: object properties: id: type: integer title: type: string repository: $ref: '#/components/schemas/repository' author: $ref: '#/components/schemas/user' OpenAPI-Specification-3.2.0/_archive_/schemas/v3.0/pass/petstore-expanded.yaml000066400000000000000000000125471506330113000270430ustar00rootroot00000000000000openapi: "3.0.0" info: version: 1.0.0 title: Swagger Petstore description: A sample API that uses a petstore as an example to demonstrate features in the OpenAPI 3.0 specification termsOfService: http://swagger.io/terms/ contact: name: Swagger API Team email: apiteam@swagger.io url: http://swagger.io license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html servers: - url: https://petstore.swagger.io/v2 paths: /pets: get: description: | Returns all pets from the system that the user has access to Nam sed condimentum est. Maecenas tempor sagittis sapien, nec rhoncus sem sagittis sit amet. Aenean at gravida augue, ac iaculis sem. Curabitur odio lorem, ornare eget elementum nec, cursus id lectus. Duis mi turpis, pulvinar ac eros ac, tincidunt varius justo. In hac habitasse platea dictumst. Integer at adipiscing ante, a sagittis ligula. Aenean pharetra tempor ante molestie imperdiet. Vivamus id aliquam diam. Cras quis velit non tortor eleifend sagittis. Praesent at enim pharetra urna volutpat venenatis eget eget mauris. In eleifend fermentum facilisis. Praesent enim enim, gravida ac sodales sed, placerat id erat. Suspendisse lacus dolor, consectetur non augue vel, vehicula interdum libero. Morbi euismod sagittis libero sed lacinia. Sed tempus felis lobortis leo pulvinar rutrum. Nam mattis velit nisl, eu condimentum ligula luctus nec. Phasellus semper velit eget aliquet faucibus. In a mattis elit. Phasellus vel urna viverra, condimentum lorem id, rhoncus nibh. Ut pellentesque posuere elementum. Sed a varius odio. Morbi rhoncus ligula libero, vel eleifend nunc tristique vitae. Fusce et sem dui. Aenean nec scelerisque tortor. Fusce malesuada accumsan magna vel tempus. Quisque mollis felis eu dolor tristique, sit amet auctor felis gravida. Sed libero lorem, molestie sed nisl in, accumsan tempor nisi. Fusce sollicitudin massa ut lacinia mattis. Sed vel eleifend lorem. Pellentesque vitae felis pretium, pulvinar elit eu, euismod sapien. operationId: findPets parameters: - name: tags in: query description: tags to filter by required: false style: form schema: type: array items: type: string - name: limit in: query description: maximum number of results to return required: false schema: type: integer format: int32 responses: '200': description: pet response content: application/json: schema: type: array items: $ref: '#/components/schemas/Pet' default: description: unexpected error content: application/json: schema: $ref: '#/components/schemas/Error' post: description: Creates a new pet in the store. Duplicates are allowed operationId: addPet requestBody: description: Pet to add to the store required: true content: application/json: schema: $ref: '#/components/schemas/NewPet' responses: '200': description: pet response content: application/json: schema: $ref: '#/components/schemas/Pet' default: description: unexpected error content: application/json: schema: $ref: '#/components/schemas/Error' /pets/{id}: get: description: Returns a user based on a single ID, if the user does not have access to the pet operationId: find pet by id parameters: - name: id in: path description: ID of pet to fetch required: true schema: type: integer format: int64 responses: '200': description: pet response content: application/json: schema: $ref: '#/components/schemas/Pet' default: description: unexpected error content: application/json: schema: $ref: '#/components/schemas/Error' delete: description: deletes a single pet based on the ID supplied operationId: deletePet parameters: - name: id in: path description: ID of pet to delete required: true schema: type: integer format: int64 responses: '204': description: pet deleted default: description: unexpected error content: application/json: schema: $ref: '#/components/schemas/Error' components: schemas: Pet: allOf: - $ref: '#/components/schemas/NewPet' - type: object required: - id properties: id: type: integer format: int64 NewPet: type: object required: - name properties: name: type: string tag: type: string Error: type: object required: - code - message properties: code: type: integer format: int32 message: type: string OpenAPI-Specification-3.2.0/_archive_/schemas/v3.0/pass/petstore.yaml000066400000000000000000000053241506330113000252500ustar00rootroot00000000000000openapi: "3.0.0" info: version: 1.0.0 title: Swagger Petstore license: name: MIT servers: - url: http://petstore.swagger.io/v1 paths: /pets: get: summary: List all pets operationId: listPets tags: - pets parameters: - name: limit in: query description: How many items to return at one time (max 100) required: false schema: type: integer maximum: 100 format: int32 responses: '200': description: A paged array of pets headers: x-next: description: A link to the next page of responses schema: type: string content: application/json: schema: $ref: "#/components/schemas/Pets" default: description: unexpected error content: application/json: schema: $ref: "#/components/schemas/Error" post: summary: Create a pet operationId: createPets tags: - pets requestBody: content: application/json: schema: $ref: '#/components/schemas/Pet' required: true responses: '201': description: Null response default: description: unexpected error content: application/json: schema: $ref: "#/components/schemas/Error" /pets/{petId}: get: summary: Info for a specific pet operationId: showPetById tags: - pets parameters: - name: petId in: path required: true description: The id of the pet to retrieve schema: type: string responses: '200': description: Expected response to a valid request content: application/json: schema: $ref: "#/components/schemas/Pet" default: description: unexpected error content: application/json: schema: $ref: "#/components/schemas/Error" components: schemas: Pet: type: object required: - id - name properties: id: type: integer format: int64 name: type: string tag: type: string Pets: type: array maxItems: 100 items: $ref: "#/components/schemas/Pet" Error: type: object required: - code - message properties: code: type: integer format: int32 message: type: string OpenAPI-Specification-3.2.0/_archive_/schemas/v3.0/pass/uspto.yaml000066400000000000000000000170771506330113000245650ustar00rootroot00000000000000openapi: 3.0.1 servers: - url: '{scheme}://developer.uspto.gov/ds-api' variables: scheme: description: 'The Data Set API is accessible via https and http' enum: - 'https' - 'http' default: 'https' info: description: >- The Data Set API (DSAPI) allows the public users to discover and search USPTO exported data sets. This is a generic API that allows USPTO users to make any CSV based data files searchable through API. With the help of GET call, it returns the list of data fields that are searchable. With the help of POST call, data can be fetched based on the filters on the field names. Please note that POST call is used to search the actual data. The reason for the POST call is that it allows users to specify any complex search criteria without worry about the GET size limitations as well as encoding of the input parameters. version: 1.0.0 title: USPTO Data Set API contact: name: Open Data Portal url: 'https://developer.uspto.gov' email: developer@uspto.gov tags: - name: metadata description: Find out about the data sets - name: search description: Search a data set paths: /: get: tags: - metadata operationId: list-data-sets summary: List available data sets responses: '200': description: Returns a list of data sets content: application/json: schema: $ref: '#/components/schemas/dataSetList' example: { "total": 2, "apis": [ { "apiKey": "oa_citations", "apiVersionNumber": "v1", "apiUrl": "https://developer.uspto.gov/ds-api/oa_citations/v1/fields", "apiDocumentationUrl": "https://developer.uspto.gov/ds-api-docs/index.html?url=https://developer.uspto.gov/ds-api/swagger/docs/oa_citations.json" }, { "apiKey": "cancer_moonshot", "apiVersionNumber": "v1", "apiUrl": "https://developer.uspto.gov/ds-api/cancer_moonshot/v1/fields", "apiDocumentationUrl": "https://developer.uspto.gov/ds-api-docs/index.html?url=https://developer.uspto.gov/ds-api/swagger/docs/cancer_moonshot.json" } ] } /{dataset}/{version}/fields: get: tags: - metadata summary: >- Provides the general information about the API and the list of fields that can be used to query the dataset. description: >- This GET API returns the list of all the searchable field names that are in the oa_citations. Please see the 'fields' attribute which returns an array of field names. Each field or a combination of fields can be searched using the syntax options shown below. operationId: list-searchable-fields parameters: - name: dataset in: path description: 'Name of the dataset.' required: true example: "oa_citations" schema: type: string - name: version in: path description: Version of the dataset. required: true example: "v1" schema: type: string responses: '200': description: >- The dataset API for the given version is found and it is accessible to consume. content: application/json: schema: type: string '404': description: >- The combination of dataset name and version is not found in the system or it is not published yet to be consumed by public. content: application/json: schema: type: string /{dataset}/{version}/records: post: tags: - search summary: >- Provides search capability for the data set with the given search criteria. description: >- This API is based on Solr/Lucene Search. The data is indexed using SOLR. This GET API returns the list of all the searchable field names that are in the Solr Index. Please see the 'fields' attribute which returns an array of field names. Each field or a combination of fields can be searched using the Solr/Lucene Syntax. Please refer https://lucene.apache.org/core/3_6_2/queryparsersyntax.html#Overview for the query syntax. List of field names that are searchable can be determined using above GET api. operationId: perform-search parameters: - name: version in: path description: Version of the dataset. required: true schema: type: string default: v1 - name: dataset in: path description: 'Name of the dataset. In this case, the default value is oa_citations' required: true schema: type: string default: oa_citations responses: '200': description: successful operation content: application/json: schema: type: array items: type: object additionalProperties: type: object '404': description: No matching record found for the given criteria. requestBody: content: application/x-www-form-urlencoded: schema: type: object properties: criteria: description: >- Uses Lucene Query Syntax in the format of propertyName:value, propertyName:[num1 TO num2] and date range format: propertyName:[yyyyMMdd TO yyyyMMdd]. In the response please see the 'docs' element which has the list of record objects. Each record structure would consist of all the fields and their corresponding values. type: string default: '*:*' start: description: Starting record number. Default value is 0. type: integer default: 0 rows: description: >- Specify number of rows to be returned. If you run the search with default values, in the response you will see 'numFound' attribute which will tell the number of records available in the dataset. type: integer default: 100 required: - criteria components: schemas: dataSetList: type: object properties: total: type: integer apis: type: array items: type: object properties: apiKey: type: string description: To be used as a dataset parameter value apiVersionNumber: type: string description: To be used as a version parameter value apiUrl: type: string format: uriref description: "The URL describing the dataset's fields" apiDocumentationUrl: type: string format: uriref description: A URL to the API console for each API OpenAPI-Specification-3.2.0/_archive_/schemas/v3.0/schema.test.mjs000066400000000000000000000032311506330113000244750ustar00rootroot00000000000000import { readdirSync, readFileSync } from "node:fs"; import YAML from "yaml"; import { validate, setMetaSchemaOutputFormat } from "@hyperjump/json-schema/openapi-3-0"; import { BASIC } from "@hyperjump/json-schema/experimental"; import { describe, test, expect } from "vitest"; import contentTypeParser from "content-type"; import { addMediaTypePlugin } from "@hyperjump/browser"; import { buildSchemaDocument } from "@hyperjump/json-schema/experimental"; addMediaTypePlugin("application/schema+yaml", { parse: async (response) => { const contentType = contentTypeParser.parse(response.headers.get("content-type") ?? ""); const contextDialectId = contentType.parameters.schema ?? contentType.parameters.profile; const foo = YAML.parse(await response.text()); return buildSchemaDocument(foo, response.url, contextDialectId); }, fileMatcher: (path) => path.endsWith(".yaml") }); const parseYamlFromFile = (filePath) => { const schemaYaml = readFileSync(filePath, "utf8"); return YAML.parse(schemaYaml, { prettyErrors: true }); }; setMetaSchemaOutputFormat(BASIC); const validateOpenApi = await validate("./_archive_/schemas/v3.0/schema.yaml"); const folder = './_archive_/schemas/v3.0/pass/'; describe("pass", async () => { readdirSync(folder, { withFileTypes: true }) .filter((entry) => entry.isFile() && /\.yaml$/.test(entry.name)) .forEach((entry) => { test(entry.name, () => { const instance = parseYamlFromFile(folder + entry.name); const output = validateOpenApi(instance, BASIC); expect(output.valid).to.equal(true); }); }); }); OpenAPI-Specification-3.2.0/_archive_/schemas/v3.0/schema.yaml000066400000000000000000000541651506330113000237040ustar00rootroot00000000000000id: https://spec.openapis.org/oas/3.0/schema/WORK-IN-PROGRESS $schema: http://json-schema.org/draft-04/schema# description: The description of OpenAPI v3.0.x Documents type: object required: - openapi - info - paths properties: openapi: type: string pattern: ^3\.0\.\d(-.+)?$ info: $ref: '#/definitions/Info' externalDocs: $ref: '#/definitions/ExternalDocumentation' servers: type: array items: $ref: '#/definitions/Server' security: type: array items: $ref: '#/definitions/SecurityRequirement' tags: type: array items: $ref: '#/definitions/Tag' uniqueItems: true paths: $ref: '#/definitions/Paths' components: $ref: '#/definitions/Components' patternProperties: '^x-': {} additionalProperties: false definitions: Reference: type: object required: - $ref patternProperties: '^\$ref$': type: string format: uri-reference Info: type: object required: - title - version properties: title: type: string description: type: string termsOfService: type: string format: uri-reference contact: $ref: '#/definitions/Contact' license: $ref: '#/definitions/License' version: type: string patternProperties: '^x-': {} additionalProperties: false Contact: type: object properties: name: type: string url: type: string format: uri-reference email: type: string format: email patternProperties: '^x-': {} additionalProperties: false License: type: object required: - name properties: name: type: string url: type: string format: uri-reference patternProperties: '^x-': {} additionalProperties: false Server: type: object required: - url properties: url: type: string description: type: string variables: type: object additionalProperties: $ref: '#/definitions/ServerVariable' patternProperties: '^x-': {} additionalProperties: false ServerVariable: type: object required: - default properties: enum: type: array items: type: string default: type: string description: type: string patternProperties: '^x-': {} additionalProperties: false Components: type: object properties: schemas: type: object patternProperties: '^[a-zA-Z0-9\.\-_]+$': oneOf: - $ref: '#/definitions/Schema' - $ref: '#/definitions/Reference' responses: type: object patternProperties: '^[a-zA-Z0-9\.\-_]+$': oneOf: - $ref: '#/definitions/Reference' - $ref: '#/definitions/Response' parameters: type: object patternProperties: '^[a-zA-Z0-9\.\-_]+$': oneOf: - $ref: '#/definitions/Reference' - $ref: '#/definitions/Parameter' examples: type: object patternProperties: '^[a-zA-Z0-9\.\-_]+$': oneOf: - $ref: '#/definitions/Reference' - $ref: '#/definitions/Example' requestBodies: type: object patternProperties: '^[a-zA-Z0-9\.\-_]+$': oneOf: - $ref: '#/definitions/Reference' - $ref: '#/definitions/RequestBody' headers: type: object patternProperties: '^[a-zA-Z0-9\.\-_]+$': oneOf: - $ref: '#/definitions/Reference' - $ref: '#/definitions/Header' securitySchemes: type: object patternProperties: '^[a-zA-Z0-9\.\-_]+$': oneOf: - $ref: '#/definitions/Reference' - $ref: '#/definitions/SecurityScheme' links: type: object patternProperties: '^[a-zA-Z0-9\.\-_]+$': oneOf: - $ref: '#/definitions/Reference' - $ref: '#/definitions/Link' callbacks: type: object patternProperties: '^[a-zA-Z0-9\.\-_]+$': oneOf: - $ref: '#/definitions/Reference' - $ref: '#/definitions/Callback' patternProperties: '^x-': {} additionalProperties: false Schema: type: object properties: title: type: string multipleOf: type: number minimum: 0 exclusiveMinimum: true maximum: type: number exclusiveMaximum: type: boolean default: false minimum: type: number exclusiveMinimum: type: boolean default: false maxLength: type: integer minimum: 0 minLength: type: integer minimum: 0 default: 0 pattern: type: string format: regex maxItems: type: integer minimum: 0 minItems: type: integer minimum: 0 default: 0 uniqueItems: type: boolean default: false maxProperties: type: integer minimum: 0 minProperties: type: integer minimum: 0 default: 0 required: type: array items: type: string minItems: 1 uniqueItems: true enum: type: array items: {} minItems: 1 uniqueItems: false type: type: string enum: - array - boolean - integer - number - object - string not: oneOf: - $ref: '#/definitions/Schema' - $ref: '#/definitions/Reference' allOf: type: array items: oneOf: - $ref: '#/definitions/Schema' - $ref: '#/definitions/Reference' oneOf: type: array items: oneOf: - $ref: '#/definitions/Schema' - $ref: '#/definitions/Reference' anyOf: type: array items: oneOf: - $ref: '#/definitions/Schema' - $ref: '#/definitions/Reference' items: oneOf: - $ref: '#/definitions/Schema' - $ref: '#/definitions/Reference' properties: type: object additionalProperties: oneOf: - $ref: '#/definitions/Schema' - $ref: '#/definitions/Reference' additionalProperties: oneOf: - $ref: '#/definitions/Schema' - $ref: '#/definitions/Reference' - type: boolean default: true description: type: string format: type: string default: {} nullable: type: boolean default: false discriminator: $ref: '#/definitions/Discriminator' readOnly: type: boolean default: false writeOnly: type: boolean default: false example: {} externalDocs: $ref: '#/definitions/ExternalDocumentation' deprecated: type: boolean default: false xml: $ref: '#/definitions/XML' patternProperties: '^x-': {} additionalProperties: false Discriminator: type: object required: - propertyName properties: propertyName: type: string mapping: type: object additionalProperties: type: string XML: type: object properties: name: type: string namespace: type: string format: uri prefix: type: string attribute: type: boolean default: false wrapped: type: boolean default: false patternProperties: '^x-': {} additionalProperties: false Response: type: object required: - description properties: description: type: string headers: type: object additionalProperties: oneOf: - $ref: '#/definitions/Header' - $ref: '#/definitions/Reference' content: type: object additionalProperties: $ref: '#/definitions/MediaType' links: type: object additionalProperties: oneOf: - $ref: '#/definitions/Link' - $ref: '#/definitions/Reference' patternProperties: '^x-': {} additionalProperties: false MediaType: type: object properties: schema: oneOf: - $ref: '#/definitions/Schema' - $ref: '#/definitions/Reference' example: {} examples: type: object additionalProperties: oneOf: - $ref: '#/definitions/Example' - $ref: '#/definitions/Reference' encoding: type: object additionalProperties: $ref: '#/definitions/Encoding' patternProperties: '^x-': {} additionalProperties: false allOf: - $ref: '#/definitions/ExampleXORExamples' Example: type: object properties: summary: type: string description: type: string value: {} externalValue: type: string format: uri-reference patternProperties: '^x-': {} additionalProperties: false Header: type: object properties: description: type: string required: type: boolean default: false deprecated: type: boolean default: false allowEmptyValue: type: boolean default: false style: type: string enum: - simple default: simple explode: type: boolean allowReserved: type: boolean default: false schema: oneOf: - $ref: '#/definitions/Schema' - $ref: '#/definitions/Reference' content: type: object additionalProperties: $ref: '#/definitions/MediaType' minProperties: 1 maxProperties: 1 example: {} examples: type: object additionalProperties: oneOf: - $ref: '#/definitions/Example' - $ref: '#/definitions/Reference' patternProperties: '^x-': {} additionalProperties: false allOf: - $ref: '#/definitions/ExampleXORExamples' - $ref: '#/definitions/SchemaXORContent' Paths: type: object patternProperties: '^\/': $ref: '#/definitions/PathItem' '^x-': {} additionalProperties: false PathItem: type: object properties: $ref: type: string summary: type: string description: type: string get: $ref: '#/definitions/Operation' put: $ref: '#/definitions/Operation' post: $ref: '#/definitions/Operation' delete: $ref: '#/definitions/Operation' options: $ref: '#/definitions/Operation' head: $ref: '#/definitions/Operation' patch: $ref: '#/definitions/Operation' trace: $ref: '#/definitions/Operation' servers: type: array items: $ref: '#/definitions/Server' parameters: type: array items: oneOf: - $ref: '#/definitions/Parameter' - $ref: '#/definitions/Reference' uniqueItems: true patternProperties: '^x-': {} additionalProperties: false Operation: type: object required: - responses properties: tags: type: array items: type: string summary: type: string description: type: string externalDocs: $ref: '#/definitions/ExternalDocumentation' operationId: type: string parameters: type: array items: oneOf: - $ref: '#/definitions/Parameter' - $ref: '#/definitions/Reference' uniqueItems: true requestBody: oneOf: - $ref: '#/definitions/RequestBody' - $ref: '#/definitions/Reference' responses: $ref: '#/definitions/Responses' callbacks: type: object additionalProperties: oneOf: - $ref: '#/definitions/Callback' - $ref: '#/definitions/Reference' deprecated: type: boolean default: false security: type: array items: $ref: '#/definitions/SecurityRequirement' servers: type: array items: $ref: '#/definitions/Server' patternProperties: '^x-': {} additionalProperties: false Responses: type: object properties: default: oneOf: - $ref: '#/definitions/Response' - $ref: '#/definitions/Reference' patternProperties: '^[1-5](?:\d{2}|XX)$': oneOf: - $ref: '#/definitions/Response' - $ref: '#/definitions/Reference' '^x-': {} minProperties: 1 additionalProperties: false SecurityRequirement: type: object additionalProperties: type: array items: type: string Tag: type: object required: - name properties: name: type: string description: type: string externalDocs: $ref: '#/definitions/ExternalDocumentation' patternProperties: '^x-': {} additionalProperties: false ExternalDocumentation: type: object required: - url properties: description: type: string url: type: string format: uri-reference patternProperties: '^x-': {} additionalProperties: false ExampleXORExamples: description: Example and examples are mutually exclusive not: required: [example, examples] SchemaXORContent: description: Schema and content are mutually exclusive, at least one is required not: required: [schema, content] oneOf: - required: [schema] - required: [content] description: Some properties are not allowed if content is present allOf: - not: required: [style] - not: required: [explode] - not: required: [allowReserved] - not: required: [example] - not: required: [examples] Parameter: type: object properties: name: type: string in: type: string description: type: string required: type: boolean default: false deprecated: type: boolean default: false allowEmptyValue: type: boolean default: false style: type: string explode: type: boolean allowReserved: type: boolean default: false schema: oneOf: - $ref: '#/definitions/Schema' - $ref: '#/definitions/Reference' content: type: object additionalProperties: $ref: '#/definitions/MediaType' minProperties: 1 maxProperties: 1 example: {} examples: type: object additionalProperties: oneOf: - $ref: '#/definitions/Example' - $ref: '#/definitions/Reference' patternProperties: '^x-': {} additionalProperties: false required: - name - in allOf: - $ref: '#/definitions/ExampleXORExamples' - $ref: '#/definitions/SchemaXORContent' oneOf: - $ref: '#/definitions/PathParameter' - $ref: '#/definitions/QueryParameter' - $ref: '#/definitions/HeaderParameter' - $ref: '#/definitions/CookieParameter' PathParameter: description: Parameter in path required: - required properties: in: enum: [path] style: enum: [matrix, label, simple] default: simple required: enum: [true] QueryParameter: description: Parameter in query properties: in: enum: [query] style: enum: [form, spaceDelimited, pipeDelimited, deepObject] default: form HeaderParameter: description: Parameter in header properties: in: enum: [header] style: enum: [simple] default: simple CookieParameter: description: Parameter in cookie properties: in: enum: [cookie] style: enum: [form] default: form RequestBody: type: object required: - content properties: description: type: string content: type: object additionalProperties: $ref: '#/definitions/MediaType' required: type: boolean default: false patternProperties: '^x-': {} additionalProperties: false SecurityScheme: oneOf: - $ref: '#/definitions/APIKeySecurityScheme' - $ref: '#/definitions/HTTPSecurityScheme' - $ref: '#/definitions/OAuth2SecurityScheme' - $ref: '#/definitions/OpenIdConnectSecurityScheme' APIKeySecurityScheme: type: object required: - type - name - in properties: type: type: string enum: - apiKey name: type: string in: type: string enum: - header - query - cookie description: type: string patternProperties: '^x-': {} additionalProperties: false HTTPSecurityScheme: type: object required: - scheme - type properties: scheme: type: string bearerFormat: type: string description: type: string type: type: string enum: - http patternProperties: '^x-': {} additionalProperties: false oneOf: - description: Bearer properties: scheme: type: string pattern: ^[Bb][Ee][Aa][Rr][Ee][Rr]$ - description: Non Bearer not: required: [bearerFormat] properties: scheme: not: type: string pattern: ^[Bb][Ee][Aa][Rr][Ee][Rr]$ OAuth2SecurityScheme: type: object required: - type - flows properties: type: type: string enum: - oauth2 flows: $ref: '#/definitions/OAuthFlows' description: type: string patternProperties: '^x-': {} additionalProperties: false OpenIdConnectSecurityScheme: type: object required: - type - openIdConnectUrl properties: type: type: string enum: - openIdConnect openIdConnectUrl: type: string format: uri-reference description: type: string patternProperties: '^x-': {} additionalProperties: false OAuthFlows: type: object properties: implicit: $ref: '#/definitions/ImplicitOAuthFlow' password: $ref: '#/definitions/PasswordOAuthFlow' clientCredentials: $ref: '#/definitions/ClientCredentialsFlow' authorizationCode: $ref: '#/definitions/AuthorizationCodeOAuthFlow' patternProperties: '^x-': {} additionalProperties: false ImplicitOAuthFlow: type: object required: - authorizationUrl - scopes properties: authorizationUrl: type: string format: uri-reference refreshUrl: type: string format: uri-reference scopes: type: object additionalProperties: type: string patternProperties: '^x-': {} additionalProperties: false PasswordOAuthFlow: type: object required: - tokenUrl - scopes properties: tokenUrl: type: string format: uri-reference refreshUrl: type: string format: uri-reference scopes: type: object additionalProperties: type: string patternProperties: '^x-': {} additionalProperties: false ClientCredentialsFlow: type: object required: - tokenUrl - scopes properties: tokenUrl: type: string format: uri-reference refreshUrl: type: string format: uri-reference scopes: type: object additionalProperties: type: string patternProperties: '^x-': {} additionalProperties: false AuthorizationCodeOAuthFlow: type: object required: - authorizationUrl - tokenUrl - scopes properties: authorizationUrl: type: string format: uri-reference tokenUrl: type: string format: uri-reference refreshUrl: type: string format: uri-reference scopes: type: object additionalProperties: type: string patternProperties: '^x-': {} additionalProperties: false Link: type: object properties: operationId: type: string operationRef: type: string format: uri-reference parameters: type: object additionalProperties: {} requestBody: {} description: type: string server: $ref: '#/definitions/Server' patternProperties: '^x-': {} additionalProperties: false not: description: Operation Id and Operation Ref are mutually exclusive required: [operationId, operationRef] Callback: type: object additionalProperties: $ref: '#/definitions/PathItem' patternProperties: '^x-': {} Encoding: type: object properties: contentType: type: string headers: type: object additionalProperties: oneOf: - $ref: '#/definitions/Header' - $ref: '#/definitions/Reference' style: type: string enum: - form - spaceDelimited - pipeDelimited - deepObject explode: type: boolean allowReserved: type: boolean default: false patternProperties: '^x-': {} additionalProperties: false OpenAPI-Specification-3.2.0/package-lock.json000066400000000000000000006122421506330113000207400ustar00rootroot00000000000000{ "name": "oas-infra", "version": "0.0.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "oas-infra", "version": "0.0.0", "license": "Apache-2.0", "dependencies": { "cheerio": "^1.1.2", "highlight.js": "^11.11.1", "markdown-it": "^14.1.0", "respec": "35.5.1", "yargs": "^18.0.0" }, "devDependencies": { "@hyperjump/json-schema-coverage": "^1.1.1", "@vitest/coverage-v8": "^3.2.4", "c8": "^10.1.3", "markdownlint-cli2": "^0.18.1", "vitest": "^3.2.4", "yaml": "^2.8.1" } }, "node_modules/@ampproject/remapping": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz", "integrity": "sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw==", "dev": true, "license": "Apache-2.0", "dependencies": { "@jridgewell/gen-mapping": "^0.3.5", "@jridgewell/trace-mapping": "^0.3.24" }, "engines": { "node": ">=6.0.0" } }, "node_modules/@babel/code-frame": { "version": "7.27.1", "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.27.1.tgz", "integrity": "sha512-cjQ7ZlQ0Mv3b47hABuTevyTuYN4i+loJKGeV9flcCgIK37cCXRh+L1bd3iBHlynerhQ7BhCkn2BPbQUL+rGqFg==", "license": "MIT", "dependencies": { "@babel/helper-validator-identifier": "^7.27.1", "js-tokens": "^4.0.0", "picocolors": "^1.1.1" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/helper-string-parser": { "version": "7.27.1", "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz", "integrity": "sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==", "dev": true, "license": "MIT", "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/helper-validator-identifier": { "version": "7.27.1", "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.27.1.tgz", "integrity": "sha512-D2hP9eA+Sqx1kBZgzxZh0y1trbuU+JoDkiEwqhQ36nodYqJwyEIhPSdMNd7lOm/4io72luTPWH20Yda0xOuUow==", "license": "MIT", "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/parser": { "version": "7.28.0", "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.28.0.tgz", "integrity": "sha512-jVZGvOxOuNSsuQuLRTh13nU0AogFlw32w/MT+LV6D3sP5WdbW61E77RnkbaO2dUvmPAYrBDJXGn5gGS6tH4j8g==", "dev": true, "license": "MIT", "dependencies": { "@babel/types": "^7.28.0" }, "bin": { "parser": "bin/babel-parser.js" }, "engines": { "node": ">=6.0.0" } }, "node_modules/@babel/types": { "version": "7.28.1", "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.28.1.tgz", "integrity": "sha512-x0LvFTekgSX+83TI28Y9wYPUfzrnl2aT5+5QLnO6v7mSJYtEEevuDRN0F0uSHRk1G1IWZC43o00Y0xDDrpBGPQ==", "dev": true, "license": "MIT", "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@bcoe/v8-coverage": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-1.0.2.tgz", "integrity": "sha512-6zABk/ECA/QYSCQ1NGiVwwbQerUCZ+TQbp64Q3AgmfNvurHH0j8TtXa1qbShXA6qqkpAj4V5W8pP6mLe1mcMqA==", "dev": true, "license": "MIT", "engines": { "node": ">=18" } }, "node_modules/@esbuild/aix-ppc64": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.5.tgz", "integrity": "sha512-9o3TMmpmftaCMepOdA5k/yDw8SfInyzWWTjYTFCX3kPSDJMROQTb8jg+h9Cnwnmm1vOzvxN7gIfB5V2ewpjtGA==", "cpu": [ "ppc64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "aix" ], "engines": { "node": ">=18" } }, "node_modules/@esbuild/android-arm": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.5.tgz", "integrity": "sha512-AdJKSPeEHgi7/ZhuIPtcQKr5RQdo6OO2IL87JkianiMYMPbCtot9fxPbrMiBADOWWm3T2si9stAiVsGbTQFkbA==", "cpu": [ "arm" ], "dev": true, "license": "MIT", "optional": true, "os": [ "android" ], "engines": { "node": ">=18" } }, "node_modules/@esbuild/android-arm64": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.5.tgz", "integrity": "sha512-VGzGhj4lJO+TVGV1v8ntCZWJktV7SGCs3Pn1GRWI1SBFtRALoomm8k5E9Pmwg3HOAal2VDc2F9+PM/rEY6oIDg==", "cpu": [ "arm64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "android" ], "engines": { "node": ">=18" } }, "node_modules/@esbuild/android-x64": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.5.tgz", "integrity": "sha512-D2GyJT1kjvO//drbRT3Hib9XPwQeWd9vZoBJn+bu/lVsOZ13cqNdDeqIF/xQ5/VmWvMduP6AmXvylO/PIc2isw==", "cpu": [ "x64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "android" ], "engines": { "node": ">=18" } }, "node_modules/@esbuild/darwin-arm64": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.5.tgz", "integrity": "sha512-GtaBgammVvdF7aPIgH2jxMDdivezgFu6iKpmT+48+F8Hhg5J/sfnDieg0aeG/jfSvkYQU2/pceFPDKlqZzwnfQ==", "cpu": [ "arm64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "darwin" ], "engines": { "node": ">=18" } }, "node_modules/@esbuild/darwin-x64": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.5.tgz", "integrity": "sha512-1iT4FVL0dJ76/q1wd7XDsXrSW+oLoquptvh4CLR4kITDtqi2e/xwXwdCVH8hVHU43wgJdsq7Gxuzcs6Iq/7bxQ==", "cpu": [ "x64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "darwin" ], "engines": { "node": ">=18" } }, "node_modules/@esbuild/freebsd-arm64": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.5.tgz", "integrity": "sha512-nk4tGP3JThz4La38Uy/gzyXtpkPW8zSAmoUhK9xKKXdBCzKODMc2adkB2+8om9BDYugz+uGV7sLmpTYzvmz6Sw==", "cpu": [ "arm64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "freebsd" ], "engines": { "node": ">=18" } }, "node_modules/@esbuild/freebsd-x64": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.5.tgz", "integrity": "sha512-PrikaNjiXdR2laW6OIjlbeuCPrPaAl0IwPIaRv+SMV8CiM8i2LqVUHFC1+8eORgWyY7yhQY+2U2fA55mBzReaw==", "cpu": [ "x64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "freebsd" ], "engines": { "node": ">=18" } }, "node_modules/@esbuild/linux-arm": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.5.tgz", "integrity": "sha512-cPzojwW2okgh7ZlRpcBEtsX7WBuqbLrNXqLU89GxWbNt6uIg78ET82qifUy3W6OVww6ZWobWub5oqZOVtwolfw==", "cpu": [ "arm" ], "dev": true, "license": "MIT", "optional": true, "os": [ "linux" ], "engines": { "node": ">=18" } }, "node_modules/@esbuild/linux-arm64": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.5.tgz", "integrity": "sha512-Z9kfb1v6ZlGbWj8EJk9T6czVEjjq2ntSYLY2cw6pAZl4oKtfgQuS4HOq41M/BcoLPzrUbNd+R4BXFyH//nHxVg==", "cpu": [ "arm64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "linux" ], "engines": { "node": ">=18" } }, "node_modules/@esbuild/linux-ia32": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.5.tgz", "integrity": "sha512-sQ7l00M8bSv36GLV95BVAdhJ2QsIbCuCjh/uYrWiMQSUuV+LpXwIqhgJDcvMTj+VsQmqAHL2yYaasENvJ7CDKA==", "cpu": [ "ia32" ], "dev": true, "license": "MIT", "optional": true, "os": [ "linux" ], "engines": { "node": ">=18" } }, "node_modules/@esbuild/linux-loong64": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.5.tgz", "integrity": "sha512-0ur7ae16hDUC4OL5iEnDb0tZHDxYmuQyhKhsPBV8f99f6Z9KQM02g33f93rNH5A30agMS46u2HP6qTdEt6Q1kg==", "cpu": [ "loong64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "linux" ], "engines": { "node": ">=18" } }, "node_modules/@esbuild/linux-mips64el": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.5.tgz", "integrity": "sha512-kB/66P1OsHO5zLz0i6X0RxlQ+3cu0mkxS3TKFvkb5lin6uwZ/ttOkP3Z8lfR9mJOBk14ZwZ9182SIIWFGNmqmg==", "cpu": [ "mips64el" ], "dev": true, "license": "MIT", "optional": true, "os": [ "linux" ], "engines": { "node": ">=18" } }, "node_modules/@esbuild/linux-ppc64": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.5.tgz", "integrity": "sha512-UZCmJ7r9X2fe2D6jBmkLBMQetXPXIsZjQJCjgwpVDz+YMcS6oFR27alkgGv3Oqkv07bxdvw7fyB71/olceJhkQ==", "cpu": [ "ppc64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "linux" ], "engines": { "node": ">=18" } }, "node_modules/@esbuild/linux-riscv64": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.5.tgz", "integrity": "sha512-kTxwu4mLyeOlsVIFPfQo+fQJAV9mh24xL+y+Bm6ej067sYANjyEw1dNHmvoqxJUCMnkBdKpvOn0Ahql6+4VyeA==", "cpu": [ "riscv64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "linux" ], "engines": { "node": ">=18" } }, "node_modules/@esbuild/linux-s390x": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.5.tgz", "integrity": "sha512-K2dSKTKfmdh78uJ3NcWFiqyRrimfdinS5ErLSn3vluHNeHVnBAFWC8a4X5N+7FgVE1EjXS1QDZbpqZBjfrqMTQ==", "cpu": [ "s390x" ], "dev": true, "license": "MIT", "optional": true, "os": [ "linux" ], "engines": { "node": ">=18" } }, "node_modules/@esbuild/linux-x64": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.5.tgz", "integrity": "sha512-uhj8N2obKTE6pSZ+aMUbqq+1nXxNjZIIjCjGLfsWvVpy7gKCOL6rsY1MhRh9zLtUtAI7vpgLMK6DxjO8Qm9lJw==", "cpu": [ "x64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "linux" ], "engines": { "node": ">=18" } }, "node_modules/@esbuild/netbsd-arm64": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.5.tgz", "integrity": "sha512-pwHtMP9viAy1oHPvgxtOv+OkduK5ugofNTVDilIzBLpoWAM16r7b/mxBvfpuQDpRQFMfuVr5aLcn4yveGvBZvw==", "cpu": [ "arm64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "netbsd" ], "engines": { "node": ">=18" } }, "node_modules/@esbuild/netbsd-x64": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.5.tgz", "integrity": "sha512-WOb5fKrvVTRMfWFNCroYWWklbnXH0Q5rZppjq0vQIdlsQKuw6mdSihwSo4RV/YdQ5UCKKvBy7/0ZZYLBZKIbwQ==", "cpu": [ "x64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "netbsd" ], "engines": { "node": ">=18" } }, "node_modules/@esbuild/openbsd-arm64": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.5.tgz", "integrity": "sha512-7A208+uQKgTxHd0G0uqZO8UjK2R0DDb4fDmERtARjSHWxqMTye4Erz4zZafx7Di9Cv+lNHYuncAkiGFySoD+Mw==", "cpu": [ "arm64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "openbsd" ], "engines": { "node": ">=18" } }, "node_modules/@esbuild/openbsd-x64": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.5.tgz", "integrity": "sha512-G4hE405ErTWraiZ8UiSoesH8DaCsMm0Cay4fsFWOOUcz8b8rC6uCvnagr+gnioEjWn0wC+o1/TAHt+It+MpIMg==", "cpu": [ "x64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "openbsd" ], "engines": { "node": ">=18" } }, "node_modules/@esbuild/sunos-x64": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.5.tgz", "integrity": "sha512-l+azKShMy7FxzY0Rj4RCt5VD/q8mG/e+mDivgspo+yL8zW7qEwctQ6YqKX34DTEleFAvCIUviCFX1SDZRSyMQA==", "cpu": [ "x64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "sunos" ], "engines": { "node": ">=18" } }, "node_modules/@esbuild/win32-arm64": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.5.tgz", "integrity": "sha512-O2S7SNZzdcFG7eFKgvwUEZ2VG9D/sn/eIiz8XRZ1Q/DO5a3s76Xv0mdBzVM5j5R639lXQmPmSo0iRpHqUUrsxw==", "cpu": [ "arm64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "win32" ], "engines": { "node": ">=18" } }, "node_modules/@esbuild/win32-ia32": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.5.tgz", "integrity": "sha512-onOJ02pqs9h1iMJ1PQphR+VZv8qBMQ77Klcsqv9CNW2w6yLqoURLcgERAIurY6QE63bbLuqgP9ATqajFLK5AMQ==", "cpu": [ "ia32" ], "dev": true, "license": "MIT", "optional": true, "os": [ "win32" ], "engines": { "node": ">=18" } }, "node_modules/@esbuild/win32-x64": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.5.tgz", "integrity": "sha512-TXv6YnJ8ZMVdX+SXWVBo/0p8LTcrUYngpWjvm91TMjjBQii7Oz11Lw5lbDV5Y0TzuhSJHwiH4hEtC1I42mMS0g==", "cpu": [ "x64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "win32" ], "engines": { "node": ">=18" } }, "node_modules/@hyperjump/browser": { "version": "1.3.1", "resolved": "https://registry.npmjs.org/@hyperjump/browser/-/browser-1.3.1.tgz", "integrity": "sha512-Le5XZUjnVqVjkgLYv6yyWgALat/0HpB1XaCPuCZ+GCFki9NvXloSZITIJ0H+wRW7mb9At1SxvohKBbNQbrr/cw==", "dev": true, "license": "MIT", "dependencies": { "@hyperjump/json-pointer": "^1.1.0", "@hyperjump/uri": "^1.2.0", "content-type": "^1.0.5", "just-curry-it": "^5.3.0" }, "engines": { "node": ">=18.0.0" }, "funding": { "type": "github", "url": "https://github.com/sponsors/jdesrosiers" } }, "node_modules/@hyperjump/json-pointer": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/@hyperjump/json-pointer/-/json-pointer-1.1.0.tgz", "integrity": "sha512-tFCKxMKDKK3VEdtUA3EBOS9GmSOS4mbrTjh9v3RnK10BphDMOb6+bxTh++/ae1AyfHyWb6R54O/iaoAtPMZPCg==", "dev": true, "license": "MIT", "funding": { "type": "github", "url": "https://github.com/sponsors/jdesrosiers" } }, "node_modules/@hyperjump/json-schema": { "version": "1.16.1", "resolved": "https://registry.npmjs.org/@hyperjump/json-schema/-/json-schema-1.16.1.tgz", "integrity": "sha512-GCGQCOJMwAUTcCn7eDFOx5G6uOPFLG2O3tv+vMrHJUHwqeFo4GVO03BcsmX/Xy7dfTP4VgucXyoNjrtyoqb5wA==", "dev": true, "license": "MIT", "dependencies": { "@hyperjump/json-pointer": "^1.1.0", "@hyperjump/pact": "^1.2.0", "@hyperjump/uri": "^1.2.0", "content-type": "^1.0.4", "json-stringify-deterministic": "^1.0.12", "just-curry-it": "^5.3.0", "uuid": "^9.0.0" }, "funding": { "type": "github", "url": "https://github.com/sponsors/jdesrosiers" }, "peerDependencies": { "@hyperjump/browser": "^1.1.0" } }, "node_modules/@hyperjump/json-schema-coverage": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/@hyperjump/json-schema-coverage/-/json-schema-coverage-1.1.1.tgz", "integrity": "sha512-zv2oAL8DHBZEm31XWjqygko7UgEpWzrbsHJ2ONPOVE5n9tgdT1ISprOXcv54dEiB8+o8sZOWN/x6qxtf1NoeyQ==", "dev": true, "license": "MIT", "dependencies": { "@hyperjump/browser": "^1.3.1", "@hyperjump/json-schema": "^1.16.0", "@hyperjump/uri": "^1.3.1", "content-type": "^1.0.5", "ignore": "^7.0.5", "istanbul-lib-coverage": "^3.2.2", "istanbul-lib-report": "^3.0.1", "istanbul-reports": "^3.1.7", "moo": "^0.5.2", "pathe": "^2.0.3", "picomatch": "^4.0.2", "tinyglobby": "^0.2.14", "vfile": "^6.0.3", "yaml": "^2.8.0", "yaml-unist-parser": "^2.0.5" }, "funding": { "type": "github", "url": "https://github.com/sponsors/jdesrosiers" } }, "node_modules/@hyperjump/json-schema-coverage/node_modules/picomatch": { "version": "4.0.2", "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.2.tgz", "integrity": "sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg==", "dev": true, "license": "MIT", "engines": { "node": ">=12" }, "funding": { "url": "https://github.com/sponsors/jonschlinkert" } }, "node_modules/@hyperjump/pact": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/@hyperjump/pact/-/pact-1.4.0.tgz", "integrity": "sha512-01Q7VY6BcAkp9W31Fv+ciiZycxZHGlR2N6ba9BifgyclHYHdbaZgITo0U6QMhYRlem4k8pf8J31/tApxvqAz8A==", "dev": true, "license": "MIT", "funding": { "type": "github", "url": "https://github.com/sponsors/jdesrosiers" } }, "node_modules/@hyperjump/uri": { "version": "1.3.1", "resolved": "https://registry.npmjs.org/@hyperjump/uri/-/uri-1.3.1.tgz", "integrity": "sha512-2ecKymxf6prQMgrNpAvlx4RhsuM5+PFT6oh6uUTZdv5qmBv0RZvxv8LJ7oR30ZxGhdPdZAl4We/1NFc0nqHeAw==", "dev": true, "license": "MIT", "funding": { "type": "github", "url": "https://github.com/sponsors/jdesrosiers" } }, "node_modules/@isaacs/cliui": { "version": "8.0.2", "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz", "integrity": "sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==", "dev": true, "license": "ISC", "dependencies": { "string-width": "^5.1.2", "string-width-cjs": "npm:string-width@^4.2.0", "strip-ansi": "^7.0.1", "strip-ansi-cjs": "npm:strip-ansi@^6.0.1", "wrap-ansi": "^8.1.0", "wrap-ansi-cjs": "npm:wrap-ansi@^7.0.0" }, "engines": { "node": ">=12" } }, "node_modules/@istanbuljs/schema": { "version": "0.1.3", "resolved": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.3.tgz", "integrity": "sha512-ZXRY4jNvVgSVQ8DL3LTcakaAtXwTVUxE81hslsyD2AtoXW/wVob10HkOJ1X/pAlcI7D+2YoZKg5do8G/w6RYgA==", "dev": true, "license": "MIT", "engines": { "node": ">=8" } }, "node_modules/@jridgewell/gen-mapping": { "version": "0.3.12", "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.12.tgz", "integrity": "sha512-OuLGC46TjB5BbN1dH8JULVVZY4WTdkF7tV9Ys6wLL1rubZnCMstOhNHueU5bLCrnRuDhKPDM4g6sw4Bel5Gzqg==", "dev": true, "license": "MIT", "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.0", "@jridgewell/trace-mapping": "^0.3.24" } }, "node_modules/@jridgewell/resolve-uri": { "version": "3.1.2", "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==", "dev": true, "license": "MIT", "engines": { "node": ">=6.0.0" } }, "node_modules/@jridgewell/sourcemap-codec": { "version": "1.5.0", "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.0.tgz", "integrity": "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ==", "dev": true, "license": "MIT" }, "node_modules/@jridgewell/trace-mapping": { "version": "0.3.25", "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz", "integrity": "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ==", "dev": true, "license": "MIT", "dependencies": { "@jridgewell/resolve-uri": "^3.1.0", "@jridgewell/sourcemap-codec": "^1.4.14" } }, "node_modules/@nodelib/fs.scandir": { "version": "2.1.5", "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==", "dev": true, "license": "MIT", "dependencies": { "@nodelib/fs.stat": "2.0.5", "run-parallel": "^1.1.9" }, "engines": { "node": ">= 8" } }, "node_modules/@nodelib/fs.stat": { "version": "2.0.5", "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==", "dev": true, "license": "MIT", "engines": { "node": ">= 8" } }, "node_modules/@nodelib/fs.walk": { "version": "1.2.8", "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==", "dev": true, "license": "MIT", "dependencies": { "@nodelib/fs.scandir": "2.1.5", "fastq": "^1.6.0" }, "engines": { "node": ">= 8" } }, "node_modules/@pkgjs/parseargs": { "version": "0.11.0", "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", "integrity": "sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==", "dev": true, "license": "MIT", "optional": true, "engines": { "node": ">=14" } }, "node_modules/@puppeteer/browsers": { "version": "2.10.6", "resolved": "https://registry.npmjs.org/@puppeteer/browsers/-/browsers-2.10.6.tgz", "integrity": "sha512-pHUn6ZRt39bP3698HFQlu2ZHCkS/lPcpv7fVQcGBSzNNygw171UXAKrCUhy+TEMw4lEttOKDgNpb04hwUAJeiQ==", "license": "Apache-2.0", "dependencies": { "debug": "^4.4.1", "extract-zip": "^2.0.1", "progress": "^2.0.3", "proxy-agent": "^6.5.0", "semver": "^7.7.2", "tar-fs": "^3.1.0", "yargs": "^17.7.2" }, "bin": { "browsers": "lib/cjs/main-cli.js" }, "engines": { "node": ">=18" } }, "node_modules/@puppeteer/browsers/node_modules/ansi-regex": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", "license": "MIT", "engines": { "node": ">=8" } }, "node_modules/@puppeteer/browsers/node_modules/ansi-styles": { "version": "4.3.0", "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", "license": "MIT", "dependencies": { "color-convert": "^2.0.1" }, "engines": { "node": ">=8" }, "funding": { "url": "https://github.com/chalk/ansi-styles?sponsor=1" } }, "node_modules/@puppeteer/browsers/node_modules/cliui": { "version": "8.0.1", "resolved": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz", "integrity": "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==", "license": "ISC", "dependencies": { "string-width": "^4.2.0", "strip-ansi": "^6.0.1", "wrap-ansi": "^7.0.0" }, "engines": { "node": ">=12" } }, "node_modules/@puppeteer/browsers/node_modules/emoji-regex": { "version": "8.0.0", "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", "license": "MIT" }, "node_modules/@puppeteer/browsers/node_modules/string-width": { "version": "4.2.3", "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", "license": "MIT", "dependencies": { "emoji-regex": "^8.0.0", "is-fullwidth-code-point": "^3.0.0", "strip-ansi": "^6.0.1" }, "engines": { "node": ">=8" } }, "node_modules/@puppeteer/browsers/node_modules/strip-ansi": { "version": "6.0.1", "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", "license": "MIT", "dependencies": { "ansi-regex": "^5.0.1" }, "engines": { "node": ">=8" } }, "node_modules/@puppeteer/browsers/node_modules/wrap-ansi": { "version": "7.0.0", "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", "license": "MIT", "dependencies": { "ansi-styles": "^4.0.0", "string-width": "^4.1.0", "strip-ansi": "^6.0.0" }, "engines": { "node": ">=10" }, "funding": { "url": "https://github.com/chalk/wrap-ansi?sponsor=1" } }, "node_modules/@puppeteer/browsers/node_modules/yargs": { "version": "17.7.2", "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz", "integrity": "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==", "license": "MIT", "dependencies": { "cliui": "^8.0.1", "escalade": "^3.1.1", "get-caller-file": "^2.0.5", "require-directory": "^2.1.1", "string-width": "^4.2.3", "y18n": "^5.0.5", "yargs-parser": "^21.1.1" }, "engines": { "node": ">=12" } }, "node_modules/@rollup/rollup-android-arm-eabi": { "version": "4.43.0", "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.43.0.tgz", "integrity": "sha512-Krjy9awJl6rKbruhQDgivNbD1WuLb8xAclM4IR4cN5pHGAs2oIMMQJEiC3IC/9TZJ+QZkmZhlMO/6MBGxPidpw==", "cpu": [ "arm" ], "dev": true, "license": "MIT", "optional": true, "os": [ "android" ] }, "node_modules/@rollup/rollup-android-arm64": { "version": "4.43.0", "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.43.0.tgz", "integrity": "sha512-ss4YJwRt5I63454Rpj+mXCXicakdFmKnUNxr1dLK+5rv5FJgAxnN7s31a5VchRYxCFWdmnDWKd0wbAdTr0J5EA==", "cpu": [ "arm64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "android" ] }, "node_modules/@rollup/rollup-darwin-arm64": { "version": "4.43.0", "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.43.0.tgz", "integrity": "sha512-eKoL8ykZ7zz8MjgBenEF2OoTNFAPFz1/lyJ5UmmFSz5jW+7XbH1+MAgCVHy72aG59rbuQLcJeiMrP8qP5d/N0A==", "cpu": [ "arm64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "darwin" ] }, "node_modules/@rollup/rollup-darwin-x64": { "version": "4.43.0", "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.43.0.tgz", "integrity": "sha512-SYwXJgaBYW33Wi/q4ubN+ldWC4DzQY62S4Ll2dgfr/dbPoF50dlQwEaEHSKrQdSjC6oIe1WgzosoaNoHCdNuMg==", "cpu": [ "x64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "darwin" ] }, "node_modules/@rollup/rollup-freebsd-arm64": { "version": "4.43.0", "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.43.0.tgz", "integrity": "sha512-SV+U5sSo0yujrjzBF7/YidieK2iF6E7MdF6EbYxNz94lA+R0wKl3SiixGyG/9Klab6uNBIqsN7j4Y/Fya7wAjQ==", "cpu": [ "arm64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "freebsd" ] }, "node_modules/@rollup/rollup-freebsd-x64": { "version": "4.43.0", "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.43.0.tgz", "integrity": "sha512-J7uCsiV13L/VOeHJBo5SjasKiGxJ0g+nQTrBkAsmQBIdil3KhPnSE9GnRon4ejX1XDdsmK/l30IYLiAaQEO0Cg==", "cpu": [ "x64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "freebsd" ] }, "node_modules/@rollup/rollup-linux-arm-gnueabihf": { "version": "4.43.0", "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.43.0.tgz", "integrity": "sha512-gTJ/JnnjCMc15uwB10TTATBEhK9meBIY+gXP4s0sHD1zHOaIh4Dmy1X9wup18IiY9tTNk5gJc4yx9ctj/fjrIw==", "cpu": [ "arm" ], "dev": true, "license": "MIT", "optional": true, "os": [ "linux" ] }, "node_modules/@rollup/rollup-linux-arm-musleabihf": { "version": "4.43.0", "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.43.0.tgz", "integrity": "sha512-ZJ3gZynL1LDSIvRfz0qXtTNs56n5DI2Mq+WACWZ7yGHFUEirHBRt7fyIk0NsCKhmRhn7WAcjgSkSVVxKlPNFFw==", "cpu": [ "arm" ], "dev": true, "license": "MIT", "optional": true, "os": [ "linux" ] }, "node_modules/@rollup/rollup-linux-arm64-gnu": { "version": "4.43.0", "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.43.0.tgz", "integrity": "sha512-8FnkipasmOOSSlfucGYEu58U8cxEdhziKjPD2FIa0ONVMxvl/hmONtX/7y4vGjdUhjcTHlKlDhw3H9t98fPvyA==", "cpu": [ "arm64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "linux" ] }, "node_modules/@rollup/rollup-linux-arm64-musl": { "version": "4.43.0", "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.43.0.tgz", "integrity": "sha512-KPPyAdlcIZ6S9C3S2cndXDkV0Bb1OSMsX0Eelr2Bay4EsF9yi9u9uzc9RniK3mcUGCLhWY9oLr6er80P5DE6XA==", "cpu": [ "arm64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "linux" ] }, "node_modules/@rollup/rollup-linux-loongarch64-gnu": { "version": "4.43.0", "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loongarch64-gnu/-/rollup-linux-loongarch64-gnu-4.43.0.tgz", "integrity": "sha512-HPGDIH0/ZzAZjvtlXj6g+KDQ9ZMHfSP553za7o2Odegb/BEfwJcR0Sw0RLNpQ9nC6Gy8s+3mSS9xjZ0n3rhcYg==", "cpu": [ "loong64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "linux" ] }, "node_modules/@rollup/rollup-linux-powerpc64le-gnu": { "version": "4.43.0", "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-powerpc64le-gnu/-/rollup-linux-powerpc64le-gnu-4.43.0.tgz", "integrity": "sha512-gEmwbOws4U4GLAJDhhtSPWPXUzDfMRedT3hFMyRAvM9Mrnj+dJIFIeL7otsv2WF3D7GrV0GIewW0y28dOYWkmw==", "cpu": [ "ppc64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "linux" ] }, "node_modules/@rollup/rollup-linux-riscv64-gnu": { "version": "4.43.0", "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.43.0.tgz", "integrity": "sha512-XXKvo2e+wFtXZF/9xoWohHg+MuRnvO29TI5Hqe9xwN5uN8NKUYy7tXUG3EZAlfchufNCTHNGjEx7uN78KsBo0g==", "cpu": [ "riscv64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "linux" ] }, "node_modules/@rollup/rollup-linux-riscv64-musl": { "version": "4.43.0", "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.43.0.tgz", "integrity": "sha512-ruf3hPWhjw6uDFsOAzmbNIvlXFXlBQ4nk57Sec8E8rUxs/AI4HD6xmiiasOOx/3QxS2f5eQMKTAwk7KHwpzr/Q==", "cpu": [ "riscv64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "linux" ] }, "node_modules/@rollup/rollup-linux-s390x-gnu": { "version": "4.43.0", "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.43.0.tgz", "integrity": "sha512-QmNIAqDiEMEvFV15rsSnjoSmO0+eJLoKRD9EAa9rrYNwO/XRCtOGM3A5A0X+wmG+XRrw9Fxdsw+LnyYiZWWcVw==", "cpu": [ "s390x" ], "dev": true, "license": "MIT", "optional": true, "os": [ "linux" ] }, "node_modules/@rollup/rollup-linux-x64-gnu": { "version": "4.43.0", "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.43.0.tgz", "integrity": "sha512-jAHr/S0iiBtFyzjhOkAics/2SrXE092qyqEg96e90L3t9Op8OTzS6+IX0Fy5wCt2+KqeHAkti+eitV0wvblEoQ==", "cpu": [ "x64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "linux" ] }, "node_modules/@rollup/rollup-linux-x64-musl": { "version": "4.43.0", "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.43.0.tgz", "integrity": "sha512-3yATWgdeXyuHtBhrLt98w+5fKurdqvs8B53LaoKD7P7H7FKOONLsBVMNl9ghPQZQuYcceV5CDyPfyfGpMWD9mQ==", "cpu": [ "x64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "linux" ] }, "node_modules/@rollup/rollup-win32-arm64-msvc": { "version": "4.43.0", "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.43.0.tgz", "integrity": "sha512-wVzXp2qDSCOpcBCT5WRWLmpJRIzv23valvcTwMHEobkjippNf+C3ys/+wf07poPkeNix0paTNemB2XrHr2TnGw==", "cpu": [ "arm64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "win32" ] }, "node_modules/@rollup/rollup-win32-ia32-msvc": { "version": "4.43.0", "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.43.0.tgz", "integrity": "sha512-fYCTEyzf8d+7diCw8b+asvWDCLMjsCEA8alvtAutqJOJp/wL5hs1rWSqJ1vkjgW0L2NB4bsYJrpKkiIPRR9dvw==", "cpu": [ "ia32" ], "dev": true, "license": "MIT", "optional": true, "os": [ "win32" ] }, "node_modules/@rollup/rollup-win32-x64-msvc": { "version": "4.43.0", "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.43.0.tgz", "integrity": "sha512-SnGhLiE5rlK0ofq8kzuDkM0g7FN1s5VYY+YSMTibP7CqShxCQvqtNxTARS4xX4PFJfHjG0ZQYX9iGzI3FQh5Aw==", "cpu": [ "x64" ], "dev": true, "license": "MIT", "optional": true, "os": [ "win32" ] }, "node_modules/@sindresorhus/merge-streams": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/@sindresorhus/merge-streams/-/merge-streams-2.3.0.tgz", "integrity": "sha512-LtoMMhxAlorcGhmFYI+LhPgbPZCkgP6ra1YL604EeF6U98pLlQ3iWIGMdWSC+vWmPBWBNgmDBAhnAobLROJmwg==", "dev": true, "license": "MIT", "engines": { "node": ">=18" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/@tootallnate/quickjs-emscripten": { "version": "0.23.0", "resolved": "https://registry.npmjs.org/@tootallnate/quickjs-emscripten/-/quickjs-emscripten-0.23.0.tgz", "integrity": "sha512-C5Mc6rdnsaJDjO3UpGW/CQTHtCKaYlScZTly4JIu97Jxo/odCiH0ITnDXSJPTOrEKk/ycSZ0AOgTmkDtkOsvIA==", "license": "MIT" }, "node_modules/@types/chai": { "version": "5.2.2", "resolved": "https://registry.npmjs.org/@types/chai/-/chai-5.2.2.tgz", "integrity": "sha512-8kB30R7Hwqf40JPiKhVzodJs2Qc1ZJ5zuT3uzw5Hq/dhNCl3G3l83jfpdI1e20BP348+fV7VIL/+FxaXkqBmWg==", "dev": true, "license": "MIT", "dependencies": { "@types/deep-eql": "*" } }, "node_modules/@types/debug": { "version": "4.1.12", "resolved": "https://registry.npmjs.org/@types/debug/-/debug-4.1.12.tgz", "integrity": "sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==", "dev": true, "license": "MIT", "dependencies": { "@types/ms": "*" } }, "node_modules/@types/deep-eql": { "version": "4.0.2", "resolved": "https://registry.npmjs.org/@types/deep-eql/-/deep-eql-4.0.2.tgz", "integrity": "sha512-c9h9dVVMigMPc4bwTvC5dxqtqJZwQPePsWjPlpSOnojbor6pGqdk541lfA7AqFQr5pB1BRdq0juY9db81BwyFw==", "dev": true, "license": "MIT" }, "node_modules/@types/estree": { "version": "1.0.8", "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz", "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==", "dev": true, "license": "MIT" }, "node_modules/@types/istanbul-lib-coverage": { "version": "2.0.6", "resolved": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.6.tgz", "integrity": "sha512-2QF/t/auWm0lsy8XtKVPG19v3sSOQlJe/YHZgfjb/KBBHOGSV+J2q/S671rcq9uTBrLAXmZpqJiaQbMT+zNU1w==", "dev": true, "license": "MIT" }, "node_modules/@types/katex": { "version": "0.16.7", "resolved": "https://registry.npmjs.org/@types/katex/-/katex-0.16.7.tgz", "integrity": "sha512-HMwFiRujE5PjrgwHQ25+bsLJgowjGjm5Z8FVSf0N6PwgJrwxH0QxzHYDcKsTfV3wva0vzrpqMTJS2jXPr5BMEQ==", "dev": true, "license": "MIT" }, "node_modules/@types/ms": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/@types/ms/-/ms-2.1.0.tgz", "integrity": "sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==", "dev": true, "license": "MIT" }, "node_modules/@types/node": { "version": "22.14.1", "resolved": "https://registry.npmjs.org/@types/node/-/node-22.14.1.tgz", "integrity": "sha512-u0HuPQwe/dHrItgHHpmw3N2fYCR6x4ivMNbPHRkBVP4CvN+kiRrKHWk3i8tXiO/joPwXLMYvF9TTF0eqgHIuOw==", "license": "MIT", "optional": true, "dependencies": { "undici-types": "~6.21.0" } }, "node_modules/@types/unist": { "version": "2.0.11", "resolved": "https://registry.npmjs.org/@types/unist/-/unist-2.0.11.tgz", "integrity": "sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA==", "dev": true, "license": "MIT" }, "node_modules/@types/yauzl": { "version": "2.10.3", "resolved": "https://registry.npmjs.org/@types/yauzl/-/yauzl-2.10.3.tgz", "integrity": "sha512-oJoftv0LSuaDZE3Le4DbKX+KS9G36NzOeSap90UIK0yMA/NhKJhqlSGtNDORNRaIbQfzjXDrQa0ytJ6mNRGz/Q==", "license": "MIT", "optional": true, "dependencies": { "@types/node": "*" } }, "node_modules/@vitest/coverage-v8": { "version": "3.2.4", "resolved": "https://registry.npmjs.org/@vitest/coverage-v8/-/coverage-v8-3.2.4.tgz", "integrity": "sha512-EyF9SXU6kS5Ku/U82E259WSnvg6c8KTjppUncuNdm5QHpe17mwREHnjDzozC8x9MZ0xfBUFSaLkRv4TMA75ALQ==", "dev": true, "license": "MIT", "dependencies": { "@ampproject/remapping": "^2.3.0", "@bcoe/v8-coverage": "^1.0.2", "ast-v8-to-istanbul": "^0.3.3", "debug": "^4.4.1", "istanbul-lib-coverage": "^3.2.2", "istanbul-lib-report": "^3.0.1", "istanbul-lib-source-maps": "^5.0.6", "istanbul-reports": "^3.1.7", "magic-string": "^0.30.17", "magicast": "^0.3.5", "std-env": "^3.9.0", "test-exclude": "^7.0.1", "tinyrainbow": "^2.0.0" }, "funding": { "url": "https://opencollective.com/vitest" }, "peerDependencies": { "@vitest/browser": "3.2.4", "vitest": "3.2.4" }, "peerDependenciesMeta": { "@vitest/browser": { "optional": true } } }, "node_modules/@vitest/expect": { "version": "3.2.4", "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-3.2.4.tgz", "integrity": "sha512-Io0yyORnB6sikFlt8QW5K7slY4OjqNX9jmJQ02QDda8lyM6B5oNgVWoSoKPac8/kgnCUzuHQKrSLtu/uOqqrig==", "dev": true, "license": "MIT", "dependencies": { "@types/chai": "^5.2.2", "@vitest/spy": "3.2.4", "@vitest/utils": "3.2.4", "chai": "^5.2.0", "tinyrainbow": "^2.0.0" }, "funding": { "url": "https://opencollective.com/vitest" } }, "node_modules/@vitest/mocker": { "version": "3.2.4", "resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-3.2.4.tgz", "integrity": "sha512-46ryTE9RZO/rfDd7pEqFl7etuyzekzEhUbTW3BvmeO/BcCMEgq59BKhek3dXDWgAj4oMK6OZi+vRr1wPW6qjEQ==", "dev": true, "license": "MIT", "dependencies": { "@vitest/spy": "3.2.4", "estree-walker": "^3.0.3", "magic-string": "^0.30.17" }, "funding": { "url": "https://opencollective.com/vitest" }, "peerDependencies": { "msw": "^2.4.9", "vite": "^5.0.0 || ^6.0.0 || ^7.0.0-0" }, "peerDependenciesMeta": { "msw": { "optional": true }, "vite": { "optional": true } } }, "node_modules/@vitest/pretty-format": { "version": "3.2.4", "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-3.2.4.tgz", "integrity": "sha512-IVNZik8IVRJRTr9fxlitMKeJeXFFFN0JaB9PHPGQ8NKQbGpfjlTx9zO4RefN8gp7eqjNy8nyK3NZmBzOPeIxtA==", "dev": true, "license": "MIT", "dependencies": { "tinyrainbow": "^2.0.0" }, "funding": { "url": "https://opencollective.com/vitest" } }, "node_modules/@vitest/runner": { "version": "3.2.4", "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-3.2.4.tgz", "integrity": "sha512-oukfKT9Mk41LreEW09vt45f8wx7DordoWUZMYdY/cyAk7w5TWkTRCNZYF7sX7n2wB7jyGAl74OxgwhPgKaqDMQ==", "dev": true, "license": "MIT", "dependencies": { "@vitest/utils": "3.2.4", "pathe": "^2.0.3", "strip-literal": "^3.0.0" }, "funding": { "url": "https://opencollective.com/vitest" } }, "node_modules/@vitest/snapshot": { "version": "3.2.4", "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-3.2.4.tgz", "integrity": "sha512-dEYtS7qQP2CjU27QBC5oUOxLE/v5eLkGqPE0ZKEIDGMs4vKWe7IjgLOeauHsR0D5YuuycGRO5oSRXnwnmA78fQ==", "dev": true, "license": "MIT", "dependencies": { "@vitest/pretty-format": "3.2.4", "magic-string": "^0.30.17", "pathe": "^2.0.3" }, "funding": { "url": "https://opencollective.com/vitest" } }, "node_modules/@vitest/spy": { "version": "3.2.4", "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-3.2.4.tgz", "integrity": "sha512-vAfasCOe6AIK70iP5UD11Ac4siNUNJ9i/9PZ3NKx07sG6sUxeag1LWdNrMWeKKYBLlzuK+Gn65Yd5nyL6ds+nw==", "dev": true, "license": "MIT", "dependencies": { "tinyspy": "^4.0.3" }, "funding": { "url": "https://opencollective.com/vitest" } }, "node_modules/@vitest/utils": { "version": "3.2.4", "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-3.2.4.tgz", "integrity": "sha512-fB2V0JFrQSMsCo9HiSq3Ezpdv4iYaXRG1Sx8edX3MwxfyNn83mKiGzOcH+Fkxt4MHxr3y42fQi1oeAInqgX2QA==", "dev": true, "license": "MIT", "dependencies": { "@vitest/pretty-format": "3.2.4", "loupe": "^3.1.4", "tinyrainbow": "^2.0.0" }, "funding": { "url": "https://opencollective.com/vitest" } }, "node_modules/agent-base": { "version": "7.1.4", "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.4.tgz", "integrity": "sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ==", "license": "MIT", "engines": { "node": ">= 14" } }, "node_modules/ansi-regex": { "version": "6.1.0", "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.1.0.tgz", "integrity": "sha512-7HSX4QQb4CspciLpVFwyRe79O3xsIZDDLER21kERQ71oaPodF8jL725AgJMFAYbooIqolJoRLuM81SpeUkpkvA==", "license": "MIT", "engines": { "node": ">=12" }, "funding": { "url": "https://github.com/chalk/ansi-regex?sponsor=1" } }, "node_modules/ansi-styles": { "version": "6.2.1", "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz", "integrity": "sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==", "license": "MIT", "engines": { "node": ">=12" }, "funding": { "url": "https://github.com/chalk/ansi-styles?sponsor=1" } }, "node_modules/argparse": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", "license": "Python-2.0" }, "node_modules/assertion-error": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/assertion-error/-/assertion-error-2.0.1.tgz", "integrity": "sha512-Izi8RQcffqCeNVgFigKli1ssklIbpHnCYc6AknXGYoB6grJqyeby7jv12JUQgmTAnIDnbck1uxksT4dzN3PWBA==", "dev": true, "license": "MIT", "engines": { "node": ">=12" } }, "node_modules/ast-types": { "version": "0.13.4", "resolved": "https://registry.npmjs.org/ast-types/-/ast-types-0.13.4.tgz", "integrity": "sha512-x1FCFnFifvYDDzTaLII71vG5uvDwgtmDTEVWAxrgeiR8VjMONcCXJx7E+USjDtHlwFmt9MysbqgF9b9Vjr6w+w==", "license": "MIT", "dependencies": { "tslib": "^2.0.1" }, "engines": { "node": ">=4" } }, "node_modules/ast-v8-to-istanbul": { "version": "0.3.3", "resolved": "https://registry.npmjs.org/ast-v8-to-istanbul/-/ast-v8-to-istanbul-0.3.3.tgz", "integrity": "sha512-MuXMrSLVVoA6sYN/6Hke18vMzrT4TZNbZIj/hvh0fnYFpO+/kFXcLIaiPwXXWaQUPg4yJD8fj+lfJ7/1EBconw==", "dev": true, "license": "MIT", "dependencies": { "@jridgewell/trace-mapping": "^0.3.25", "estree-walker": "^3.0.3", "js-tokens": "^9.0.1" } }, "node_modules/ast-v8-to-istanbul/node_modules/js-tokens": { "version": "9.0.1", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-9.0.1.tgz", "integrity": "sha512-mxa9E9ITFOt0ban3j6L5MpjwegGz6lBQmM1IJkWeBZGcMxto50+eWdjC/52xDbS2vy0k7vIMK0Fe2wfL9OQSpQ==", "dev": true, "license": "MIT" }, "node_modules/b4a": { "version": "1.6.7", "resolved": "https://registry.npmjs.org/b4a/-/b4a-1.6.7.tgz", "integrity": "sha512-OnAYlL5b7LEkALw87fUVafQw5rVR9RjwGd4KUwNQ6DrrNmaVaUCgLipfVlzrPQ4tWOR9P0IXGNOx50jYCCdSJg==", "license": "Apache-2.0" }, "node_modules/balanced-match": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", "dev": true, "license": "MIT" }, "node_modules/bare-events": { "version": "2.6.1", "resolved": "https://registry.npmjs.org/bare-events/-/bare-events-2.6.1.tgz", "integrity": "sha512-AuTJkq9XmE6Vk0FJVNq5QxETrSA/vKHarWVBG5l/JbdCL1prJemiyJqUS0jrlXO0MftuPq4m3YVYhoNc5+aE/g==", "license": "Apache-2.0", "optional": true }, "node_modules/bare-fs": { "version": "4.2.0", "resolved": "https://registry.npmjs.org/bare-fs/-/bare-fs-4.2.0.tgz", "integrity": "sha512-oRfrw7gwwBVAWx9S5zPMo2iiOjxyiZE12DmblmMQREgcogbNO0AFaZ+QBxxkEXiPspcpvO/Qtqn8LabUx4uYXg==", "license": "Apache-2.0", "optional": true, "dependencies": { "bare-events": "^2.5.4", "bare-path": "^3.0.0", "bare-stream": "^2.6.4" }, "engines": { "bare": ">=1.16.0" }, "peerDependencies": { "bare-buffer": "*" }, "peerDependenciesMeta": { "bare-buffer": { "optional": true } } }, "node_modules/bare-os": { "version": "3.6.1", "resolved": "https://registry.npmjs.org/bare-os/-/bare-os-3.6.1.tgz", "integrity": "sha512-uaIjxokhFidJP+bmmvKSgiMzj2sV5GPHaZVAIktcxcpCyBFFWO+YlikVAdhmUo2vYFvFhOXIAlldqV29L8126g==", "license": "Apache-2.0", "optional": true, "engines": { "bare": ">=1.14.0" } }, "node_modules/bare-path": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/bare-path/-/bare-path-3.0.0.tgz", "integrity": "sha512-tyfW2cQcB5NN8Saijrhqn0Zh7AnFNsnczRcuWODH0eYAXBsJ5gVxAUuNr7tsHSC6IZ77cA0SitzT+s47kot8Mw==", "license": "Apache-2.0", "optional": true, "dependencies": { "bare-os": "^3.0.1" } }, "node_modules/bare-stream": { "version": "2.6.5", "resolved": "https://registry.npmjs.org/bare-stream/-/bare-stream-2.6.5.tgz", "integrity": "sha512-jSmxKJNJmHySi6hC42zlZnq00rga4jjxcgNZjY9N5WlOe/iOoGRtdwGsHzQv2RlH2KOYMwGUXhf2zXd32BA9RA==", "license": "Apache-2.0", "optional": true, "dependencies": { "streamx": "^2.21.0" }, "peerDependencies": { "bare-buffer": "*", "bare-events": "*" }, "peerDependenciesMeta": { "bare-buffer": { "optional": true }, "bare-events": { "optional": true } } }, "node_modules/basic-ftp": { "version": "5.0.5", "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.0.5.tgz", "integrity": "sha512-4Bcg1P8xhUuqcii/S0Z9wiHIrQVPMermM1any+MX5GeGD7faD3/msQUDGLol9wOcz4/jbg/WJnGqoJF6LiBdtg==", "license": "MIT", "engines": { "node": ">=10.0.0" } }, "node_modules/boolbase": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/boolbase/-/boolbase-1.0.0.tgz", "integrity": "sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==", "license": "ISC" }, "node_modules/brace-expansion": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", "dev": true, "license": "MIT", "dependencies": { "balanced-match": "^1.0.0" } }, "node_modules/braces": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", "dev": true, "license": "MIT", "dependencies": { "fill-range": "^7.1.1" }, "engines": { "node": ">=8" } }, "node_modules/buffer-crc32": { "version": "0.2.13", "resolved": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz", "integrity": "sha512-VO9Ht/+p3SN7SKWqcrgEzjGbRSJYTx+Q1pTQC0wrWqHx0vpJraQ6GtHx8tvcg1rlK1byhU5gccxgOgj7B0TDkQ==", "license": "MIT", "engines": { "node": "*" } }, "node_modules/c8": { "version": "10.1.3", "resolved": "https://registry.npmjs.org/c8/-/c8-10.1.3.tgz", "integrity": "sha512-LvcyrOAaOnrrlMpW22n690PUvxiq4Uf9WMhQwNJ9vgagkL/ph1+D4uvjvDA5XCbykrc0sx+ay6pVi9YZ1GnhyA==", "dev": true, "license": "ISC", "dependencies": { "@bcoe/v8-coverage": "^1.0.1", "@istanbuljs/schema": "^0.1.3", "find-up": "^5.0.0", "foreground-child": "^3.1.1", "istanbul-lib-coverage": "^3.2.0", "istanbul-lib-report": "^3.0.1", "istanbul-reports": "^3.1.6", "test-exclude": "^7.0.1", "v8-to-istanbul": "^9.0.0", "yargs": "^17.7.2", "yargs-parser": "^21.1.1" }, "bin": { "c8": "bin/c8.js" }, "engines": { "node": ">=18" }, "peerDependencies": { "monocart-coverage-reports": "^2" }, "peerDependenciesMeta": { "monocart-coverage-reports": { "optional": true } } }, "node_modules/c8/node_modules/ansi-regex": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", "dev": true, "license": "MIT", "engines": { "node": ">=8" } }, "node_modules/c8/node_modules/ansi-styles": { "version": "4.3.0", "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", "dev": true, "license": "MIT", "dependencies": { "color-convert": "^2.0.1" }, "engines": { "node": ">=8" }, "funding": { "url": "https://github.com/chalk/ansi-styles?sponsor=1" } }, "node_modules/c8/node_modules/cliui": { "version": "8.0.1", "resolved": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz", "integrity": "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==", "dev": true, "license": "ISC", "dependencies": { "string-width": "^4.2.0", "strip-ansi": "^6.0.1", "wrap-ansi": "^7.0.0" }, "engines": { "node": ">=12" } }, "node_modules/c8/node_modules/emoji-regex": { "version": "8.0.0", "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", "dev": true, "license": "MIT" }, "node_modules/c8/node_modules/string-width": { "version": "4.2.3", "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", "dev": true, "license": "MIT", "dependencies": { "emoji-regex": "^8.0.0", "is-fullwidth-code-point": "^3.0.0", "strip-ansi": "^6.0.1" }, "engines": { "node": ">=8" } }, "node_modules/c8/node_modules/strip-ansi": { "version": "6.0.1", "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", "dev": true, "license": "MIT", "dependencies": { "ansi-regex": "^5.0.1" }, "engines": { "node": ">=8" } }, "node_modules/c8/node_modules/wrap-ansi": { "version": "7.0.0", "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", "dev": true, "license": "MIT", "dependencies": { "ansi-styles": "^4.0.0", "string-width": "^4.1.0", "strip-ansi": "^6.0.0" }, "engines": { "node": ">=10" }, "funding": { "url": "https://github.com/chalk/wrap-ansi?sponsor=1" } }, "node_modules/c8/node_modules/yargs": { "version": "17.7.2", "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz", "integrity": "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==", "dev": true, "license": "MIT", "dependencies": { "cliui": "^8.0.1", "escalade": "^3.1.1", "get-caller-file": "^2.0.5", "require-directory": "^2.1.1", "string-width": "^4.2.3", "y18n": "^5.0.5", "yargs-parser": "^21.1.1" }, "engines": { "node": ">=12" } }, "node_modules/cac": { "version": "6.7.14", "resolved": "https://registry.npmjs.org/cac/-/cac-6.7.14.tgz", "integrity": "sha512-b6Ilus+c3RrdDk+JhLKUAQfzzgLEPy6wcXqS7f/xe1EETvsDP6GORG7SFuOs6cID5YkqchW/LXZbX5bc8j7ZcQ==", "dev": true, "license": "MIT", "engines": { "node": ">=8" } }, "node_modules/callsites": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", "integrity": "sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==", "license": "MIT", "engines": { "node": ">=6" } }, "node_modules/chai": { "version": "5.2.0", "resolved": "https://registry.npmjs.org/chai/-/chai-5.2.0.tgz", "integrity": "sha512-mCuXncKXk5iCLhfhwTc0izo0gtEmpz5CtG2y8GiOINBlMVS6v8TMRc5TaLWKS6692m9+dVVfzgeVxR5UxWHTYw==", "dev": true, "license": "MIT", "dependencies": { "assertion-error": "^2.0.1", "check-error": "^2.1.1", "deep-eql": "^5.0.1", "loupe": "^3.1.0", "pathval": "^2.0.0" }, "engines": { "node": ">=12" } }, "node_modules/character-entities": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/character-entities/-/character-entities-2.0.2.tgz", "integrity": "sha512-shx7oQ0Awen/BRIdkjkvz54PnEEI/EjwXDSIZp86/KKdbafHh1Df/RYGBhn4hbe2+uKC9FnT5UCEdyPz3ai9hQ==", "dev": true, "license": "MIT", "funding": { "type": "github", "url": "https://github.com/sponsors/wooorm" } }, "node_modules/character-entities-legacy": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/character-entities-legacy/-/character-entities-legacy-3.0.0.tgz", "integrity": "sha512-RpPp0asT/6ufRm//AJVwpViZbGM/MkjQFxJccQRHmISF/22NBtsHqAWmL+/pmkPWoIUJdWyeVleTl1wydHATVQ==", "dev": true, "license": "MIT", "funding": { "type": "github", "url": "https://github.com/sponsors/wooorm" } }, "node_modules/character-reference-invalid": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/character-reference-invalid/-/character-reference-invalid-2.0.1.tgz", "integrity": "sha512-iBZ4F4wRbyORVsu0jPV7gXkOsGYjGHPmAyv+HiHG8gi5PtC9KI2j1+v8/tlibRvjoWX027ypmG/n0HtO5t7unw==", "dev": true, "license": "MIT", "funding": { "type": "github", "url": "https://github.com/sponsors/wooorm" } }, "node_modules/check-error": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/check-error/-/check-error-2.1.1.tgz", "integrity": "sha512-OAlb+T7V4Op9OwdkjmguYRqncdlx5JiofwOAUkmTF+jNdHwzTaTs4sRAGpzLF3oOz5xAyDGrPgeIDFQmDOTiJw==", "dev": true, "license": "MIT", "engines": { "node": ">= 16" } }, "node_modules/cheerio": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/cheerio/-/cheerio-1.1.2.tgz", "integrity": "sha512-IkxPpb5rS/d1IiLbHMgfPuS0FgiWTtFIm/Nj+2woXDLTZ7fOT2eqzgYbdMlLweqlHbsZjxEChoVK+7iph7jyQg==", "license": "MIT", "dependencies": { "cheerio-select": "^2.1.0", "dom-serializer": "^2.0.0", "domhandler": "^5.0.3", "domutils": "^3.2.2", "encoding-sniffer": "^0.2.1", "htmlparser2": "^10.0.0", "parse5": "^7.3.0", "parse5-htmlparser2-tree-adapter": "^7.1.0", "parse5-parser-stream": "^7.1.2", "undici": "^7.12.0", "whatwg-mimetype": "^4.0.0" }, "engines": { "node": ">=20.18.1" }, "funding": { "url": "https://github.com/cheeriojs/cheerio?sponsor=1" } }, "node_modules/cheerio-select": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/cheerio-select/-/cheerio-select-2.1.0.tgz", "integrity": "sha512-9v9kG0LvzrlcungtnJtpGNxY+fzECQKhK4EGJX2vByejiMX84MFNQw4UxPJl3bFbTMw+Dfs37XaIkCwTZfLh4g==", "license": "BSD-2-Clause", "dependencies": { "boolbase": "^1.0.0", "css-select": "^5.1.0", "css-what": "^6.1.0", "domelementtype": "^2.3.0", "domhandler": "^5.0.3", "domutils": "^3.0.1" }, "funding": { "url": "https://github.com/sponsors/fb55" } }, "node_modules/chromium-bidi": { "version": "7.3.1", "resolved": "https://registry.npmjs.org/chromium-bidi/-/chromium-bidi-7.3.1.tgz", "integrity": "sha512-i+BMGluhZZc4Jic9L1aHJBTfaopxmCqQxGklyMcqFx4fvF3nI4BJ3bCe1ad474nvYRIo/ZN/VrdA4eOaRZua4Q==", "license": "Apache-2.0", "dependencies": { "mitt": "^3.0.1", "zod": "^3.24.1" }, "peerDependencies": { "devtools-protocol": "*" } }, "node_modules/cliui": { "version": "9.0.1", "resolved": "https://registry.npmjs.org/cliui/-/cliui-9.0.1.tgz", "integrity": "sha512-k7ndgKhwoQveBL+/1tqGJYNz097I7WOvwbmmU2AR5+magtbjPWQTS1C5vzGkBC8Ym8UWRzfKUzUUqFLypY4Q+w==", "license": "ISC", "dependencies": { "string-width": "^7.2.0", "strip-ansi": "^7.1.0", "wrap-ansi": "^9.0.0" }, "engines": { "node": ">=20" } }, "node_modules/cliui/node_modules/emoji-regex": { "version": "10.4.0", "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.4.0.tgz", "integrity": "sha512-EC+0oUMY1Rqm4O6LLrgjtYDvcVYTy7chDnM4Q7030tP4Kwj3u/pR6gP9ygnp2CJMK5Gq+9Q2oqmrFJAz01DXjw==", "license": "MIT" }, "node_modules/cliui/node_modules/string-width": { "version": "7.2.0", "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.2.0.tgz", "integrity": "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ==", "license": "MIT", "dependencies": { "emoji-regex": "^10.3.0", "get-east-asian-width": "^1.0.0", "strip-ansi": "^7.1.0" }, "engines": { "node": ">=18" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/cliui/node_modules/wrap-ansi": { "version": "9.0.0", "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-9.0.0.tgz", "integrity": "sha512-G8ura3S+3Z2G+mkgNRq8dqaFZAuxfsxpBB8OCTGRTCtp+l/v9nbFNmCUP1BZMts3G1142MsZfn6eeUKrr4PD1Q==", "license": "MIT", "dependencies": { "ansi-styles": "^6.2.1", "string-width": "^7.0.0", "strip-ansi": "^7.1.0" }, "engines": { "node": ">=18" }, "funding": { "url": "https://github.com/chalk/wrap-ansi?sponsor=1" } }, "node_modules/color-convert": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", "license": "MIT", "dependencies": { "color-name": "~1.1.4" }, "engines": { "node": ">=7.0.0" } }, "node_modules/color-name": { "version": "1.1.4", "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", "license": "MIT" }, "node_modules/colors": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/colors/-/colors-1.4.0.tgz", "integrity": "sha512-a+UqTh4kgZg/SlGvfbzDHpgRu7AAQOmmqRHJnxhRZICKFUT91brVhNNt58CMWU9PsBbv3PDCZUHbVxuDiH2mtA==", "license": "MIT", "engines": { "node": ">=0.1.90" } }, "node_modules/commander": { "version": "8.3.0", "resolved": "https://registry.npmjs.org/commander/-/commander-8.3.0.tgz", "integrity": "sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww==", "dev": true, "license": "MIT", "engines": { "node": ">= 12" } }, "node_modules/content-type": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==", "dev": true, "license": "MIT", "engines": { "node": ">= 0.6" } }, "node_modules/convert-source-map": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", "integrity": "sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==", "dev": true, "license": "MIT" }, "node_modules/cosmiconfig": { "version": "9.0.0", "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-9.0.0.tgz", "integrity": "sha512-itvL5h8RETACmOTFc4UfIyB2RfEHi71Ax6E/PivVxq9NseKbOWpeyHEOIbmAw1rs8Ak0VursQNww7lf7YtUwzg==", "license": "MIT", "dependencies": { "env-paths": "^2.2.1", "import-fresh": "^3.3.0", "js-yaml": "^4.1.0", "parse-json": "^5.2.0" }, "engines": { "node": ">=14" }, "funding": { "url": "https://github.com/sponsors/d-fischer" }, "peerDependencies": { "typescript": ">=4.9.5" }, "peerDependenciesMeta": { "typescript": { "optional": true } } }, "node_modules/cross-spawn": { "version": "7.0.6", "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dev": true, "license": "MIT", "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", "which": "^2.0.1" }, "engines": { "node": ">= 8" } }, "node_modules/css-select": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/css-select/-/css-select-5.1.0.tgz", "integrity": "sha512-nwoRF1rvRRnnCqqY7updORDsuqKzqYJ28+oSMaJMMgOauh3fvwHqMS7EZpIPqK8GL+g9mKxF1vP/ZjSeNjEVHg==", "license": "BSD-2-Clause", "dependencies": { "boolbase": "^1.0.0", "css-what": "^6.1.0", "domhandler": "^5.0.2", "domutils": "^3.0.1", "nth-check": "^2.0.1" }, "funding": { "url": "https://github.com/sponsors/fb55" } }, "node_modules/css-what": { "version": "6.1.0", "resolved": "https://registry.npmjs.org/css-what/-/css-what-6.1.0.tgz", "integrity": "sha512-HTUrgRJ7r4dsZKU6GjmpfRK1O76h97Z8MfS1G0FozR+oF2kG6Vfe8JE6zwrkbxigziPHinCJ+gCPjA9EaBDtRw==", "license": "BSD-2-Clause", "engines": { "node": ">= 6" }, "funding": { "url": "https://github.com/sponsors/fb55" } }, "node_modules/data-uri-to-buffer": { "version": "6.0.2", "resolved": "https://registry.npmjs.org/data-uri-to-buffer/-/data-uri-to-buffer-6.0.2.tgz", "integrity": "sha512-7hvf7/GW8e86rW0ptuwS3OcBGDjIi6SZva7hCyWC0yYry2cOPmLIjXAUHI6DK2HsnwJd9ifmt57i8eV2n4YNpw==", "license": "MIT", "engines": { "node": ">= 14" } }, "node_modules/debug": { "version": "4.4.1", "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.1.tgz", "integrity": "sha512-KcKCqiftBJcZr++7ykoDIEwSa3XWowTfNPo92BYxjXiyYEVrUQh2aLyhxBCwww+heortUFxEJYcRzosstTEBYQ==", "license": "MIT", "dependencies": { "ms": "^2.1.3" }, "engines": { "node": ">=6.0" }, "peerDependenciesMeta": { "supports-color": { "optional": true } } }, "node_modules/decode-named-character-reference": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/decode-named-character-reference/-/decode-named-character-reference-1.1.0.tgz", "integrity": "sha512-Wy+JTSbFThEOXQIR2L6mxJvEs+veIzpmqD7ynWxMXGpnk3smkHQOp6forLdHsKpAMW9iJpaBBIxz285t1n1C3w==", "dev": true, "license": "MIT", "dependencies": { "character-entities": "^2.0.0" }, "funding": { "type": "github", "url": "https://github.com/sponsors/wooorm" } }, "node_modules/deep-eql": { "version": "5.0.2", "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-5.0.2.tgz", "integrity": "sha512-h5k/5U50IJJFpzfL6nO9jaaumfjO/f2NjK/oYB2Djzm4p9L+3T9qWpZqZ2hAbLPuuYq9wrU08WQyBTL5GbPk5Q==", "dev": true, "license": "MIT", "engines": { "node": ">=6" } }, "node_modules/degenerator": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/degenerator/-/degenerator-5.0.1.tgz", "integrity": "sha512-TllpMR/t0M5sqCXfj85i4XaAzxmS5tVA16dqvdkMwGmzI+dXLXnw3J+3Vdv7VKw+ThlTMboK6i9rnZ6Nntj5CQ==", "license": "MIT", "dependencies": { "ast-types": "^0.13.4", "escodegen": "^2.1.0", "esprima": "^4.0.1" }, "engines": { "node": ">= 14" } }, "node_modules/depd": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==", "license": "MIT", "engines": { "node": ">= 0.8" } }, "node_modules/dequal": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/dequal/-/dequal-2.0.3.tgz", "integrity": "sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==", "dev": true, "license": "MIT", "engines": { "node": ">=6" } }, "node_modules/devlop": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/devlop/-/devlop-1.1.0.tgz", "integrity": "sha512-RWmIqhcFf1lRYBvNmr7qTNuyCt/7/ns2jbpp1+PalgE/rDQcBT0fioSMUpJ93irlUhC5hrg4cYqe6U+0ImW0rA==", "dev": true, "license": "MIT", "dependencies": { "dequal": "^2.0.0" }, "funding": { "type": "github", "url": "https://github.com/sponsors/wooorm" } }, "node_modules/devtools-protocol": { "version": "0.0.1475386", "resolved": "https://registry.npmjs.org/devtools-protocol/-/devtools-protocol-0.0.1475386.tgz", "integrity": "sha512-RQ809ykTfJ+dgj9bftdeL2vRVxASAuGU+I9LEx9Ij5TXU5HrgAQVmzi72VA+mkzscE12uzlRv5/tWWv9R9J1SA==", "license": "BSD-3-Clause" }, "node_modules/dom-serializer": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz", "integrity": "sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg==", "license": "MIT", "dependencies": { "domelementtype": "^2.3.0", "domhandler": "^5.0.2", "entities": "^4.2.0" }, "funding": { "url": "https://github.com/cheeriojs/dom-serializer?sponsor=1" } }, "node_modules/domelementtype": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz", "integrity": "sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==", "funding": [ { "type": "github", "url": "https://github.com/sponsors/fb55" } ], "license": "BSD-2-Clause" }, "node_modules/domhandler": { "version": "5.0.3", "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz", "integrity": "sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==", "license": "BSD-2-Clause", "dependencies": { "domelementtype": "^2.3.0" }, "engines": { "node": ">= 4" }, "funding": { "url": "https://github.com/fb55/domhandler?sponsor=1" } }, "node_modules/domutils": { "version": "3.2.2", "resolved": "https://registry.npmjs.org/domutils/-/domutils-3.2.2.tgz", "integrity": "sha512-6kZKyUajlDuqlHKVX1w7gyslj9MPIXzIFiz/rGu35uC1wMi+kMhQwGhl4lt9unC9Vb9INnY9Z3/ZA3+FhASLaw==", "license": "BSD-2-Clause", "dependencies": { "dom-serializer": "^2.0.0", "domelementtype": "^2.3.0", "domhandler": "^5.0.3" }, "funding": { "url": "https://github.com/fb55/domutils?sponsor=1" } }, "node_modules/eastasianwidth": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==", "dev": true, "license": "MIT" }, "node_modules/ee-first": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==", "license": "MIT" }, "node_modules/emoji-regex": { "version": "9.2.2", "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==", "dev": true, "license": "MIT" }, "node_modules/encodeurl": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz", "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==", "license": "MIT", "engines": { "node": ">= 0.8" } }, "node_modules/encoding-sniffer": { "version": "0.2.1", "resolved": "https://registry.npmjs.org/encoding-sniffer/-/encoding-sniffer-0.2.1.tgz", "integrity": "sha512-5gvq20T6vfpekVtqrYQsSCFZ1wEg5+wW0/QaZMWkFr6BqD3NfKs0rLCx4rrVlSWJeZb5NBJgVLswK/w2MWU+Gw==", "license": "MIT", "dependencies": { "iconv-lite": "^0.6.3", "whatwg-encoding": "^3.1.1" }, "funding": { "url": "https://github.com/fb55/encoding-sniffer?sponsor=1" } }, "node_modules/end-of-stream": { "version": "1.4.5", "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.5.tgz", "integrity": "sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg==", "license": "MIT", "dependencies": { "once": "^1.4.0" } }, "node_modules/entities": { "version": "4.5.0", "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==", "license": "BSD-2-Clause", "engines": { "node": ">=0.12" }, "funding": { "url": "https://github.com/fb55/entities?sponsor=1" } }, "node_modules/env-paths": { "version": "2.2.1", "resolved": "https://registry.npmjs.org/env-paths/-/env-paths-2.2.1.tgz", "integrity": "sha512-+h1lkLKhZMTYjog1VEpJNG7NZJWcuc2DDk/qsqSTRRCOXiLjeQ1d1/udrUGhqMxUgAlwKNZ0cf2uqan5GLuS2A==", "license": "MIT", "engines": { "node": ">=6" } }, "node_modules/error-ex": { "version": "1.3.2", "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz", "integrity": "sha512-7dFHNmqeFSEt2ZBsCriorKnn3Z2pj+fd9kmI6QoWw4//DL+icEBfc0U7qJCisqrTsKTjw4fNFy2pW9OqStD84g==", "license": "MIT", "dependencies": { "is-arrayish": "^0.2.1" } }, "node_modules/es-module-lexer": { "version": "1.7.0", "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-1.7.0.tgz", "integrity": "sha512-jEQoCwk8hyb2AZziIOLhDqpm5+2ww5uIE6lkO/6jcOCusfk6LhMHpXXfBLXTZ7Ydyt0j4VoUQv6uGNYbdW+kBA==", "dev": true, "license": "MIT" }, "node_modules/esbuild": { "version": "0.25.5", "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.5.tgz", "integrity": "sha512-P8OtKZRv/5J5hhz0cUAdu/cLuPIKXpQl1R9pZtvmHWQvrAUVd0UNIPT4IB4W3rNOqVO0rlqHmCIbSwxh/c9yUQ==", "dev": true, "hasInstallScript": true, "license": "MIT", "bin": { "esbuild": "bin/esbuild" }, "engines": { "node": ">=18" }, "optionalDependencies": { "@esbuild/aix-ppc64": "0.25.5", "@esbuild/android-arm": "0.25.5", "@esbuild/android-arm64": "0.25.5", "@esbuild/android-x64": "0.25.5", "@esbuild/darwin-arm64": "0.25.5", "@esbuild/darwin-x64": "0.25.5", "@esbuild/freebsd-arm64": "0.25.5", "@esbuild/freebsd-x64": "0.25.5", "@esbuild/linux-arm": "0.25.5", "@esbuild/linux-arm64": "0.25.5", "@esbuild/linux-ia32": "0.25.5", "@esbuild/linux-loong64": "0.25.5", "@esbuild/linux-mips64el": "0.25.5", "@esbuild/linux-ppc64": "0.25.5", "@esbuild/linux-riscv64": "0.25.5", "@esbuild/linux-s390x": "0.25.5", "@esbuild/linux-x64": "0.25.5", "@esbuild/netbsd-arm64": "0.25.5", "@esbuild/netbsd-x64": "0.25.5", "@esbuild/openbsd-arm64": "0.25.5", "@esbuild/openbsd-x64": "0.25.5", "@esbuild/sunos-x64": "0.25.5", "@esbuild/win32-arm64": "0.25.5", "@esbuild/win32-ia32": "0.25.5", "@esbuild/win32-x64": "0.25.5" } }, "node_modules/escalade": { "version": "3.2.0", "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz", "integrity": "sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==", "license": "MIT", "engines": { "node": ">=6" } }, "node_modules/escape-html": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==", "license": "MIT" }, "node_modules/escodegen": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/escodegen/-/escodegen-2.1.0.tgz", "integrity": "sha512-2NlIDTwUWJN0mRPQOdtQBzbUHvdGY2P1VXSyU83Q3xKxM7WHX2Ql8dKq782Q9TgQUNOLEzEYu9bzLNj1q88I5w==", "license": "BSD-2-Clause", "dependencies": { "esprima": "^4.0.1", "estraverse": "^5.2.0", "esutils": "^2.0.2" }, "bin": { "escodegen": "bin/escodegen.js", "esgenerate": "bin/esgenerate.js" }, "engines": { "node": ">=6.0" }, "optionalDependencies": { "source-map": "~0.6.1" } }, "node_modules/esprima": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", "license": "BSD-2-Clause", "bin": { "esparse": "bin/esparse.js", "esvalidate": "bin/esvalidate.js" }, "engines": { "node": ">=4" } }, "node_modules/estraverse": { "version": "5.3.0", "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", "license": "BSD-2-Clause", "engines": { "node": ">=4.0" } }, "node_modules/estree-walker": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-3.0.3.tgz", "integrity": "sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==", "dev": true, "license": "MIT", "dependencies": { "@types/estree": "^1.0.0" } }, "node_modules/esutils": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==", "license": "BSD-2-Clause", "engines": { "node": ">=0.10.0" } }, "node_modules/etag": { "version": "1.8.1", "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==", "license": "MIT", "engines": { "node": ">= 0.6" } }, "node_modules/expect-type": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/expect-type/-/expect-type-1.2.1.tgz", "integrity": "sha512-/kP8CAwxzLVEeFrMm4kMmy4CCDlpipyA7MYLVrdJIkV0fYF0UaigQHRsxHiuY/GEea+bh4KSv3TIlgr+2UL6bw==", "dev": true, "license": "Apache-2.0", "engines": { "node": ">=12.0.0" } }, "node_modules/extract-zip": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/extract-zip/-/extract-zip-2.0.1.tgz", "integrity": "sha512-GDhU9ntwuKyGXdZBUgTIe+vXnWj0fppUEtMDL0+idd5Sta8TGpHssn/eusA9mrPr9qNDym6SxAYZjNvCn/9RBg==", "license": "BSD-2-Clause", "dependencies": { "debug": "^4.1.1", "get-stream": "^5.1.0", "yauzl": "^2.10.0" }, "bin": { "extract-zip": "cli.js" }, "engines": { "node": ">= 10.17.0" }, "optionalDependencies": { "@types/yauzl": "^2.9.1" } }, "node_modules/fast-fifo": { "version": "1.3.2", "resolved": "https://registry.npmjs.org/fast-fifo/-/fast-fifo-1.3.2.tgz", "integrity": "sha512-/d9sfos4yxzpwkDkuN7k2SqFKtYNmCTzgfEpz82x34IM9/zc8KGxQoXg1liNC/izpRM/MBdt44Nmx41ZWqk+FQ==", "license": "MIT" }, "node_modules/fast-glob": { "version": "3.3.3", "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.3.tgz", "integrity": "sha512-7MptL8U0cqcFdzIzwOTHoilX9x5BrNqye7Z/LuC7kCMRio1EMSyqRK3BEAUD7sXRq4iT4AzTVuZdhgQ2TCvYLg==", "dev": true, "license": "MIT", "dependencies": { "@nodelib/fs.stat": "^2.0.2", "@nodelib/fs.walk": "^1.2.3", "glob-parent": "^5.1.2", "merge2": "^1.3.0", "micromatch": "^4.0.8" }, "engines": { "node": ">=8.6.0" } }, "node_modules/fastq": { "version": "1.19.1", "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.19.1.tgz", "integrity": "sha512-GwLTyxkCXjXbxqIhTsMI2Nui8huMPtnxg7krajPJAjnEG/iiOS7i+zCtWGZR9G0NBKbXKh6X9m9UIsYX/N6vvQ==", "dev": true, "license": "ISC", "dependencies": { "reusify": "^1.0.4" } }, "node_modules/fd-slicer": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/fd-slicer/-/fd-slicer-1.1.0.tgz", "integrity": "sha512-cE1qsB/VwyQozZ+q1dGxR8LBYNZeofhEdUNGSMbQD3Gw2lAzX9Zb3uIU6Ebc/Fmyjo9AWWfnn0AUCHqtevs/8g==", "license": "MIT", "dependencies": { "pend": "~1.2.0" } }, "node_modules/fill-range": { "version": "7.1.1", "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", "dev": true, "license": "MIT", "dependencies": { "to-regex-range": "^5.0.1" }, "engines": { "node": ">=8" } }, "node_modules/finalhandler": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-2.1.0.tgz", "integrity": "sha512-/t88Ty3d5JWQbWYgaOGCCYfXRwV1+be02WqYYlL6h0lEiUAMPM8o8qKGO01YIkOHzka2up08wvgYD0mDiI+q3Q==", "license": "MIT", "dependencies": { "debug": "^4.4.0", "encodeurl": "^2.0.0", "escape-html": "^1.0.3", "on-finished": "^2.4.1", "parseurl": "^1.3.3", "statuses": "^2.0.1" }, "engines": { "node": ">= 0.8" } }, "node_modules/find-up": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==", "dev": true, "license": "MIT", "dependencies": { "locate-path": "^6.0.0", "path-exists": "^4.0.0" }, "engines": { "node": ">=10" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/foreground-child": { "version": "3.3.1", "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.3.1.tgz", "integrity": "sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw==", "dev": true, "license": "ISC", "dependencies": { "cross-spawn": "^7.0.6", "signal-exit": "^4.0.1" }, "engines": { "node": ">=14" }, "funding": { "url": "https://github.com/sponsors/isaacs" } }, "node_modules/fresh": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/fresh/-/fresh-2.0.0.tgz", "integrity": "sha512-Rx/WycZ60HOaqLKAi6cHRKKI7zxWbJ31MhntmtwMoaTeF7XFH9hhBp8vITaMidfljRQ6eYWCKkaTK+ykVJHP2A==", "license": "MIT", "engines": { "node": ">= 0.8" } }, "node_modules/fsevents": { "version": "2.3.3", "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", "dev": true, "hasInstallScript": true, "license": "MIT", "optional": true, "os": [ "darwin" ], "engines": { "node": "^8.16.0 || ^10.6.0 || >=11.0.0" } }, "node_modules/get-caller-file": { "version": "2.0.5", "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", "license": "ISC", "engines": { "node": "6.* || 8.* || >= 10.*" } }, "node_modules/get-east-asian-width": { "version": "1.3.0", "resolved": "https://registry.npmjs.org/get-east-asian-width/-/get-east-asian-width-1.3.0.tgz", "integrity": "sha512-vpeMIQKxczTD/0s2CdEWHcb0eeJe6TFjxb+J5xgX7hScxqrGuyjmv4c1D4A/gelKfyox0gJJwIHF+fLjeaM8kQ==", "license": "MIT", "engines": { "node": ">=18" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/get-stream": { "version": "5.2.0", "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-5.2.0.tgz", "integrity": "sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA==", "license": "MIT", "dependencies": { "pump": "^3.0.0" }, "engines": { "node": ">=8" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/get-uri": { "version": "6.0.5", "resolved": "https://registry.npmjs.org/get-uri/-/get-uri-6.0.5.tgz", "integrity": "sha512-b1O07XYq8eRuVzBNgJLstU6FYc1tS6wnMtF1I1D9lE8LxZSOGZ7LhxN54yPP6mGw5f2CkXY2BQUL9Fx41qvcIg==", "license": "MIT", "dependencies": { "basic-ftp": "^5.0.2", "data-uri-to-buffer": "^6.0.2", "debug": "^4.3.4" }, "engines": { "node": ">= 14" } }, "node_modules/glob": { "version": "10.4.5", "resolved": "https://registry.npmjs.org/glob/-/glob-10.4.5.tgz", "integrity": "sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg==", "dev": true, "license": "ISC", "dependencies": { "foreground-child": "^3.1.0", "jackspeak": "^3.1.2", "minimatch": "^9.0.4", "minipass": "^7.1.2", "package-json-from-dist": "^1.0.0", "path-scurry": "^1.11.1" }, "bin": { "glob": "dist/esm/bin.mjs" }, "funding": { "url": "https://github.com/sponsors/isaacs" } }, "node_modules/glob-parent": { "version": "5.1.2", "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", "dev": true, "license": "ISC", "dependencies": { "is-glob": "^4.0.1" }, "engines": { "node": ">= 6" } }, "node_modules/globby": { "version": "14.1.0", "resolved": "https://registry.npmjs.org/globby/-/globby-14.1.0.tgz", "integrity": "sha512-0Ia46fDOaT7k4og1PDW4YbodWWr3scS2vAr2lTbsplOt2WkKp0vQbkI9wKis/T5LV/dqPjO3bpS/z6GTJB82LA==", "dev": true, "license": "MIT", "dependencies": { "@sindresorhus/merge-streams": "^2.1.0", "fast-glob": "^3.3.3", "ignore": "^7.0.3", "path-type": "^6.0.0", "slash": "^5.1.0", "unicorn-magic": "^0.3.0" }, "engines": { "node": ">=18" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/has-flag": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", "dev": true, "license": "MIT", "engines": { "node": ">=8" } }, "node_modules/highlight.js": { "version": "11.11.1", "resolved": "https://registry.npmjs.org/highlight.js/-/highlight.js-11.11.1.tgz", "integrity": "sha512-Xwwo44whKBVCYoliBQwaPvtd/2tYFkRQtXDWj1nackaV2JPXx3L0+Jvd8/qCJ2p+ML0/XVkJ2q+Mr+UVdpJK5w==", "license": "BSD-3-Clause", "engines": { "node": ">=12.0.0" } }, "node_modules/html-escaper": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", "integrity": "sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg==", "dev": true, "license": "MIT" }, "node_modules/htmlparser2": { "version": "10.0.0", "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-10.0.0.tgz", "integrity": "sha512-TwAZM+zE5Tq3lrEHvOlvwgj1XLWQCtaaibSN11Q+gGBAS7Y1uZSWwXXRe4iF6OXnaq1riyQAPFOBtYc77Mxq0g==", "funding": [ "https://github.com/fb55/htmlparser2?sponsor=1", { "type": "github", "url": "https://github.com/sponsors/fb55" } ], "license": "MIT", "dependencies": { "domelementtype": "^2.3.0", "domhandler": "^5.0.3", "domutils": "^3.2.1", "entities": "^6.0.0" } }, "node_modules/htmlparser2/node_modules/entities": { "version": "6.0.1", "resolved": "https://registry.npmjs.org/entities/-/entities-6.0.1.tgz", "integrity": "sha512-aN97NXWF6AWBTahfVOIrB/NShkzi5H7F9r1s9mD3cDj4Ko5f2qhhVoYMibXF7GlLveb/D2ioWay8lxI97Ven3g==", "license": "BSD-2-Clause", "engines": { "node": ">=0.12" }, "funding": { "url": "https://github.com/fb55/entities?sponsor=1" } }, "node_modules/http-errors": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==", "license": "MIT", "dependencies": { "depd": "2.0.0", "inherits": "2.0.4", "setprototypeof": "1.2.0", "statuses": "2.0.1", "toidentifier": "1.0.1" }, "engines": { "node": ">= 0.8" } }, "node_modules/http-proxy-agent": { "version": "7.0.2", "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-7.0.2.tgz", "integrity": "sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==", "license": "MIT", "dependencies": { "agent-base": "^7.1.0", "debug": "^4.3.4" }, "engines": { "node": ">= 14" } }, "node_modules/https-proxy-agent": { "version": "7.0.6", "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz", "integrity": "sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==", "license": "MIT", "dependencies": { "agent-base": "^7.1.2", "debug": "4" }, "engines": { "node": ">= 14" } }, "node_modules/iconv-lite": { "version": "0.6.3", "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz", "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==", "license": "MIT", "dependencies": { "safer-buffer": ">= 2.1.2 < 3.0.0" }, "engines": { "node": ">=0.10.0" } }, "node_modules/ignore": { "version": "7.0.5", "resolved": "https://registry.npmjs.org/ignore/-/ignore-7.0.5.tgz", "integrity": "sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==", "dev": true, "license": "MIT", "engines": { "node": ">= 4" } }, "node_modules/import-fresh": { "version": "3.3.1", "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.1.tgz", "integrity": "sha512-TR3KfrTZTYLPB6jUjfx6MF9WcWrHL9su5TObK4ZkYgBdWKPOFoSoQIdEuTuR82pmtxH2spWG9h6etwfr1pLBqQ==", "license": "MIT", "dependencies": { "parent-module": "^1.0.0", "resolve-from": "^4.0.0" }, "engines": { "node": ">=6" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/inherits": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", "license": "ISC" }, "node_modules/ip-address": { "version": "10.0.1", "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.0.1.tgz", "integrity": "sha512-NWv9YLW4PoW2B7xtzaS3NCot75m6nK7Icdv0o3lfMceJVRfSoQwqD4wEH5rLwoKJwUiZ/rfpiVBhnaF0FK4HoA==", "license": "MIT", "engines": { "node": ">= 12" } }, "node_modules/is-alphabetical": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/is-alphabetical/-/is-alphabetical-2.0.1.tgz", "integrity": "sha512-FWyyY60MeTNyeSRpkM2Iry0G9hpr7/9kD40mD/cGQEuilcZYS4okz8SN2Q6rLCJ8gbCt6fN+rC+6tMGS99LaxQ==", "dev": true, "license": "MIT", "funding": { "type": "github", "url": "https://github.com/sponsors/wooorm" } }, "node_modules/is-alphanumerical": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/is-alphanumerical/-/is-alphanumerical-2.0.1.tgz", "integrity": "sha512-hmbYhX/9MUMF5uh7tOXyK/n0ZvWpad5caBA17GsC6vyuCqaWliRG5K1qS9inmUhEMaOBIW7/whAnSwveW/LtZw==", "dev": true, "license": "MIT", "dependencies": { "is-alphabetical": "^2.0.0", "is-decimal": "^2.0.0" }, "funding": { "type": "github", "url": "https://github.com/sponsors/wooorm" } }, "node_modules/is-arrayish": { "version": "0.2.1", "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", "integrity": "sha512-zz06S8t0ozoDXMG+ube26zeCTNXcKIPJZJi8hBrF4idCLms4CG9QtK7qBl1boi5ODzFpjswb5JPmHCbMpjaYzg==", "license": "MIT" }, "node_modules/is-decimal": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/is-decimal/-/is-decimal-2.0.1.tgz", "integrity": "sha512-AAB9hiomQs5DXWcRB1rqsxGUstbRroFOPPVAomNk/3XHR5JyEZChOyTWe2oayKnsSsr/kcGqF+z6yuH6HHpN0A==", "dev": true, "license": "MIT", "funding": { "type": "github", "url": "https://github.com/sponsors/wooorm" } }, "node_modules/is-extglob": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", "dev": true, "license": "MIT", "engines": { "node": ">=0.10.0" } }, "node_modules/is-fullwidth-code-point": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", "license": "MIT", "engines": { "node": ">=8" } }, "node_modules/is-glob": { "version": "4.0.3", "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", "dev": true, "license": "MIT", "dependencies": { "is-extglob": "^2.1.1" }, "engines": { "node": ">=0.10.0" } }, "node_modules/is-hexadecimal": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/is-hexadecimal/-/is-hexadecimal-2.0.1.tgz", "integrity": "sha512-DgZQp241c8oO6cA1SbTEWiXeoxV42vlcJxgH+B3hi1AiqqKruZR3ZGF8In3fj4+/y/7rHvlOZLZtgJ/4ttYGZg==", "dev": true, "license": "MIT", "funding": { "type": "github", "url": "https://github.com/sponsors/wooorm" } }, "node_modules/is-number": { "version": "7.0.0", "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", "dev": true, "license": "MIT", "engines": { "node": ">=0.12.0" } }, "node_modules/isexe": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==", "dev": true, "license": "ISC" }, "node_modules/istanbul-lib-coverage": { "version": "3.2.2", "resolved": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.2.tgz", "integrity": "sha512-O8dpsF+r0WV/8MNRKfnmrtCWhuKjxrq2w+jpzBL5UZKTi2LeVWnWOmWRxFlesJONmc+wLAGvKQZEOanko0LFTg==", "dev": true, "license": "BSD-3-Clause", "engines": { "node": ">=8" } }, "node_modules/istanbul-lib-report": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.1.tgz", "integrity": "sha512-GCfE1mtsHGOELCU8e/Z7YWzpmybrx/+dSTfLrvY8qRmaY6zXTKWn6WQIjaAFw069icm6GVMNkgu0NzI4iPZUNw==", "dev": true, "license": "BSD-3-Clause", "dependencies": { "istanbul-lib-coverage": "^3.0.0", "make-dir": "^4.0.0", "supports-color": "^7.1.0" }, "engines": { "node": ">=10" } }, "node_modules/istanbul-lib-source-maps": { "version": "5.0.6", "resolved": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-5.0.6.tgz", "integrity": "sha512-yg2d+Em4KizZC5niWhQaIomgf5WlL4vOOjZ5xGCmF8SnPE/mDWWXgvRExdcpCgh9lLRRa1/fSYp2ymmbJ1pI+A==", "dev": true, "license": "BSD-3-Clause", "dependencies": { "@jridgewell/trace-mapping": "^0.3.23", "debug": "^4.1.1", "istanbul-lib-coverage": "^3.0.0" }, "engines": { "node": ">=10" } }, "node_modules/istanbul-reports": { "version": "3.1.7", "resolved": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.1.7.tgz", "integrity": "sha512-BewmUXImeuRk2YY0PVbxgKAysvhRPUQE0h5QRM++nVWyubKGV0l8qQ5op8+B2DOmwSe63Jivj0BjkPQVf8fP5g==", "dev": true, "license": "BSD-3-Clause", "dependencies": { "html-escaper": "^2.0.0", "istanbul-lib-report": "^3.0.0" }, "engines": { "node": ">=8" } }, "node_modules/jackspeak": { "version": "3.4.3", "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.3.tgz", "integrity": "sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==", "dev": true, "license": "BlueOak-1.0.0", "dependencies": { "@isaacs/cliui": "^8.0.2" }, "funding": { "url": "https://github.com/sponsors/isaacs" }, "optionalDependencies": { "@pkgjs/parseargs": "^0.11.0" } }, "node_modules/js-tokens": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==", "license": "MIT" }, "node_modules/js-yaml": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", "license": "MIT", "dependencies": { "argparse": "^2.0.1" }, "bin": { "js-yaml": "bin/js-yaml.js" } }, "node_modules/json-parse-even-better-errors": { "version": "2.3.1", "resolved": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz", "integrity": "sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w==", "license": "MIT" }, "node_modules/json-stringify-deterministic": { "version": "1.0.12", "resolved": "https://registry.npmjs.org/json-stringify-deterministic/-/json-stringify-deterministic-1.0.12.tgz", "integrity": "sha512-q3PN0lbUdv0pmurkBNdJH3pfFvOTL/Zp0lquqpvcjfKzt6Y0j49EPHAmVHCAS4Ceq/Y+PejWTzyiVpoY71+D6g==", "dev": true, "license": "MIT", "engines": { "node": ">= 4" } }, "node_modules/jsonc-parser": { "version": "3.3.1", "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.3.1.tgz", "integrity": "sha512-HUgH65KyejrUFPvHFPbqOY0rsFip3Bo5wb4ngvdi1EpCYWUQDC5V+Y7mZws+DLkr4M//zQJoanu1SP+87Dv1oQ==", "dev": true, "license": "MIT" }, "node_modules/just-curry-it": { "version": "5.3.0", "resolved": "https://registry.npmjs.org/just-curry-it/-/just-curry-it-5.3.0.tgz", "integrity": "sha512-silMIRiFjUWlfaDhkgSzpuAyQ6EX/o09Eu8ZBfmFwQMbax7+LQzeIU2CBrICT6Ne4l86ITCGvUCBpCubWYy0Yw==", "dev": true, "license": "MIT" }, "node_modules/katex": { "version": "0.16.22", "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.22.tgz", "integrity": "sha512-XCHRdUw4lf3SKBaJe4EvgqIuWwkPSo9XoeO8GjQW94Bp7TWv9hNhzZjZ+OH9yf1UmLygb7DIT5GSFQiyt16zYg==", "dev": true, "funding": [ "https://opencollective.com/katex", "https://github.com/sponsors/katex" ], "license": "MIT", "dependencies": { "commander": "^8.3.0" }, "bin": { "katex": "cli.js" } }, "node_modules/lines-and-columns": { "version": "1.2.4", "resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz", "integrity": "sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==", "license": "MIT" }, "node_modules/linkify-it": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.0.tgz", "integrity": "sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==", "license": "MIT", "dependencies": { "uc.micro": "^2.0.0" } }, "node_modules/locate-path": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==", "dev": true, "license": "MIT", "dependencies": { "p-locate": "^5.0.0" }, "engines": { "node": ">=10" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/loupe": { "version": "3.1.4", "resolved": "https://registry.npmjs.org/loupe/-/loupe-3.1.4.tgz", "integrity": "sha512-wJzkKwJrheKtknCOKNEtDK4iqg/MxmZheEMtSTYvnzRdEYaZzmgH976nenp8WdJRdx5Vc1X/9MO0Oszl6ezeXg==", "dev": true, "license": "MIT" }, "node_modules/lru-cache": { "version": "7.18.3", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-7.18.3.tgz", "integrity": "sha512-jumlc0BIUrS3qJGgIkWZsyfAM7NCWiBcCDhnd+3NNM5KbBmLTgHVfWBcg6W+rLUsIpzpERPsvwUP7CckAQSOoA==", "license": "ISC", "engines": { "node": ">=12" } }, "node_modules/magic-string": { "version": "0.30.17", "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.17.tgz", "integrity": "sha512-sNPKHvyjVf7gyjwS4xGTaW/mCnF8wnjtifKBEhxfZ7E/S8tQ0rssrwGNn6q8JH/ohItJfSQp9mBtQYuTlH5QnA==", "dev": true, "license": "MIT", "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.0" } }, "node_modules/magicast": { "version": "0.3.5", "resolved": "https://registry.npmjs.org/magicast/-/magicast-0.3.5.tgz", "integrity": "sha512-L0WhttDl+2BOsybvEOLK7fW3UA0OQ0IQ2d6Zl2x/a6vVRs3bAY0ECOSHHeL5jD+SbOpOCUEi0y1DgHEn9Qn1AQ==", "dev": true, "license": "MIT", "dependencies": { "@babel/parser": "^7.25.4", "@babel/types": "^7.25.4", "source-map-js": "^1.2.0" } }, "node_modules/make-dir": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-4.0.0.tgz", "integrity": "sha512-hXdUTZYIVOt1Ex//jAQi+wTZZpUpwBj/0QsOzqegb3rGMMeJiSEu5xLHnYfBrRV4RH2+OCSOO95Is/7x1WJ4bw==", "dev": true, "license": "MIT", "dependencies": { "semver": "^7.5.3" }, "engines": { "node": ">=10" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/markdown-it": { "version": "14.1.0", "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.1.0.tgz", "integrity": "sha512-a54IwgWPaeBCAAsv13YgmALOF1elABB08FxO9i+r4VFk5Vl4pKokRPeX8u5TCgSsPi6ec1otfLjdOpVcgbpshg==", "license": "MIT", "dependencies": { "argparse": "^2.0.1", "entities": "^4.4.0", "linkify-it": "^5.0.0", "mdurl": "^2.0.0", "punycode.js": "^2.3.1", "uc.micro": "^2.1.0" }, "bin": { "markdown-it": "bin/markdown-it.mjs" } }, "node_modules/markdownlint": { "version": "0.38.0", "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.38.0.tgz", "integrity": "sha512-xaSxkaU7wY/0852zGApM8LdlIfGCW8ETZ0Rr62IQtAnUMlMuifsg09vWJcNYeL4f0anvr8Vo4ZQar8jGpV0btQ==", "dev": true, "license": "MIT", "dependencies": { "micromark": "4.0.2", "micromark-core-commonmark": "2.0.3", "micromark-extension-directive": "4.0.0", "micromark-extension-gfm-autolink-literal": "2.1.0", "micromark-extension-gfm-footnote": "2.1.0", "micromark-extension-gfm-table": "2.1.1", "micromark-extension-math": "3.1.0", "micromark-util-types": "2.0.2" }, "engines": { "node": ">=20" }, "funding": { "url": "https://github.com/sponsors/DavidAnson" } }, "node_modules/markdownlint-cli2": { "version": "0.18.1", "resolved": "https://registry.npmjs.org/markdownlint-cli2/-/markdownlint-cli2-0.18.1.tgz", "integrity": "sha512-/4Osri9QFGCZOCTkfA8qJF+XGjKYERSHkXzxSyS1hd3ZERJGjvsUao2h4wdnvpHp6Tu2Jh/bPHM0FE9JJza6ng==", "dev": true, "license": "MIT", "dependencies": { "globby": "14.1.0", "js-yaml": "4.1.0", "jsonc-parser": "3.3.1", "markdown-it": "14.1.0", "markdownlint": "0.38.0", "markdownlint-cli2-formatter-default": "0.0.5", "micromatch": "4.0.8" }, "bin": { "markdownlint-cli2": "markdownlint-cli2-bin.mjs" }, "engines": { "node": ">=20" }, "funding": { "url": "https://github.com/sponsors/DavidAnson" } }, "node_modules/markdownlint-cli2-formatter-default": { "version": "0.0.5", "resolved": "https://registry.npmjs.org/markdownlint-cli2-formatter-default/-/markdownlint-cli2-formatter-default-0.0.5.tgz", "integrity": "sha512-4XKTwQ5m1+Txo2kuQ3Jgpo/KmnG+X90dWt4acufg6HVGadTUG5hzHF/wssp9b5MBYOMCnZ9RMPaU//uHsszF8Q==", "dev": true, "license": "MIT", "funding": { "url": "https://github.com/sponsors/DavidAnson" }, "peerDependencies": { "markdownlint-cli2": ">=0.0.4" } }, "node_modules/marked": { "version": "12.0.2", "resolved": "https://registry.npmjs.org/marked/-/marked-12.0.2.tgz", "integrity": "sha512-qXUm7e/YKFoqFPYPa3Ukg9xlI5cyAtGmyEIzMfW//m6kXwCy2Ps9DYf5ioijFKQ8qyuscrHoY04iJGctu2Kg0Q==", "license": "MIT", "bin": { "marked": "bin/marked.js" }, "engines": { "node": ">= 18" } }, "node_modules/mdurl": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/mdurl/-/mdurl-2.0.0.tgz", "integrity": "sha512-Lf+9+2r+Tdp5wXDXC4PcIBjTDtq4UKjCPMQhKIuzpJNW0b96kVqSwW0bT7FhRSfmAiFYgP+SCRvdrDozfh0U5w==", "license": "MIT" }, "node_modules/merge2": { "version": "1.4.1", "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==", "dev": true, "license": "MIT", "engines": { "node": ">= 8" } }, "node_modules/micromark": { "version": "4.0.2", "resolved": "https://registry.npmjs.org/micromark/-/micromark-4.0.2.tgz", "integrity": "sha512-zpe98Q6kvavpCr1NPVSCMebCKfD7CA2NqZ+rykeNhONIJBpc1tFKt9hucLGwha3jNTNI8lHpctWJWoimVF4PfA==", "dev": true, "funding": [ { "type": "GitHub Sponsors", "url": "https://github.com/sponsors/unifiedjs" }, { "type": "OpenCollective", "url": "https://opencollective.com/unified" } ], "license": "MIT", "dependencies": { "@types/debug": "^4.0.0", "debug": "^4.0.0", "decode-named-character-reference": "^1.0.0", "devlop": "^1.0.0", "micromark-core-commonmark": "^2.0.0", "micromark-factory-space": "^2.0.0", "micromark-util-character": "^2.0.0", "micromark-util-chunked": "^2.0.0", "micromark-util-combine-extensions": "^2.0.0", "micromark-util-decode-numeric-character-reference": "^2.0.0", "micromark-util-encode": "^2.0.0", "micromark-util-normalize-identifier": "^2.0.0", "micromark-util-resolve-all": "^2.0.0", "micromark-util-sanitize-uri": "^2.0.0", "micromark-util-subtokenize": "^2.0.0", "micromark-util-symbol": "^2.0.0", "micromark-util-types": "^2.0.0" } }, "node_modules/micromark-core-commonmark": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/micromark-core-commonmark/-/micromark-core-commonmark-2.0.3.tgz", "integrity": "sha512-RDBrHEMSxVFLg6xvnXmb1Ayr2WzLAWjeSATAoxwKYJV94TeNavgoIdA0a9ytzDSVzBy2YKFK+emCPOEibLeCrg==", "dev": true, "funding": [ { "type": "GitHub Sponsors", "url": "https://github.com/sponsors/unifiedjs" }, { "type": "OpenCollective", "url": "https://opencollective.com/unified" } ], "license": "MIT", "dependencies": { "decode-named-character-reference": "^1.0.0", "devlop": "^1.0.0", "micromark-factory-destination": "^2.0.0", "micromark-factory-label": "^2.0.0", "micromark-factory-space": "^2.0.0", "micromark-factory-title": "^2.0.0", "micromark-factory-whitespace": "^2.0.0", "micromark-util-character": "^2.0.0", "micromark-util-chunked": "^2.0.0", "micromark-util-classify-character": "^2.0.0", "micromark-util-html-tag-name": "^2.0.0", "micromark-util-normalize-identifier": "^2.0.0", "micromark-util-resolve-all": "^2.0.0", "micromark-util-subtokenize": "^2.0.0", "micromark-util-symbol": "^2.0.0", "micromark-util-types": "^2.0.0" } }, "node_modules/micromark-extension-directive": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/micromark-extension-directive/-/micromark-extension-directive-4.0.0.tgz", "integrity": "sha512-/C2nqVmXXmiseSSuCdItCMho7ybwwop6RrrRPk0KbOHW21JKoCldC+8rFOaundDoRBUWBnJJcxeA/Kvi34WQXg==", "dev": true, "license": "MIT", "dependencies": { "devlop": "^1.0.0", "micromark-factory-space": "^2.0.0", "micromark-factory-whitespace": "^2.0.0", "micromark-util-character": "^2.0.0", "micromark-util-symbol": "^2.0.0", "micromark-util-types": "^2.0.0", "parse-entities": "^4.0.0" }, "funding": { "type": "opencollective", "url": "https://opencollective.com/unified" } }, "node_modules/micromark-extension-gfm-autolink-literal": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/micromark-extension-gfm-autolink-literal/-/micromark-extension-gfm-autolink-literal-2.1.0.tgz", "integrity": "sha512-oOg7knzhicgQ3t4QCjCWgTmfNhvQbDDnJeVu9v81r7NltNCVmhPy1fJRX27pISafdjL+SVc4d3l48Gb6pbRypw==", "dev": true, "license": "MIT", "dependencies": { "micromark-util-character": "^2.0.0", "micromark-util-sanitize-uri": "^2.0.0", "micromark-util-symbol": "^2.0.0", "micromark-util-types": "^2.0.0" }, "funding": { "type": "opencollective", "url": "https://opencollective.com/unified" } }, "node_modules/micromark-extension-gfm-footnote": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/micromark-extension-gfm-footnote/-/micromark-extension-gfm-footnote-2.1.0.tgz", "integrity": "sha512-/yPhxI1ntnDNsiHtzLKYnE3vf9JZ6cAisqVDauhp4CEHxlb4uoOTxOCJ+9s51bIB8U1N1FJ1RXOKTIlD5B/gqw==", "dev": true, "license": "MIT", "dependencies": { "devlop": "^1.0.0", "micromark-core-commonmark": "^2.0.0", "micromark-factory-space": "^2.0.0", "micromark-util-character": "^2.0.0", "micromark-util-normalize-identifier": "^2.0.0", "micromark-util-sanitize-uri": "^2.0.0", "micromark-util-symbol": "^2.0.0", "micromark-util-types": "^2.0.0" }, "funding": { "type": "opencollective", "url": "https://opencollective.com/unified" } }, "node_modules/micromark-extension-gfm-table": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/micromark-extension-gfm-table/-/micromark-extension-gfm-table-2.1.1.tgz", "integrity": "sha512-t2OU/dXXioARrC6yWfJ4hqB7rct14e8f7m0cbI5hUmDyyIlwv5vEtooptH8INkbLzOatzKuVbQmAYcbWoyz6Dg==", "dev": true, "license": "MIT", "dependencies": { "devlop": "^1.0.0", "micromark-factory-space": "^2.0.0", "micromark-util-character": "^2.0.0", "micromark-util-symbol": "^2.0.0", "micromark-util-types": "^2.0.0" }, "funding": { "type": "opencollective", "url": "https://opencollective.com/unified" } }, "node_modules/micromark-extension-math": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/micromark-extension-math/-/micromark-extension-math-3.1.0.tgz", "integrity": "sha512-lvEqd+fHjATVs+2v/8kg9i5Q0AP2k85H0WUOwpIVvUML8BapsMvh1XAogmQjOCsLpoKRCVQqEkQBB3NhVBcsOg==", "dev": true, "license": "MIT", "dependencies": { "@types/katex": "^0.16.0", "devlop": "^1.0.0", "katex": "^0.16.0", "micromark-factory-space": "^2.0.0", "micromark-util-character": "^2.0.0", "micromark-util-symbol": "^2.0.0", "micromark-util-types": "^2.0.0" }, "funding": { "type": "opencollective", "url": "https://opencollective.com/unified" } }, "node_modules/micromark-factory-destination": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/micromark-factory-destination/-/micromark-factory-destination-2.0.1.tgz", "integrity": "sha512-Xe6rDdJlkmbFRExpTOmRj9N3MaWmbAgdpSrBQvCFqhezUn4AHqJHbaEnfbVYYiexVSs//tqOdY/DxhjdCiJnIA==", "dev": true, "funding": [ { "type": "GitHub Sponsors", "url": "https://github.com/sponsors/unifiedjs" }, { "type": "OpenCollective", "url": "https://opencollective.com/unified" } ], "license": "MIT", "dependencies": { "micromark-util-character": "^2.0.0", "micromark-util-symbol": "^2.0.0", "micromark-util-types": "^2.0.0" } }, "node_modules/micromark-factory-label": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/micromark-factory-label/-/micromark-factory-label-2.0.1.tgz", "integrity": "sha512-VFMekyQExqIW7xIChcXn4ok29YE3rnuyveW3wZQWWqF4Nv9Wk5rgJ99KzPvHjkmPXF93FXIbBp6YdW3t71/7Vg==", "dev": true, "funding": [ { "type": "GitHub Sponsors", "url": "https://github.com/sponsors/unifiedjs" }, { "type": "OpenCollective", "url": "https://opencollective.com/unified" } ], "license": "MIT", "dependencies": { "devlop": "^1.0.0", "micromark-util-character": "^2.0.0", "micromark-util-symbol": "^2.0.0", "micromark-util-types": "^2.0.0" } }, "node_modules/micromark-factory-space": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", "dev": true, "funding": [ { "type": "GitHub Sponsors", "url": "https://github.com/sponsors/unifiedjs" }, { "type": "OpenCollective", "url": "https://opencollective.com/unified" } ], "license": "MIT", "dependencies": { "micromark-util-character": "^2.0.0", "micromark-util-types": "^2.0.0" } }, "node_modules/micromark-factory-title": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/micromark-factory-title/-/micromark-factory-title-2.0.1.tgz", "integrity": "sha512-5bZ+3CjhAd9eChYTHsjy6TGxpOFSKgKKJPJxr293jTbfry2KDoWkhBb6TcPVB4NmzaPhMs1Frm9AZH7OD4Cjzw==", "dev": true, "funding": [ { "type": "GitHub Sponsors", "url": "https://github.com/sponsors/unifiedjs" }, { "type": "OpenCollective", "url": "https://opencollective.com/unified" } ], "license": "MIT", "dependencies": { "micromark-factory-space": "^2.0.0", "micromark-util-character": "^2.0.0", "micromark-util-symbol": "^2.0.0", "micromark-util-types": "^2.0.0" } }, "node_modules/micromark-factory-whitespace": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/micromark-factory-whitespace/-/micromark-factory-whitespace-2.0.1.tgz", "integrity": "sha512-Ob0nuZ3PKt/n0hORHyvoD9uZhr+Za8sFoP+OnMcnWK5lngSzALgQYKMr9RJVOWLqQYuyn6ulqGWSXdwf6F80lQ==", "dev": true, "funding": [ { "type": "GitHub Sponsors", "url": "https://github.com/sponsors/unifiedjs" }, { "type": "OpenCollective", "url": "https://opencollective.com/unified" } ], "license": "MIT", "dependencies": { "micromark-factory-space": "^2.0.0", "micromark-util-character": "^2.0.0", "micromark-util-symbol": "^2.0.0", "micromark-util-types": "^2.0.0" } }, "node_modules/micromark-util-character": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", "dev": true, "funding": [ { "type": "GitHub Sponsors", "url": "https://github.com/sponsors/unifiedjs" }, { "type": "OpenCollective", "url": "https://opencollective.com/unified" } ], "license": "MIT", "dependencies": { "micromark-util-symbol": "^2.0.0", "micromark-util-types": "^2.0.0" } }, "node_modules/micromark-util-chunked": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/micromark-util-chunked/-/micromark-util-chunked-2.0.1.tgz", "integrity": "sha512-QUNFEOPELfmvv+4xiNg2sRYeS/P84pTW0TCgP5zc9FpXetHY0ab7SxKyAQCNCc1eK0459uoLI1y5oO5Vc1dbhA==", "dev": true, "funding": [ { "type": "GitHub Sponsors", "url": "https://github.com/sponsors/unifiedjs" }, { "type": "OpenCollective", "url": "https://opencollective.com/unified" } ], "license": "MIT", "dependencies": { "micromark-util-symbol": "^2.0.0" } }, "node_modules/micromark-util-classify-character": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/micromark-util-classify-character/-/micromark-util-classify-character-2.0.1.tgz", "integrity": "sha512-K0kHzM6afW/MbeWYWLjoHQv1sgg2Q9EccHEDzSkxiP/EaagNzCm7T/WMKZ3rjMbvIpvBiZgwR3dKMygtA4mG1Q==", "dev": true, "funding": [ { "type": "GitHub Sponsors", "url": "https://github.com/sponsors/unifiedjs" }, { "type": "OpenCollective", "url": "https://opencollective.com/unified" } ], "license": "MIT", "dependencies": { "micromark-util-character": "^2.0.0", "micromark-util-symbol": "^2.0.0", "micromark-util-types": "^2.0.0" } }, "node_modules/micromark-util-combine-extensions": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/micromark-util-combine-extensions/-/micromark-util-combine-extensions-2.0.1.tgz", "integrity": "sha512-OnAnH8Ujmy59JcyZw8JSbK9cGpdVY44NKgSM7E9Eh7DiLS2E9RNQf0dONaGDzEG9yjEl5hcqeIsj4hfRkLH/Bg==", "dev": true, "funding": [ { "type": "GitHub Sponsors", "url": "https://github.com/sponsors/unifiedjs" }, { "type": "OpenCollective", "url": "https://opencollective.com/unified" } ], "license": "MIT", "dependencies": { "micromark-util-chunked": "^2.0.0", "micromark-util-types": "^2.0.0" } }, "node_modules/micromark-util-decode-numeric-character-reference": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/micromark-util-decode-numeric-character-reference/-/micromark-util-decode-numeric-character-reference-2.0.2.tgz", "integrity": "sha512-ccUbYk6CwVdkmCQMyr64dXz42EfHGkPQlBj5p7YVGzq8I7CtjXZJrubAYezf7Rp+bjPseiROqe7G6foFd+lEuw==", "dev": true, "funding": [ { "type": "GitHub Sponsors", "url": "https://github.com/sponsors/unifiedjs" }, { "type": "OpenCollective", "url": "https://opencollective.com/unified" } ], "license": "MIT", "dependencies": { "micromark-util-symbol": "^2.0.0" } }, "node_modules/micromark-util-encode": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/micromark-util-encode/-/micromark-util-encode-2.0.1.tgz", "integrity": "sha512-c3cVx2y4KqUnwopcO9b/SCdo2O67LwJJ/UyqGfbigahfegL9myoEFoDYZgkT7f36T0bLrM9hZTAaAyH+PCAXjw==", "dev": true, "funding": [ { "type": "GitHub Sponsors", "url": "https://github.com/sponsors/unifiedjs" }, { "type": "OpenCollective", "url": "https://opencollective.com/unified" } ], "license": "MIT" }, "node_modules/micromark-util-html-tag-name": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/micromark-util-html-tag-name/-/micromark-util-html-tag-name-2.0.1.tgz", "integrity": "sha512-2cNEiYDhCWKI+Gs9T0Tiysk136SnR13hhO8yW6BGNyhOC4qYFnwF1nKfD3HFAIXA5c45RrIG1ub11GiXeYd1xA==", "dev": true, "funding": [ { "type": "GitHub Sponsors", "url": "https://github.com/sponsors/unifiedjs" }, { "type": "OpenCollective", "url": "https://opencollective.com/unified" } ], "license": "MIT" }, "node_modules/micromark-util-normalize-identifier": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/micromark-util-normalize-identifier/-/micromark-util-normalize-identifier-2.0.1.tgz", "integrity": "sha512-sxPqmo70LyARJs0w2UclACPUUEqltCkJ6PhKdMIDuJ3gSf/Q+/GIe3WKl0Ijb/GyH9lOpUkRAO2wp0GVkLvS9Q==", "dev": true, "funding": [ { "type": "GitHub Sponsors", "url": "https://github.com/sponsors/unifiedjs" }, { "type": "OpenCollective", "url": "https://opencollective.com/unified" } ], "license": "MIT", "dependencies": { "micromark-util-symbol": "^2.0.0" } }, "node_modules/micromark-util-resolve-all": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/micromark-util-resolve-all/-/micromark-util-resolve-all-2.0.1.tgz", "integrity": "sha512-VdQyxFWFT2/FGJgwQnJYbe1jjQoNTS4RjglmSjTUlpUMa95Htx9NHeYW4rGDJzbjvCsl9eLjMQwGeElsqmzcHg==", "dev": true, "funding": [ { "type": "GitHub Sponsors", "url": "https://github.com/sponsors/unifiedjs" }, { "type": "OpenCollective", "url": "https://opencollective.com/unified" } ], "license": "MIT", "dependencies": { "micromark-util-types": "^2.0.0" } }, "node_modules/micromark-util-sanitize-uri": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/micromark-util-sanitize-uri/-/micromark-util-sanitize-uri-2.0.1.tgz", "integrity": "sha512-9N9IomZ/YuGGZZmQec1MbgxtlgougxTodVwDzzEouPKo3qFWvymFHWcnDi2vzV1ff6kas9ucW+o3yzJK9YB1AQ==", "dev": true, "funding": [ { "type": "GitHub Sponsors", "url": "https://github.com/sponsors/unifiedjs" }, { "type": "OpenCollective", "url": "https://opencollective.com/unified" } ], "license": "MIT", "dependencies": { "micromark-util-character": "^2.0.0", "micromark-util-encode": "^2.0.0", "micromark-util-symbol": "^2.0.0" } }, "node_modules/micromark-util-subtokenize": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/micromark-util-subtokenize/-/micromark-util-subtokenize-2.1.0.tgz", "integrity": "sha512-XQLu552iSctvnEcgXw6+Sx75GflAPNED1qx7eBJ+wydBb2KCbRZe+NwvIEEMM83uml1+2WSXpBAcp9IUCgCYWA==", "dev": true, "funding": [ { "type": "GitHub Sponsors", "url": "https://github.com/sponsors/unifiedjs" }, { "type": "OpenCollective", "url": "https://opencollective.com/unified" } ], "license": "MIT", "dependencies": { "devlop": "^1.0.0", "micromark-util-chunked": "^2.0.0", "micromark-util-symbol": "^2.0.0", "micromark-util-types": "^2.0.0" } }, "node_modules/micromark-util-symbol": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", "dev": true, "funding": [ { "type": "GitHub Sponsors", "url": "https://github.com/sponsors/unifiedjs" }, { "type": "OpenCollective", "url": "https://opencollective.com/unified" } ], "license": "MIT" }, "node_modules/micromark-util-types": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/micromark-util-types/-/micromark-util-types-2.0.2.tgz", "integrity": "sha512-Yw0ECSpJoViF1qTU4DC6NwtC4aWGt1EkzaQB8KPPyCRR8z9TWeV0HbEFGTO+ZY1wB22zmxnJqhPyTpOVCpeHTA==", "dev": true, "funding": [ { "type": "GitHub Sponsors", "url": "https://github.com/sponsors/unifiedjs" }, { "type": "OpenCollective", "url": "https://opencollective.com/unified" } ], "license": "MIT" }, "node_modules/micromatch": { "version": "4.0.8", "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz", "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==", "dev": true, "license": "MIT", "dependencies": { "braces": "^3.0.3", "picomatch": "^2.3.1" }, "engines": { "node": ">=8.6" } }, "node_modules/mime-db": { "version": "1.54.0", "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.54.0.tgz", "integrity": "sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ==", "license": "MIT", "engines": { "node": ">= 0.6" } }, "node_modules/mime-types": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-3.0.1.tgz", "integrity": "sha512-xRc4oEhT6eaBpU1XF7AjpOFD+xQmXNB5OVKwp4tqCuBpHLS/ZbBDrc07mYTDqVMg6PfxUjjNp85O6Cd2Z/5HWA==", "license": "MIT", "dependencies": { "mime-db": "^1.54.0" }, "engines": { "node": ">= 0.6" } }, "node_modules/minimatch": { "version": "9.0.5", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz", "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==", "dev": true, "license": "ISC", "dependencies": { "brace-expansion": "^2.0.1" }, "engines": { "node": ">=16 || 14 >=14.17" }, "funding": { "url": "https://github.com/sponsors/isaacs" } }, "node_modules/minipass": { "version": "7.1.2", "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz", "integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==", "dev": true, "license": "ISC", "engines": { "node": ">=16 || 14 >=14.17" } }, "node_modules/mitt": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/mitt/-/mitt-3.0.1.tgz", "integrity": "sha512-vKivATfr97l2/QBCYAkXYDbrIWPM2IIKEl7YPhjCvKlG3kE2gm+uBo6nEXK3M5/Ffh/FLpKExzOQ3JJoJGFKBw==", "license": "MIT" }, "node_modules/moo": { "version": "0.5.2", "resolved": "https://registry.npmjs.org/moo/-/moo-0.5.2.tgz", "integrity": "sha512-iSAJLHYKnX41mKcJKjqvnAN9sf0LMDTXDEvFv+ffuRR9a1MIuXLjMNL6EsnDHSkKLTWNqQQ5uo61P4EbU4NU+Q==", "dev": true, "license": "BSD-3-Clause" }, "node_modules/mri": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/mri/-/mri-1.2.0.tgz", "integrity": "sha512-tzzskb3bG8LvYGFF/mDTpq3jpI6Q9wc3LEmBaghu+DdCssd1FakN7Bc0hVNmEyGq1bq3RgfkCb3cmQLpNPOroA==", "license": "MIT", "engines": { "node": ">=4" } }, "node_modules/ms": { "version": "2.1.3", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", "license": "MIT" }, "node_modules/nanoid": { "version": "3.3.11", "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.11.tgz", "integrity": "sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w==", "dev": true, "funding": [ { "type": "github", "url": "https://github.com/sponsors/ai" } ], "license": "MIT", "bin": { "nanoid": "bin/nanoid.cjs" }, "engines": { "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" } }, "node_modules/netmask": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/netmask/-/netmask-2.0.2.tgz", "integrity": "sha512-dBpDMdxv9Irdq66304OLfEmQ9tbNRFnFTuZiLo+bD+r332bBmMJ8GBLXklIXXgxd3+v9+KUnZaUR5PJMa75Gsg==", "license": "MIT", "engines": { "node": ">= 0.4.0" } }, "node_modules/nth-check": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/nth-check/-/nth-check-2.1.1.tgz", "integrity": "sha512-lqjrjmaOoAnWfMmBPL+XNnynZh2+swxiX3WUE0s4yEHI6m+AwrK2UZOimIRl3X/4QctVqS8AiZjFqyOGrMXb/w==", "license": "BSD-2-Clause", "dependencies": { "boolbase": "^1.0.0" }, "funding": { "url": "https://github.com/fb55/nth-check?sponsor=1" } }, "node_modules/on-finished": { "version": "2.4.1", "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==", "license": "MIT", "dependencies": { "ee-first": "1.1.1" }, "engines": { "node": ">= 0.8" } }, "node_modules/once": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", "license": "ISC", "dependencies": { "wrappy": "1" } }, "node_modules/p-limit": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", "dev": true, "license": "MIT", "dependencies": { "yocto-queue": "^0.1.0" }, "engines": { "node": ">=10" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/p-locate": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==", "dev": true, "license": "MIT", "dependencies": { "p-limit": "^3.0.2" }, "engines": { "node": ">=10" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/pac-proxy-agent": { "version": "7.2.0", "resolved": "https://registry.npmjs.org/pac-proxy-agent/-/pac-proxy-agent-7.2.0.tgz", "integrity": "sha512-TEB8ESquiLMc0lV8vcd5Ql/JAKAoyzHFXaStwjkzpOpC5Yv+pIzLfHvjTSdf3vpa2bMiUQrg9i6276yn8666aA==", "license": "MIT", "dependencies": { "@tootallnate/quickjs-emscripten": "^0.23.0", "agent-base": "^7.1.2", "debug": "^4.3.4", "get-uri": "^6.0.1", "http-proxy-agent": "^7.0.0", "https-proxy-agent": "^7.0.6", "pac-resolver": "^7.0.1", "socks-proxy-agent": "^8.0.5" }, "engines": { "node": ">= 14" } }, "node_modules/pac-resolver": { "version": "7.0.1", "resolved": "https://registry.npmjs.org/pac-resolver/-/pac-resolver-7.0.1.tgz", "integrity": "sha512-5NPgf87AT2STgwa2ntRMr45jTKrYBGkVU36yT0ig/n/GMAa3oPqhZfIQ2kMEimReg0+t9kZViDVZ83qfVUlckg==", "license": "MIT", "dependencies": { "degenerator": "^5.0.0", "netmask": "^2.0.2" }, "engines": { "node": ">= 14" } }, "node_modules/package-json-from-dist": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz", "integrity": "sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==", "dev": true, "license": "BlueOak-1.0.0" }, "node_modules/parent-module": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", "integrity": "sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==", "license": "MIT", "dependencies": { "callsites": "^3.0.0" }, "engines": { "node": ">=6" } }, "node_modules/parse-entities": { "version": "4.0.2", "resolved": "https://registry.npmjs.org/parse-entities/-/parse-entities-4.0.2.tgz", "integrity": "sha512-GG2AQYWoLgL877gQIKeRPGO1xF9+eG1ujIb5soS5gPvLQ1y2o8FL90w2QWNdf9I361Mpp7726c+lj3U0qK1uGw==", "dev": true, "license": "MIT", "dependencies": { "@types/unist": "^2.0.0", "character-entities-legacy": "^3.0.0", "character-reference-invalid": "^2.0.0", "decode-named-character-reference": "^1.0.0", "is-alphanumerical": "^2.0.0", "is-decimal": "^2.0.0", "is-hexadecimal": "^2.0.0" }, "funding": { "type": "github", "url": "https://github.com/sponsors/wooorm" } }, "node_modules/parse-json": { "version": "5.2.0", "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz", "integrity": "sha512-ayCKvm/phCGxOkYRSCM82iDwct8/EonSEgCSxWxD7ve6jHggsFl4fZVQBPRNgQoKiuV/odhFrGzQXZwbifC8Rg==", "license": "MIT", "dependencies": { "@babel/code-frame": "^7.0.0", "error-ex": "^1.3.1", "json-parse-even-better-errors": "^2.3.0", "lines-and-columns": "^1.1.6" }, "engines": { "node": ">=8" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/parse5": { "version": "7.3.0", "resolved": "https://registry.npmjs.org/parse5/-/parse5-7.3.0.tgz", "integrity": "sha512-IInvU7fabl34qmi9gY8XOVxhYyMyuH2xUNpb2q8/Y+7552KlejkRvqvD19nMoUW/uQGGbqNpA6Tufu5FL5BZgw==", "license": "MIT", "dependencies": { "entities": "^6.0.0" }, "funding": { "url": "https://github.com/inikulin/parse5?sponsor=1" } }, "node_modules/parse5-htmlparser2-tree-adapter": { "version": "7.1.0", "resolved": "https://registry.npmjs.org/parse5-htmlparser2-tree-adapter/-/parse5-htmlparser2-tree-adapter-7.1.0.tgz", "integrity": "sha512-ruw5xyKs6lrpo9x9rCZqZZnIUntICjQAd0Wsmp396Ul9lN/h+ifgVV1x1gZHi8euej6wTfpqX8j+BFQxF0NS/g==", "license": "MIT", "dependencies": { "domhandler": "^5.0.3", "parse5": "^7.0.0" }, "funding": { "url": "https://github.com/inikulin/parse5?sponsor=1" } }, "node_modules/parse5-parser-stream": { "version": "7.1.2", "resolved": "https://registry.npmjs.org/parse5-parser-stream/-/parse5-parser-stream-7.1.2.tgz", "integrity": "sha512-JyeQc9iwFLn5TbvvqACIF/VXG6abODeB3Fwmv/TGdLk2LfbWkaySGY72at4+Ty7EkPZj854u4CrICqNk2qIbow==", "license": "MIT", "dependencies": { "parse5": "^7.0.0" }, "funding": { "url": "https://github.com/inikulin/parse5?sponsor=1" } }, "node_modules/parse5/node_modules/entities": { "version": "6.0.1", "resolved": "https://registry.npmjs.org/entities/-/entities-6.0.1.tgz", "integrity": "sha512-aN97NXWF6AWBTahfVOIrB/NShkzi5H7F9r1s9mD3cDj4Ko5f2qhhVoYMibXF7GlLveb/D2ioWay8lxI97Ven3g==", "license": "BSD-2-Clause", "engines": { "node": ">=0.12" }, "funding": { "url": "https://github.com/fb55/entities?sponsor=1" } }, "node_modules/parseurl": { "version": "1.3.3", "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==", "license": "MIT", "engines": { "node": ">= 0.8" } }, "node_modules/path-exists": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", "dev": true, "license": "MIT", "engines": { "node": ">=8" } }, "node_modules/path-key": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", "dev": true, "license": "MIT", "engines": { "node": ">=8" } }, "node_modules/path-scurry": { "version": "1.11.1", "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz", "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==", "dev": true, "license": "BlueOak-1.0.0", "dependencies": { "lru-cache": "^10.2.0", "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" }, "engines": { "node": ">=16 || 14 >=14.18" }, "funding": { "url": "https://github.com/sponsors/isaacs" } }, "node_modules/path-scurry/node_modules/lru-cache": { "version": "10.4.3", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz", "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==", "dev": true, "license": "ISC" }, "node_modules/path-type": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/path-type/-/path-type-6.0.0.tgz", "integrity": "sha512-Vj7sf++t5pBD637NSfkxpHSMfWaeig5+DKWLhcqIYx6mWQz5hdJTGDVMQiJcw1ZYkhs7AazKDGpRVji1LJCZUQ==", "dev": true, "license": "MIT", "engines": { "node": ">=18" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/pathe": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/pathe/-/pathe-2.0.3.tgz", "integrity": "sha512-WUjGcAqP1gQacoQe+OBJsFA7Ld4DyXuUIjZ5cc75cLHvJ7dtNsTugphxIADwspS+AraAUePCKrSVtPLFj/F88w==", "dev": true, "license": "MIT" }, "node_modules/pathval": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/pathval/-/pathval-2.0.0.tgz", "integrity": "sha512-vE7JKRyES09KiunauX7nd2Q9/L7lhok4smP9RZTDeD4MVs72Dp2qNFVz39Nz5a0FVEW0BJR6C0DYrq6unoziZA==", "dev": true, "license": "MIT", "engines": { "node": ">= 14.16" } }, "node_modules/pend": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", "integrity": "sha512-F3asv42UuXchdzt+xXqfW1OGlVBe+mxa2mqI0pg5yAHZPvFmY3Y6drSf/GQ1A86WgWEN9Kzh/WrgKa6iGcHXLg==", "license": "MIT" }, "node_modules/picocolors": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz", "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==", "license": "ISC" }, "node_modules/picomatch": { "version": "2.3.1", "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", "dev": true, "license": "MIT", "engines": { "node": ">=8.6" }, "funding": { "url": "https://github.com/sponsors/jonschlinkert" } }, "node_modules/postcss": { "version": "8.5.6", "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.6.tgz", "integrity": "sha512-3Ybi1tAuwAP9s0r1UQ2J4n5Y0G05bJkpUIO0/bI9MhwmD70S5aTWbXGBwxHrelT+XM1k6dM0pk+SwNkpTRN7Pg==", "dev": true, "funding": [ { "type": "opencollective", "url": "https://opencollective.com/postcss/" }, { "type": "tidelift", "url": "https://tidelift.com/funding/github/npm/postcss" }, { "type": "github", "url": "https://github.com/sponsors/ai" } ], "license": "MIT", "dependencies": { "nanoid": "^3.3.11", "picocolors": "^1.1.1", "source-map-js": "^1.2.1" }, "engines": { "node": "^10 || ^12 || >=14" } }, "node_modules/progress": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz", "integrity": "sha512-7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA==", "license": "MIT", "engines": { "node": ">=0.4.0" } }, "node_modules/proxy-agent": { "version": "6.5.0", "resolved": "https://registry.npmjs.org/proxy-agent/-/proxy-agent-6.5.0.tgz", "integrity": "sha512-TmatMXdr2KlRiA2CyDu8GqR8EjahTG3aY3nXjdzFyoZbmB8hrBsTyMezhULIXKnC0jpfjlmiZ3+EaCzoInSu/A==", "license": "MIT", "dependencies": { "agent-base": "^7.1.2", "debug": "^4.3.4", "http-proxy-agent": "^7.0.1", "https-proxy-agent": "^7.0.6", "lru-cache": "^7.14.1", "pac-proxy-agent": "^7.1.0", "proxy-from-env": "^1.1.0", "socks-proxy-agent": "^8.0.5" }, "engines": { "node": ">= 14" } }, "node_modules/proxy-from-env": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==", "license": "MIT" }, "node_modules/pump": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.3.tgz", "integrity": "sha512-todwxLMY7/heScKmntwQG8CXVkWUOdYxIvY2s0VWAAMh/nd8SoYiRaKjlr7+iCs984f2P8zvrfWcDDYVb73NfA==", "license": "MIT", "dependencies": { "end-of-stream": "^1.1.0", "once": "^1.3.1" } }, "node_modules/punycode.js": { "version": "2.3.1", "resolved": "https://registry.npmjs.org/punycode.js/-/punycode.js-2.3.1.tgz", "integrity": "sha512-uxFIHU0YlHYhDQtV4R9J6a52SLx28BCjT+4ieh7IGbgwVJWO+km431c4yRlREUAsAmt/uMjQUyQHNEPf0M39CA==", "license": "MIT", "engines": { "node": ">=6" } }, "node_modules/puppeteer": { "version": "24.16.1", "resolved": "https://registry.npmjs.org/puppeteer/-/puppeteer-24.16.1.tgz", "integrity": "sha512-3jrx2BrOBb8yr3+KE7OyxVtI2fjPNZi46/SQGxFvlKZX4/56i2LbdArEhNvlQw/xxmsZfpjFRbGtkMavgh3I+g==", "hasInstallScript": true, "license": "Apache-2.0", "dependencies": { "@puppeteer/browsers": "2.10.6", "chromium-bidi": "7.3.1", "cosmiconfig": "^9.0.0", "devtools-protocol": "0.0.1475386", "puppeteer-core": "24.16.1", "typed-query-selector": "^2.12.0" }, "bin": { "puppeteer": "lib/cjs/puppeteer/node/cli.js" }, "engines": { "node": ">=18" } }, "node_modules/puppeteer-core": { "version": "24.16.1", "resolved": "https://registry.npmjs.org/puppeteer-core/-/puppeteer-core-24.16.1.tgz", "integrity": "sha512-0dGD2kxoH9jqj/xiz4KZLcPKpqWygs+VSEBzvuVbU3KoT2cCw4HnMT9r/7NvYl1lIa+JCa5yIyRqi+4R3UyYfQ==", "license": "Apache-2.0", "dependencies": { "@puppeteer/browsers": "2.10.6", "chromium-bidi": "7.3.1", "debug": "^4.4.1", "devtools-protocol": "0.0.1475386", "typed-query-selector": "^2.12.0", "ws": "^8.18.3" }, "engines": { "node": ">=18" } }, "node_modules/queue-microtask": { "version": "1.2.3", "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==", "dev": true, "funding": [ { "type": "github", "url": "https://github.com/sponsors/feross" }, { "type": "patreon", "url": "https://www.patreon.com/feross" }, { "type": "consulting", "url": "https://feross.org/support" } ], "license": "MIT" }, "node_modules/range-parser": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", "license": "MIT", "engines": { "node": ">= 0.6" } }, "node_modules/require-directory": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==", "license": "MIT", "engines": { "node": ">=0.10.0" } }, "node_modules/resolve-from": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", "integrity": "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==", "license": "MIT", "engines": { "node": ">=4" } }, "node_modules/respec": { "version": "35.5.1", "resolved": "https://registry.npmjs.org/respec/-/respec-35.5.1.tgz", "integrity": "sha512-F1ykHL5WdMXb6Rp5EGjaPsc34SSIl8GWFRKlkFZ+xNhsQrU5cN9OsnxWYqP/XO/0Kkeyj7JKn4pC1Ykrqnj7LQ==", "license": "W3C", "dependencies": { "colors": "1.4.0", "finalhandler": "^2.1.0", "marked": "^12.0.2", "puppeteer": "^24.16.1", "sade": "^1.8.1", "serve-static": "^2.2.0" }, "bin": { "respec": "tools/respec2html.js", "respec2html": "tools/respec2html.js" }, "engines": { "node": ">=20.12.1" }, "funding": { "type": "opencollective", "url": "https://opencollective.com/respec" } }, "node_modules/reusify": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.1.0.tgz", "integrity": "sha512-g6QUff04oZpHs0eG5p83rFLhHeV00ug/Yf9nZM6fLeUrPguBTkTQOdpAWWspMh55TZfVQDPaN3NQJfbVRAxdIw==", "dev": true, "license": "MIT", "engines": { "iojs": ">=1.0.0", "node": ">=0.10.0" } }, "node_modules/rollup": { "version": "4.43.0", "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.43.0.tgz", "integrity": "sha512-wdN2Kd3Twh8MAEOEJZsuxuLKCsBEo4PVNLK6tQWAn10VhsVewQLzcucMgLolRlhFybGxfclbPeEYBaP6RvUFGg==", "dev": true, "license": "MIT", "dependencies": { "@types/estree": "1.0.7" }, "bin": { "rollup": "dist/bin/rollup" }, "engines": { "node": ">=18.0.0", "npm": ">=8.0.0" }, "optionalDependencies": { "@rollup/rollup-android-arm-eabi": "4.43.0", "@rollup/rollup-android-arm64": "4.43.0", "@rollup/rollup-darwin-arm64": "4.43.0", "@rollup/rollup-darwin-x64": "4.43.0", "@rollup/rollup-freebsd-arm64": "4.43.0", "@rollup/rollup-freebsd-x64": "4.43.0", "@rollup/rollup-linux-arm-gnueabihf": "4.43.0", "@rollup/rollup-linux-arm-musleabihf": "4.43.0", "@rollup/rollup-linux-arm64-gnu": "4.43.0", "@rollup/rollup-linux-arm64-musl": "4.43.0", "@rollup/rollup-linux-loongarch64-gnu": "4.43.0", "@rollup/rollup-linux-powerpc64le-gnu": "4.43.0", "@rollup/rollup-linux-riscv64-gnu": "4.43.0", "@rollup/rollup-linux-riscv64-musl": "4.43.0", "@rollup/rollup-linux-s390x-gnu": "4.43.0", "@rollup/rollup-linux-x64-gnu": "4.43.0", "@rollup/rollup-linux-x64-musl": "4.43.0", "@rollup/rollup-win32-arm64-msvc": "4.43.0", "@rollup/rollup-win32-ia32-msvc": "4.43.0", "@rollup/rollup-win32-x64-msvc": "4.43.0", "fsevents": "~2.3.2" } }, "node_modules/rollup/node_modules/@types/estree": { "version": "1.0.7", "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.7.tgz", "integrity": "sha512-w28IoSUCJpidD/TGviZwwMJckNESJZXFu7NBZ5YJ4mEUnNraUn9Pm8HSZm/jDF1pDWYKspWE7oVphigUPRakIQ==", "dev": true, "license": "MIT" }, "node_modules/run-parallel": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==", "dev": true, "funding": [ { "type": "github", "url": "https://github.com/sponsors/feross" }, { "type": "patreon", "url": "https://www.patreon.com/feross" }, { "type": "consulting", "url": "https://feross.org/support" } ], "license": "MIT", "dependencies": { "queue-microtask": "^1.2.2" } }, "node_modules/sade": { "version": "1.8.1", "resolved": "https://registry.npmjs.org/sade/-/sade-1.8.1.tgz", "integrity": "sha512-xal3CZX1Xlo/k4ApwCFrHVACi9fBqJ7V+mwhBsuf/1IOKbBy098Fex+Wa/5QMubw09pSZ/u8EY8PWgevJsXp1A==", "license": "MIT", "dependencies": { "mri": "^1.1.0" }, "engines": { "node": ">=6" } }, "node_modules/safer-buffer": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", "license": "MIT" }, "node_modules/semver": { "version": "7.7.2", "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz", "integrity": "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==", "license": "ISC", "bin": { "semver": "bin/semver.js" }, "engines": { "node": ">=10" } }, "node_modules/send": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/send/-/send-1.2.0.tgz", "integrity": "sha512-uaW0WwXKpL9blXE2o0bRhoL2EGXIrZxQ2ZQ4mgcfoBxdFmQold+qWsD2jLrfZ0trjKL6vOw0j//eAwcALFjKSw==", "license": "MIT", "dependencies": { "debug": "^4.3.5", "encodeurl": "^2.0.0", "escape-html": "^1.0.3", "etag": "^1.8.1", "fresh": "^2.0.0", "http-errors": "^2.0.0", "mime-types": "^3.0.1", "ms": "^2.1.3", "on-finished": "^2.4.1", "range-parser": "^1.2.1", "statuses": "^2.0.1" }, "engines": { "node": ">= 18" } }, "node_modules/serve-static": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-2.2.0.tgz", "integrity": "sha512-61g9pCh0Vnh7IutZjtLGGpTA355+OPn2TyDv/6ivP2h/AdAVX9azsoxmg2/M6nZeQZNYBEwIcsne1mJd9oQItQ==", "license": "MIT", "dependencies": { "encodeurl": "^2.0.0", "escape-html": "^1.0.3", "parseurl": "^1.3.3", "send": "^1.2.0" }, "engines": { "node": ">= 18" } }, "node_modules/setprototypeof": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==", "license": "ISC" }, "node_modules/shebang-command": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", "dev": true, "license": "MIT", "dependencies": { "shebang-regex": "^3.0.0" }, "engines": { "node": ">=8" } }, "node_modules/shebang-regex": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", "dev": true, "license": "MIT", "engines": { "node": ">=8" } }, "node_modules/siginfo": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/siginfo/-/siginfo-2.0.0.tgz", "integrity": "sha512-ybx0WO1/8bSBLEWXZvEd7gMW3Sn3JFlW3TvX1nREbDLRNQNaeNN8WK0meBwPdAaOI7TtRRRJn/Es1zhrrCHu7g==", "dev": true, "license": "ISC" }, "node_modules/signal-exit": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==", "dev": true, "license": "ISC", "engines": { "node": ">=14" }, "funding": { "url": "https://github.com/sponsors/isaacs" } }, "node_modules/slash": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/slash/-/slash-5.1.0.tgz", "integrity": "sha512-ZA6oR3T/pEyuqwMgAKT0/hAv8oAXckzbkmR0UkUosQ+Mc4RxGoJkRmwHgHufaenlyAgE1Mxgpdcrf75y6XcnDg==", "dev": true, "license": "MIT", "engines": { "node": ">=14.16" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/smart-buffer": { "version": "4.2.0", "resolved": "https://registry.npmjs.org/smart-buffer/-/smart-buffer-4.2.0.tgz", "integrity": "sha512-94hK0Hh8rPqQl2xXc3HsaBoOXKV20MToPkcXvwbISWLEs+64sBq5kFgn2kJDHb1Pry9yrP0dxrCI9RRci7RXKg==", "license": "MIT", "engines": { "node": ">= 6.0.0", "npm": ">= 3.0.0" } }, "node_modules/socks": { "version": "2.8.7", "resolved": "https://registry.npmjs.org/socks/-/socks-2.8.7.tgz", "integrity": "sha512-HLpt+uLy/pxB+bum/9DzAgiKS8CX1EvbWxI4zlmgGCExImLdiad2iCwXT5Z4c9c3Eq8rP2318mPW2c+QbtjK8A==", "license": "MIT", "dependencies": { "ip-address": "^10.0.1", "smart-buffer": "^4.2.0" }, "engines": { "node": ">= 10.0.0", "npm": ">= 3.0.0" } }, "node_modules/socks-proxy-agent": { "version": "8.0.5", "resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-8.0.5.tgz", "integrity": "sha512-HehCEsotFqbPW9sJ8WVYB6UbmIMv7kUUORIF2Nncq4VQvBfNBLibW9YZR5dlYCSUhwcD628pRllm7n+E+YTzJw==", "license": "MIT", "dependencies": { "agent-base": "^7.1.2", "debug": "^4.3.4", "socks": "^2.8.3" }, "engines": { "node": ">= 14" } }, "node_modules/source-map": { "version": "0.6.1", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", "license": "BSD-3-Clause", "optional": true, "engines": { "node": ">=0.10.0" } }, "node_modules/source-map-js": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz", "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==", "dev": true, "license": "BSD-3-Clause", "engines": { "node": ">=0.10.0" } }, "node_modules/stackback": { "version": "0.0.2", "resolved": "https://registry.npmjs.org/stackback/-/stackback-0.0.2.tgz", "integrity": "sha512-1XMJE5fQo1jGH6Y/7ebnwPOBEkIEnT4QF32d5R1+VXdXveM0IBMJt8zfaxX1P3QhVwrYe+576+jkANtSS2mBbw==", "dev": true, "license": "MIT" }, "node_modules/statuses": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==", "license": "MIT", "engines": { "node": ">= 0.8" } }, "node_modules/std-env": { "version": "3.9.0", "resolved": "https://registry.npmjs.org/std-env/-/std-env-3.9.0.tgz", "integrity": "sha512-UGvjygr6F6tpH7o2qyqR6QYpwraIjKSdtzyBdyytFOHmPZY917kwdwLG0RbOjWOnKmnm3PeHjaoLLMie7kPLQw==", "dev": true, "license": "MIT" }, "node_modules/streamx": { "version": "2.22.1", "resolved": "https://registry.npmjs.org/streamx/-/streamx-2.22.1.tgz", "integrity": "sha512-znKXEBxfatz2GBNK02kRnCXjV+AA4kjZIUxeWSr3UGirZMJfTE9uiwKHobnbgxWyL/JWro8tTq+vOqAK1/qbSA==", "license": "MIT", "dependencies": { "fast-fifo": "^1.3.2", "text-decoder": "^1.1.0" }, "optionalDependencies": { "bare-events": "^2.2.0" } }, "node_modules/string-width": { "version": "5.1.2", "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==", "dev": true, "license": "MIT", "dependencies": { "eastasianwidth": "^0.2.0", "emoji-regex": "^9.2.2", "strip-ansi": "^7.0.1" }, "engines": { "node": ">=12" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/string-width-cjs": { "name": "string-width", "version": "4.2.3", "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", "dev": true, "license": "MIT", "dependencies": { "emoji-regex": "^8.0.0", "is-fullwidth-code-point": "^3.0.0", "strip-ansi": "^6.0.1" }, "engines": { "node": ">=8" } }, "node_modules/string-width-cjs/node_modules/ansi-regex": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", "dev": true, "license": "MIT", "engines": { "node": ">=8" } }, "node_modules/string-width-cjs/node_modules/emoji-regex": { "version": "8.0.0", "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", "dev": true, "license": "MIT" }, "node_modules/string-width-cjs/node_modules/strip-ansi": { "version": "6.0.1", "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", "dev": true, "license": "MIT", "dependencies": { "ansi-regex": "^5.0.1" }, "engines": { "node": ">=8" } }, "node_modules/strip-ansi": { "version": "7.1.0", "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==", "license": "MIT", "dependencies": { "ansi-regex": "^6.0.1" }, "engines": { "node": ">=12" }, "funding": { "url": "https://github.com/chalk/strip-ansi?sponsor=1" } }, "node_modules/strip-ansi-cjs": { "name": "strip-ansi", "version": "6.0.1", "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", "dev": true, "license": "MIT", "dependencies": { "ansi-regex": "^5.0.1" }, "engines": { "node": ">=8" } }, "node_modules/strip-ansi-cjs/node_modules/ansi-regex": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", "dev": true, "license": "MIT", "engines": { "node": ">=8" } }, "node_modules/strip-literal": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/strip-literal/-/strip-literal-3.0.0.tgz", "integrity": "sha512-TcccoMhJOM3OebGhSBEmp3UZ2SfDMZUEBdRA/9ynfLi8yYajyWX3JiXArcJt4Umh4vISpspkQIY8ZZoCqjbviA==", "dev": true, "license": "MIT", "dependencies": { "js-tokens": "^9.0.1" }, "funding": { "url": "https://github.com/sponsors/antfu" } }, "node_modules/strip-literal/node_modules/js-tokens": { "version": "9.0.1", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-9.0.1.tgz", "integrity": "sha512-mxa9E9ITFOt0ban3j6L5MpjwegGz6lBQmM1IJkWeBZGcMxto50+eWdjC/52xDbS2vy0k7vIMK0Fe2wfL9OQSpQ==", "dev": true, "license": "MIT" }, "node_modules/supports-color": { "version": "7.2.0", "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", "dev": true, "license": "MIT", "dependencies": { "has-flag": "^4.0.0" }, "engines": { "node": ">=8" } }, "node_modules/tar-fs": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-3.1.0.tgz", "integrity": "sha512-5Mty5y/sOF1YWj1J6GiBodjlDc05CUR8PKXrsnFAiSG0xA+GHeWLovaZPYUDXkH/1iKRf2+M5+OrRgzC7O9b7w==", "license": "MIT", "dependencies": { "pump": "^3.0.0", "tar-stream": "^3.1.5" }, "optionalDependencies": { "bare-fs": "^4.0.1", "bare-path": "^3.0.0" } }, "node_modules/tar-stream": { "version": "3.1.7", "resolved": "https://registry.npmjs.org/tar-stream/-/tar-stream-3.1.7.tgz", "integrity": "sha512-qJj60CXt7IU1Ffyc3NJMjh6EkuCFej46zUqJ4J7pqYlThyd9bO0XBTmcOIhSzZJVWfsLks0+nle/j538YAW9RQ==", "license": "MIT", "dependencies": { "b4a": "^1.6.4", "fast-fifo": "^1.2.0", "streamx": "^2.15.0" } }, "node_modules/test-exclude": { "version": "7.0.1", "resolved": "https://registry.npmjs.org/test-exclude/-/test-exclude-7.0.1.tgz", "integrity": "sha512-pFYqmTw68LXVjeWJMST4+borgQP2AyMNbg1BpZh9LbyhUeNkeaPF9gzfPGUAnSMV3qPYdWUwDIjjCLiSDOl7vg==", "dev": true, "license": "ISC", "dependencies": { "@istanbuljs/schema": "^0.1.2", "glob": "^10.4.1", "minimatch": "^9.0.4" }, "engines": { "node": ">=18" } }, "node_modules/text-decoder": { "version": "1.2.3", "resolved": "https://registry.npmjs.org/text-decoder/-/text-decoder-1.2.3.tgz", "integrity": "sha512-3/o9z3X0X0fTupwsYvR03pJ/DjWuqqrfwBgTQzdWDiQSm9KitAyz/9WqsT2JQW7KV2m+bC2ol/zqpW37NHxLaA==", "license": "Apache-2.0", "dependencies": { "b4a": "^1.6.4" } }, "node_modules/tinybench": { "version": "2.9.0", "resolved": "https://registry.npmjs.org/tinybench/-/tinybench-2.9.0.tgz", "integrity": "sha512-0+DUvqWMValLmha6lr4kD8iAMK1HzV0/aKnCtWb9v9641TnP/MFb7Pc2bxoxQjTXAErryXVgUOfv2YqNllqGeg==", "dev": true, "license": "MIT" }, "node_modules/tinyexec": { "version": "0.3.2", "resolved": "https://registry.npmjs.org/tinyexec/-/tinyexec-0.3.2.tgz", "integrity": "sha512-KQQR9yN7R5+OSwaK0XQoj22pwHoTlgYqmUscPYoknOoWCWfj/5/ABTMRi69FrKU5ffPVh5QcFikpWJI/P1ocHA==", "dev": true, "license": "MIT" }, "node_modules/tinyglobby": { "version": "0.2.14", "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.14.tgz", "integrity": "sha512-tX5e7OM1HnYr2+a2C/4V0htOcSQcoSTH9KgJnVvNm5zm/cyEWKJ7j7YutsH9CxMdtOkkLFy2AHrMci9IM8IPZQ==", "dev": true, "license": "MIT", "dependencies": { "fdir": "^6.4.4", "picomatch": "^4.0.2" }, "engines": { "node": ">=12.0.0" }, "funding": { "url": "https://github.com/sponsors/SuperchupuDev" } }, "node_modules/tinyglobby/node_modules/fdir": { "version": "6.4.6", "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.4.6.tgz", "integrity": "sha512-hiFoqpyZcfNm1yc4u8oWCf9A2c4D3QjCrks3zmoVKVxpQRzmPNar1hUJcBG2RQHvEVGDN+Jm81ZheVLAQMK6+w==", "dev": true, "license": "MIT", "peerDependencies": { "picomatch": "^3 || ^4" }, "peerDependenciesMeta": { "picomatch": { "optional": true } } }, "node_modules/tinyglobby/node_modules/picomatch": { "version": "4.0.2", "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.2.tgz", "integrity": "sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg==", "dev": true, "license": "MIT", "engines": { "node": ">=12" }, "funding": { "url": "https://github.com/sponsors/jonschlinkert" } }, "node_modules/tinypool": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/tinypool/-/tinypool-1.1.1.tgz", "integrity": "sha512-Zba82s87IFq9A9XmjiX5uZA/ARWDrB03OHlq+Vw1fSdt0I+4/Kutwy8BP4Y/y/aORMo61FQ0vIb5j44vSo5Pkg==", "dev": true, "license": "MIT", "engines": { "node": "^18.0.0 || >=20.0.0" } }, "node_modules/tinyrainbow": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/tinyrainbow/-/tinyrainbow-2.0.0.tgz", "integrity": "sha512-op4nsTR47R6p0vMUUoYl/a+ljLFVtlfaXkLQmqfLR1qHma1h/ysYk4hEXZ880bf2CYgTskvTa/e196Vd5dDQXw==", "dev": true, "license": "MIT", "engines": { "node": ">=14.0.0" } }, "node_modules/tinyspy": { "version": "4.0.3", "resolved": "https://registry.npmjs.org/tinyspy/-/tinyspy-4.0.3.tgz", "integrity": "sha512-t2T/WLB2WRgZ9EpE4jgPJ9w+i66UZfDc8wHh0xrwiRNN+UwH98GIJkTeZqX9rg0i0ptwzqW+uYeIF0T4F8LR7A==", "dev": true, "license": "MIT", "engines": { "node": ">=14.0.0" } }, "node_modules/to-regex-range": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", "dev": true, "license": "MIT", "dependencies": { "is-number": "^7.0.0" }, "engines": { "node": ">=8.0" } }, "node_modules/toidentifier": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==", "license": "MIT", "engines": { "node": ">=0.6" } }, "node_modules/tslib": { "version": "2.8.1", "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz", "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==", "license": "0BSD" }, "node_modules/typed-query-selector": { "version": "2.12.0", "resolved": "https://registry.npmjs.org/typed-query-selector/-/typed-query-selector-2.12.0.tgz", "integrity": "sha512-SbklCd1F0EiZOyPiW192rrHZzZ5sBijB6xM+cpmrwDqObvdtunOHHIk9fCGsoK5JVIYXoyEp4iEdE3upFH3PAg==", "license": "MIT" }, "node_modules/uc.micro": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-2.1.0.tgz", "integrity": "sha512-ARDJmphmdvUk6Glw7y9DQ2bFkKBHwQHLi2lsaH6PPmz/Ka9sFOBsBluozhDltWmnv9u/cF6Rt87znRTPV+yp/A==", "license": "MIT" }, "node_modules/undici": { "version": "7.12.0", "resolved": "https://registry.npmjs.org/undici/-/undici-7.12.0.tgz", "integrity": "sha512-GrKEsc3ughskmGA9jevVlIOPMiiAHJ4OFUtaAH+NhfTUSiZ1wMPIQqQvAJUrJspFXJt3EBWgpAeoHEDVT1IBug==", "license": "MIT", "engines": { "node": ">=20.18.1" } }, "node_modules/undici-types": { "version": "6.21.0", "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz", "integrity": "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==", "license": "MIT", "optional": true }, "node_modules/unicorn-magic": { "version": "0.3.0", "resolved": "https://registry.npmjs.org/unicorn-magic/-/unicorn-magic-0.3.0.tgz", "integrity": "sha512-+QBBXBCvifc56fsbuxZQ6Sic3wqqc3WWaqxs58gvJrcOuN83HGTCwz3oS5phzU9LthRNE9VrJCFCLUgHeeFnfA==", "dev": true, "license": "MIT", "engines": { "node": ">=18" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/unist-util-stringify-position": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/unist-util-stringify-position/-/unist-util-stringify-position-4.0.0.tgz", "integrity": "sha512-0ASV06AAoKCDkS2+xw5RXJywruurpbC4JZSm7nr7MOt1ojAzvyyaO+UxZf18j8FCF6kmzCZKcAgN/yu2gm2XgQ==", "dev": true, "license": "MIT", "dependencies": { "@types/unist": "^3.0.0" }, "funding": { "type": "opencollective", "url": "https://opencollective.com/unified" } }, "node_modules/unist-util-stringify-position/node_modules/@types/unist": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/@types/unist/-/unist-3.0.3.tgz", "integrity": "sha512-ko/gIFJRv177XgZsZcBwnqJN5x/Gien8qNOn0D5bQU/zAzVf9Zt3BlcUiLqhV9y4ARk0GbT3tnUiPNgnTXzc/Q==", "dev": true, "license": "MIT" }, "node_modules/uuid": { "version": "9.0.1", "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==", "dev": true, "funding": [ "https://github.com/sponsors/broofa", "https://github.com/sponsors/ctavan" ], "license": "MIT", "bin": { "uuid": "dist/bin/uuid" } }, "node_modules/v8-to-istanbul": { "version": "9.3.0", "resolved": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-9.3.0.tgz", "integrity": "sha512-kiGUalWN+rgBJ/1OHZsBtU4rXZOfj/7rKQxULKlIzwzQSvMJUUNgPwJEEh7gU6xEVxC0ahoOBvN2YI8GH6FNgA==", "dev": true, "license": "ISC", "dependencies": { "@jridgewell/trace-mapping": "^0.3.12", "@types/istanbul-lib-coverage": "^2.0.1", "convert-source-map": "^2.0.0" }, "engines": { "node": ">=10.12.0" } }, "node_modules/vfile": { "version": "6.0.3", "resolved": "https://registry.npmjs.org/vfile/-/vfile-6.0.3.tgz", "integrity": "sha512-KzIbH/9tXat2u30jf+smMwFCsno4wHVdNmzFyL+T/L3UGqqk6JKfVqOFOZEpZSHADH1k40ab6NUIXZq422ov3Q==", "dev": true, "license": "MIT", "dependencies": { "@types/unist": "^3.0.0", "vfile-message": "^4.0.0" }, "funding": { "type": "opencollective", "url": "https://opencollective.com/unified" } }, "node_modules/vfile-message": { "version": "4.0.2", "resolved": "https://registry.npmjs.org/vfile-message/-/vfile-message-4.0.2.tgz", "integrity": "sha512-jRDZ1IMLttGj41KcZvlrYAaI3CfqpLpfpf+Mfig13viT6NKvRzWZ+lXz0Y5D60w6uJIBAOGq9mSHf0gktF0duw==", "dev": true, "license": "MIT", "dependencies": { "@types/unist": "^3.0.0", "unist-util-stringify-position": "^4.0.0" }, "funding": { "type": "opencollective", "url": "https://opencollective.com/unified" } }, "node_modules/vfile-message/node_modules/@types/unist": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/@types/unist/-/unist-3.0.3.tgz", "integrity": "sha512-ko/gIFJRv177XgZsZcBwnqJN5x/Gien8qNOn0D5bQU/zAzVf9Zt3BlcUiLqhV9y4ARk0GbT3tnUiPNgnTXzc/Q==", "dev": true, "license": "MIT" }, "node_modules/vfile/node_modules/@types/unist": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/@types/unist/-/unist-3.0.3.tgz", "integrity": "sha512-ko/gIFJRv177XgZsZcBwnqJN5x/Gien8qNOn0D5bQU/zAzVf9Zt3BlcUiLqhV9y4ARk0GbT3tnUiPNgnTXzc/Q==", "dev": true, "license": "MIT" }, "node_modules/vite": { "version": "6.3.5", "resolved": "https://registry.npmjs.org/vite/-/vite-6.3.5.tgz", "integrity": "sha512-cZn6NDFE7wdTpINgs++ZJ4N49W2vRp8LCKrn3Ob1kYNtOo21vfDoaV5GzBfLU4MovSAB8uNRm4jgzVQZ+mBzPQ==", "dev": true, "license": "MIT", "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.4.4", "picomatch": "^4.0.2", "postcss": "^8.5.3", "rollup": "^4.34.9", "tinyglobby": "^0.2.13" }, "bin": { "vite": "bin/vite.js" }, "engines": { "node": "^18.0.0 || ^20.0.0 || >=22.0.0" }, "funding": { "url": "https://github.com/vitejs/vite?sponsor=1" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^18.0.0 || ^20.0.0 || >=22.0.0", "jiti": ">=1.21.0", "less": "*", "lightningcss": "^1.21.0", "sass": "*", "sass-embedded": "*", "stylus": "*", "sugarss": "*", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "peerDependenciesMeta": { "@types/node": { "optional": true }, "jiti": { "optional": true }, "less": { "optional": true }, "lightningcss": { "optional": true }, "sass": { "optional": true }, "sass-embedded": { "optional": true }, "stylus": { "optional": true }, "sugarss": { "optional": true }, "terser": { "optional": true }, "tsx": { "optional": true }, "yaml": { "optional": true } } }, "node_modules/vite-node": { "version": "3.2.4", "resolved": "https://registry.npmjs.org/vite-node/-/vite-node-3.2.4.tgz", "integrity": "sha512-EbKSKh+bh1E1IFxeO0pg1n4dvoOTt0UDiXMd/qn++r98+jPO1xtJilvXldeuQ8giIB5IkpjCgMleHMNEsGH6pg==", "dev": true, "license": "MIT", "dependencies": { "cac": "^6.7.14", "debug": "^4.4.1", "es-module-lexer": "^1.7.0", "pathe": "^2.0.3", "vite": "^5.0.0 || ^6.0.0 || ^7.0.0-0" }, "bin": { "vite-node": "vite-node.mjs" }, "engines": { "node": "^18.0.0 || ^20.0.0 || >=22.0.0" }, "funding": { "url": "https://opencollective.com/vitest" } }, "node_modules/vite/node_modules/fdir": { "version": "6.4.6", "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.4.6.tgz", "integrity": "sha512-hiFoqpyZcfNm1yc4u8oWCf9A2c4D3QjCrks3zmoVKVxpQRzmPNar1hUJcBG2RQHvEVGDN+Jm81ZheVLAQMK6+w==", "dev": true, "license": "MIT", "peerDependencies": { "picomatch": "^3 || ^4" }, "peerDependenciesMeta": { "picomatch": { "optional": true } } }, "node_modules/vite/node_modules/picomatch": { "version": "4.0.2", "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.2.tgz", "integrity": "sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg==", "dev": true, "license": "MIT", "engines": { "node": ">=12" }, "funding": { "url": "https://github.com/sponsors/jonschlinkert" } }, "node_modules/vitest": { "version": "3.2.4", "resolved": "https://registry.npmjs.org/vitest/-/vitest-3.2.4.tgz", "integrity": "sha512-LUCP5ev3GURDysTWiP47wRRUpLKMOfPh+yKTx3kVIEiu5KOMeqzpnYNsKyOoVrULivR8tLcks4+lga33Whn90A==", "dev": true, "license": "MIT", "dependencies": { "@types/chai": "^5.2.2", "@vitest/expect": "3.2.4", "@vitest/mocker": "3.2.4", "@vitest/pretty-format": "^3.2.4", "@vitest/runner": "3.2.4", "@vitest/snapshot": "3.2.4", "@vitest/spy": "3.2.4", "@vitest/utils": "3.2.4", "chai": "^5.2.0", "debug": "^4.4.1", "expect-type": "^1.2.1", "magic-string": "^0.30.17", "pathe": "^2.0.3", "picomatch": "^4.0.2", "std-env": "^3.9.0", "tinybench": "^2.9.0", "tinyexec": "^0.3.2", "tinyglobby": "^0.2.14", "tinypool": "^1.1.1", "tinyrainbow": "^2.0.0", "vite": "^5.0.0 || ^6.0.0 || ^7.0.0-0", "vite-node": "3.2.4", "why-is-node-running": "^2.3.0" }, "bin": { "vitest": "vitest.mjs" }, "engines": { "node": "^18.0.0 || ^20.0.0 || >=22.0.0" }, "funding": { "url": "https://opencollective.com/vitest" }, "peerDependencies": { "@edge-runtime/vm": "*", "@types/debug": "^4.1.12", "@types/node": "^18.0.0 || ^20.0.0 || >=22.0.0", "@vitest/browser": "3.2.4", "@vitest/ui": "3.2.4", "happy-dom": "*", "jsdom": "*" }, "peerDependenciesMeta": { "@edge-runtime/vm": { "optional": true }, "@types/debug": { "optional": true }, "@types/node": { "optional": true }, "@vitest/browser": { "optional": true }, "@vitest/ui": { "optional": true }, "happy-dom": { "optional": true }, "jsdom": { "optional": true } } }, "node_modules/vitest/node_modules/picomatch": { "version": "4.0.2", "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.2.tgz", "integrity": "sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg==", "dev": true, "license": "MIT", "engines": { "node": ">=12" }, "funding": { "url": "https://github.com/sponsors/jonschlinkert" } }, "node_modules/whatwg-encoding": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/whatwg-encoding/-/whatwg-encoding-3.1.1.tgz", "integrity": "sha512-6qN4hJdMwfYBtE3YBTTHhoeuUrDBPZmbQaxWAqSALV/MeEnR5z1xd8UKud2RAkFoPkmB+hli1TZSnyi84xz1vQ==", "license": "MIT", "dependencies": { "iconv-lite": "0.6.3" }, "engines": { "node": ">=18" } }, "node_modules/whatwg-mimetype": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-4.0.0.tgz", "integrity": "sha512-QaKxh0eNIi2mE9p2vEdzfagOKHCcj1pJ56EEHGQOVxp8r9/iszLUUV7v89x9O1p/T+NlTM5W7jW6+cz4Fq1YVg==", "license": "MIT", "engines": { "node": ">=18" } }, "node_modules/which": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", "dev": true, "license": "ISC", "dependencies": { "isexe": "^2.0.0" }, "bin": { "node-which": "bin/node-which" }, "engines": { "node": ">= 8" } }, "node_modules/why-is-node-running": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/why-is-node-running/-/why-is-node-running-2.3.0.tgz", "integrity": "sha512-hUrmaWBdVDcxvYqnyh09zunKzROWjbZTiNy8dBEjkS7ehEDQibXJ7XvlmtbwuTclUiIyN+CyXQD4Vmko8fNm8w==", "dev": true, "license": "MIT", "dependencies": { "siginfo": "^2.0.0", "stackback": "0.0.2" }, "bin": { "why-is-node-running": "cli.js" }, "engines": { "node": ">=8" } }, "node_modules/wrap-ansi": { "version": "8.1.0", "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==", "dev": true, "license": "MIT", "dependencies": { "ansi-styles": "^6.1.0", "string-width": "^5.0.1", "strip-ansi": "^7.0.1" }, "engines": { "node": ">=12" }, "funding": { "url": "https://github.com/chalk/wrap-ansi?sponsor=1" } }, "node_modules/wrap-ansi-cjs": { "name": "wrap-ansi", "version": "7.0.0", "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", "dev": true, "license": "MIT", "dependencies": { "ansi-styles": "^4.0.0", "string-width": "^4.1.0", "strip-ansi": "^6.0.0" }, "engines": { "node": ">=10" }, "funding": { "url": "https://github.com/chalk/wrap-ansi?sponsor=1" } }, "node_modules/wrap-ansi-cjs/node_modules/ansi-regex": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", "dev": true, "license": "MIT", "engines": { "node": ">=8" } }, "node_modules/wrap-ansi-cjs/node_modules/ansi-styles": { "version": "4.3.0", "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", "dev": true, "license": "MIT", "dependencies": { "color-convert": "^2.0.1" }, "engines": { "node": ">=8" }, "funding": { "url": "https://github.com/chalk/ansi-styles?sponsor=1" } }, "node_modules/wrap-ansi-cjs/node_modules/emoji-regex": { "version": "8.0.0", "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", "dev": true, "license": "MIT" }, "node_modules/wrap-ansi-cjs/node_modules/string-width": { "version": "4.2.3", "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", "dev": true, "license": "MIT", "dependencies": { "emoji-regex": "^8.0.0", "is-fullwidth-code-point": "^3.0.0", "strip-ansi": "^6.0.1" }, "engines": { "node": ">=8" } }, "node_modules/wrap-ansi-cjs/node_modules/strip-ansi": { "version": "6.0.1", "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", "dev": true, "license": "MIT", "dependencies": { "ansi-regex": "^5.0.1" }, "engines": { "node": ">=8" } }, "node_modules/wrappy": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==", "license": "ISC" }, "node_modules/ws": { "version": "8.18.3", "resolved": "https://registry.npmjs.org/ws/-/ws-8.18.3.tgz", "integrity": "sha512-PEIGCY5tSlUt50cqyMXfCzX+oOPqN0vuGqWzbcJ2xvnkzkq46oOpz7dQaTDBdfICb4N14+GARUDw2XV2N4tvzg==", "license": "MIT", "engines": { "node": ">=10.0.0" }, "peerDependencies": { "bufferutil": "^4.0.1", "utf-8-validate": ">=5.0.2" }, "peerDependenciesMeta": { "bufferutil": { "optional": true }, "utf-8-validate": { "optional": true } } }, "node_modules/y18n": { "version": "5.0.8", "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", "license": "ISC", "engines": { "node": ">=10" } }, "node_modules/yaml": { "version": "2.8.1", "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.1.tgz", "integrity": "sha512-lcYcMxX2PO9XMGvAJkJ3OsNMw+/7FKes7/hgerGUYWIoWu5j/+YQqcZr5JnPZWzOsEBgMbSbiSTn/dv/69Mkpw==", "dev": true, "license": "ISC", "bin": { "yaml": "bin.mjs" }, "engines": { "node": ">= 14.6" } }, "node_modules/yaml-unist-parser": { "version": "2.0.5", "resolved": "https://registry.npmjs.org/yaml-unist-parser/-/yaml-unist-parser-2.0.5.tgz", "integrity": "sha512-CirHjIkYcQxbG9wgYmzjJlMaBFuj788zLOgT0A2FAzdsw2dD4vnq4cx+kij/fXImG09ARnlODtS38JM1EottOw==", "dev": true, "license": "MIT", "dependencies": { "yaml": "^1.10.2" }, "engines": { "node": ">= 14" } }, "node_modules/yaml-unist-parser/node_modules/yaml": { "version": "1.10.2", "resolved": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", "integrity": "sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg==", "dev": true, "license": "ISC", "engines": { "node": ">= 6" } }, "node_modules/yargs": { "version": "18.0.0", "resolved": "https://registry.npmjs.org/yargs/-/yargs-18.0.0.tgz", "integrity": "sha512-4UEqdc2RYGHZc7Doyqkrqiln3p9X2DZVxaGbwhn2pi7MrRagKaOcIKe8L3OxYcbhXLgLFUS3zAYuQjKBQgmuNg==", "license": "MIT", "dependencies": { "cliui": "^9.0.1", "escalade": "^3.1.1", "get-caller-file": "^2.0.5", "string-width": "^7.2.0", "y18n": "^5.0.5", "yargs-parser": "^22.0.0" }, "engines": { "node": "^20.19.0 || ^22.12.0 || >=23" } }, "node_modules/yargs-parser": { "version": "21.1.1", "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", "integrity": "sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==", "license": "ISC", "engines": { "node": ">=12" } }, "node_modules/yargs/node_modules/emoji-regex": { "version": "10.4.0", "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.4.0.tgz", "integrity": "sha512-EC+0oUMY1Rqm4O6LLrgjtYDvcVYTy7chDnM4Q7030tP4Kwj3u/pR6gP9ygnp2CJMK5Gq+9Q2oqmrFJAz01DXjw==", "license": "MIT" }, "node_modules/yargs/node_modules/string-width": { "version": "7.2.0", "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.2.0.tgz", "integrity": "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ==", "license": "MIT", "dependencies": { "emoji-regex": "^10.3.0", "get-east-asian-width": "^1.0.0", "strip-ansi": "^7.1.0" }, "engines": { "node": ">=18" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/yargs/node_modules/yargs-parser": { "version": "22.0.0", "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-22.0.0.tgz", "integrity": "sha512-rwu/ClNdSMpkSrUb+d6BRsSkLUq1fmfsY6TOpYzTwvwkg1/NRG85KBy3kq++A8LKQwX6lsu+aWad+2khvuXrqw==", "license": "ISC", "engines": { "node": "^20.19.0 || ^22.12.0 || >=23" } }, "node_modules/yauzl": { "version": "2.10.0", "resolved": "https://registry.npmjs.org/yauzl/-/yauzl-2.10.0.tgz", "integrity": "sha512-p4a9I6X6nu6IhoGmBqAcbJy1mlC4j27vEPZX9F4L4/vZT3Lyq1VkFHw/V/PUcB9Buo+DG3iHkT0x3Qya58zc3g==", "license": "MIT", "dependencies": { "buffer-crc32": "~0.2.3", "fd-slicer": "~1.1.0" } }, "node_modules/yocto-queue": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==", "dev": true, "license": "MIT", "engines": { "node": ">=10" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/zod": { "version": "3.25.76", "resolved": "https://registry.npmjs.org/zod/-/zod-3.25.76.tgz", "integrity": "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==", "license": "MIT", "funding": { "url": "https://github.com/sponsors/colinhacks" } } } } OpenAPI-Specification-3.2.0/package.json000066400000000000000000000024611506330113000200060ustar00rootroot00000000000000{ "name": "oas-infra", "version": "0.0.0", "description": "OpenAPI Specification Automation & Infrastructure", "author": { "name": "OpenAPI Initiative TSC", "email": "tsc@openapis.org", "url": "https://openapis.org/" }, "repository": { "type": "git", "url": "https://github.com/OAI/OpenAPI-Specification.git" }, "license": "Apache-2.0", "scripts": { "build": "bash ./scripts/md2html/build.sh", "build-src": "npm run validate-markdown && bash ./scripts/md2html/build.sh src && bash ./scripts/schema-publish.sh src", "test": "c8 --100 vitest run --coverage", "format-markdown": "npx markdownlint-cli2 --config spec.markdownlint.yaml --fix src/oas.md && npx markdownlint-cli2 --fix *.md", "validate-markdown": "npx markdownlint-cli2 --config spec.markdownlint.yaml src/oas.md && npx markdownlint-cli2 *.md" }, "dependencies": { "cheerio": "^1.1.2", "highlight.js": "^11.11.1", "markdown-it": "^14.1.0", "respec": "35.5.1", "yargs": "^18.0.0" }, "devDependencies": { "@hyperjump/json-schema-coverage": "^1.1.1", "@vitest/coverage-v8": "^3.2.4", "c8": "^10.1.3", "markdownlint-cli2": "^0.18.1", "vitest": "^3.2.4", "yaml": "^2.8.1" }, "keywords": [ "OpenAPI", "OAS", "Swagger", "schema", "API" ] } OpenAPI-Specification-3.2.0/proposals/000077500000000000000000000000001506330113000175375ustar00rootroot00000000000000OpenAPI-Specification-3.2.0/proposals/2019-01-01-Proposal-Template.md000066400000000000000000000043731506330113000244650ustar00rootroot00000000000000# Feature name ## Metadata |Tag |Value | |---- | ---------------- | |Proposal |[YYYY-MM-DD-Short-Name](https://github.com/OAI/OpenAPI-Specification/tree/main/proposals/{YYYY-MM-DD-Short-Name.md})| |Authors|[Author 1](https://github.com/{author1}), [Author 2](https://github.com/{author2})| |Review Manager | TBD | |Status |Proposal, Draft, Promoted, or Abandoned| |Implementations |[Click Here](https://github.com/OAI/OpenAPI-Specification/tree/main/proposals/{YYYY-MM-DD-Short-Name}/implementations.md)| |Issues |[{issueid}](https://github.com/OAI/OpenAPI-Specification/issues/{IssueId})| |Previous Revisions |[{revid}](https://github.com/OAI/OpenAPI-Specification/pull/{revid}) | ## Change Log |Date |Responsible Party |Description | |---- | ---------------- | ---------- | ## Introduction A short description of what the feature is. Try to keep it to a single-paragraph "elevator pitch" so the reader understands what problem this proposal is addressing. ## Motivation Describe the problems that this proposal seeks to address. If the problem is that some common pattern is currently hard to express, show how one can currently get a similar effect and describe its drawbacks. If it's completely new functionality that cannot be emulated, motivate why this new functionality would help OpenAPI developers create better code. ## Proposed solution Describe your solution to the problem. Provide examples and describe how they work. Show how your solution is better than current workarounds: is it cleaner, safer, or more efficient? ## Detailed design Describe the design of the solution in detail. This should include an exact description of the changes to the contents of the OpenAPI specification. That description should include a extract of each section of the OpenAPI specification which is impacted by the proposal with all proposed modifications applied. These extracts may be provided through additional files which are identified and described in this section. ## Backwards compatibility Proposals should be structure so that they can be handled by existing OAS compliant software. Any potential issues should be identified and discussed. ## Alternatives considered Describe alternative approaches to addressing the same problem, and why you chose this approach instead. OpenAPI-Specification-3.2.0/proposals/2019-03-15-Alternative-Schema.md000066400000000000000000000077001506330113000245750ustar00rootroot00000000000000# Alternative Schema ## Metadata |Tag |Value | |---- | ---------------- | |Proposal |[Alternative Schema](https://github.com/OAI/OpenAPI-Specification/tree/main/proposals/2019-03-15-Alternative-Schema.md)| |Authors|[Chuck Heazel](https://github.com/cmheazel)| |Review Manager |TBD | |Status |**Draft** | |Implementations |[Click Here](https://github.com/OAI/OpenAPI-Specification/tree/main/proposals/Alternative-Schema/implementations.md) |Issues |[1532](https://github.com/OAI/OpenAPI-Specification/issues/1532)| |Previous Revisions |[March 15](https://github.com/OAI/OpenAPI-Specification/pull/1868#issue-261689900) | .Change Log |Date |Responsible Party |Description | |---- | ---------------- | ---------- | |2019-03-15 |C. Heazel|Initial Markup Draft | |2019-04-17 |C. Heazel|Re-structured based on Apple Swift| ## Introduction This a proposal to add a new field called ``alternativeSchema`` to the OAS. ## Motivation OpenAPI allows APIs to describe the syntax of their request and response messaged using a JSON Schema-like syntax. However, not all messages will be in JSON. The ability to refer to one or more external schema will allow an API to describe the syntax of a message regardless of the format used. For example: Some XML payloads are defined by an XML schema (the syntax) and a suite of Schematron rules (valid values). JSON Schema cannot effectively represent their content. By providing access to the appropriate appropriate XML Schema and Schematron files, the payload can be validated the way it was intended to be. ## Proposed solution This proposal makes the following changes to the OAS 3.0 specification: 1. Extend the Schema Object by the addition of the x-oas-draft-alternativeSchema field. 1. Addition of the Alternative Schema Object. 1. Addition of Alternative Schema examples. 1. Addition of a preliminary discussion of the Alternative Schema registry. ## Detailed design ### Extend the Schema Object The OpenAPI Schema Object is extended by the addition of the x-oas-draft-alternativeSchema field. The proposed changes to the OpenAPI specification are provided in [schema_object.md](https://github.com/OAI/OpenAPI-Specification/tree/main/proposals/Alternative%20Schema/schema_object.md) ### Add the Alternative Schema Object The new object, the Alternative Schema Object is added to the OpenAPI specification. The proposed changes to the OpenAPI specification are provided in [alternative_schema_object.md](https://github.com/OAI/OpenAPI-Specification/tree/main/proposals/Alternative%20Schema/alternative_schema_object.md) ### Provide Alternative Schema Examples Examples of the use of the Alternative Schema capability is added to the OpenAPI specification. The proposed changes to the OpenAPI specification are provided in [alternative_schema_examples.md](https://github.com/OAI/OpenAPI-Specification/tree/main/proposals/Alternative%20Schema/alternative_schema_examples.md) ### Alternative Schema Registry Values used to populate the Alternative Schema Object are required to come from the Alternative Schema Registry. The preliminary Alternative Schema Registry is located at . *** Note this is a placeholder registry. Don't take the values seriously. *** Initial contents of the registry will include: |Name |Link |Description | |--- | --- | --- | |jsonSchema |TBD |JSON Schema | |xsdSchema |TBD |XML Schema | ## Backwards compatibility This proposal makes use of the extensibility features of OpenAPI. All changes sould appear as extensions and handled accordingly. ## Alternatives considered Embedding non-JSON content in the OAS document would have imposed an unacceptable burden on tooling. Therefore, an external link was preferred. Considerable discussion was held over exactly how the links should be represented in the Schema Object. The selected option should support the greatest number of possible combinations of external schema that can be expressed with the OpenAPI schema language. OpenAPI-Specification-3.2.0/proposals/2019-07-17-Webhooks.md000066400000000000000000000251221506330113000227060ustar00rootroot00000000000000# Webhooks ## Metadata |Tag |Value | |---- | ---------------- | |Proposal |[2019-07-17-Webhooks](https://github.com/OAI/OpenAPI-Specification/tree/main/proposals/2019-07-17-Webhooks.md)| |Authors|[Lorna Mitchell](https://github.com/lornajane)| |Review Manager |TBD | |Status |Proposal| |Issues |[#1968](https://github.com/OAI/OpenAPI-Specification/issues/1968)| ## Change Log |Date |Responsible Party |Description | |---- | ---------------- | ---------- | | 17th July 2019 | Lorna Mitchell | Initial draft | ## Introduction Modern APIs often consist of two-way API traffic, but OpenAPI currently only supports some types of requests. Standard client-to-server API calls are well supported. Server-to-client callbacks are only supported if they are the result of an earlier API call and are documented by nesting under the path of that earlier call. Incoming HTTP requests ("webhooks") cannot be described in the current version of OpenAPI if they are the result of subscription arranged outside of the scope of the API (e.g. by setting a callback URL in a web interface). ## Motivation OpenAPI supports a `callback` element, where the result of an API call is delivered at some later time as an incoming HTTP request to a nominated URL. However it does not support webhooks, where events arrive as an incoming HTTP request but the configuration of these requests was arranged outside of the scope of the API, e.g. on a website. For example: at Nexmo we have an SMS API (the docs are here: and the source spec here: ). It supports: * sending an SMS (an outgoing API call, currently supported) * receiving a delivery receipt when you just sent an SMS (callback, currently supported) * receiving an incoming SMS (webhook, not currently supported) The docs have an `x-webhooks` top-level element (we use [our own docs renderer](https://github.com/Nexmo/nexmo-oas-renderer)) and then a meaningless URL fieldname before the path item object that descrives the webhook. On one of the other Nexmo APIs, we simply documented our webhooks in a markdown file separate from our API even though the two directions are very closely linked (see [Voice API webhook reference](https://developer.nexmo.com/voice/voice-api/webhook-reference) ). Neither solution is great. I'm aware of other organisations (Ebay, GitHub) who also offer webhooks as part of their API platform who have run into the same problems when looking to adopt OpenAPI. The existing approach for callbacks, which allow a Path Item Object to be described in another location, could be adapted to also describe webhooks. ## Proposed solution Allow a top-level `webhooks` element, with named entries inside it, each containing a Path Item Object. No other new fields or changes would be needed, since this already works brilliantly for `callbacks` within a path item. The only difference here is that there's no existing path item for the callback/webhook to belong to, and the URL is usually set somewhere else by the user (and there's no request context for an expression to be evaluated). This solution builds on the existing proven approach for callbacks, but detaches them from the following-a-previous-API-call constraint. To borrow the Nexmo SMS API example from above (because it's simple, I can add more examples as needed), the spec for the incoming webhook that occurs because a message has arrived might look like this: ``` webhooks: inbound-sms: post: summary: Inbound SMS to your Nexmo number operationId: inbound-sms description: | If you rent one or more virtual numbers from Nexmo, inbound messages to that number are sent to your [webhook endpoint](https://developer.nexmo.com/concepts/guides/webhooks). requestBody: required: true content: application/json: schema: type: object required: - msisdn - to - messageid - text - type - keyword - message-timestamp properties: msisdn: type: string description: the phone number that this inbound message was sent from. numbers are specified in e.164 format. example: '447700900001' to: type: string description: the phone number the message was sent to. **this is your virtual number**. numbers are specified in e.164 format. example: '447700900000' messageid: type: string description: the id of the message example: 0a0000000123abcd1 text: type: string description: The message body for this inbound message. example: Hello world type: type: string description: | Possible values are: - `text` - standard text. - `unicode` - URLencoded unicode . This is valid for standard GSM, Arabic, Chinese, double-encoded characters and so on. - `binary` - a binary message. example: 'text' keyword: type: string description: The first word in the message body. This is typically used with short codes. example: Hello message-timestamp: description: The time when Nexmo started to push this Delivery Receipt to your webhook endpoint. type: string example: 2020-01-01 12:00:00 responses: '200': description: | Your server returns this code if it accepts the callback. Note that Nexmo will retry messages that are not successfully acknowledged. ``` ## Detailed design ### Add the `webhooks` top-level element to the list **Existing Spec:** ``` #### OpenAPI Object This is the root document object of the [OpenAPI document](#oasDocument). ##### Fixed Fields Field Name | Type | Description ---|:---:|--- openapi | `string` | **REQUIRED**. This string MUST be the [semantic version number](https://semver.org/spec/v2.0.0.html) of the [OpenAPI Specification version](#versions) that the OpenAPI document uses. The `openapi` field SHOULD be used by tooling specifications and clients to interpret the OpenAPI document. This is *not* related to the API [`info.version`](#infoVersion) string. info | [Info Object](#infoObject) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. servers | [[Server Object](#serverObject)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` property is not provided, or is an empty array, the default value would be a [Server Object](#serverObject) with a [url](#serverUrl) value of `/`. paths | [Paths Object](#pathsObject) | **REQUIRED**. The available paths and operations for the API. components | [Components Object](#componentsObject) | An element to hold various schemas for the specification. security | [[Security Requirement Object](#securityRequirementObject)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. Individual operations can override this definition. tags | [[Tag Object](#tagObject)] | A list of tags used by the specification with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operationObject) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. externalDocs | [External Documentation Object](#externalDocumentationObject) | Additional external documentation. This object MAY be extended with [Specification Extensions](#specificationExtensions). ``` **Change: Add to the end of the table** ``` webhooks | [[Webhooks Object](#webhooksObject)] | The incoming webhooks that may be received as part of this API. ``` ### Describe a new Webhook Object (new spec section) ``` #### Webhooks Object A map of webhooks that may be received as incoming HTTP requests as part of the API. The key of the map is a unique short name for the webhook e.g. `messageEvent`. Each value in the map is a [Path Item Object](#pathItemObject) that describes a set of requests that may be initiated by the API provider and the expected responses. Webhook Objects differ from [Callback Objects](#callbackObject) in that the webhooks are the result of some external event, not an earlier API call to subscribe or cause some other effect. ##### Webhook Object Example The following example shows an incoming webhook delivering a status update for a particular item ID: ````yaml webhooks: statusUpdate: requestBody: description: Status updates on an item. You can set the URL for these updates in your example.com dashboard. content: 'application/json': schema: type: object required: - item_id - status properties: item_id: type: string description: The ID of the item example: 0a000000012345678 status: type: integer description: The status of this message, zero for success example: 14 responses: '200': description: webhook successfully processed and no retries will be performed ``` ## Backwards compatibility Adding a new top-level entry is not something to take lightly, however hopefully most tools will simply ignore what they weren't expecting and continue to operate on the parts of the spec they do understand until their functionality catches up with the spec change. ## Alternatives considered Another option is to add a special `path` that could contain the various webhooks using the existing `callback` syntax but existing tools which aren't expecting this special value may not handle it well, so this option was discounted. OpenAPI-Specification-3.2.0/proposals/2019-10-31-Clarify-Nullable.md000066400000000000000000000406351506330113000242460ustar00rootroot00000000000000# Clarify Semantics of `nullable` in OpenAPI 3.0 ## Metadata |Tag |Value | |---- | ---------------- | |Proposal |[2019-10-31-Clarify-Nullable](https://github.com/OAI/OpenAPI-Specification/tree/main/proposals/2019-10-31-Clarify-Nullable.md)| |Authors|[Ted Epstein](https://github.com/tedepstein)| |Review Manager |TBD| |Status |Promoted| |Implementations |N/A| |Issues | [1900](https://github.com/OAI/OpenAPI-Specification/issues/1900), [1368](https://github.com/OAI/OpenAPI-Specification/issues/1368), [1389](https://github.com/OAI/OpenAPI-Specification/issues/1389), [1957](https://github.com/OAI/OpenAPI-Specification/pull/1957), [2046](https://github.com/OAI/OpenAPI-Specification/pull/2046), [1977](https://github.com/OAI/OpenAPI-Specification/pull/1977#issuecomment-533333957), [2057](https://github.com/OAI/OpenAPI-Specification/issues/2057)| |Previous Revisions |N/A | ## Change Log |Date |Responsible Party |Description | |---- | ---------------- |------------| |Oct 31, 2019 | Ted Epstein | Initial proposal | |Apr 8, 2021 | Ted Epstein | Update status to Promoted. The proposal was adopted in [OpenAPI 3.0.3](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md). | ## Introduction This proposal aims to clarify the semantics of the `nullable` keyword in OpenAPI 3.0. This clarification would resolve ambiguities, reinforce the intended alignment with JSON Schema, and provide guidance for schema validators, translators, and other tools. ## Motivation The documentation of the `nullable` keyword is incomplete and ambiguous, leaving many questions unanswered, and causing significant difficulty in reconciling certain assumed semantics with JSON Schema. To summarize the problems: * `nullable: true` is an _expanding assertion_ that doesn't fit JSON Schema's constraint-based processing model. It is not clear how it interacts with other keywords, and within what scope. * `nullable: false`, which is the default value, is not clearly defined, and could be interpreted in a way that breaks fundamental assumptions of JSON Schema. * Different OpenAPI schema validators and other tool implementations are likely to have different behaviors because the semantics of `nullable` are not fully specified. * Because of the above ambiguities, it is not clear how to translate an OpenAPI Schema Object into a standard JSON Schema for message validation and for other purposes. Some possible interpretations of the OpenAPI spec could make translating to JSON Schema much more difficult. * Depending on the interpretation, `nullable` might interact with `oneOf` and `anyOf` in problematic and counter-intuitive ways. The solution proposed herein should: * Clarify the boundaries around `nullable` so we know how it interacts with other assertions, applicators, subtypes and supertypes within its context. * Clarify the meaning of `nullable: false`. * Reaffirm the intended alignment of OpenAPI's Schema Object with JSON Schema, and reconcile `nullable` with JSON Schema semantics. * Allow a straightforward translation from `nullable` in OpenAPI to type arrays in JSON Schema. Further details follow. ### Primary Use Case for `nullable` A Schema Object allows values of any data type, unless the type is restricted by the `type` keyword. The `type` keyword restricts the schema to a single data type, which can be `"string"`, `"number"`, `"integer"`, `"boolean"`, `"array"`, or `"object"`, but cannot be `"null"`. Some APIs restrict values to a single data type, but also allow explicit null values. OpenAPI Schema Objects can allow explicit null values by combining the `type` and `nullable` keywords. A `nullable` value of `true` modifies a typed schema to allow non-null values of a given type, and also allow `null`. This was the envisioned use case, and the primary motivation for introducing `nullable` into the OpenAPI 3.0 spec. There may be other possible usage scenarios or consequences of the `nullable` keyword, the way it is specified, or the way in which the spec may be interpreted or implemented. In our view, these other scenarios should be considered side effects or oversights. To the best of our knowledge, the `nullable` keyword was not intended for any purpose other than to allow `null` in a typed schema. ### Expanding vs. Constraining Assertions `nullable: true` is an _expanding assertion_, meaning it has the effect of expanding the range of acceptable values. By contrast, JSON Schema's central operating principle is constraint-based, where _constraining assertions_ are cumulative, immutable, and each constraint has veto power to disallow some range of values. The semantics of constraining assertions are well-defined by JSON Schema and implemented in many JSON Schema validators and other tools. But JSON Schema doesn't have expanding assertions, so those well-defined semantics don't apply to `nullable`. To address this, we need to translate `nullable: true` into a constraining assertion. Otherwise, we would have to specify in detail how `nullable` interacts with constraining assertions like `enum` and with boolean applicators like `allOf` and `anyOf`. ### Interpretation of `nullable: false` The documentation specifies that `nullable: false` is the default, but doesn't clearly state what that means. One reasonable interpretation suggests that null values are disallowed unless `nullable` is explicitly set to `true`. This breaks a fundamental rule of JSON Schema, which states that an empty object `{}` is a valid schema that permits all values, with no constraints. Breaking that rule takes OpenAPI's Schema Object even further out of alignment with JSON Schema's processing model. For example, if null values are disallowed by default, does the following `UTCDate` schema accept `null`? ```yaml components: schemas: OptionalDate: type: string format: date nullable: true UTCDate: allOf: - $ref: "#/components/schemas/OptionalDate" not: type: string pattern: "^.*Z.*$" ``` `UTCDate` does not specify a type of its own, and does not directly specify `nullable: true`. So if `null` is disallowed by default, even for untyped schemas, then `UTCDate` won't accept nulls. If we want it to accept nulls, we have to repeat `nullable: true` in `UTCDate`. This is not at all intuitive for API designers, and it breaks with JSON Schema's rule that any value is allowed unless it's explicitly disallowed. On the other hand, we could say that `UTCDate` inherits `nullable: true` from `OptionalDate`, therefore null values are allowed. But this kind of inheritance logic is completely foreign to JSON Schema. So this behavior is also counterintuitive, though for a different reason. It's also difficult to implement. Any JSON Schema validator would need to be hacked in highly disruptive ways to retrofit this behavior. Or a preprocessor would have to be introduced to propagate the effect of `nullable: true` through the `*Of` inheritance hierarchy. Whichever semantics we choose, it gets very messy. ### A closer look at `nullable: false` In fact, the OpenAPI 3.0 specification doesn't explicitly say that untyped schemas disallow null values. Here are the relevant parts: #### Data Types > Primitive data types in the OAS are based on the types supported by the JSON Schema Specification Wright Draft 00. Note that integer as a type is also supported and is defined as a JSON number without a fraction or exponent part. null is not supported as a type (see nullable for an alternative solution). Models are defined using the Schema Object, which is an extended subset of JSON Schema Specification Wright Draft 00. To say that null is "not supported _as a type_" would definitely disallow `type: "null"` in a schema object. But it doesn't necessarily mean that an untyped schema disallows _null values_. #### Definition of `nullable` > Allows sending a null value for the defined schema. Default value is false. This uses the word "allows," but there's no mention of "disallows." To say that `nullable: true` _allows_ null where it would otherwise be prohibited, doesn't necessarily mean that `nullable: false` _disallows_ null where it would otherwise be allowed. `nullable: true` _modifies_ a typed schema by adding null to the allowed types. `nullable: false` could mean "no null values allowed" or it could just mean "no modification to the specified type assertion, if any." #### Schema Object > The following properties are taken from the JSON Schema definition but their definitions were adjusted to the OpenAPI Specification. > > type - Value MUST be a string. Multiple types via an array are not supported. There is no specified adjustment to the `type` property that disallows null values. So it should defer to the JSON Schema specification, which says that, in the absence of a `type` assertion, any valid JSON value is allowed. So the 3.0 spec is ambiguous about null values. It's not clear whether the spec intended to disallow null values by default, even in untyped schemas. This looks more like an accidental oversight, or an unfortunate choice of words, than a clear intention. ### Specific Questions Questions that are not answered by the current specification include the following: * If a schema specifies `nullable: true` and `enum: [1, 2, 3]`, does that schema allow null values? (See [#1900](https://github.com/OAI/OpenAPI-Specification/issues/1900).) * Does an untyped schema (without a `type` keyword) allow null values by default? What effect, if any, does `nullable: true` have on an untyped schema? * Can `allOf` be used to define a nullable subtype of a non-nullable base schema? (See [#1368](https://github.com/OAI/OpenAPI-Specification/issues/1368).) * Can `allOf` be used to define a non-nullable subtype of a nullable base schema? * What is the correct translation of a nullable schema from OpenAPI into an equivalent JSON Schema? * Is `null` allowed as the `default` value of a nullable schema? (See [#2057](https://github.com/OAI/OpenAPI-Specification/issues/2057).) ## Proposed solution We propose to clarify the 3.0 specification in the next patch release, to resolve these questions and align OpenAPI's Schema Object with JSON Schema's well-defined, constraint-based semantics. In our view, and consistent with the original intent, `nullable` should have a very limited, well-defined scope. It should satisfy the primary use case, i.e. allowing `null` in a typed schema, with minimal side effects. This is the proposed replacement for the `nullable` definition:
Field Name | Type | Description ---|:---:|--- nullable | `boolean` | A `true` value adds `"null"` to the allowed type specified by the `type` keyword, only if `type` is explicitly defined within the same Schema Object. Other Schema Object constraints retain their defined behavior, and therefore may disallow the use of `null` as a value. A `false` value leaves the specified or default `type` unmodified. The default value is `false`.
## Detailed design According to the above specification, `nullable` only operates within a narrow scope, wherein its translation to JSON Schema is straightforward: * `nullable` is only meaningful if its value is `true`. * `nullable: true` is only meaningful in combination with a `type` assertion specified in the same Schema Object. `nullable` acts as a `type` modifier, allowing `null` in addition to the specified type. * `nullable: true` operates within a single Schema Object. It does not "override" or otherwise compete with supertype or subtype schemas defined with `allOf` or other applicators. It cannot be directly "inherited" through those applicators, and it cannot be applied to an inherited `type` constraint. This also solves the issues of alignment with JSON Schema: * Since `type` is a constraint, JSON Schema's constraint-based processing model is fully applicable. Interactions between `type` and other constraining assertions and applicators are unambiguous, with each constraint having independent veto power. * It is now clear that `nullable: false`, whether explicit or by default, _does not_ prohibit null values. Consistent with JSON Schema, an empty object allows all values, including `null`. ### Questions Answered Following are answers to the questions posed above, assuming the proposed clarification is adopted: #### If a schema specifies `nullable: true` and `enum: [1, 2, 3]`, does that schema allow null values? (See [#1900](https://github.com/OAI/OpenAPI-Specification/issues/1900).) No. The `nullable: true` assertion folds into the `type` assertion, which presumably specifies `integer` or `number`. While the modified `type` now allows `null`, the `enum` does not. Consistent with JSON schema, a value conforms to the schema only if it is valid against _all_ constraints. Any constraint, in this case `enum`, can cause a value to fail validation, even if that value meets all of the other constraints. #### Does an untyped schema (without a `type` keyword) allow null values by default? What effect, if any, does `nullable: true` have on an untyped schema? Yes, an untyped schema allows null values, in addition to all other types. `nullable: true` has no effect, because null values are already allowed. And `nullable: false` has no effect because it just leaves the `type` constraint unmodified. #### Can `allOf` be used to define a nullable subtype of a non-nullable base schema? (See [#1368](https://github.com/OAI/OpenAPI-Specification/issues/1368).) No. Subtypes can add constraints, but not relax them. #### Can `allOf` be used to define a non-nullable subtype of a nullable base schema? Yes. The subtype can specify a `type` without `nullable: true`, or can specify `not: {enum: [null]}`. #### What is the correct translation of a nullable schema from OpenAPI into an equivalent JSON Schema? A nullable type should translate into a type array with two string elements: the name of the type specified in the Schema Object, and `"null"`. #### Is `null` allowed as the `default` value of a nullable schema? (See [#2057](https://github.com/OAI/OpenAPI-Specification/issues/2057).) Yes. For example, a Schema Object with `"type" : "string", "nullable" : true` would translate to a JSON Schema with `"type" : ["string", "null"]`. That schema permits `"default" : null`, even with the [strict typing rule](https://github.com/OAI/OpenAPI-Specification/blob/OpenAPI.next/versions/3.0.0.md#properties) specified by OpenAPI 3.0: > default - The default value represents what would be assumed by the consumer of the input as the value of the schema if one is not provided. Unlike JSON Schema, the value MUST conform to the defined type for the Schema Object defined at the same level. For example, if `type` is `string`, then `default` can be `"foo"` but cannot be `1`. ## Backwards compatibility Spec revisions through 3.0.2 are ambiguous as described above, so any possible clarification has the potential to break existing implementations. With the clarification of `nullable: false`, we think the risk of actual breakage is miniscule, because the current ambiguity only affects untyped Schema Objects, which by their nature leave a lot of room for unexpected values. Any implementation that relies on schema validation to prevent null values should use explicitly typed schemas, and typed schemas unambiguously disallow `null` unless `nullable` is `true`. There might be a somewhat greater risk of breakage by specifying the effect of `nullable: true` as a `type` modifier. A more heavy-handed interpretation of `nullable: true`, [described here](https://github.com/OAI/OpenAPI-Specification/issues/1900#issuecomment-486772917), would make it equivalent to `anyOf [s, {type: "null"}]` where `s` is the schema as specified (excluding `nullable`). This would allow nulls even where they would be prohibited by other schema keywords, like `enum`. But this interpretation introduces far greater complexity than the narrowly scoped `type` modifier. We are not aware of any OpenAPI schema validator that actually attempts this, and there is nothing in the OpenAPI spec that says `nullable` can override constraining assertions. ## Alternatives considered [Pull request #1977](https://github.com/OAI/OpenAPI-Specification/pull/1977#issuecomment-533333957) has some history of other approaches considered along the way. The first attempt assumed that `nullable: false` would prohibit null values, and attempted to work around this while maintaining backward compatibility. On closer inspection, the specification does not say anything about `null` values being disallowed. So we believe our interpretation is correct, and highly advantageous in its alignment with JSON Schema. OpenAPI-Specification-3.2.0/proposals/2019-12-24-Overlays.md000066400000000000000000000235331506330113000227270ustar00rootroot00000000000000# Overlays ## Metadata |Tag |Value | |---- | ---------------- | |Proposal |[2019-12-24-Overlays](https://github.com/OAI/OpenAPI-Specification/tree/main/proposals/2019-12-24-Overlays.md)| |Authors|[Darrel Miller](https://github.com/darrelmiller)| |Status |Proposal| |Issues |[1442](https://github.com/OAI/OpenAPI-Specification/issues/1442) [1722](https://github.com/OAI/OpenAPI-Specification/issues/1722)| ## Change Log |Date |Responsible Party |Description | |---- | ---------------- | ---------- | | 24th December 2019 | Darrel Miller | Initial draft | | 2nd January 2019 | Darrel Miller | Update to wording around removing items from arrays. Added section on backward compatibility. Clarified process around applying a set of updates. Started to add supported scenarios.| | 29th July 2020 | Darrel Miller | Updated to be explicit about update operations | ## Introduction In recent months we have been discussing various use cases for overlays and various solutions. The following proposal takes a somewhat more radical approach to the problem. It is a more ambitious proposal than the others we have seen before but the additional complexity does allow for supporting many of the scenarios that have been discussed to date. #### Overlay Document An overlay document contains a list of [Update Objects](#overlayUpdates) that are to be applied to the target document. Each [Update Object](#updateObject) has a `target` property and a `value` property. The `target` property is a [JMESPath](http://jmespath.org/specification.html) query that identifies what part of the target document is to be updated and the `value` property contains an object with the properties to be overlaid. #### Overlay Object This is the root object of the [OpenAPI Overlay document](#oasDocument). ##### Fixed Fields Field Name | Type | Description ---|:---:|--- overlay | `string` | Version of the Overlay specification that this document conforms to. info | [[Info Object](#overlayInfoObject)] | Identifying information about the overlay. extends | `url` | URL to an OpenAPI document this overlay applies to. updates | [[Update Object](#updateObject)] | A list of update objects to be applied to the target document. The list of update objects MUST be applied in sequential order to ensure a consistent outcome. Updates are applied to the result of the previous updates. This enables objects to be deleted in one update and then re-created in a subsequent update. The `extends` property can be used to indicate that the Overlay was designed to update a specific OpenAPI description. This is an optional property. Where no `extends` is provided it is the responsibility of tooling to apply the Overlay documents to the appropriate OpenAPI description. #### Info Object This object contains identifying information about the [OpenAPI Overlay document](#oasDocument). ##### Fixed Fields Field Name | Type | Description ---|:---:|--- title | `string` | A human readable description of the purpose of the overlay. version | `string` | A version identifier for indicating changes to an overlay document. #### Update Object This object represents one or more changes to be applied to the target document at the location defined by the target JMESPath. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- target | `string` | A JMESPath expression referencing the target objects in the target document. add | [Any](#addObject) | An object to be added as a child of the object(s) referenced by the target. Property has no impact if `remove` property is `true`. merge | [Any](#mergeObject) | An object with the properties and values to be merged with the object(s) referenced by the target. Property has no impact if `remove` property is `true`. remove | `boolean` | A boolean value that indicates that the target object is to be removed from the the map or array it is contained in. The default value is false. The properties of the merge object MUST be compatible with the target object referenced by the JMESPath key. When the Overlay document is applied, the properties in the merge object replace properties in the target object with the same name and new properties are appended to the target object. ##### Structured Overlays Example When updating properties throughout the target document it may be more efficient to create a single `Update Object` that mirrors the structure of the target document. e.g. ```yaml overlay: 1.0.0 info: title: Structured Overlay version: 1.0.0 updates: - target: "@" merge: info: x-overlay-applied: structured-overlay paths: "/": summary: "The root resource" get: summary: "Retrieve the root resource" x-rate-limit: 100 "/pets": get: summary: "Retrieve a list of pets" x-rate-limit: 100 components: tags: ``` ##### Targeted Overlays Alternatively, where only a small number of updates need to be applied to a large document, each [Update Object](#updateObject) can be more targeted. ```yaml overlay: 1.0.0 info: title: Targeted Overlays version: 1.0.0 updates: - target: paths."/foo".get merge: description: This is the new description - target: paths."/bar".get merge: description: This is the updated description - target: paths."/bar" merge: post: description: This is an updated description of a child object x-safe: false ``` ##### Wildcard Overlays Examples One significant advantage of using the JMESPath syntax that it allows referencing multiple nodes in the target document. This would allow a single update object to be applied to multiple target objects using wildcards. ```yaml overlay: 1.0.0 info: title: Update many objects at once version: 1.0.0 updates: - target: paths.*.get merge: x-safe: true - target: paths.*.get.parameters[?name=='filter' && in=='query'] merge: schema: $ref: "/components/schemas/filterSchema" ``` ##### Array Modification Examples Due to the fact that we can now reference specific elements of the parameter array, it allows adding parameters. Parameters can be deleted using the `remove` property. Use of indexes to remove array items should be avoided where possible as indexes will change when items are removed. ```yaml overlay: 1.0.0 info: title: Add an array element version: 1.0.0 updates: - target: paths.*.get.parameters add: name: newParam in: query ``` ```yaml overlay: 1.0.0 info: title: Remove a array element version: 1.0.0 updates: - target: paths[*].get.parameters[? name == 'dummy'] remove: true ``` ##### Traits Examples By annotating an OpenAPI description using extension such as `x-oai-traits` an author of OpenAPI description can identify where overlay updates should be applied. ```yaml openapi: 3.1.0 info: title: Api with a paged collection version: 1.0.0 paths: /items: get: x-oai-traits: ["paged"] responses: 200: description: OK ``` With the above OpenAPI description, following Overlay document will apply the necessary updates to describe how paging is implemented, where that trait has been applied. ```yaml overlay: 1.0.0 info: title: Apply Traits version: 1.0.0 updates: - target: $.paths[*].get[?contains(x-traits,'paged')] merge: parameters: - name: top in: query - name: skip in: query ``` This approach allows flipping control of where Overlays apply updates to the OpenAPI description itself. ## Proposal Summary ### Benefits - This approach addresses the two distinct approaches of structured overlay vs targeted overlay which suits distinct but equally valid scenarios. - Addresses the problem of modifying the parameters array and removes the need to replace the entire array when a small change is required. - Allows sets of related overlays to be stored in a same file. - Enables updating a set of objects based on a pattern. This might be an effective way of apply common behaviour across many operations in an API. ### Challenges - Tooling will need a JMESPath implementation. - Large overlays may be slow to process. - Multiple complex pattern based overlays may cause overlapping updates causing confusing outcomes. ## Alternatives considered JMESPath was chosen over JSONPath due to the fact that JMESPath has a [specification](http://jmespath.org/specification.html) and a set of test cases. This will help to ensure compatibility between implementations. ## Backwards compatibility Overlays will be described in a new specification that can be used alongside an OpenAPI Description, therefore there will be no compatibility issues for the initial release. Overlay documents can be used against OpenAPI v2 and v3 descriptions. ## Scenarios Considered - Multi-language support. An Overlay document for each language is used to target a specific OpenAPI description. The Overlay document will likely use a duplicate structure to the original OpenAPI description and replace all `description` properties. - Applying API wide standards. An Overlay document contains update objects that describe standard headers, parameters, responses. These documents would use JMESPath queries to target the appropriate objects in the OpenAPI description. Tooling could be used to target the OpenAPI description rather than using extends. - Add tool specific OpenAPI metadata. Overlay adds additional metadata such as SLA information, client codegen hints or middleware policies. Using Overlays to manage this data separately is valuable when there is a different audience for the data and/or there the information has different sensitivity levels. OpenAPI-Specification-3.2.0/proposals/2020-10-28-Experimental.md000066400000000000000000000150241506330113000235460ustar00rootroot00000000000000# Experimental marker ## Metadata |Tag |Value | |---- | ---------------- | |Proposal |[Experimental](https://github.com/OAI/OpenAPI-Specification/blob/main/proposals/2020-10-28-Experimental.md)| |Authors|[David Goss](https://github.com/davidjgoss)| |Review Manager |TBD | |Status |Proposal| |Implementations || |Issues || |Previous Revisions || ## Change Log |Date |Responsible Party |Description | |---- | ---------------- | ---------- | ## Introduction A way to mark an aspect of the API as "experimental", indicating that it is not yet a fully stable and supported part of the API. ## Motivation Consider an API with two categories of thing in it: - Core, stable things, where we are committed to the ongoing stability and have no intention of making breaking changes. - New, experimental things, where we are getting them out there for feedback and early adopters, but they may change before we consider them to be in the first category, or even just get removed. These sit together fine in principle, but cause friction when trying to apply something like semver to the API as a whole. How do we make changes to the experimental stuff - without bumping the major version several times a year and scaring consumers - while also ensuring we can't make breaking changes to the core stuff we never _want_ to break. ## Proposed solution Add an "experimental" field which specifies that an items in the API is not yet fully stable and supported, may change or be removed without a major version bump, and as such should be used with caution. _(I don't have a strong opinion about the naming - "beta" is another idea, though I think "experimental" does the job better in terms of being the most noncommital.)_ Downstream tools could then make use of this metadata: - Tools like swagger-ui could surface this in the documentation they generate so consumers are made aware. Experimental items could also be filtered out of the documentation and stubs if desired. - Tools for detecting and preventing breaking changes could take this into consideration when deciding whether a change is breaking. ## Detailed design A new boolean field named `experimental`, defaulting to `false`, is added to: - Operation - Parameter - Schema This specifies that the operation, parameter or schema is not yet stable and SHOULD be used with caution. ### Operation Object ... ##### Fixed Fields Field Name | Type | Description ---|:---:|--- ... | ... | ... experimental | `boolean` | Specifies that an operation is in experimental status, meaning it may change outside of the normal breaking change process. Consumers SHOULD use with caution. Default value is `false`. ### Parameter Object ... ##### Fixed Fields Field Name | Type | Description ---|:---:|--- ... | ... | ... experimental | `boolean` | Specifies that a parameter is in experimental status, meaning it may change outside of the normal breaking change process. Consumers SHOULD use with caution. Default value is `false`. Cannot be `true` when the parameter is `required`. ### Schema Object ... ##### Fixed Fields Field Name | Type | Description ---|:---:|--- ... | ... | ... experimental | `boolean` | Specifies that a schema is in experimental status, meaning it may change outside of the normal breaking change process. Consumers SHOULD use with caution. Default value is `false`. ### Example Spec ```yaml /asset/constraints: get: tags: - Asset - Constraints summary: Get a set of asset constraints operationId: constraints parameters: - name: siteToken in: query description: Site token obtained from Site API required: true schema: type: string experimental: true ``` ### Prior Art This kind of requirement is handled for TypeScript libraries by [api-extractor](https://api-extractor.com/pages/tsdoc/doc_comment_syntax/#release-tags) - they have both "alpha" and "beta" markers with a somewhat opinionated flow attached - I'm not sure that level of granularity is necessary. But the "beta" and "public" ones map well to the motivations described here: > - **beta**: Indicates that an API item has been released as a preview or for experimental purposes. Third parties are encouraged to try it and provide feedback. However, a “beta” API should NOT be used in production, because it may be changed or removed in a future version. > - **public**: Indicates that an API item has been officially released, and is now part of the supported contract for a package. If the SemVer versioning scheme is used, then the API signature cannot be changed without a MAJOR version increment. ### Unanswered Questions - If an operation is not marked as experimental, but it is using a schema which is (i.e. as its request object), then it is implicitly also unstable. Would this usage be considered invalid? ## Backwards compatibility The `experimental` field would default to false, meaning existing behaviour is preserved, and the new field is only used on an opt-in basis. `experimental` can coexist with `deprecated` - an operation, parameter or schema can be both experimental and deprecated, having never gotten to a stable point before being deprecated. ## Alternatives considered - _Specification extensions_ - publishers could add an extension in their own domain, but the benefit of the metadata being available to downstream tools (including those used by consumers, not just publishers) would be lost. - _Tags_ - as above, but this also gets to mixing other kinds of metadata in with resource taxonomy, which seems wrong. - _Overlays_ - The [Overlays proposal](https://github.com/OAI/OpenAPI-Specification/blob/main/proposals/2019-12-24-Overlays.md) is sufficiently powerful to be able to implement this, with a canonical spec representing the stable API and an overlay used to apply experimental additions. Downsides: not as ergonomic for authors, the OpenAPI specification would still not have "experimental" as a first-class concept so there'd be reliance on conventions being observed across the ecosystem for how it's done with overlays. - _Different API_ - this would be the least messy from a technical perspective - maintain a completely separate API for experimental items, and then "promote" them to the main API once they are considered stable. This has increased overhead for publishers and consumers, and could also reduce the likelihood of getting feedback on, and early uptake of, experimental items if they are segregated in a different place altogether. OpenAPI-Specification-3.2.0/proposals/2024-08-01-Self-Identification.md000066400000000000000000000216361506330113000247410ustar00rootroot00000000000000# Self-Identification ## Metadata |Tag |Value | |---- | ---------------- | |Proposal |[2024-08-01 Self-Identification](https://github.com/OAI/OpenAPI-Specification/tree/main/proposals/{2024-08-01-Self-Identification-and-Bundling.md})| |Relevant Specification(s)|OpenAPI Specification (OAS), Arazzo Specification| |Authors|[Henry Andrews](https://github.com/handrews)| |Review Manager | TBD | |Status |Proposal| |Implementations |n/a| |Issues | | |Previous Revisions | | ## Change Log |Date |Responsible Party |Description | |---- | ---------------- | ---------- | |2024-08-01 | @handrews | Initial submission ## Introduction OpenAPI 3.1 references are treated as identifiers rather than locators. This behavior is inherited from JSON Schema 2020-12, and is made more explicit in the forthcoming OAS 3.1.1 patch release. This separation can support stable, self-assigned identifiers which allow certain sorts of OpenAPI Description refactoring _without_ having to re-write the values of `"$ref"` and similar keywords. However, OAS lacks a mechanism to fully define such identifiers within each document, which substantially limits the benefits of this separation. ## Motivation One of the main motivations for separating identity (URIs/IRIs) and location (URLs) is to have stable, persistent identifiers regardless of the resource's location. Such identifiers are typically assigned within the resource. There are two varieties: * Setting the complete resource's absolute URI, which is also used as the resource's base URI per [RFC3986 §5.1.1](https://www.rfc-editor.org/rfc/rfc3986.html#section-5.1.1) (example: [the Schema Object's `$id`](https://www.ietf.org/archive/id/draft-bhutton-json-schema-01.html#name-the-id-keyword)) * Setting a ["plain name" URI fragment](https://www.w3.org/TR/2012/WD-fragid-best-practices-20121025/#dfn-plain-name-fragid) that does not rely on the JSON/YAML structure of the document (example: [the Schema Object's `$anchor`](https://www.ietf.org/archive/id/draft-bhutton-json-schema-01.html#name-defining-location-independe), and technically also `$dynamicAnchor` although this proposal will not mention `$dynamicAnchor` further as its additional complexities are not relevant here). As suggested by the above examples, in OAS 3.1 only the Schema Object can set stable, location-independent identifiers. OpenAPI Description documents as a whole cannot do so, nor can other Objects within the document. Note also that due to the recursive structure of schemas, resolving the Schema Object's `$id` keyword can be complex, as each can itself be a relative URI-reference that is resolved against the `$id` in parent schemas. There is no clear use case for such complexity within other parts of an OpenAPI Description. ### Use Cases There are several use cases for separating identity and location, including: * Working around network challenges: * Restrictive network security policies * Intermittent connectivity * High latency / low bandwidth * Document hosts that [require authentication](https://github.com/OAI/OpenAPI-Specification/issues/3270) * Abstracting development vs testing vs deployment details * Allowing `.json` and `.yaml` file extensions during development, as is preferred by most IDEs * Using extensions in development and HTTP content negotiation in production * Differing source control repository structure (particularly of shared documents) vs deployment directory and server layouts * This separation is necessary (although not, on its own, sufficient) to implement [bundling](https://www.openapis.org/blog/2021/08/23/json-schema-bundling-finally-formalised). For a more detailed real-world example, see the [OGC example](https://github.com/OAI/sig-moonwalk/discussions/72#user-content-ogc) in the Moonwalk discussion on imports. Many of these use cases can be worked around, but only by restricting deployment options or performing error-prone reference target rewriting. Many tools that perform reference rewriting do not take into account the added complexities of referencing in OAS 3.1 compared to 3.0 and earlier. ### Prior Art Self-identification of resources with identity independent of location is common in the JSON Schema world. This demonstrates that implementation is not just feasible but well-proven, particularly given that JSON Schema's `$id` is more complex to support than this proposal. The JSON Schema package used by the [OASComply](https://github.com/OAI/oascomply) project includes a [schema catalog](https://jschon.readthedocs.io/en/latest/tutorial/catalog.html) with [configurable file and network sources](https://jschon.readthedocs.io/en/latest/examples/file_based_schemas.html) to manage the URI-to-URL mapping (local files can be considered `file:` URLs). Self-identification is common in other formats as well. Notably, the Atom format pioneered the use of [web links with `rel="self"`](https://www.rfc-editor.org/rfc/rfc4287.html#section-4.2.7.2) for this purpose. ## Proposed solution The proposal is a simplified analog of JSON Schema's `$id` that appears in exactly one place: a new `self` field in the root OpenAPI Object (OAS) and Arazzo Object (Arazzo). When referencing a document that has a `self` field, the `self` field SHOULD be used in reference values so that reference values remain the same even if the document is moved. Placing the `self` field only in the OpenAPI Object or Arazzo Object makes it align with the existing bootstrapping process for parsing: 1. Check the `openapi` or `arazzo` field in the root OpenAPI or Arazzo Object to determine the specification version 1. Check the `jsonSchemaDialect` field for the default Schema Object dialect 1. Determine the base URI per RFC3986 §5.1.2-5.1.4 (in most cases, use the retrieval URL per §5.1.3) 1. ***NEW*** Check the `self` field for a base URI per RFC3986 §5.1.1; if it exists, resolve it against the base URI from the previous step and use the result as the document's actual base URI 1. Continue parsing the remainder of the document as usual As [OAS 3.1.1 clarifies](https://github.com/OAI/OpenAPI-Specification/pull/3758), it is already mandatory to separate location and identity for Schema Object support. Currently, associating a URI other than the current URL with a document to meet this requirement has to be done externally. Many tools effectively support this by allowing the retrieval URL to be set manually, without verifying that the document actually lives at the given URL. However, this relies on users to make use of a non-standard implementation feature rather than offering well-defined behavior based on the document author's intent. With the new `self` field, tools need to be configured to know how to locate documents whose `self` values do not match their locations. The JSON Schema implementation linked under [Prior Art](#prior-art) above demonstrates several ways to accomplish this. ## Detailed design This is written for the structure of the OAS, but it should be clear how it would be adapted for Arazzo. Some amount of guidance around how to configure tools to resolve `self`-references that do not match locations probably also needs to be added in the sections on reference resolution and base URIs. ```MARKDOWN ## OpenAPI Object ### Fixed Fields Field Name | Type | Description ---|:---|:--- self | `URI-reference` (without a fragment) | Sets the URI of this document, which also serves as its base URI in accordance with [RFC 3986 §5.1.1](https://www.rfc-editor.org/rfc/rfc3986#section-5.1.1); the value MUST NOT be the empty string and MUST NOT contain a fragment ``` ## Backwards compatibility OAS 3.2 and Arazzo 1.1 documents that do not use the `self` field will behave exactly the same as OAS 3.1 and Arazzo 1.0 documents. The change in minor version is sufficient to manage the compatibility issues, as no software that only supports up to 3.1/1.0 should attempt to parse 3.2/1.1 documents. ## Alternatives considered ### Plain name fragments in every Object While including `self` in every Object would produce the same complexity as JSON Schema's nested `$id`, we could just adopt an equivalent of JSON Schema's `$anchor` keyword, which (like HTML/XML's `id` attribute) creates a plain name fragment that is not tied to the location of the Object in the JSON/YAML structure. Handling a fragment declaration keyword would require scanning all Objects for the keyword prior to declaring that a reference target with a plain name fragment cannot be resolved. This would likely be done on document load, but could be deferred and done incrementally as-needed when unknown fragments are encountered. Support for `$anchor` in JSON Schema demonstrates that this is feasible, and the mental model is familiar to most from HTML. But it would be a bit more work to support. While it would be a significant advantage to have completely location-independent referencing support, this is given as an alternative because the `self` field is a pre-requisite, and can be added whether we later support plain name fragments or not. OpenAPI-Specification-3.2.0/proposals/2024-09-01-Tags-Improvement.md000066400000000000000000000211761506330113000243220ustar00rootroot00000000000000# Tags Improvement ## Metadata |Tag |Value | |---- | ---------------- | |Proposal |[2024-09-01-Tags-Improvement](https://github.com/OAI/OpenAPI-Specification/tree/main/proposals/{2024-09-01-Tags-Improvement.md})| |Authors|[Lorna Mitchell](https://github.com/lornajane)| |Review Manager | TBD | |Status |Proposal| |Implementations | | |Issues | [1367](https://github.com/OAI/OpenAPI-Specification/issues/1367), [2843](https://github.com/OAI/OpenAPI-Specification/issues/2843), | |Previous Revisions | None, but see [Moonwalk discussion](https://github.com/OAI/sig-moonwalk/discussions/67) ## Change Log |Date |Responsible Party |Description | |---- | ---------------- | ---------- | | 2024-09-01 | @lornajane | Initial draft | ## Introduction Evolve the existing `tags` implementation to (optionally) support more use cases, such as giving the tags some grouping/relationships and adding more metadata. ## Motivation The tags feature hasn't changed since the spec was still called Swagger, but it's one of the most-extended aspects of OpenAPI with most tools supporting some sort of grouping or additional metadata. One motivation for this proposal is to "pave the cowpath" and formalise some of the patterns from those extensions as part of the specification. The existing tags implementation is also quite limiting, so users/tools feel they "cannot" use tags, because they are so widely implemented for documentation navigation and required exactly one tag per operation, to be used only for this single purpose or to be opted out using extensions such as `x-traitTag`. The result is that we see lots of extensions that add arbitrary metadata to operations, some of them even become part of the specification officially (looking at you, `deprecated: true`) or being so widely used that we should probably adopt them (`x-internal`, `x-experimental`). The specification does have a way of tagging operations, but it's too limited and the result is that everything has to be added as an extension field. On a personal note, I work for a tool vendor and was proposing these changes internally; but the problems affect all OpenAPI users so I brought it to the main project. ### Supporting evidence There are several examples "in the wild" of where a better tags implementation would have helped. Here is a selection of publicly-accessible examples to illustrate some of the problems this proposal could help with: - Grouping of tags is a very common use case, almost everyone uses some sort of extra hierarchy to group the tags themselves, which makes sense as our APIs are only getting more complex, something like [`x-tagGroups`](https://redocly.com/docs/api-reference-docs/specification-extensions/x-tag-groups/) is a good example - and there's a [very active open issue on OpenAPI specification itself](https://github.com/OAI/OpenAPI-Specification/issues/1367) - Various tag-alike additions exist, sometimes called "badges" or similar; I'd include extensions such as [`x-internal`](https://redocly.com/docs/cli/guides/hide-apis/#step-1-add-x-internal-to-the-api-description) as a tag-alike since they could be tags if more than one tag (or tag type) could be applied. - Additional display metadata is also in active use in the wild, see [`x-displayName`](https://redocly.com/docs/api-reference-docs/specification-extensions/x-display-name) and this [OpenAPI specification issue](https://github.com/OAI/OpenAPI-Specification/issues/2843) ## Proposed solution Originally proposed in a [Moonwalk discussion](https://github.com/OAI/sig-moonwalk/discussions/67), I am proposing three backwards-compatible additions to the existing tags feature: * Tags get a `summary` alongside `name` and `description`. In keeping with our existing practices: name is the identifier, summary is the short display content, and description is available in contexts where more information is appropriate. * A `parent` field is added to support a hierarchy without adding either separators or a new data type. Your tag can belong to another tag. * A `kind` field to explain which family of tags this tag belongs to (previously proposed as `type`). We'd expecting these to be `nav`, `badge`, `internal` and probably some other things that other tooling types would find useful. An example could look something like this: ```yaml tags: - name: deprecated kind: internal summary: Deprecated description: This operation has been deprecated and will be removed in the future. Avoid using items with this tag. - name: shop kind: nav summary: Order Online description: Operations relating to the retail operations behind the [online shopping site](https://example.com/shopping). - name: products kind: nav parent: shop summary: Products description: View and manage the product catalog. - name: orders kind: nav parent: shop summary: Online Orders description: Place, fulfil and invoice orders for the online shop. ``` Rather than making an allowed list of kinds, we will instead leave that open for user extension and keep a list of the recommended/expected types in a registry and evolve that as conventions emerge. ## Detailed design The following section is an updated specification section, for the top-level tags object only (no other changes are needed): --- #### Tag Object Adds metadata to a single tag that is used by the [Operation Object](#operation-object). Each tag used in the Operation Object instances MAY have a Tag Object defined. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | **REQUIRED**. The name of the tag. Use this value in the `tags` array of an Operation. summary | `string` | A short summary of the tag, used for display purposes. description | `string` | A description for the tag. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this tag. parent | `string` | The `name` of a tag that this tags is nested under. The named tag MUST exist in the API description, and circular references between parent and child tags MUST NOT be used. kind | `string` | A machine-readable string to categorize what sort of tag it is. Common uses are `nav` for Navigation, `badge` for badges, `internal` for internal APIs, but any string value can be used. A registry of known values is available. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Tag Object Example ```json { "name": "account-updates", "summary": "Account Updates", "description": "Account update operations", "kind": "nav" }, { "name": "partner", "summary": "Partner", "description": "Operations available to the partners network", "parent": "external", "kind": "audience" }, { "name": "external", "summary": "External", "description": "Operations available to external consumers", "kind": "audience" } ``` ```yaml - name: account-updates summary: Account Updates description: Account update operations kind: nav - name: partner summary: Partner description: Operations available to the partners network parent: external kind: audience - name: external summary: External description: Operations available to external consumers kind: audience ``` --- ## Backwards compatibility All new fields are optional, so existing API descriptions will remain valid and useful. Some users may wish to adopt some of the following steps on upgrade: - Set `kind: nav` if their existing tags are currently used for navigation entries in documentation tooling. - Change `x-displayName` in `tag` objects to `summary` instead. - Add a tag to replace each `x-tagGroups` entry, and set the `parent` field for each of the tags in the groups. - Change `x-badges` extensions to instead be a tag with `kind: badge`. - Change features like `x-internal` to be a tag with a specific `kind` set. Similarly some lifecycle use cases such as `x-beta` could be replaced with tags. ## Alternatives considered - Continue to use tags as-is, and extend the spec for each use case that users need rather than providing an open metadata implementation. We've been slow to iterate and I would rather "open" the options than try to control them. The API space evolves quite quickly. - Set `children` rather than `parent` on the tags and operate a top-down relationship. The suggestion of allowing multiple links or a graph approach was also mentioned. In both cases, there are good ideas in every direction, but our responsibility is to implement a structure that users can easily understand and maintain. OpenAPI-Specification-3.2.0/proposals/2025-03-20-URIs-for-Tags.md000066400000000000000000000222011506330113000234050ustar00rootroot00000000000000# URIs for Tags ## Metadata |Tag |Value | |---- | ---------------- | |Proposal |[2025-03-20-URIs-for-Tags](https://github.com/OAI/OpenAPI-Specification/tree/main/proposals/{2025-03-20-URIs-for-Tags.md})| |Authors|[Henry Andrews](https://github.com/handrews)| |Review Manager | [Lorna Mitchell](https://github.com/lornajane) | |Status | rejected | |Implementations | n/a | |Issues |[#2905 Allow the use of $ref and json pointer in tags](https://github.com/OAI/OpenAPI-Specification/issues/2905), consolidated into [#3853 Consolidated $ref-to-Some Object feature request](https://github.com/OAI/OpenAPI-Specification/issues/3853)| |Previous Revisions |n/a| ## Change Log |Date |Responsible Party |Description | |---- | ---------------- | ---------- | |2025-03-20 | @handrews | Initial publication | |2025-03-26 | @handrews | Document rejection | ## Introduction Tags are the last remaining [implicit connection](https://spec.openapis.org/oas/v3.1.1#resolving-implicit-connections) that do not have a URI-based alternative for deterministic, universal referencing (Security Requirement Objects are fixed in [PR #4388](https://github.com/OAI/OpenAPI-Specification/pull/4388), currently awaiting re-approval after review feedback changes). This proposal adds such an alternative, giving tags the same capabilities as all other similar mechanisms within the OAS. ## Motivation ### A user request and proposal From @SandroG in issue #2905 (which is only closed because it was consolidated into #3853), which got two further thumbs-ups: _**[NOTE:** The mechanism proposed here is **not** the one favored by this proposal, which is explained further down]_ > I have a large specification, which I need to break down in different files. I use an approach where each file is like a sub-specification that lists all endpoints regarding the same subject and then I include these endpoints in the main openapi file. > The documentation of a tag is in the same file as the endpoint that uses it. > > I'm not able to reuse that tag declaration in the main file, so I'm not able to include the description of the tag. > > For example, I have a separate file for customer's endpoints `customers.yaml` ```YAML info: ... tags: - name: Customer description: APIs to manage customers. A customer is a representation of ... paths: /customers/{id}/: parameters: - name: id . . . get: . . . /customers/: . . . ``` > I need to do this: `openapi.yaml` ```YAML info: ... tags: - $ref: "./customers.yaml#/tags/0" paths: /customers/{id}/: $ref: "./customers.yaml#/paths/~customers~1{id}~1" /customers/: $ref: "./customers.yaml#/paths/~customers~1" ``` ### Proof of confusion over tag to Tag Object resolution In the above example, @SandroG proposes using `$ref` for Tag Objects to pull Tag Objects from one [OpenAPI Document](https://spec.openapis.org/oas/v3.1.1#openapi-document) into another, where they can be used by the `tags` field in Operation Objects. This makes clear that they expect tags to be resolved from the _current document_, which may be a [referenced document rather than the entry document](https://spec.openapis.org/oas/v3.1.1#openapi-description). However, in [3.0.4](https://spec.openapis.org/oas/v3.0.4#resolving-implicit-connections) and [3.1.1](https://spec.openapis.org/oas/v3.1.1#resolving-implicit-connections) we RECOMMEND (== SHOULD) that tag names are resolved to Tag Objects in the _entry document_. This means that there is no way to resolve them from the current document, which is the mirror image of the problem as that encountered by @SandroG. In today's TDC call, @lornajane stated that she expects tag names to be resolved from the entry document, and @kevinswiber expressed doubt that anyone implements anything else (sadly @SandroG does not mention their tool, which presumably resolves from the current document or else they would not have explained the issue in this way). ### Fragility of JSON Pointers with arrays Tag Objects are ordered, and tools MAY treat the ordering as significant for presentation purposes. JSON Pointers include the array index, which will change whenever someone decides to re-order the tag display, breaking any URI references that include a JSON Pointer. However, the use of the `name` field and the requirement that all Tag Objects in a list have a unique name mean that it is only necessary to identify the OpenAPI Object (or as a simpler proxy, the OpenAPI Document) in which to find the list of Tag Objects. Once the correct OpenAPI Document is identified, the list can be searched by name as it is now. ### Additional scenarios Another scenario to consider is a standards group that is publishing OpenAPI Documents that are intended to be used by multiple API providers. Such standards groups have no control over the entry documents used, so if they wish to provide Tag Objects, they MUST place them in the shared, referenced document. If the API provider wishes to use those Tag Objects in their entry document, or in their own referenced documents, then they currently cannot do. ## Proposed solution A new field or fields would be added to identify, with a URI, the OpenAPI Document from which a tag MUST be resolved. This would bring tags into alignment with other implicitly resolved names (e.g. Schema names in the Discriminator Object and Security Scheme names in the Security Requirement Object), with the variation that only the Document rather than the exact Object is identified. ## Detailed design In the Tag Object, a `parentDocument` field would be an optional URI qualifier to the `parent` field, and only allowed if `parent` is present. In the Operation Object, a `tagRefs` field would be added alongside the `tags` field. This new field would be a map with a Document URI as the keys, and an array of tags (as in the `tags` field) as the values. Tags under `tagRefs` would be resolved within the document identified by the key, while tags within `tags` would continue to be RECOMMENDED to resolve from the entry document. ## Backwards compatibility The proposal is fully backwards compatible. ## Alternatives considered The option proposed by @SandroG would require the Operation Object's `tags` field to resolve from the current document, which would be a breaking change and therefore not possible in 3.2. @baywet proposed a top-level (per-document) association of URIs and tags, to reduce the number of places where it is necessary to look for URIs. However, this requires duplicating tags that would otherwise only appear in Operation Objects in the top-level field, and does not fully solve the namespacing issue as each tag could only resolve from one place, rather than allowing the same tag name to have different meanings by resolving it to a different Tag Object in a different document. @karenetheridge proposed treating tags like `operationId` and resolving within the entire description (a PR to this proposal with more details of this alternative would be welcome). To me, `operationId` is not a good precedent to follow, as we already have to provide numerous disclaimers regarding collisions in the specification text, and the results are not well-defined. While we could make collisions an error for this new mechanism, @baywet noted that trying to prevent such collisions is highly burdensome in large organizations (although @karenetheridge similarly pointed to experience of it working). The fact that `operationRef` had to be included to provide a URI-based alternative to using `operationId` in the Link Object is a strong piece of evidence in favor of a URI-based solution for tags. ## Outcome Rejected per @lornajane, with concurrence by @ralfhandl: > I am not in favour of these additions for the 3.x branch. I wish that we'd implemented tags differently in the first place, and I'm sure that all the constructive discussion around the tags feature will help us a lot in future major releases. > > I believe that the limitations of the current tag situation can be overcome with helper tooling and that this change (while solving a narrow but valid use case) adds complexity to the specification that is unnecessary and does not benefit the majority of users. As custodians of a widely-used standard, we have a responsibility to maintain something that is appropriate for its audience, and we should be "reluctant" in all our changes unless we see that they are really needed. > > I propose that users would be equally well served by leaving the requirement to resolve tags from the entry document. Organisations can either maintain an extensive list of tags in all OpenAPI documents, and then remove any that aren't used before publishing (tooling exists for this use case), or alternatively if a tool wants to include tags found in the wider context of referenced OpenAPI documents by adding them to the top-level tags array during processing, that would work well too. > > The tags array is a list of strings. It isn't an ID like the Operation uses, and it's not a named entry like the security schemes, so it is appropriate to approach the limitations of it differently. My proposal is to offer some advice or documentation on approaching this problem, but not to bring it in scope of the specification for 3.x since other options are available. OpenAPI-Specification-3.2.0/proposals/Alternative-Schema/000077500000000000000000000000001506330113000232135ustar00rootroot00000000000000OpenAPI-Specification-3.2.0/proposals/Alternative-Schema/CONTRIBUTORS.md000066400000000000000000000001701506330113000254700ustar00rootroot00000000000000* Chuck Heazel [@cmheazel](https://github.com/cmheazel) * Darrel Miller [@darrelmiller](https://github.com/darrelmiller)OpenAPI-Specification-3.2.0/proposals/Alternative-Schema/alternative_schema_object.md000066400000000000000000000016231506330113000307230ustar00rootroot00000000000000## Change: Add the Alternative Schema Object The following text is to be inserted after the XML Object section ### Alternative Schema Object This object makes it possible to reference an external file that contains a schema that does not follow the OAS specification. If tooling does not support the _type_, tooling MUST consider the content valid but SHOULD provide a warning that the alternative schema was not processed. ## Fixed Fields |Field Name | Type | Description | |---|:---:|---| |type | string | **REQUIRED**. The value MUST match one of the values identified in the alternative Schema Registry. | |location | url | **REQUIRED**. This is a absolute or relative reference to an external resource containing a schema of a known type. This reference may contain a fragment identifier to reference only a subset of an external document. | This object MAY be extended with Specification Extensions. OpenAPI-Specification-3.2.0/proposals/Alternative-Schema/examples.md000066400000000000000000000025531506330113000253600ustar00rootroot00000000000000## Change: Add Alternative Schema Examples The following text is to be inserted after the Alternative Schema Object section. ### Alternative Schema Examples Minimalist usage of alternative schema: schema: x-oas-draft-alternativeSchema: type: jsonSchema location: ./real-jsonschema.json Combination of OAS schema and alternative: schema: type: object nullable: true x-oas-draft-alternativeSchema: type: jsonSchema location: ./real-jsonschema.json Multiple different versions of alternative schema: schema: anyOf: - x-oas-draft-alternativeSchema: type: jsonSchema location: ./real-jsonschema-08.json - x-oas-draft-alternativeSchema: type: jsonSchema location: ./real-jsonschema-07.json Combined alternative schemas: schema: allOf: - x-oas-draft-alternativeSchema: type: xmlSchema location: ./xmlSchema.xsd - x-oas-draft-alternativeSchema: type: schematron location: ./schema.sch Mixed OAS schema and alternative schema: schema: type: array items: x-oas-draft-alternativeSchema: type: jsonSchema location: ./real-jsonschema.json OpenAPI-Specification-3.2.0/proposals/Alternative-Schema/implementations.md000066400000000000000000000030241506330113000267440ustar00rootroot00000000000000# Implementations ## Overview Below is a list of tooling that claims to implement the Alternative Schema proposal. While support for this feature matures, refer to the details of projects listed below for any notes about stability and roadmap. The process to improve the OpenAPI specification includes feedback from end-users and tooling creators. We strongly encourage draft tooling be made available for early users of OAS drafts. These tools are not endorsed by the OAI ## Implementations: #### Low-Level tooling | Title | Project Link | Language | Description | ----------- | ----------- | ----------- | ----------- |TBD |TBD |TBD |TBD | #### Editors | Title | Project Link | Language |Description | |----------------|--------------|----------|---------------------| |TBD |TBD |TBD |TBD | #### User Interfaces | Title | Project Link | Language |Description | |----------------|--------------|----------|---------------------| |TBD |TBD |TBD |TBD | #### Mock Servers | Title | Project Link | Language | Description | | -------------- | ------------ | -------- | ----------- | |TBD |TBD |TBD |TBD | #### Server Implementations | Title | Project Link | Language |Description | |----------------|--------------|----------|---------------------| |TBD |TBD |TBD |TBD | #### Code Generators | Title | Project Link | Language |Description | |----------------|--------------|----------|---------------------| |TBD |TBD |TBD |TBD | OpenAPI-Specification-3.2.0/proposals/Alternative-Schema/schema_object.md000066400000000000000000000052471506330113000263330ustar00rootroot00000000000000## Change: Extend the Schema Object to support Alternative Schemas The following content shall be used to replace the Fixed Fields table in the Schema Object section #### Fixed Fields |Field Name | Type | Description | |---|:---:|---| | nullable | `boolean` | Allows sending a `null` value for the defined schema. Default value is `false`.| | discriminator | [Discriminator Object](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.2.md#discriminatorObject) | Adds support for polymorphism. The discriminator is an object name that is used to differentiate between other schemas which may satisfy the payload description. See [Composition and Inheritance](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.2.md#schemaComposition) for more details. | | readOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | | writeOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | | xml | [XML Object](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.2.md#xmlObject) | This MAY be used only on properties schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. | | externalDocs | [External Documentation Object](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.2.md#externalDocumentationObject) | Additional external documentation for this schema. | example | Any | A free-form property to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary.| | deprecated | `boolean` | Specifies that a schema is deprecated and SHOULD be transitioned out of usage. Default value is `false`.| |x-oas-draft-alternativeSchema |alternative Schema Object |An external schema that participates in the validation of content along with other schema keywords. | OpenAPI-Specification-3.2.0/proposals/Overlays/000077500000000000000000000000001506330113000213435ustar00rootroot00000000000000OpenAPI-Specification-3.2.0/proposals/Overlays/Changes.yml000066400000000000000000000033471506330113000234450ustar00rootroot00000000000000# Create update methods (add,replace,merge,delete)? Is merge necessary? # Multiple additions or updates to the same target is more efficient with merge # Different than JSON Patch because is works in JSON and YAML # Has info object and spec version # values overlay: 1.0.0 info: title: An example of an overlay that captures changes to an API version: 1.0.0 updates: # Add a property to a schema - target: components.schemas."todo".properties merge: createdBy: type: string # Add constraints to a schema - target: components.schemas."todo" merge: additionalProperties: false - target: components.schemas."todo" merge: type: ["object","null"] #Change a schema - target: components.schemas."todo" replace: type: integer # Add multiple constraints to a schema using merge - target: components.schemas."todo" merge: additionalProperties: false type: ["object","null"] # Add multiple constraints to a schema using merge - target: components.schemas."todo" merge: additionalProperties: false type: ["object","null"] properties: someprop: type: string # Add an operation - target: paths."/foo" add: delete: description: delete a foo responses: 200: description: ok # Add a path - target: paths add: "/items": get: responses: 200: description: ok # Add an optional query parameter - target: paths."/bar".parameters add: name: skip in: query type: string # Mark an operation as deprecated # Change the value of a JSON schema constraint # Update the version of the API # Change the license of an API # Add support for a new request media type # Add support for a new response media type OpenAPI-Specification-3.2.0/proposals/Overlays/MergePatch.yml000066400000000000000000000002511506330113000241030ustar00rootroot00000000000000overlay: 1.0.0 info: title: An example of an overlay that performs a Merge Patch version: 1.0.0 updates: - target: "@" merge: openapi: 3.0.3 paths: {} OpenAPI-Specification-3.2.0/scripts/000077500000000000000000000000001506330113000172045ustar00rootroot00000000000000OpenAPI-Specification-3.2.0/scripts/adjust-release-branch.sh000077500000000000000000000011161506330113000237050ustar00rootroot00000000000000#!/usr/bin/env bash # Author: @ralfhandl # Run this script from the root of the repo. It is designed to be run manually in a release branch. branch=$(git branch --show-current) if [[ ! $branch =~ ^v[0-9]+\.[0-9]+\.[0-9]+-rel$ ]]; then echo "This script is intended to be run from a release branch, e.g. v3.1.2-rel" exit 1 fi vVersion=$(basename "$branch" "-rel") version=${vVersion:1} echo Prepare release of $version cp EDITORS.md versions/$version-editors.md mv src/oas.md versions/$version.md rm -r src rm -r tests/schema/pass tests/schema/fail rm tests/schema/schema.test.mjs OpenAPI-Specification-3.2.0/scripts/close-no-recent.ps1000066400000000000000000000030011506330113000226200ustar00rootroot00000000000000$inactivityDelay = [timespan]::FromDays([int]::Parse($Env:NO_RECENT_ACTIVITY_DURATION_CLOSE_IN_DAYS)) $oldIssues = gh issue list --label "$Env:NO_RECENT_ACTIVITY_LABEL" --state open --limit 100 --json number,author,createdAt,labels | ConvertFrom-Json | Where-Object {$_.labels.name -notcontains $Env:NEEDS_ATTENTION_LABEL } foreach($oldIssue in $oldIssues) { $lastComment = gh issue view $oldIssue.number --json comments | ConvertFrom-Json | Select-Object -ExpandProperty comments | Where-Object {$_.author.login -eq $oldIssue.author.login} | Select-Object -Last 1 if($null -eq $lastComment) { $lastCommentDate = [Nullable[datetime]]$null } else { $lastCommentDate = $lastComment.createdAt #powershell already parses the date for us with the json conversion } $lastLabelEvent = gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" "/repos/$($Env:ORG_NAME)/$($Env:REPO_NAME)/issues/$($oldIssue.number)/events?per_page=100" | ConvertFrom-Json | Where-Object {$_.event -eq "labeled" -and $_.label.name -eq "$Env:NO_RECENT_ACTIVITY_LABEL"} | Select-Object -Last 1 $lastLabelEventDate = $lastLabelEvent.created_at if ($null -ne $lastCommentDate -and $lastCommentDate -gt $lastLabelEventDate) { gh issue edit $oldIssue.number --remove-label "$Env:NO_RECENT_ACTIVITY_LABEL" --remove-label "$Env:NEEDS_AUTHOR_FEEDBACK_LABEL" --add-label "$Env:NEEDS_ATTENTION_LABEL" } elseif (([datetime]::UtcNow - $lastLabelEventDate) -ge $inactivityDelay) { gh issue close $oldIssue.number -r "not planned" } }OpenAPI-Specification-3.2.0/scripts/fwdabort.sh000077500000000000000000000002071506330113000213520ustar00rootroot00000000000000#!/bin/sh # Aborts a fwdport.sh run cleanly # Author: @MikeRalphson git am -i --abort rm -f *.mbox *.patch *.rej git checkout main OpenAPI-Specification-3.2.0/scripts/fwdport.sh000077500000000000000000000054701506330113000212360ustar00rootroot00000000000000#!/bin/sh # Forward ports changes from the spec file of a source branch to the spec file of a target branch # For example: porting interim changes made in v3.1.x patch releases to the v3.2.0 branch # This script is designed to be run once per branch, when interim changes need merging in # before another branch is released. It is not intended to be run multiple times to keep # two branches in sync. # Author: @MikeRalphson # Issues: https://github.com/OAI/OpenAPI-Specification/pull/2163 mainbranch=main myremote=origin upstream=upstream source=$1 target=$2 if [ -z "$source" ]; then echo You must specify a source and target branch exit 1 fi if [ -z "$target" ]; then echo You must specify a source and target branch exit 1 fi echo Checking working dir... status=`git ls-files -m` if [ -z "$status" ]; then echo All clear else echo You have a dirty working tree, aborting echo ${status} exit 1 fi cruft=`ls -1 *.patch *.rej *.mbox 2>/dev/null` if [ -z "$cruft" ]; then echo No .patch, .rej or .mbox files found, continuing else echo .patch / .rej / .mbox files found, aborting exit 1 fi tmpbranch=forward-port-${source} existing=`git branch | grep ${tmpbranch}` if [ -z "$existing" ]; then echo No matching temp branch found, continuing else echo Temp branch ${tmpbranch} already exists, aborting exit 1 fi srcver=`echo $source | sed s/-dev//g | sed s/v//g`.md tgtver=`echo $target | sed s/-dev//g | sed s/v//g`.md echo Forward-porting changes from ${source}:versions/${srcver} to ${target}:${tgtver} echo You may use the commands \'git fwdskip\' and \'git fwdcont\' to skip patches, or to continue after manually fixing. echo Use `fwdabort.sh` to abort cleanly. echo echo Due to a bug in \`git am\`, git v2.22.1+ is required, you\'re running: git --version echo echo Press a key to continue... read git config --add rerere.enabled true git config alias.fwdskip '!git am -i --skip' git config alias.fwdcont '!git am -i --continue' git checkout ${source} git pull ${upstream} ${source} # look at using git merge-base as an alternative? say if we branched 3.1.0 part way through 3.0.2's life firstsrc=`git log --abbrev-commit --format=format:%H -n 1 --reverse -- versions/${srcver}` lastsrc=`git log --abbrev-commit --format=format:%H -- versions/${srcver} | tail -n 1` changes=`git log --format=format:%H --reverse versions/${srcver}` echo Applying changes from ${firstsrc} to ${lastsrc} # remove first (creation) commit and uniq without sorting oIFS="$IFS" IFS=' ' changes=`echo ${changes} | tail -n +2 | awk '!x[$0]++'` IFS="$oIFS" for c in ${changes}; do git format-patch --stdout -1 $c | sed s/${srcver}/${tgtver}/g > $c.patch done git checkout ${target} git pull ${upstream} ${target} git checkout -b ${tmpbranch} cat *.patch > fwdport.mbox rm -f *.patch git am -3 --interactive --ignore-whitespace -s fwdport.mbox OpenAPI-Specification-3.2.0/scripts/label-no-recent.ps1000066400000000000000000000032231506330113000226000ustar00rootroot00000000000000$inactivityDelay = [timespan]::FromDays([int]::Parse($Env:NO_RECENT_ACTIVITY_DURATION_IN_DAYS)) $oldIssues = gh issue list --label "$Env:NEEDS_AUTHOR_FEEDBACK_LABEL" --state open --limit 100 --json number,author,createdAt,labels | ConvertFrom-Json | Where-Object {$_.labels.name -notcontains $Env:NO_RECENT_ACTIVITY_LABEL } foreach($oldIssue in $oldIssues) { $lastComment = gh issue view $oldIssue.number --json comments | ConvertFrom-Json | Select-Object -ExpandProperty comments | Where-Object {$_.author.login -eq $oldIssue.author.login} | Select-Object -Last 1 if($null -eq $lastComment) { $lastCommentDate = [Nullable[datetime]]$null } else { $lastCommentDate = $lastComment.createdAt #powershell already parses the date for us with the json conversion } $lastLabelEvent = gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" "/repos/$($Env:ORG_NAME)/$($Env:REPO_NAME)/issues/$($oldIssue.number)/events?per_page=100" | ConvertFrom-Json | Where-Object {$_.event -eq "labeled" -and $_.label.name -eq "$Env:NEEDS_AUTHOR_FEEDBACK_LABEL"} | Select-Object -Last 1 $lastLabelEventDate = $lastLabelEvent.created_at if ($null -ne $lastCommentDate -and $lastCommentDate -gt $lastLabelEventDate) { gh issue edit $oldIssue.number --remove-label "$Env:NO_RECENT_ACTIVITY_LABEL" --remove-label "$Env:NEEDS_AUTHOR_FEEDBACK_LABEL" --add-label "$Env:NEEDS_ATTENTION_LABEL" } elseif (([datetime]::UtcNow - $lastLabelEventDate) -ge $inactivityDelay) { gh issue edit $oldIssue.number --add-label "$Env:NO_RECENT_ACTIVITY_LABEL" --remove-label "$Env:NEEDS_ATTENTION_LABEL" gh issue comment $oldIssue.number -b "$Env:NO_RECENT_ACTIVITY_COMMENT" } }OpenAPI-Specification-3.2.0/scripts/md2html/000077500000000000000000000000001506330113000205535ustar00rootroot00000000000000OpenAPI-Specification-3.2.0/scripts/md2html/.gitignore000066400000000000000000000000171506330113000225410ustar00rootroot00000000000000*.err input.bs OpenAPI-Specification-3.2.0/scripts/md2html/analytics/000077500000000000000000000000001506330113000225425ustar00rootroot00000000000000OpenAPI-Specification-3.2.0/scripts/md2html/analytics/google.html000066400000000000000000000004631506330113000247070ustar00rootroot00000000000000 OpenAPI-Specification-3.2.0/scripts/md2html/build.sh000077500000000000000000000050771506330113000222220ustar00rootroot00000000000000#!/bin/bash # Author: @MikeRalphson # run this script from the root of the repo # It is designed to be run by a GitHub workflow # Usage: build.sh [version | "latest" | "src"] # When run with no arguments, it builds artifacts for all published specification versions. # It may also be run with a specific version argument, such as "3.1.1" or "latest" # Finally, it may be run with "src" to build "src/oas.md" # # It contains bashisms if [ "$1" = "src" ]; then deploydir="deploy-preview" else deploydir="deploy/oas" fi mkdir -p $deploydir/js mkdir -p $deploydir/temp cp -p node_modules/respec/builds/respec-w3c.* $deploydir/js/ latest=$(git describe --abbrev=0 --tags) allVersions=$(ls -1 versions/[23456789].*.md | grep -v -e "\-editors" | sort -r) if [ -z "$1" ]; then specifications=$allVersions elif [ "$1" = "latest" ]; then specifications=$(ls -1 versions/$latest.md) elif [ "$1" = "src" ]; then specifications="src/oas.md" else specifications=$(ls -1 versions/$1.md) fi latestCopied="none" lastMinor="-" for specification in $specifications; do version=$(basename $specification .md) if [ "$1" = "src" ]; then destination="$deploydir/$version.html" maintainers="EDITORS.md" else destination="$deploydir/v$version.html" maintainers="$(dirname $specification)/$version-editors.md" fi minorVersion=${version:0:3} tempfile="$deploydir/temp/$version.html" tempfile2="$deploydir/temp/$version-2.html" echo === Building $version to $destination node scripts/md2html/md2html.js --maintainers $maintainers $specification "$allVersions" > $tempfile npx respec --no-sandbox --use-local --src $tempfile --out $tempfile2 # remove unwanted Google Tag Manager and Google Analytics scripts sed -e 's/'; preface += `\n`; preface += '\n'; preface += ''; preface += `

${title.split('|')[0]}

`; preface += `

Copyright © ${options.publishDate.getFullYear()} the Linux Foundation

`; preface += `

${abstract}

`; preface += 'The OpenAPI Specification (OAS) defines a standard, programming language-agnostic interface description for HTTP APIs, which allows both humans and computers to discover and understand the capabilities of a service without requiring access to source code, additional documentation, or inspection of network traffic. When properly defined via OpenAPI, a consumer can understand and interact with the remote service with a minimal amount of implementation logic. Similar to what interface descriptions have done for lower-level programming, the OpenAPI Specification removes guesswork in calling a service.'; preface += '
'; preface += '
'; preface += '

Status of This Document

'; preface += 'The source-of-truth for this specification is the HTML file referenced above as This version.'; preface += '
'; return preface; } function doMaintainers() { let m = fs.readFileSync(argv.maintainers,'utf8'); let h = md.render(m); let $ = cheerio.load(h); let u = $('ul').first(); $(u).children('li').each(function(e){ let t = $(this).text().split('@')[0]; maintainers.push({name:t}); }); if ($("ul").length < 2) return; u = $("ul").last(); $(u).children('li').each(function(e){ let t = $(this).text().split('@')[0]; emeritus.push({name:t}); }); } function getPublishDate(m) { let result = new Date(); let h = md.render(m); let $ = cheerio.load(h); $('table').each(function(i,table){ const h = $(table).find('th'); const headers = []; $(h).each(function(i,header){ headers.push($(header).text()); }); if (headers.length >= 2 && headers[0] === 'Version' && headers[1] === 'Date') { let c = $(table).find('tr').find('td'); let v = $(c[0]).text(); let d = $(c[1]).text(); argv.subtitle = v; if (d !== 'TBA') result = new Date(d); } }); return result; } if (argv.maintainers) { doMaintainers(); } let s = fs.readFileSync(argv._[0],'utf8'); argv.publishDate = getPublishDate(s); let lines = s.split(/\r?\n/); let prevHeading = 0; let inTOC = false; let inDefs = false; let inCodeBlock = false; let indents = [0]; // process the markdown for (let l in lines) { let line = lines[l]; // remove TOC from older spec versions, respec will generate a new one if (line.startsWith('## Table of Contents')) inTOC = true; else if (line.startsWith('#')) inTOC = false; if (inTOC) line = ''; // special formatting for Definitions section if (line.startsWith('## Definitions')) { inDefs = true; } else if (line.startsWith('## ')) inDefs = false; // recognize code blocks if (line.startsWith('```')) { inCodeBlock = !inCodeBlock; } if (line.indexOf('')>=0) { // fix syntax error in 2.0.md line = line.replace('',''); } // replace deprecated with - needed for older specs line = line.replace(/<\/a>/g,''); line = line.split('\\|').join('|'); // was ¦ if (!inCodeBlock) { // minor fixups to get RFC links to work properly line = line.replace('RFC [','[RFC'); line = line.replace('[Authorization header as defined in ','Authorization header as defined in ['); line = line.replace('[JSON Pointer]','JSON Pointer [RFC6901]'); // only in 2.0.md line = line.replace('[media type range](https://tools.ietf.org/html/rfc7231#appendix-D) ','media type range, see [RFC7231](https://tools.ietf.org/html/rfc7231#appendix-D), '); line = line.replace(/\[RFC ?([0-9]{1,5})\]\(/g,'[[RFC$1]]('); // harmonize RFC URLs //TODO: harmonize to https://www.rfc-editor.org/rfc/rfc* line = line.replaceAll('](http://','](https://'); line = line.replace('https://www.ietf.org/rfc/rfc2119.txt','https://tools.ietf.org/html/rfc2119'); // only in 2.0.md line = line.replace(/https:\/\/www.rfc-editor.org\/rfc\/rfc([0-9]{1,5})(\.html)?/g,'https://tools.ietf.org/html/rfc$1'); line = line.replaceAll('https://datatracker.ietf.org/doc/html/','https://tools.ietf.org/html/'); // handle url fragments in RFC links and construct section links as well as RFC links line = line.replace(/\]\]\(https:\/\/tools.ietf.org\/html\/rfc([0-9]{1,5})\/?(\#[^)]*)?\)/g, function(match, rfcNumber, fragment) { if (fragment) { // Extract section title from the fragment let sectionTitle = fragment.replace('#', '').replace(/-/g, ' '); sectionTitle = sectionTitle.charAt(0).toUpperCase() + sectionTitle.slice(1); // Capitalize the first letter //TODO: section links to https://www.rfc-editor.org/rfc/rfc* for newer RFCs (>= 8700) return `]] [${sectionTitle}](https://datatracker.ietf.org/doc/html/rfc${rfcNumber}${fragment})`; } else { return ']]'; } }); // non-RFC references line = line.replace('[ABNF](https://tools.ietf.org/html/rfc5234)','[[ABNF]]'); line = line.replace('[CommonMark 0.27](https://spec.commonmark.org/0.27/)','[[CommonMark-0.27]]'); line = line.replace('[CommonMark syntax](https://spec.commonmark.org/)','[[CommonMark]] syntax'); line = line.replace('CommonMark markdown formatting','[[CommonMark]] markdown formatting'); line = line.replace('consult http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4)','consult [[HTML401]] [Section 17.13.4](http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4)'); line = line.replace('[IANA Status Code Registry](https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml)','[[IANA-HTTP-STATUS-CODES|IANA Status Code Registry]]'); line = line.replace('[IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml)','[[IANA-HTTP-AUTHSCHEMES]]'); line = line.replace('[JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03)','[[JSON-Reference|JSON Reference]]'); line = line.replace('[JSON Schema Specification Draft 4](https://json-schema.org/)','[[JSON-Schema-04|JSON Schema Specification Draft 4]]'); line = line.replace('[JSON Schema Core](https://tools.ietf.org/html/draft-zyp-json-schema-04)','[[JSON-Schema-04|JSON Schema Core]]'); line = line.replace('[JSON Schema Validation](https://tools.ietf.org/html/draft-fge-json-schema-validation-00)','[[JSON-Schema-Validation-04|JSON Schema Validation]]'); line = line.replace('[JSON Schema Specification Wright Draft 00](https://json-schema.org/)','[[JSON-Schema-05|JSON Schema Specification Wright Draft 00]]'); line = line.replace('[JSON Schema Core](https://tools.ietf.org/html/draft-wright-json-schema-00)','[[JSON-Schema-05|JSON Schema Core]]'); line = line.replace('[JSON Schema Validation](https://tools.ietf.org/html/draft-wright-json-schema-validation-00)','[[JSON-Schema-Validation-05|JSON Schema Validation]]'); line = line.replace('[JSON Schema Specification Draft 2020-12](https://tools.ietf.org/html/draft-bhutton-json-schema-00)','[[JSON-Schema-2020-12|JSON Schema Specification Draft 2020-12]]'); line = line.replace('[JSON Schema Core](https://tools.ietf.org/html/draft-bhutton-json-schema-00)','[[JSON-Schema-2020-12|JSON Schema Core]]'); line = line.replace('[JSON Schema Validation](https://tools.ietf.org/html/draft-bhutton-json-schema-validation-00)','[[JSON-Schema-Validation-2020-12|JSON Schema Validation]]'); line = line.replace('[SPDX](https://spdx.org/licenses/) license','[[SPDX-Licenses]]'); line = line.replace('[XML namespaces](https://www.w3.org/TR/xml-names11/)','[[xml-names11|XML namespaces]]'); line = line.replace('JSON standards. YAML,','[[RFC7159|JSON]] standards. [[YAML|YAML]],'); // 2.0.md only line = line.replace('JSON or YAML format.','[[RFC7159|JSON]] or [[YAML|YAML]] format.'); line = line.replace(/YAML version \[1\.2\]\(https:\/\/(www\.)?yaml\.org\/spec\/1\.2\/spec\.html\)/,'[[YAML|YAML version 1.2]]'); } // fix relative links (to examples) if (!inCodeBlock && line.indexOf('](../examples/') >= 0) { // links to examples go to learn site, links to yaml files go to wrapper html line = line.replace(/\(\.\.\/examples\/([^)]+)\)/g,function(match,group1){ console.warn("example link",group1); group1 = group1.replace('.yaml','.html'); return `(https://learn.openapis.org/examples/${group1})`; }) } else if (!inCodeBlock && line.indexOf('](../') >= 0) { // links to other sibling files go to github const regExp = /\((\.\.[^)]+)\)/g; line = line.replace(regExp,function(match,group1){ console.warn('relative link',group1); return '('+url.resolve('https://github.com/OAI/OpenAPI-Specification/tree/main/versions/foo',group1)+')'; }); } // fix indentation of headings // - make sure that each heading is at most one level deeper than the previous heading // - reduce heading level by one if we're in respec mode except for h1 if (!inCodeBlock && line.startsWith('#')) { let indent = 0; while (line[indent] === '#') indent++; let originalIndent = indent; let prevIndent = indents[indents.length-1]; // peek let delta = indent-prevIndent; if (indent > 1) { indent--; } let newIndent = indent; let title = line.split('# ')[1]; if (inDefs) title = ''+title+''; line = ('#'.repeat(newIndent)+' '+title); if (delta>0) indents.push(originalIndent); if (delta<0) { let d = Math.abs(delta); while (d>0) { indents.pop(); d--; } } } // wrap section text in
...
tags for respec if (!inCodeBlock && line.startsWith('#')) { let heading = 0; while (line[heading] === '#') heading++; let delta = heading-prevHeading; if (delta>1) console.warn(delta,line); if (delta>0) delta = 1; let prefix = ''; let newSection = '
'; const m = line.match(/# Version ([0-9.]+)$/); if (m) { // our conformance section is headlined with 'Version x.y.z' // and respec needs a conformance section in a "formal" specification newSection = '
'; // adjust the heading to be at level 2 because respec insists on h2 here // Note: older specs had this at h4, newer specs at h2, and all heading levels have been reduced by 1 in the preceding block line = '#' + m[0]; delta = 1; heading = 2; } if (line.includes('Appendix')) { newSection = '
'; } // heading level delta is either 0 or is +1/-1, or we're in respec mode // respec insists on
...
breaks around headings if (delta === 0) { prefix = '
'+newSection; } else if (delta > 0) { prefix = newSection.repeat(delta); } else { prefix = '
'+('
').repeat(Math.abs(delta))+newSection; } prevHeading = heading; line = prefix+md.render(line); } lines[l] = line; } s = preface(`OpenAPI Specification v${argv.subtitle} | Introduction, Definitions, & More`,argv)+'\n\n'+lines.join('\n'); let out = md.render(s); out = out.replace(/\[([RGB])\]/g,'[$1]'); out = out.replace('[[IANA-HTTP-AUTHSCHEMES]]','[[IANA-HTTP-AUTHSCHEMES|IANA Authentication Scheme registry]]'); console.log(out); OpenAPI-Specification-3.2.0/scripts/md2html/style-finish.html000066400000000000000000000000111506330113000240470ustar00rootroot00000000000000 OpenAPI-Specification-3.2.0/scripts/md2html/style-start.html000066400000000000000000000005431506330113000237360ustar00rootroot00000000000000

OpenAPI Specification v30.0.1

Copyright © 3001 the Linux Foundation

What is the OpenAPI Specification?

The OpenAPI Specification (OAS) defines a standard, programming language-agnostic interface description for HTTP APIs, which allows both humans and computers to discover and understand the capabilities of a service without requiring access to source code, additional documentation, or inspection of network traffic. When properly defined via OpenAPI, a consumer can understand and interact with the remote service with a minimal amount of implementation logic. Similar to what interface descriptions have done for lower-level programming, the OpenAPI Specification removes guesswork in calling a service.

Status of This Document

The source-of-truth for this specification is the HTML file referenced above as This version.

Heading 1

Text for first chapter

Version 30.0.1

This is the conformance section

Heading 2

Text for first section

Definitions

Foo

Definition of Foo.

Another Heading 2

Text for second section

Relative link to example

Relative link to something else

Heading 3

Text for first subsection

[[RFC3986]]

[[RFC9110]] Section 4

{
  "foo": true
}

foo: true

text/plain

no language

unknown language

https://foo.com/bar?baz=qux&fred=waldo#fragment

https://foo.com/bar{?baz*,qux}

--boundary-example
Content-Type: application/openapi+yaml
Content-Location: https://inaccessible-domain.com/api/openapi.yaml

openapi: 3.2.0
info:
  title: Example API
  version: 1.0
  externalDocs:
    url: docs.html

--boundary-example
Content-Type: text/html
Content-Location: https://example.com/api/docs.html

<html>
  <head>
    <title>API Documentation</title>
  </head>
  <body>
    <p>Awesome documentation goes here</p>
  </body>
</html>

event: addString
data: This data is formatted
data: across two lines
retry: 5

event: addNumber
data: 1234.5678
unknownField: this is ignored

: This is a comment
event: addJSON
data: {"foo": 42}

{"event": "addString", "data": "This data is formatted\nacross two lines", "retry": 5}
{"event": "addNumber", "data": "1234.5678"}
{"event": "addJSON", "data": "{\"foo\": 42}"}

{"event": "addString", "data": "This data is formatted\nacross two lines", "retry": 5}
{"event": "addNumber", "data": "1234.5678"}
{"event": "addJSON", "data": "{\"foo\": 42}"}

0x1E{
  "timestamp": "1985-04-12T23:20:50.52Z",
  "level": 1,
  "message": "Hi!"
}
0x1E{
  "timestamp": "1985-04-12T23:20:51.37Z",
  "level": 1,
  "message": "Bye!"
}

Appendix A: Revision History

Version Date
30.0.1 3001-04-01
OpenAPI-Specification-3.2.0/tests/md2html/fixtures/basic-new.maintainers000066400000000000000000000003601506330113000262020ustar00rootroot00000000000000# Editors ## Active * John Doe [@johndoe](https://github.com/johndoe) * Jane Doe [@janedow](https://github.com/janedoe) ## Trainee * New Bee [@newbee](https://github.com/newbee) ## Emeritus * Foo Bar [@foobar](https://github.com/foobar) OpenAPI-Specification-3.2.0/tests/md2html/fixtures/basic-new.md000066400000000000000000000040611506330113000242720ustar00rootroot00000000000000# Heading 1 Text for first chapter ## Version 30.0.1 This is the conformance section ## Heading 2 Text for first section ## Definitions ### Foo Definition of Foo. ## Another Heading 2 Text for second section [Relative link to example](../examples/foo.yaml) [Relative link to something else](../something/else) ### Heading 3 Text for first subsection [RFC3986](https://datatracker.ietf.org/doc/html/rfc3986) [RFC9110](https://www.rfc-editor.org/rfc/rfc9110.html#section-4) ```json { "foo": true } ``` ```yaml foo: true ``` ```text text/plain ``` ``` no language ``` ```unknown unknown language ``` ```uri https://foo.com/bar?baz=qux&fred=waldo#fragment ``` ```uritemplate https://foo.com/bar{?baz*,qux} ``` ```multipart --boundary-example Content-Type: application/openapi+yaml Content-Location: https://inaccessible-domain.com/api/openapi.yaml openapi: 3.2.0 info: title: Example API version: 1.0 externalDocs: url: docs.html --boundary-example Content-Type: text/html Content-Location: https://example.com/api/docs.html API Documentation

Awesome documentation goes here

``` ```eventstream event: addString data: This data is formatted data: across two lines retry: 5 event: addNumber data: 1234.5678 unknownField: this is ignored : This is a comment event: addJSON data: {"foo": 42} ``` ```jsonl {"event": "addString", "data": "This data is formatted\nacross two lines", "retry": 5} {"event": "addNumber", "data": "1234.5678"} {"event": "addJSON", "data": "{\"foo\": 42}"} ``` ```ndjson {"event": "addString", "data": "This data is formatted\nacross two lines", "retry": 5} {"event": "addNumber", "data": "1234.5678"} {"event": "addJSON", "data": "{\"foo\": 42}"} ``` ```jsonseq 0x1E{ "timestamp": "1985-04-12T23:20:50.52Z", "level": 1, "message": "Hi!" } 0x1E{ "timestamp": "1985-04-12T23:20:51.37Z", "level": 1, "message": "Bye!" } ``` ## Appendix A: Revision History Version | Date --------|----------- 30.0.1 | 3001-04-01 OpenAPI-Specification-3.2.0/tests/md2html/fixtures/basic-old.html000066400000000000000000000225101506330113000246220ustar00rootroot00000000000000 OpenAPI Specification v30.0.1 | Introduction, Definitions, & More

OpenAPI Specification v30.0.1

Copyright © 3001 the Linux Foundation

What is the OpenAPI Specification?

The OpenAPI Specification (OAS) defines a standard, programming language-agnostic interface description for HTTP APIs, which allows both humans and computers to discover and understand the capabilities of a service without requiring access to source code, additional documentation, or inspection of network traffic. When properly defined via OpenAPI, a consumer can understand and interact with the remote service with a minimal amount of implementation logic. Similar to what interface descriptions have done for lower-level programming, the OpenAPI Specification removes guesswork in calling a service.

Status of This Document

The source-of-truth for this specification is the HTML file referenced above as This version.

Heading 1

Text for first chapter

Version 30.0.1

This is the conformance section

Heading 2

Text for first section

Broken anchor

Heading 3

Text for first subsection

Version Date
30.0.1 3001-04-01
OpenAPI-Specification-3.2.0/tests/md2html/fixtures/basic-old.maintainers000066400000000000000000000000711506330113000261660ustar00rootroot00000000000000## Active * Foo Bar [@foobar](https://github.com/foobar) OpenAPI-Specification-3.2.0/tests/md2html/fixtures/basic-old.md000066400000000000000000000004771506330113000242660ustar00rootroot00000000000000# Heading 1 Text for first chapter #### Version 30.0.1 This is the conformance section ## Table of Contents Will be removed ## Heading 2 Text for first section Broken anchor ### Heading 3 Text for first subsection Version | Date --------|----------- 30.0.1 | 3001-04-01 OpenAPI-Specification-3.2.0/tests/md2html/md2html.test.mjs000066400000000000000000000023731506330113000232730ustar00rootroot00000000000000import { readdirSync, readFileSync } from "node:fs"; import { execFile } from "node:child_process"; import { resolve } from "node:path"; import { describe, test, expect } from "vitest"; import assert from "node:assert"; const folder = "./tests/md2html/fixtures/"; describe("md2html", async () => { readdirSync(folder, { withFileTypes: true }) .filter((entry) => entry.isFile() && /\.md$/.test(entry.name)) .forEach((entry) => { test(entry.name, async () => { const expected = readFileSync( folder + entry.name.replace(".md", ".html"), "utf8", ); const output = await md2html( [ "--maintainers", entry.name.replace(".md", ".maintainers"), entry.name, "path/31.0.0.md\npath/30.0.1.md\npath/30.0.0.md", ], folder, ); expect(output.stdout).to.equal(expected); }); }); }); function md2html(args, cwd) { return new Promise((res) => { execFile( "node", [`${resolve("./scripts/md2html/md2html.js")}`, ...args], { cwd }, (error, stdout, stderr) => { res({ code: error?.code || 0, error, stdout, stderr, }); }, ); }); } OpenAPI-Specification-3.2.0/tests/schema/000077500000000000000000000000001506330113000201175ustar00rootroot00000000000000OpenAPI-Specification-3.2.0/tests/schema/oas-schema.mjs000066400000000000000000000020531506330113000226520ustar00rootroot00000000000000import { registerSchema } from "@hyperjump/json-schema/draft-2020-12"; import { defineVocabulary } from "@hyperjump/json-schema/experimental"; import { readFile } from "node:fs/promises"; import YAML from "yaml"; const parseYamlFromFile = async (filePath) => { const schemaYaml = await readFile(filePath, "utf8"); return YAML.parse(schemaYaml, { prettyErrors: true }); }; export default async () => { try { const dialect = await parseYamlFromFile("./src/schemas/validation/dialect.yaml"); const meta = await parseYamlFromFile("./src/schemas/validation/meta.yaml"); const oasBaseVocab = Object.keys(meta.$vocabulary)[0]; defineVocabulary(oasBaseVocab, { "discriminator": "https://spec.openapis.org/oas/3.0/keyword/discriminator", "example": "https://spec.openapis.org/oas/3.0/keyword/example", "externalDocs": "https://spec.openapis.org/oas/3.0/keyword/externalDocs", "xml": "https://spec.openapis.org/oas/3.0/keyword/xml" }); registerSchema(meta); registerSchema(dialect); } catch (error) {} }; OpenAPI-Specification-3.2.0/versions/000077500000000000000000000000001506330113000173655ustar00rootroot00000000000000OpenAPI-Specification-3.2.0/versions/1.2.md000066400000000000000000001406541506330113000202210ustar00rootroot00000000000000# Swagger RESTful API Documentation Specification #### Version 1.2 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119](http://www.ietf.org/rfc/rfc2119.txt). The Swagger specification is licensed under [The Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0.html). ## 1. Introduction Swagger™ is a project used to describe and document RESTful APIs. The Swagger specification defines a set of files required to describe such an API. These files can then be used by the Swagger-UI project to display the API and Swagger-Codegen to generate clients in various languages. Additional utilities can also take advantage of the resulting files, such as testing tools. ## 2. Revision History Version | Date | Notes --- | --- | --- 1.2 | 2014-03-14 | Initial release of the formal document. 1.1 | 2012-08-22 | Release of Swagger 1.1 1.0 | 2011-08-10 | First release of the Swagger Specification ## 3. Definitions - Resource: A `resource` in Swagger is an entity that has a set of exposed operations. The entity can represent an actual object (pets, users..) or a set of logical operations collated together. It is up to the specification user to decide whether sub-resources should be referred to as part of their main resource or as a resource of their own. For example, assume the following URL set: ``` - /users - GET POST - /users/{id} - GET PATCH DELETE ``` In this case, there's either one "/users" resource that contains operations on the "/users/{id}" sub-resource, or two separate resources. - URL: A fully qualified URL. ## 4. Specification ### 4.1 Format The files describing the RESTful API in accordance with the Swagger specification are represented as JSON objects and conform to the JSON standards. For example, if a field is said to have an array value, the JSON array representation will be used: ```js { "field" : [...] } ``` Please note that while the API is described using JSON, the input and/or output can be in XML, YAML, plain text, or whichever format you chose to use with your API. Unless noted otherwise, all field names in the specification are **case sensitive**. ### 4.2 File Structure The Swagger representation of the API is comprised of two file types: 1. [**The Resource Listing**](#51-resource-listing) - This is the root document that contains general API information and lists the resources. Each resource has its own URL that defines the API operations on it. 1. [**The API Declaration**](#52-api-declaration) - This document describes a resource, including its API calls and models. There is one file per resource. ### 4.3 Data Types In the Swagger specification, the data types are used in several locations - [Operations](#523-operation-object), [Operation Parameters](#524-parameter-object), [Models](#527-model-object), and within the data types themselves (arrays). The fields used to describe a given data type are added flatly to the relevant object. For example, if an object Foo has the field `name`, and is also a data type, then it MUST also include the field `type` (or its variance, as explained ahead). In this example, Foo would look like: ```js "Foo" : { "name" : "sample", "type" : "string", ... } ``` This section describes the general fields that are available to describe such data types. Some data types allow additional fields to extend further limitations on the data type *value* (see [4.3.3 Data Type Fields](#433-data-type-fields) for further details). Special care should be taken when referencing a model (or a complex type). There are currently two variations, and the proper variation should be documented everywhere the model may be used. This behavior will be unified in future versions of the spec. The Swagger specification supports five data types: 1. [`primitive`](#431-primitives) (input/output) 1. containers (as arrays/sets) (input/output) 1. [complex](#527-model-object) (as `models`) (input/output) 1. [`void`](#432-void) (output) 1. [`File`](#434-file) (input) #### 4.3.1 Primitives Different programming languages represent primitives differently. The Swagger specification supports by name only the primitive types supported by the [JSON-Schema Draft 4](http://json-schema.org/latest/json-schema-core.html#anchor8). However, in order to allow fine tuning a primitive definition, an additional [`format`](#dataTypeFormat) field MAY accompany the [`type`](#dataTypeType) primitive to give more information about the type used. If the [`format`](#dataTypeFormat) field is used, the respective client MUST conform to the elaborate type. Common Name | [`type`](#dataTypeType) | [`format`](#dataTypeFormat) | Comments ----------- | ------ | -------- | -------- integer | `integer` | `int32` | signed 32 bits long | `integer` | `int64` | signed 64 bits float | `number` | `float` | double | `number` | `double` | string | `string` | | byte | `string` | `byte` | boolean | `boolean` | | date | `string` | `date` | dateTime | `string` | `date-time` | #### 4.3.2 `void` This value type is used to indicate that an [operation](#523-operation-object) returns no value. As such it MAY be used only for the return type of operations. #### 4.3.3 Data Type Fields As explained above, when an object is said to include a data type, there are a set of fields it may include (some are required and some are optional). Special care should be taken when referencing a model (or a complex type). There currently two variations, and the proper variation should be documented everywhere it may be used. This behavior will be unified in future versions of the spec. The table below shows the available fields to describe a data type. The `Validity` column may impose additional restrictions as to which data type is required in order to include this field. For example, [`enum`](#dataTypeEnum) may only be included if the [`type`](#dataTypeType) field is set to `string`. Field Name | Type | Validity |Description ---|:---:|---|--- type | `string` | Any |**Required (if [`$ref`](#dataTypeRef) is not used).** The return type of the operation. The value MUST be one of the [Primitives](#431-primitives), `array` or a model's [`id`](#modelId). $ref | `string` | Any | **Required (if [`type`](#dataTypeType) is not used).** The [Model](#527-model-object) to be used. The value MUST be a model's [`id`](#modelId). format | `string` | primitive | Fine-tuned primitive type definition. See [Primitives](#431-primitives) for further information. The value MUST be one that is defined under [Primitives](#431-primitives), corresponding to the right primitive [`type`](#dataTypeType). defaultValue | *special* | primitive | The default value to be used for the field. The value type MUST conform with the primitive's [`type`](#dataTypeType) value. enum | [`string`] | `string` | A fixed list of possible values. If this field is used in conjunction with the [`defaultValue`](#dataTypeDefaultValue) field, then the default value MUST be one of the values defined in the `enum`. minimum | `string` | `number`, `integer` | The minimum valid value for the type, inclusive. If this field is used in conjunction with the [`defaultValue`](#dataTypeDefaultValue) field, then the default value MUST be higher than or equal to this value. The value type is `string` and should represent the minimum numeric value. **Note**: This will change to a numeric value in the future. maximum | `string` | `number`, `integer` | The maximum valid value for the type, inclusive. If this field is used in conjunction with the [`defaultValue`](#dataTypeDefaultValue) field, then the default value MUST be lower than or equal to this value. The value type is `string` and should represent the maximum numeric value. **Note**: This will change to a numeric value in the future. items | [Items Object](#434-items-object) | `array` | **Required.** The type definition of the values in the container. A container MUST NOT be nested in another container. uniqueItems | `boolean` | `array` | A flag to note whether the container allows duplicate values or not. If the value is set to `true`, then the `array` acts as a set. #### 4.3.4 Items Object This object is used to describe the value types used inside an array. Of the [Data Type Fields](#433-data-type-fields), it can include either the [`type`](#dataTypeType) and [`format`](#dataTypeFormat) fields *OR* the [`$ref`](#dataTypeRef) field (when referencing a model). The rest of the listed Data Type fields are not applicable. If the [`type`](#dataTypeType) field is included it MUST NOT have the value `array`. There's currently no support for containers within containers. ##### 4.3.4.1 Object Examples For a primitive type: ```js { "type": "string" } ``` For a complex type (model): ```js { "$ref": "Pet" } ``` #### 4.3.5 `File` The `File` (case sensitive) is a special type used to denote file upload. Note that declaring a model with the name `File` may lead to various conflicts with third party tools and SHOULD be avoided. When using `File`, the [`consumes`](#operationConsumes) field MUST be `"multipart/form-data"`, and the [`paramType`](#parameterParamType) MUST be `"form"`. ## 5. Schema ### 5.1 Resource Listing The Resource Listing serves as the root document for the API description. It contains general information about the API and an inventory of the available resources. By default, this document SHOULD be served at the `/api-docs` path. Field Name | Type | Description ---|:---:|--- swaggerVersion | `string` | **Required.** Specifies the Swagger Specification version being used. It can be used by the Swagger UI and other clients to interpret the API listing. The value MUST be an existing Swagger specification version.
Currently, `"1.0"`, `"1.1"`, `"1.2"` are valid values. The field is a `string` type for possible non-numeric versions in the future (for example, "1.2a"). apis | [ [Resource Object](#512-resource-object) ] | **Required.** Lists the resources to be described by this specification implementation. The array can have 0 or more elements. apiVersion| `string` | Provides the version of the application API (not to be confused by the [specification version](#rlSwaggerVersion)). info | [Info Object](#513-info-object) | Provides metadata about the API. The metadata can be used by the clients if needed, and can be presented in the Swagger-UI for convenience. authorizations | [Authorizations Object](#514-authorizations-object) | Provides information about the authorization schemes allowed on this API. #### 5.1.1 Object Example ```js { "apiVersion": "1.0.0", "swaggerVersion": "1.2", "apis": [ { "path": "/pet", "description": "Operations about pets" }, { "path": "/user", "description": "Operations about user" }, { "path": "/store", "description": "Operations about store" } ], "authorizations": { "oauth2": { "type": "oauth2", "scopes": [ { "scope": "email", "description": "Access to your email address" }, { "scope": "pets", "description": "Access to your pets" } ], "grantTypes": { "implicit": { "loginEndpoint": { "url": "http://petstore.swagger.wordnik.com/oauth/dialog" }, "tokenName": "access_token" }, "authorization_code": { "tokenRequestEndpoint": { "url": "http://petstore.swagger.wordnik.com/oauth/requestToken", "clientIdName": "client_id", "clientSecretName": "client_secret" }, "tokenEndpoint": { "url": "http://petstore.swagger.wordnik.com/oauth/token", "tokenName": "access_code" } } } } }, "info": { "title": "Swagger Sample App", "description": "This is a sample server Petstore server. You can find out more about Swagger \n at http://swagger.wordnik.com or on irc.freenode.net, #swagger. For this sample,\n you can use the api key \"special-key\" to test the authorization filters", "termsOfServiceUrl": "http://swagger.io/terms/", "contact": "apiteam@wordnik.com", "license": "Apache 2.0", "licenseUrl": "http://www.apache.org/licenses/LICENSE-2.0.html" } } ``` #### 5.1.2 Resource Object The Resource object describes a [resource](#definitionResource) API endpoint in the application. Field Name | Type | Description ---|:---:|--- path | `string` | **Required.** A relative path to the [API declaration](#52-api-declaration) from the path used to retrieve this Resource Listing. This `path` does not necessarily have to correspond to the URL which actually serves this resource in the API but rather where the resource listing itself is served. The value SHOULD be in a relative (URL) path format. description | `string` | *Recommended.* A short description of the resource. ##### 5.1.2.1 Object Example: ```js { "path": "/pets", "description": "Operations about pets." } ``` #### 5.1.3 Info Object The object provides metadata about the API. The metadata can be used by the clients if needed, and can be presented in the Swagger-UI for convenience. Field Name | Type | Description ---|:---:|--- title | `string` | **Required.** The title of the application. description | `string` | **Required.** A short description of the application. termsOfServiceUrl | `string` | A URL to the Terms of Service of the API. contact | `string` | An email to be used for API-related correspondence. license | `string` | The license name used for the API. licenseUrl | `string` | A URL to the license used for the API. ##### 5.1.3.1 Object Example: ```js { "title": "Swagger Sample App", "description": "This is a sample server Petstore server.", "termsOfServiceUrl": "http://swagger.io/terms/", "contact": "apiteam@wordnik.com", "license": "Apache 2.0", "licenseUrl": "http://www.apache.org/licenses/LICENSE-2.0.html" } ``` #### 5.1.4 Authorizations Object The object provides information about the authorization schemes provided on this API. Currently, Swagger supports three authorization schemes - basic authentication, API key and OAuth2. The Authorizations Object is used only to *declare* the available authorization schemes but not say which are required where. The actual authorization restrictions are done at the [API declaration](#52-api-declaration) level. Please note that the Authorizations Object is an object containing other object definitions and as such is structured as follows: ```js { "Authorization1" : {...}, "Authorization2" : {...}, ..., "AuthorizationN" : {...} } ``` Field Name | Type | Description ---|:---:|--- {Authorization Name} | [Authorization Object](#515-authorization-object) | A new authorization definition. The name given to the {Authorization Name} is a friendly name that should be used when referring to the authorization scheme. In many cases, the {Authorization Name} used is the same as its type, but it can be anything. ##### 5.1.4.1 Object Example: ```js { "oauth2": { "type": "oauth2", "scopes": [ { "scope": "email", "description": "Access to your email address" }, { "scope": "pets", "description": "Access to your pets" } ], "grantTypes": { "implicit": { "loginEndpoint": { "url": "http://petstore.swagger.wordnik.com/oauth/dialog" }, "tokenName": "access_token" }, "authorization_code": { "tokenRequestEndpoint": { "url": "http://petstore.swagger.wordnik.com/oauth/requestToken", "clientIdName": "client_id", "clientSecretName": "client_secret" }, "tokenEndpoint": { "url": "http://petstore.swagger.wordnik.com/oauth/token", "tokenName": "access_code" } } } } } ``` #### 5.1.5 Authorization Object The object provides information about a specific authorization scheme. Currently, the authorization schemes supported are basic authentication, API key and OAuth2. Within OAuth2, the Authorization Code Grant and Implicit Grant are supported. In the table below, the `Validity` column imposes additional limitations to the requirement of the [`type`](#authorizationType) in order to be able to use that field. Field Name | Type | Validity | Description ---|:---:|---|--- type | `string` | Any | **Required.** The type of the authorization scheme. Values MUST be either `"basicAuth"`, `"apiKey"` or `"oauth2"`. passAs | `string` | `apiKey` | **Required.** Denotes how the API key must be passed. Valid values are `"header"` or `"query"`. keyname | `string` | `apiKey` | **Required.** The name of the `header` or `query` parameter to be used when passing the API key. scopes | [[Scope Object](#516-scope-object)] | `oauth2` | A list of supported OAuth2 scopes. grantTypes | [Grant Types Object](#517-grant-types-object) | `oauth2` | **Required.** Detailed information about the grant types supported by the OAuth2 authorization scheme. ##### 5.1.5.1 Object Example: ```js "oauth2": { "type": "oauth2", "scopes": [ { "scope": "email", "description": "Access to your email address" }, { "scope": "pets", "description": "Access to your pets" } ], "grantTypes": { "implicit": { "loginEndpoint": { "url": "http://petstore.swagger.wordnik.com/oauth/dialog" }, "tokenName": "access_token" }, "authorization_code": { "tokenRequestEndpoint": { "url": "http://petstore.swagger.wordnik.com/oauth/requestToken", "clientIdName": "client_id", "clientSecretName": "client_secret" }, "tokenEndpoint": { "url": "http://petstore.swagger.wordnik.com/oauth/token", "tokenName": "access_code" } } } } ``` #### 5.1.6 Scope Object Describes an OAuth2 authorization scope. Field Name | Type | Description ---|:---:|--- scope | `string` | **Required.** The name of the scope. description | `string` | *Recommended.* A short description of the scope. ##### 5.1.6.1 Object Example: ```js { "scope": "email", "description": "Access to your email address" } ``` #### 5.1.7 Grant Types Object Provides details regarding the OAuth2 grant types that are supported by the API. Currently, the Authorization Code and Implicit grants are supported. At least one of the grant types MUST be included (otherwise there's no need for the OAuth2 declaration). Field Name | Type | Description ---|:---:|--- implicit | [Implicit Object](#518-implicit-object) | The Implicit Grant flow definition. authorization_code | [Authorization Code Object](#519-authorization-code-object) | The Authorization Code Grant flow definition. ##### 5.1.7.1 Object Example: ```js { "implicit": { "loginEndpoint": { "url": "http://petstore.swagger.wordnik.com/oauth/dialog" }, "tokenName": "access_token" }, "authorization_code": { "tokenRequestEndpoint": { "url": "http://petstore.swagger.wordnik.com/oauth/requestToken", "clientIdName": "client_id", "clientSecretName": "client_secret" }, "tokenEndpoint": { "url": "http://petstore.swagger.wordnik.com/oauth/token", "tokenName": "access_code" } } } ``` #### 5.1.8 Implicit Object Provides details regarding the OAuth2's Implicit Grant flow type. Field Name | Type | Description ---|:---:|--- loginEndpoint | [Login Endpoint Object](#5110-login-endpoint-object) | **Required.** The login endpoint definition. tokenName | `string` | An optional alternative name to standard "access_token" OAuth2 parameter. ##### 5.1.8.1 Object Example: ```js { "loginEndpoint": { "url": "http://petstore.swagger.wordnik.com/oauth/dialog" }, "tokenName": "access_token" } ``` #### 5.1.9 Authorization Code Object Provides details regarding the OAuth2's Authorization Code Grant flow type. Field Name | Type | Description ---|:---:|--- tokenRequestEndpoint | [Token Request Endpoint Object](#5111-token-request-endpoint-object) | **Required.** The token request endpoint definition. tokenEndpoint | [Token Endpoint Object](#5112-token-endpoint-object) | **Required.** The token endpoint definition. ##### 5.1.9.1 Object Example: ```js { "tokenRequestEndpoint": { "url": "http://petstore.swagger.wordnik.com/oauth/requestToken", "clientIdName": "client_id", "clientSecretName": "client_secret" }, "tokenEndpoint": { "url": "http://petstore.swagger.wordnik.com/oauth/token", "tokenName": "access_code" } } ``` #### 5.1.10 Login Endpoint Object Provides details regarding the Implicit Grant's *authorization endpoint*. Field Name | Type | Description ---|:---:|--- url | `string` | **Required.** The URL of the authorization endpoint for the implicit grant flow. The value SHOULD be in a URL format. ##### 5.1.10.1 Object Example: ```js { "url": "http://petstore.swagger.wordnik.com/oauth/dialog" } ``` #### 5.1.11 Token Request Endpoint Object Provides details regarding the OAuth2's *Authorization Endpoint*. Field Name | Type | Description ---|:---:|--- url | `string` | **Required.** The URL of the authorization endpoint for the authentication code grant flow. The value SHOULD be in a URL format. clientIdName | `string` | An optional alternative name to standard "client_id" OAuth2 parameter. clientSecretName | `string` | An optional alternative name to the standard "client_secret" OAuth2 parameter. ##### 5.1.11.1 Object Example: ```js { "url": "http://petstore.swagger.wordnik.com/oauth/requestToken", "clientIdName": "client_id", "clientSecretName": "client_secret" } ``` #### 5.1.12 Token Endpoint Object Provides details regarding the OAuth2's *Token Endpoint*. Field Name | Type | Description ---|:---:|--- url | `string` | **Required.** The URL of the token endpoint for the authentication code grant flow. The value SHOULD be in a URL format. tokenName | `string` | An optional alternative name to standard "access_token" OAuth2 parameter. ##### 5.1.12.1 Object Example: ```js { "url": "http://petstore.swagger.wordnik.com/oauth/token", "tokenName": "access_code" } ``` ### 5.2 API Declaration The API Declaration provides information about an API exposed on a resource. There should be one file per [Resource](#512-resource-object) described. The file MUST be served in the URL described by the [`path`](#aePath) field. Field Name | Type | Description ---|:---:|--- swaggerVersion | `string` | **Required.** Specifies the Swagger Specification version being used. It can be used by the Swagger UI and other clients to interpret the API listing. The value MUST be an existing Swagger specification version.
Currently, `"1.0"`, `"1.1"`, `"1.2"` are valid values. apiVersion | `string` | Provides the version of the application API (not to be confused by the [specification version](#adSwaggerVersion)). basePath | `string` | **Required.** The root URL serving the API. This field is important because while it is common to have the Resource Listing and API Declarations on the server providing the APIs themselves, it is not a requirement. The API specifications can be served using static files and not generated by the API server itself, so the URL for serving the API cannot always be derived from the URL serving the API specification. The value SHOULD be in the format of a URL. resourcePath | `string` | The *relative* path to the resource, from the [`basePath`](#adBasePath), which this API Specification describes. The value MUST precede with a forward slash (`"/"`). apis | [[API Object](#522-api-object)] | **Required.** A list of the APIs exposed on this resource. There MUST NOT be more than one API Object per [`path`](#apiPath) in the array. models | [Models Object](#526-models-object) | A list of the models available to this resource. Note that these need to be exposed separately for each API Declaration. produces | [`string`] | A list of MIME types the APIs on this resource can produce. This is global to all APIs but can be overridden on specific API calls. consumes | [`string`] | A list of MIME types the APIs on this resource can consume. This is global to all APIs but can be overridden on specific API calls. authorizations | [Authorizations Object](#5210-authorizations-object) | A list of authorizations schemes *required* for the operations listed in this API declaration. Individual operations may override this setting. If there are multiple authorization schemes described here, it means they're **all** applied. #### 5.2.1 Object Example ```js { "apiVersion": "1.0.0", "swaggerVersion": "1.2", "basePath": "http://petstore.swagger.wordnik.com/api", "resourcePath": "/store", "produces": [ "application/json" ], "authorizations": {}, "apis": [ { "path": "/store/order/{orderId}", "operations": [ { "method": "GET", "summary": "Find purchase order by ID", "notes": "For valid response try integer IDs with value <= 5. Anything above 5 or nonintegers will generate API errors", "type": "Order", "nickname": "getOrderById", "authorizations": {}, "parameters": [ { "name": "orderId", "description": "ID of pet that needs to be fetched", "required": true, "type": "string", "paramType": "path" } ], "responseMessages": [ { "code": 400, "message": "Invalid ID supplied" }, { "code": 404, "message": "Order not found" } ] }, { "method": "DELETE", "summary": "Delete purchase order by ID", "notes": "For valid response try integer IDs with value < 1000. Anything above 1000 or nonintegers will generate API errors", "type": "void", "nickname": "deleteOrder", "authorizations": { "oauth2": [ { "scope": "test:anything", "description": "anything" } ] }, "parameters": [ { "name": "orderId", "description": "ID of the order that needs to be deleted", "required": true, "type": "string", "paramType": "path" } ], "responseMessages": [ { "code": 400, "message": "Invalid ID supplied" }, { "code": 404, "message": "Order not found" } ] } ] }, { "path": "/store/order", "operations": [ { "method": "POST", "summary": "Place an order for a pet", "notes": "", "type": "void", "nickname": "placeOrder", "authorizations": { "oauth2": [ { "scope": "test:anything", "description": "anything" } ] }, "parameters": [ { "name": "body", "description": "order placed for purchasing the pet", "required": true, "type": "Order", "paramType": "body" } ], "responseMessages": [ { "code": 400, "message": "Invalid order" } ] } ] } ], "models": { "Order": { "id": "Order", "properties": { "id": { "type": "integer", "format": "int64" }, "petId": { "type": "integer", "format": "int64" }, "quantity": { "type": "integer", "format": "int32" }, "status": { "type": "string", "description": "Order Status", "enum": [ "placed", "approved", "delivered" ] }, "shipDate": { "type": "string", "format": "date-time" } } } } } ``` #### 5.2.2 API Object The API Object describes one or more operations on a single [`path`](#apiPath). In the [`apis`](#adApis) array, there MUST be only one [`API Object`](#522-api-object) per [`path`](#apiPath). Field Name | Type | Description ---|:---:|--- path | `string` | **Required.** The relative path to the operation, from the [`basePath`](#adBasePath), which this operation describes. The value SHOULD be in a relative (URL) path format. description | `string` | *Recommended.* A short description of the resource. operations | [[Operation Object](#523-operation-object)] | **Required.** A list of the API operations available on this path. The array may include 0 or more operations. There MUST NOT be more than one Operation Object per [`method`](#operationMethod) in the array. ##### 5.2.2.1 Object Example: ```js { "path": "/pet", "operations": [ { "method": "PUT", "summary": "Update an existing pet", "notes": "", "type": "void", "nickname": "updatePet", "authorizations": {}, "parameters": [ { "name": "body", "description": "Pet object that needs to be updated in the store", "required": true, "type": "Pet", "paramType": "body" } ], "responseMessages": [ { "code": 400, "message": "Invalid ID supplied" }, { "code": 404, "message": "Pet not found" }, { "code": 405, "message": "Validation exception" } ] }, { "method": "POST", "summary": "Add a new pet to the store", "notes": "", "type": "void", "nickname": "addPet", "consumes": [ "application/json", "application/xml" ], "authorizations": { "oauth2": [ { "scope": "test:anything", "description": "anything" } ] }, "parameters": [ { "name": "body", "description": "Pet object that needs to be added to the store", "required": true, "type": "Pet", "paramType": "body" } ], "responseMessages": [ { "code": 405, "message": "Invalid input" } ] } ] } ``` #### 5.2.3 Operation Object The Operation Object describes a single operation on a [`path`](#apiPath). In the [`operations`](#apiOperations) array, there MUST be only one [`Operation Object`](#523-operation-object) per [`method`](#operationMethod). This object includes the [Data Type Fields](#433-data-type-fields) in order to describe the return value of the operation. The [`type`](#dataTypeType) field MUST be used to link to other models. This is the only object where the [`type`](#dataTypeType) MAY have the value of [`void`](#432-void) to indicate that the operation returns no value. Field Name | Type | Description ---|:---:|--- method | `string` | **Required.** The HTTP method required to invoke this operation. The value MUST be one of the following values: `"GET"`, `"HEAD"`, `"POST"`, `"PUT"`, `"PATCH"`, `"DELETE"`, `"OPTIONS"`. The values MUST be in uppercase. summary | `string` | A short summary of what the operation does. For maximum readability in the swagger-ui, this field SHOULD be less than 120 characters. notes | `string` | A verbose explanation of the operation behavior. nickname |`string` | **Required.** A unique id for the operation that can be used by tools reading the output for further and easier manipulation. For example, Swagger-Codegen will use the nickname as the method name of the operation in the client it generates. The value MUST be alphanumeric and may include underscores. Whitespace characters are not allowed. authorizations | [Authorizations Object](#5210-authorizations-object) | A list of authorizations required to execute this operation. While not mandatory, if used, it overrides the value given at the API Declaration's [authorizations](#adAuthorizations). In order to completely remove API Declaration's authorizations completely, an empty object (`{}`) may be applied. parameters | [[Parameter Object](#524-parameter-object)] | **Required.** The inputs to the operation. If no parameters are needed, an empty array MUST be included. responseMessages | [[Response Message Object](#525-response-message-object)] | Lists the possible response statuses that can return from the operation. produces | [`string`] | A list of MIME types this operation can produce. This is overrides the global [`produces`](#adProduces) definition at the root of the API Declaration. Each `string` value SHOULD represent a MIME type. consumes | [`string`] | A list of MIME types this operation can consume. This is overrides the global [`consumes`](#adConsumes) definition at the root of the API Declaration. Each `string` value SHOULD represent a MIME type. deprecated | `string` | Declares this operation to be deprecated. Usage of the declared operation should be refrained. Valid value MUST be either `"true"` or `"false"`. *Note:* This field will change to type `boolean` in the future. ##### 5.2.3.1 Object Example ````js { "method": "GET", "summary": "Find pet by ID", "notes": "Returns a pet based on ID", "type": "Pet", "nickname": "getPetById", "authorizations": {}, "parameters": [ { "name": "petId", "description": "ID of pet that needs to be fetched", "required": true, "type": "integer", "format": "int64", "paramType": "path", "minimum": "1.0", "maximum": "100000.0" } ], "responseMessages": [ { "code": 400, "message": "Invalid ID supplied" }, { "code": 404, "message": "Pet not found" } ] } ```` #### 5.2.4 Parameter Object The Parameter Object describes a single parameter to be sent in an operation and maps to the [`parameters`](#operationParameters) field in the [Operation Object](#523-operation-object). This object includes the [Data Type Fields](#433-data-type-fields) in order to describe the type of this parameter. The [`type`](#dataTypeType) field MUST be used to link to other models. If [`type`](#dataTypeType) is [`File`](#434-file), the [`consumes`](#operationConsumes) field MUST be `"multipart/form-data"`, and the [`paramType`](#parameterParamType) MUST be `"form"`. Field Name | Type | Description ---|:---:|--- paramType | `string` | **Required.** The type of the parameter (that is, the location of the parameter in the request). The value MUST be one of these values: `"path"`, `"query"`, `"body"`, `"header"`, `"form"`. Note that the values MUST be lower case. name | `string` | **Required.** The unique name for the parameter. Each `name` MUST be unique, even if they are associated with different `paramType` values. Parameter names are *case sensitive*.
  • If [`paramType`](#parameterParamType) is `"path"`, the `name` field MUST correspond to the associated path segment from the [`path`](#apiPath) field in the [API Object](#522-api-object).
  • If [`paramType`](#parameterParamType) is `"query"`, the `name` field corresponds to the query parameter name.
  • If [`paramType`](#parameterParamType) is `"body"`, the name is used only for Swagger-UI and Swagger-Codegen. In this case, the `name` MUST be `"body"`.
  • If [`paramType`](#parameterParamType) is `"form"`, the `name` field corresponds to the form parameter key.
  • If [`paramType`](#parameterParamType) is `"header"`, the `name` field corresponds to the header parameter key.
See [here](#5241-name-examples) for some examples. description | `string` | *Recommended.* A brief description of this parameter. required | `boolean` | A flag to note whether this parameter is required. If this field is not included, it is equivalent to adding this field with the value `false`. If [`paramType`](#parameterParamType) is `"path"` then this field MUST be included and have the value `true`. allowMultiple | `boolean` | Another way to allow multiple values for a "query" parameter. If used, the query parameter may accept comma-separated values. The field may be used only if [`paramType`](#parameterParamType) is `"query"`, `"header"` or `"path"`. ##### 5.2.4.1 Name Examples - If [`paramType`](#parameterParamType) is `"path"`, and assuming the `path` is `"/pet/{id}"`: ```js "name": "id" ``` - If [`paramType`](#parameterParamType) is `"query"`, and assuming the URL call is `"http://host/resource?limit=100"` (that is, there's a query parameter called `"limit"`): ```js "name": "limit" ``` - If [`paramType`](#parameterParamType) is `"body"`: ```js "name": "body" ``` ##### 5.2.4.2 Object Example ```js { "name": "body", "description": "Pet object that needs to be updated in the store", "required": true, "type": "Pet", "paramType": "body" } ``` #### 5.2.5 Response Message Object The Response Message Object describes a single possible response message that can be returned from the operation call, and maps to the [`responseMessages`](#operationResponseMessages) field in the [Operation Object](#523-operation-object). Each Response Message allows you to give further details as to why the HTTP status code may be received. Field Name | Type | Description | ---|:---:|--- code | `integer` | **Required.** The HTTP status code returned. The value SHOULD be one of the status codes as described in [RFC 2616 - Section 10](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html). message | `string` | **Required.** The explanation for the status code. It SHOULD be the reason an error is received if an error status code is used. responseModel | `string` | The return type for the given response. ##### 5.2.5.1 Object Example ```js { "code": 404, "message": "no project found", "responseModel": "ErrorModel" } ``` #### 5.2.6 Models Object The Models Object holds a field per model definition, and this is different than the structure of the other objects in the spec. It follows a subset of the [JSON-Schema](http://json-schema.org/) specification. Please note that the Models Object is an object containing other object definitions and as such is structured as follows: ```js { "Model1" : {...}, "Model2" : {...}, ..., "ModelN" : {...} } ``` Field Name | Type | Description ---|:---:|--- {Model Name} | [Model Object](#527-model-object) | A new model definition. Note the actual name of the field is the name you're giving your model. For example, "Category", "Pet", "User". ##### 5.2.6.1 Object Example ```js { "Category": { "id": "Category", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } } } } ``` #### 5.2.7 Model Object A Model Object holds the definition of a new model for this API Declaration. Models in Swagger allow for inheritance. The inheritance is controlled by two fields - [`subTypes`](#modelSubTypes) to give the name of the models extending this definition, and [`discriminator`](#modelDiscriminator) to support polymorphism. Field Name | Type | Description ---|:---:|--- id | `string` | **Required.** A unique identifier for the model. This MUST be the name given to [{Model Name}](#modelsModelname). description | `string` | A brief description of this model. required | [`string`] | A definition of which properties MUST exist when a model instance is produced. The values MUST be the [`{Property Name}`](#propertiesPropertyName) of one of the [`properties`](#528-properties-object). properties | [Properties Object](#528-properties-object) | **Required.** A list of properties (fields) that are part of the model subTypes | [`string`] | List of the [model `id`s](#modelId) that inherit from this model. Sub models inherit all the properties of the parent model. Since inheritance is transitive, if the parent of a model inherits from another model, its sub-model will include all properties. As such, if you have `Foo->Bar->Baz`, then Baz will inherit the properties of Bar and Foo. There MUST NOT be a cyclic definition of inheritance. For example, if `Foo -> ... -> Bar`, having `Bar -> ... -> Foo` is not allowed. There also MUST NOT be a case of multiple inheritance. For example, `Foo -> Baz <- Bar` is not allowed. A sub-model definition MUST NOT override the [`properties`](#modelProperties) of any of its ancestors. All sub-models MUST be defined in the same [API Declaration](#52-api-declaration). discriminator | `string` | MUST be included only if [`subTypes`](#modelSubTypes) is included. This field allows for polymorphism within the described inherited models. This field MAY be included at any base model but MUST NOT be included in a sub-model. The value of this field MUST be a name of one of the [`properties`](#modelProperties) in this model, and that field MUST be in the [`required`](#modelRequired) list. When used, the value of the *discriminator property* MUST be the name of the parent model or any of its sub-models (to any depth of inheritance). ##### 5.2.7.1 Object Example ```js { "id": "Order", "properties": { "id": { "type": "integer", "format": "int64" }, "petId": { "type": "integer", "format": "int64" }, "quantity": { "type": "integer", "format": "int32" }, "status": { "type": "string", "description": "OrderStatus", "enum": [ "placed", "approved", "delivered" ] }, "shipDate": { "type": "string", "format": "date-time" } } } ``` ##### 5.2.7.2 Inheritance Example Say we have a general Animal model, and a sub-model for Cat. ```js "Animal": { "id": "Animal", "required": [ "id", "type" ], "properties": { "id": { "type": "long" }, "type": { "type": "string" } }, "subTypes": ["Cat"], "discriminator": "type" }, "Cat": { "id": "Cat", "required": [ "likesMilk" ], "properties": { "likesMilk": { "type": "boolean" } }, } ``` #### 5.2.8 Properties Object The Properties Object holds a field per property definition, and this is different than the structure of the other objects in the spec. It follows a subset of the [JSON-Schema](http://json-schema.org/) specification. Please note that the Properties Object is an object containing other object definitions and as such is structured as follows: ```js { "Property1" : {...}, "Property2" : {...}, ..., "PropertyN" : {...} } ``` Field Name | Type | Description ---|:---:|--- {Property Name} | [Property Object](#529-property-object) | A new model property definition. Note the actual name of the field is the name you're giving your property. For example, "id", "name", "age". ##### 5.2.8.1 Object Example ```js { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } } ``` #### 5.2.9 Property Object A Property Object holds the definition of a new property for a model. This object includes the [Data Type Fields](#433-data-type-fields) in order to describe the type of this property. The [`$ref`](#dataTypeRef) field MUST be used when linking to other models. Properties MUST NOT contain other properties. If there's a need for an internal object hierarchy, additional models MUST be created and linked to a flat structure. Field Name | Type | Description ---|:---:|--- description | `string` | *Recommended.* A brief description of this property. ##### 5.2.9.1 Object Examples A simple 64bit integer field called "id", with a description and min/max values: ```js "id": { "type": "integer", "format": "int64", "description": "unique identifier for the pet", "minimum": "0.0", "maximum": "100.0" } ``` A "category" field of a Category model. ```js "category": { "$ref": "Category" } ``` A "tags" field of type array containing Tag models. ```js "tags": { "type": "array", "items": { "$ref": "Tag" } } ``` #### 5.2.10 Authorizations Object The Authorizations Object provides information about the authorization schemes enforced on this API. If used in the API Declaration's [authorizations](#adAuthorizations), it applies to all operations listed. If used in the Operation's [authorizations](#operationAuthorizations), it applies to the operation itself and may override the API Declaration's authorizations. If multiple authorization schemes are described, they are **all** required to perform the operations listed. Please note that the Authorizations Object is an object containing arrays of object definitions and as such is structured as follows: ```js { "Authorization1" : [...], "Authorization2" : [...], ..., "AuthorizationN" : [...] } ``` Field Name | Type | Description ---|:---:|--- {Authorization Name} | * | The authorization scheme to be used. The name given to the {Authorization Name} MUST be a friendly name that was given to an authorization scheme in the Resource Listing's [authorizations](#rlAuthorizations). If the friendly name describes an OAuth2 security scheme, the value should be of type \[[Scope Object](#5211-scope-object)\] (but may be an empty array to denote 'no scopes'). For all other authorization scheme types, the value MUST be an empty array. ##### 5.2.10 Object Example: ```js { "oauth2": [ { "scope": "write:pets", "description": "modify pets in your account" }, { "scope": "read:pets", "description": "read your pets" } ] } ``` #### 5.2.11 Scope Object Describes an OAuth2 authorization scope. The scope described here MUST be described in the respective friendly name definition of the security scheme in the Resource Listing's [authorizations](#rlAuthorizations). Field Name | Type | Description ---|:---:|--- scope | `string` | **Required.** The name of the scope. description | `string` | *Recommended.* A short description of the scope. ##### 5.2.11.1 Object Example: ```js { "scope": "email", "description": "Access to your email address" } ``` OpenAPI-Specification-3.2.0/versions/2.0-editors.md000066400000000000000000000003551506330113000216600ustar00rootroot00000000000000## Active * Jeremy Whitlock [@whitlockjc](https://github.com/whitlockjc) * Marsh Gardiner [@earth2marsh](https://github.com/earth2marsh) * Ron Ratovsky [@webron](https://github.com/webron) * Tony Tam [@fehguy](https://github.com/fehguy) OpenAPI-Specification-3.2.0/versions/2.0.md000077500000000000000000002354731506330113000202270ustar00rootroot00000000000000# OpenAPI Specification ## (fka Swagger RESTful API Documentation Specification) #### Version 2.0 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119](http://www.ietf.org/rfc/rfc2119.txt). The Swagger specification is licensed under [The Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0.html). ## Introductions Swagger™ is a project used to describe and document RESTful APIs. The Swagger specification defines a set of files required to describe such an API. These files can then be used by the Swagger-UI project to display the API and Swagger-Codegen to generate clients in various languages. Additional utilities can also take advantage of the resulting files, such as testing tools. ## Revision History Version | Date | Notes --- | --- | --- 2.0 | 2014-09-08 | Release of Swagger 2.0 1.2 | 2014-03-14 | Initial release of the formal document. 1.1 | 2012-08-22 | Release of Swagger 1.1 1.0 | 2011-08-10 | First release of the Swagger Specification ## Definitions ##### Path Templating Path templating refers to the usage of curly braces ({}) to mark a section of a URL path as replaceable using path parameters. ##### Mime Types Mime type definitions are spread across several resources. The mime type definitions should be in compliance with [RFC 6838](http://tools.ietf.org/html/rfc6838). Some examples of possible mime type definitions: ``` text/plain; charset=utf-8 application/json application/vnd.github+json application/vnd.github.v3+json application/vnd.github.v3.raw+json application/vnd.github.v3.text+json application/vnd.github.v3.html+json application/vnd.github.v3.full+json application/vnd.github.v3.diff application/vnd.github.v3.patch ``` ##### HTTP Status Codes The HTTP Status Codes are used to indicate the status of the executed operation. The available status codes are described by [RFC 7231](http://tools.ietf.org/html/rfc7231#section-6) and in the [IANA Status Code Registry](http://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml). ## Specification ### Format The files describing the RESTful API in accordance with the Swagger specification are represented as JSON objects and conform to the JSON standards. YAML, being a superset of JSON, can be used as well to represent a Swagger specification file. For example, if a field is said to have an array value, the JSON array representation will be used: ```js { "field" : [...] } ``` While the API is described using JSON it does not impose a JSON input/output to the API itself. All field names in the specification are **case sensitive**. The schema exposes two types of fields. Fixed fields, which have a declared name, and Patterned fields, which declare a regex pattern for the field name. Patterned fields can have multiple occurrences as long as each has a unique name. ### File Structure The Swagger representation of the API is made of a single file. However, parts of the definitions can be split into separate files, at the discretion of the user. This is applicable for `$ref` fields in the specification as follows from the [JSON Schema](http://json-schema.org) definitions. By convention, the Swagger specification file is named `swagger.json`. ### Data Types Primitive data types in the Swagger Specification are based on the types supported by the [JSON-Schema Draft 4](https://tools.ietf.org/html/draft-zyp-json-schema-04#section-3.5). Models are described using the [Schema Object](#schema-object) which is a subset of JSON Schema Draft 4. An additional primitive data type `"file"` is used by the [Parameter Object](#parameter-object) and the [Response Object](#response-object) to set the parameter type or the response as being a file. Primitives have an optional modifier property `format`. Swagger uses several known formats to more finely define the data type being used. However, the `format` property is an open `string`-valued property, and can have any value to support documentation needs. Formats such as `"email"`, `"uuid"`, etc., can be used even though they are not defined by this specification. Types that are not accompanied by a `format` property follow their definition from the JSON Schema (except for `file` type which is defined above). The formats defined by the Swagger Specification are: Common Name | [`type`](#dataTypeType) | [`format`](#dataTypeFormat) | Comments ----------- | ------ | -------- | -------- integer | `integer` | `int32` | signed 32 bits long | `integer` | `int64` | signed 64 bits float | `number` | `float` | | double | `number` | `double` | | string | `string` | | | byte | `string` | `byte` | base64 encoded characters binary | `string` | `binary` | any sequence of octets boolean | `boolean` | | | date | `string` | `date` | As defined by `full-date` - [RFC3339](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6) dateTime | `string` | `date-time` | As defined by `date-time` - [RFC3339](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6) password | `string` | `password` | Used to hint UIs the input needs to be obscured. ### Schema #### Swagger Object This is the root document object for the API specification. It combines what previously was the Resource Listing and API Declaration (version 1.2 and earlier) together into one document. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- swagger | `string` | **Required.** Specifies the Swagger Specification version being used. It can be used by the Swagger UI and other clients to interpret the API listing. The value MUST be `"2.0"`. info | [Info Object](#info-object) | **Required.** Provides metadata about the API. The metadata can be used by the clients if needed. host | `string` | The host (name or ip) serving the API. This MUST be the host only and does not include the scheme nor sub-paths. It MAY include a port. If the `host` is not included, the host serving the documentation is to be used (including the port). The `host` does not support [path templating](#path-templating). basePath | `string` | The base path on which the API is served, which is relative to the [`host`](#swaggerHost). If it is not included, the API is served directly under the `host`. The value MUST start with a leading slash (`/`). The `basePath` does not support [path templating](#path-templating). schemes | [`string`] | The transfer protocol of the API. Values MUST be from the list: `"http"`, `"https"`, `"ws"`, `"wss"`. If the `schemes` is not included, the default scheme to be used is the one used to access the Swagger definition itself. consumes | [`string`] | A list of MIME types the APIs can consume. This is global to all APIs but can be overridden on specific API calls. Value MUST be as described under [Mime Types](#mime-types). produces | [`string`] | A list of MIME types the APIs can produce. This is global to all APIs but can be overridden on specific API calls. Value MUST be as described under [Mime Types](#mime-types). paths | [Paths Object](#paths-object) | **Required.** The available paths and operations for the API. definitions | [Definitions Object](#definitions-object) | An object to hold data types produced and consumed by operations. parameters | [Parameters Definitions Object](#parameters-definitions-object) | An object to hold parameters that can be used across operations. This property *does not* define global parameters for all operations. responses | [Responses Definitions Object](#responses-definitions-object) | An object to hold responses that can be used across operations. This property *does not* define global responses for all operations. securityDefinitions | [Security Definitions Object](#security-definitions-object) | Security scheme definitions that can be used across the specification. security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security schemes are applied for the API as a whole. The list of values describes alternative security schemes that can be used (that is, there is a logical OR between the security requirements). Individual operations can override this definition. tags | [[Tag Object](#tag-object)] | A list of tags used by the specification with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared may be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation. ##### Patterned Objects Field Pattern | Type | Description ---|:---:|--- ^x- | Any | Allows extensions to the Swagger Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be `null`, a primitive, an array or an object. See [Vendor Extensions](#specification-extensions) for further details. #### Info Object The object provides metadata about the API. The metadata can be used by the clients if needed, and can be presented in the Swagger-UI for convenience. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- title | `string` | **Required.** The title of the application. description | `string` | A short description of the application. [GFM syntax](https://guides.github.com/features/mastering-markdown/#GitHub-flavored-markdown) can be used for rich text representation. termsOfService | `string` | The Terms of Service for the API. contact | [Contact Object](#contact-object) | The contact information for the exposed API. license | [License Object](#license-object) | The license information for the exposed API. version | `string` | **Required** Provides the version of the application API (not to be confused with the specification version). ##### Patterned Objects Field Pattern | Type | Description ---|:---:|--- ^x- | Any | Allows extensions to the Swagger Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be `null`, a primitive, an array or an object. See [Vendor Extensions](#specification-extensions) for further details. ##### Info Object Example: ```js { "title": "Swagger Sample App", "description": "This is a sample server Petstore server.", "termsOfService": "http://swagger.io/terms/", "contact": { "name": "API Support", "url": "http://www.swagger.io/support", "email": "support@swagger.io" }, "license": { "name": "Apache 2.0", "url": "http://www.apache.org/licenses/LICENSE-2.0.html" }, "version": "1.0.1" } ``` ```yaml title: Swagger Sample App description: This is a sample server Petstore server. termsOfService: http://swagger.io/terms/ contact: name: API Support url: http://www.swagger.io/support email: support@swagger.io license: name: Apache 2.0 url: http://www.apache.org/licenses/LICENSE-2.0.html version: 1.0.1 ``` #### Contact Object Contact information for the exposed API. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | The identifying name of the contact person/organization. url | `string` | The URL pointing to the contact information. MUST be in the format of a URL. email | `string` | The email address of the contact person/organization. MUST be in the format of an email address. ##### Patterned Objects Field Pattern | Type | Description ---|:---:|--- ^x- | Any | Allows extensions to the Swagger Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be `null`, a primitive, an array or an object. See [Vendor Extensions](#specification-extensions) for further details. ##### Contact Object Example: ```js { "name": "API Support", "url": "http://www.swagger.io/support", "email": "support@swagger.io" } ``` ```yaml name: API Support url: http://www.swagger.io/support email: support@swagger.io ``` #### License Object License information for the exposed API. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | **Required.** The license name used for the API. url | `string` | A URL to the license used for the API. MUST be in the format of a URL. ##### Patterned Objects Field Pattern | Type | Description ---|:---:|--- ^x- | Any | Allows extensions to the Swagger Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be `null`, a primitive, an array or an object. See [Vendor Extensions](#specification-extensions) for further details. ##### License Object Example: ```js { "name": "Apache 2.0", "url": "http://www.apache.org/licenses/LICENSE-2.0.html" } ``` ```yaml name: Apache 2.0 url: http://www.apache.org/licenses/LICENSE-2.0.html ``` #### Paths Object Holds the relative paths to the individual endpoints. The path is appended to the [`basePath`](#swaggerBasePath) in order to construct the full URL. The Paths may be empty, due to [ACL constraints](#security-filtering). ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- /{path} | [Path Item Object](#path-item-object) | A relative path to an individual endpoint. The field name MUST begin with a slash. The path is appended to the [`basePath`](#swaggerBasePath) in order to construct the full URL. [Path templating](#path-templating) is allowed. ^x- | Any | Allows extensions to the Swagger Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be `null`, a primitive, an array or an object. See [Vendor Extensions](#specification-extensions) for further details. ##### Paths Object Example ```js { "/pets": { "get": { "description": "Returns all pets from the system that the user has access to", "produces": [ "application/json" ], "responses": { "200": { "description": "A list of pets.", "schema": { "type": "array", "items": { "$ref": "#/definitions/pet" } } } } } } } ``` ```yaml /pets: get: description: Returns all pets from the system that the user has access to produces: - application/json responses: '200': description: A list of pets. schema: type: array items: $ref: '#/definitions/pet' ``` #### Path Item Object Describes the operations available on a single path. A Path Item may be empty, due to [ACL constraints](#security-filtering). The path itself is still exposed to the documentation viewer but they will not know which operations and parameters are available. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- $ref | `string` | Allows for an external definition of this path item. The referenced structure MUST be in the format of a [Path Item Object](#path-item-object). If there are conflicts between the referenced definition and this Path Item's definition, the behavior is *undefined*. get | [Operation Object](#operation-object) | A definition of a GET operation on this path. put | [Operation Object](#operation-object) | A definition of a PUT operation on this path. post | [Operation Object](#operation-object) | A definition of a POST operation on this path. delete | [Operation Object](#operation-object) | A definition of a DELETE operation on this path. options | [Operation Object](#operation-object) | A definition of a OPTIONS operation on this path. head | [Operation Object](#operation-object) | A definition of a HEAD operation on this path. patch | [Operation Object](#operation-object) | A definition of a PATCH operation on this path. parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). The list can use the [Reference Object](#reference-object) to link to parameters that are defined at the [Swagger Object's parameters](#swaggerParameters). There can be one "body" parameter at most. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- ^x- | Any | Allows extensions to the Swagger Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be `null`, a primitive, an array or an object. See [Vendor Extensions](#specification-extensions) for further details. ##### Path Item Object Example ```js { "get": { "description": "Returns pets based on ID", "summary": "Find pets by ID", "operationId": "getPetsById", "produces": [ "application/json", "text/html" ], "responses": { "200": { "description": "pet response", "schema": { "type": "array", "items": { "$ref": "#/definitions/Pet" } } }, "default": { "description": "error payload", "schema": { "$ref": "#/definitions/ErrorModel" } } } }, "parameters": [ { "name": "id", "in": "path", "description": "ID of pet to use", "required": true, "type": "array", "items": { "type": "string" }, "collectionFormat": "csv" } ] } ``` ```yaml get: description: Returns pets based on ID summary: Find pets by ID operationId: getPetsById produces: - application/json - text/html responses: '200': description: pet response schema: type: array items: $ref: '#/definitions/Pet' default: description: error payload schema: $ref: '#/definitions/ErrorModel' parameters: - name: id in: path description: ID of pet to use required: true type: array items: type: string collectionFormat: csv ``` #### Operation Object Describes a single API operation on a path. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- tags | [`string`] | A list of tags for API documentation control. Tags can be used for logical grouping of operations by resources or any other qualifier. summary | `string` | A short summary of what the operation does. For maximum readability in the swagger-ui, this field SHOULD be less than 120 characters. description | `string` | A verbose explanation of the operation behavior. [GFM syntax](https://guides.github.com/features/mastering-markdown/#GitHub-flavored-markdown) can be used for rich text representation. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this operation. operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is recommended to follow common programming naming conventions. consumes | [`string`] | A list of MIME types the operation can consume. This overrides the [`consumes`](#swaggerConsumes) definition at the Swagger Object. An empty value MAY be used to clear the global definition. Value MUST be as described under [Mime Types](#mime-types). produces | [`string`] | A list of MIME types the operation can produce. This overrides the [`produces`](#swaggerProduces) definition at the Swagger Object. An empty value MAY be used to clear the global definition. Value MUST be as described under [Mime Types](#mime-types). parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for this operation. If a parameter is already defined at the [Path Item](#pathItemParameters), the new definition will override it, but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). The list can use the [Reference Object](#reference-object) to link to parameters that are defined at the [Swagger Object's parameters](#swaggerParameters). There can be one "body" parameter at most. responses | [Responses Object](#responses-object) | **Required.** The list of possible responses as they are returned from executing this operation. schemes | [`string`] | The transfer protocol for the operation. Values MUST be from the list: `"http"`, `"https"`, `"ws"`, `"wss"`. The value overrides the Swagger Object [`schemes`](#swaggerSchemes) definition. deprecated | `boolean` | Declares this operation to be deprecated. Usage of the declared operation should be refrained. Default value is `false`. security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security schemes are applied for this operation. The list of values describes alternative security schemes that can be used (that is, there is a logical OR between the security requirements). This definition overrides any declared top-level [`security`](#swaggerSecurity). To remove a top-level security declaration, an empty array can be used. ##### Patterned Objects Field Pattern | Type | Description ---|:---:|--- ^x- | Any | Allows extensions to the Swagger Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be `null`, a primitive, an array or an object. See [Vendor Extensions](#specification-extensions) for further details. ##### Operation Object Example ```js { "tags": [ "pet" ], "summary": "Updates a pet in the store with form data", "description": "", "operationId": "updatePetWithForm", "consumes": [ "application/x-www-form-urlencoded" ], "produces": [ "application/json", "application/xml" ], "parameters": [ { "name": "petId", "in": "path", "description": "ID of pet that needs to be updated", "required": true, "type": "string" }, { "name": "name", "in": "formData", "description": "Updated name of the pet", "required": false, "type": "string" }, { "name": "status", "in": "formData", "description": "Updated status of the pet", "required": false, "type": "string" } ], "responses": { "200": { "description": "Pet updated." }, "405": { "description": "Invalid input" } }, "security": [ { "petstore_auth": [ "write:pets", "read:pets" ] } ] } ``` ```yaml tags: - pet summary: Updates a pet in the store with form data description: "" operationId: updatePetWithForm consumes: - application/x-www-form-urlencoded produces: - application/json - application/xml parameters: - name: petId in: path description: ID of pet that needs to be updated required: true type: string - name: name in: formData description: Updated name of the pet required: false type: string - name: status in: formData description: Updated status of the pet required: false type: string responses: '200': description: Pet updated. '405': description: Invalid input security: - petstore_auth: - write:pets - read:pets ``` #### External Documentation Object Allows referencing an external resource for extended documentation. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- description | `string` | A short description of the target documentation. [GFM syntax](https://guides.github.com/features/mastering-markdown/#GitHub-flavored-markdown) can be used for rich text representation. url | `string` | **Required.** The URL for the target documentation. Value MUST be in the format of a URL. ##### Patterned Objects Field Pattern | Type | Description ---|:---:|--- ^x- | Any | Allows extensions to the Swagger Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be `null`, a primitive, an array or an object. See [Vendor Extensions](#specification-extensions) for further details. ##### External Documentation Object Example ```js { "description": "Find more info here", "url": "https://swagger.io" } ``` ```yaml description: Find more info here url: https://swagger.io ``` #### Parameter Object Describes a single operation parameter. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). There are five possible parameter types. * Path - Used together with [Path Templating](#path-templating), where the parameter value is actually part of the operation's URL. This does not include the host or base path of the API. For example, in `/items/{itemId}`, the path parameter is `itemId`. * Query - Parameters that are appended to the URL. For example, in `/items?id=###`, the query parameter is `id`. * Header - Custom headers that are expected as part of the request. * Body - The payload that's appended to the HTTP request. Since there can only be one payload, there can only be *one* body parameter. The name of the body parameter has no effect on the parameter itself and is used for documentation purposes only. Since Form parameters are also in the payload, body and form parameters cannot exist together for the same operation. * Form - Used to describe the payload of an HTTP request when either `application/x-www-form-urlencoded`, `multipart/form-data` or both are used as the content type of the request (in Swagger's definition, the [`consumes`](#operationConsumes) property of an operation). This is the only parameter type that can be used to send files, thus supporting the `file` type. Since form parameters are sent in the payload, they cannot be declared together with a body parameter for the same operation. Form parameters have a different format based on the content-type used (for further details, consult http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4): * `application/x-www-form-urlencoded` - Similar to the format of Query parameters but as a payload. For example, `foo=1&bar=swagger` - both `foo` and `bar` are form parameters. This is normally used for simple parameters that are being transferred. * `multipart/form-data` - each parameter takes a section in the payload with an internal header. For example, for the header `Content-Disposition: form-data; name="submit-name"` the name of the parameter is `submit-name`. This type of form parameters is more commonly used for file transfers. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | **Required.** The name of the parameter. Parameter names are *case sensitive*.
  • If [`in`](#parameterIn) is `"path"`, the `name` field MUST correspond to the associated path segment from the [path](#pathsPath) field in the [Paths Object](#paths-object). See [Path Templating](#path-templating) for further information.
  • For all other cases, the `name` corresponds to the parameter name used based on the [`in`](#parameterIn) property.
in | `string` | **Required.** The location of the parameter. Possible values are "query", "header", "path", "formData" or "body". description | `string` | A brief description of the parameter. This could contain examples of use. [GFM syntax](https://guides.github.com/features/mastering-markdown/#GitHub-flavored-markdown) can be used for rich text representation. required | `boolean` | Determines whether this parameter is mandatory. If the parameter is [`in`](#parameterIn) "path", this property is **required** and its value MUST be `true`. Otherwise, the property MAY be included and its default value is `false`. If [`in`](#parameterIn) is `"body"`: Field Name | Type | Description ---|:---:|--- schema | [Schema Object](#schema-object) | **Required.** The schema defining the type used for the body parameter. If [`in`](#parameterIn) is any value other than `"body"`: Field Name | Type | Description ---|:---:|--- type | `string` | **Required.** The type of the parameter. Since the parameter is not located at the request body, it is limited to simple types (that is, not an object). The value MUST be one of `"string"`, `"number"`, `"integer"`, `"boolean"`, `"array"` or `"file"`. If `type` is `"file"`, the [`consumes`](#operationConsumes) MUST be either `"multipart/form-data"`, `" application/x-www-form-urlencoded"` or both and the parameter MUST be [`in`](#parameterIn) `"formData"`. format | `string` | The extending format for the previously mentioned [`type`](#parameterType). See [Data Type Formats](#dataTypeFormat) for further details. allowEmptyValue | `boolean` | Sets the ability to pass empty-valued parameters. This is valid only for either `query` or `formData` parameters and allows you to send a parameter with a name only or an empty value. Default value is `false`. items | [Items Object](#items-object) | **Required if [`type`](#parameterType) is "array".** Describes the type of items in the array. collectionFormat | `string` | Determines the format of the array if type array is used. Possible values are:
  • `csv` - comma separated values `foo,bar`.
  • `ssv` - space separated values `foo bar`.
  • `tsv` - tab separated values `foo\tbar`.
  • `pipes` - pipe separated values foo|bar.
  • `multi` - corresponds to multiple parameter instances instead of multiple values for a single instance `foo=bar&foo=baz`. This is valid only for parameters [`in`](#parameterIn) "query" or "formData".
Default value is `csv`. default | * | Declares the value of the parameter that the server will use if none is provided, for example a "count" to control the number of results per page might default to 100 if not supplied by the client in the request. (Note: "default" has no meaning for required parameters.) See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-6.2. Unlike JSON Schema this value MUST conform to the defined [`type`](#parameterType) for this parameter. maximum | `number` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.1.2. exclusiveMaximum | `boolean` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.1.2. minimum | `number` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.1.3. exclusiveMinimum | `boolean` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.1.3. maxLength | `integer` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.2.1. minLength | `integer` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.2.2. pattern | `string` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.2.3. maxItems | `integer` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.3.2. minItems | `integer` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.3.3. uniqueItems | `boolean` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.3.4. enum | [*] | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.5.1. multipleOf | `number` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.1.1. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- ^x- | Any | Allows extensions to the Swagger Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be `null`, a primitive, an array or an object. See [Vendor Extensions](#specification-extensions) for further details. ##### Parameter Object Examples ###### Body Parameters A body parameter with a referenced schema definition (normally for a model definition): ```js { "name": "user", "in": "body", "description": "user to add to the system", "required": true, "schema": { "$ref": "#/definitions/User" } } ``` ```yaml name: user in: body description: user to add to the system required: true schema: $ref: '#/definitions/User' ``` A body parameter that is an array of string values: ```js { "name": "user", "in": "body", "description": "user to add to the system", "required": true, "schema": { "type": "array", "items": { "type": "string" } } } ``` ```yaml name: user in: body description: user to add to the system required: true schema: type: array items: type: string ``` ###### Other Parameters A header parameter with an array of 64 bit integer numbers: ```js { "name": "token", "in": "header", "description": "token to be passed as a header", "required": true, "type": "array", "items": { "type": "integer", "format": "int64" }, "collectionFormat": "csv" } ``` ```yaml name: token in: header description: token to be passed as a header required: true type: array items: type: integer format: int64 collectionFormat: csv ``` A path parameter of a string value: ```js { "name": "username", "in": "path", "description": "username to fetch", "required": true, "type": "string" } ``` ```yaml name: username in: path description: username to fetch required: true type: string ``` An optional query parameter of a string value, allowing multiple values by repeating the query parameter: ```js { "name": "id", "in": "query", "description": "ID of the object to fetch", "required": false, "type": "array", "items": { "type": "string" }, "collectionFormat": "multi" } ``` ```yaml name: id in: query description: ID of the object to fetch required: false type: array items: type: string collectionFormat: multi ``` A form data with file type for a file upload: ```js { "name": "avatar", "in": "formData", "description": "The avatar of the user", "required": true, "type": "file" } ``` ```yaml name: avatar in: formData description: The avatar of the user required: true type: file ``` #### Items Object A limited subset of JSON-Schema's items object. It is used by parameter definitions that are not located [`in`](#parameterIn) `"body"`. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- type | `string` | **Required.** The internal type of the array. The value MUST be one of `"string"`, `"number"`, `"integer"`, `"boolean"`, or `"array"`. Files and models are not allowed. format | `string` | The extending format for the previously mentioned [`type`](#parameterType). See [Data Type Formats](#dataTypeFormat) for further details. items | [Items Object](#items-object) | **Required if [`type`](#itemsType) is "array".** Describes the type of items in the array. collectionFormat | `string` | Determines the format of the array if type array is used. Possible values are:
  • `csv` - comma separated values `foo,bar`.
  • `ssv` - space separated values `foo bar`.
  • `tsv` - tab separated values `foo\tbar`.
  • `pipes` - pipe separated values foo|bar.
Default value is `csv`. default | * | Declares the value of the item that the server will use if none is provided. (Note: "default" has no meaning for required items.) See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-6.2. Unlike JSON Schema this value MUST conform to the defined [`type`](#itemsType) for the data type. maximum | `number` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.1.2. exclusiveMaximum | `boolean` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.1.2. minimum | `number` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.1.3. exclusiveMinimum | `boolean` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.1.3. maxLength | `integer` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.2.1. minLength | `integer` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.2.2. pattern | `string` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.2.3. maxItems | `integer` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.3.2. minItems | `integer` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.3.3. uniqueItems | `boolean` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.3.4. enum | [*] | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.5.1. multipleOf | `number` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.1.1. ##### Patterned Objects Field Pattern | Type | Description ---|:---:|--- ^x- | Any | Allows extensions to the Swagger Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be `null`, a primitive, an array or an object. See [Vendor Extensions](#specification-extensions) for further details. ##### Items Object Examples Items must be of type string and have the minimum length of 2 characters: ```js { "type": "string", "minLength": 2 } ``` ```yaml type: string minLength: 2 ``` An array of arrays, the internal array being of type integer, numbers must be between 0 and 63 (inclusive): ```js { "type": "array", "items": { "type": "integer", "minimum": 0, "maximum": 63 } } ``` ```yaml type: array items: type: integer minimum: 0 maximum: 63 ``` #### Responses Object A container for the expected responses of an operation. The container maps a HTTP response code to the expected response. It is not expected from the documentation to necessarily cover all possible HTTP response codes, since they may not be known in advance. However, it is expected from the documentation to cover a successful operation response and any known errors. The `default` can be used as the default response object for all HTTP codes that are not covered individually by the specification. The `Responses Object` MUST contain at least one response code, and it SHOULD be the response for a successful operation call. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- default | [Response Object](#response-object) \| [Reference Object](#reference-object) | The documentation of responses other than the ones declared for specific HTTP response codes. It can be used to cover undeclared responses. [Reference Object](#reference-object) can be used to link to a response that is defined at the [Swagger Object's responses](#swaggerResponses) section. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- {[HTTP Status Code](#http-status-codes)} | [Response Object](#response-object) \| [Reference Object](#reference-object) | Any [HTTP status code](#http-status-codes) can be used as the property name (one property per HTTP status code). Describes the expected response for that HTTP status code. [Reference Object](#reference-object) can be used to link to a response that is defined at the [Swagger Object's responses](#swaggerResponses) section. ^x- | Any | Allows extensions to the Swagger Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be `null`, a primitive, an array or an object. See [Vendor Extensions](#specification-extensions) for further details. ##### Responses Object Example A 200 response for successful operation and a default response for others (implying an error): ```js { "200": { "description": "a pet to be returned", "schema": { "$ref": "#/definitions/Pet" } }, "default": { "description": "Unexpected error", "schema": { "$ref": "#/definitions/ErrorModel" } } } ``` ```yaml '200': description: a pet to be returned schema: $ref: '#/definitions/Pet' default: description: Unexpected error schema: $ref: '#/definitions/ErrorModel' ``` #### Response Object Describes a single response from an API Operation. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- description | `string` | **Required.** A short description of the response. [GFM syntax](https://guides.github.com/features/mastering-markdown/#GitHub-flavored-markdown) can be used for rich text representation. schema | [Schema Object](#schema-object) | A definition of the response structure. It can be a primitive, an array or an object. If this field does not exist, it means no content is returned as part of the response. As an extension to the [Schema Object](#schema-object), its root `type` value may also be `"file"`. This SHOULD be accompanied by a relevant `produces` mime-type. headers | [Headers Object](#headers-object) | A list of headers that are sent with the response. examples | [Example Object](#example-object) | An example of the response message. ##### Patterned Objects Field Pattern | Type | Description ---|:---:|--- ^x- | Any | Allows extensions to the Swagger Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be `null`, a primitive, an array or an object. See [Vendor Extensions](#specification-extensions) for further details. ##### Response Object Examples Response of an array of a complex type: ```js { "description": "A complex object array response", "schema": { "type": "array", "items": { "$ref": "#/definitions/VeryComplexType" } } } ``` ```yaml description: A complex object array response schema: type: array items: $ref: '#/definitions/VeryComplexType' ``` Response with a string type: ```js { "description": "A simple string response", "schema": { "type": "string" } } ``` ```yaml description: A simple string response schema: type: string ``` Response with headers: ```js { "description": "A simple string response", "schema": { "type": "string" }, "headers": { "X-Rate-Limit-Limit": { "description": "The number of allowed requests in the current period", "type": "integer" }, "X-Rate-Limit-Remaining": { "description": "The number of remaining requests in the current period", "type": "integer" }, "X-Rate-Limit-Reset": { "description": "The number of seconds left in the current period", "type": "integer" } } } ``` ```yaml description: A simple string response schema: type: string headers: X-Rate-Limit-Limit: description: The number of allowed requests in the current period type: integer X-Rate-Limit-Remaining: description: The number of remaining requests in the current period type: integer X-Rate-Limit-Reset: description: The number of seconds left in the current period type: integer ``` Response with no return value: ```js { "description": "object created" } ``` ```yaml description: object created ``` #### Headers Object Lists the headers that can be sent as part of a response. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- {name} | [Header Object](#header-object) | The name of the property corresponds to the name of the header. The value describes the type of the header. ##### Headers Object Example Rate-limit headers: ```js { "X-Rate-Limit-Limit": { "description": "The number of allowed requests in the current period", "type": "integer" }, "X-Rate-Limit-Remaining": { "description": "The number of remaining requests in the current period", "type": "integer" }, "X-Rate-Limit-Reset": { "description": "The number of seconds left in the current period", "type": "integer" } } ``` ```yaml X-Rate-Limit-Limit: description: The number of allowed requests in the current period type: integer X-Rate-Limit-Remaining: description: The number of remaining requests in the current period type: integer X-Rate-Limit-Reset: description: The number of seconds left in the current period type: integer ``` #### Example Object Allows sharing examples for operation responses. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- {[mime type](#mime-types)} | Any | The name of the property MUST be one of the Operation `produces` values (either implicit or inherited). The value SHOULD be an example of what such a response would look like. ##### Example Object Example Example response for application/json mimetype of a Pet data type: ```js { "application/json": { "name": "Puma", "type": "Dog", "color": "Black", "gender": "Female", "breed": "Mixed" } } ``` ```yaml application/json: name: Puma type: Dog color: Black gender: Female breed: Mixed ``` #### Header Object Field Name | Type | Description ---|:---:|--- description | `string` | A short description of the header. type | `string` | **Required.** The type of the object. The value MUST be one of `"string"`, `"number"`, `"integer"`, `"boolean"`, or `"array"`. format | `string` | The extending format for the previously mentioned [`type`](#stType). See [Data Type Formats](#dataTypeFormat) for further details. items | [Items Object](#items-object) | **Required if [`type`](#stType) is "array".** Describes the type of items in the array. collectionFormat | `string` | Determines the format of the array if type array is used. Possible values are:
  • `csv` - comma separated values `foo,bar`.
  • `ssv` - space separated values `foo bar`.
  • `tsv` - tab separated values `foo\tbar`.
  • `pipes` - pipe separated values foo|bar.
Default value is `csv`. default | * | Declares the value of the header that the server will use if none is provided. (Note: "default" has no meaning for required headers.) See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-6.2. Unlike JSON Schema this value MUST conform to the defined [`type`](#headerDefault) for the header. maximum | `number` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.1.2. exclusiveMaximum | `boolean` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.1.2. minimum | `number` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.1.3. exclusiveMinimum | `boolean` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.1.3. maxLength | `integer` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.2.1. minLength | `integer` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.2.2. pattern | `string` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.2.3. maxItems | `integer` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.3.2. minItems | `integer` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.3.3. uniqueItems | `boolean` | https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.3.4. enum | [*] | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.5.1. multipleOf | `number` | See https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.1.1. ##### Patterned Objects Field Pattern | Type | Description ---|:---:|--- ^x- | Any | Allows extensions to the Swagger Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be `null`, a primitive, an array or an object. See [Vendor Extensions](#specification-extensions) for further details. ##### Header Object Example A simple header with of an integer type: ```js { "description": "The number of allowed requests in the current period", "type": "integer" } ``` ```yaml description: The number of allowed requests in the current period type: integer ``` #### Tag Object Allows adding meta data to a single tag that is used by the [Operation Object](#operation-object). It is not mandatory to have a Tag Object per tag used there. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | **Required.** The name of the tag. description | `string` | A short description for the tag. [GFM syntax](https://guides.github.com/features/mastering-markdown/#GitHub-flavored-markdown) can be used for rich text representation. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this tag. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- ^x- | Any | Allows extensions to the Swagger Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be `null`, a primitive, an array or an object. See [Vendor Extensions](#specification-extensions) for further details. ##### Tag Object Example ```js { "name": "pet", "description": "Pets operations" } ``` ```yaml name: pet description: Pets operations ``` #### Reference Object A simple object to allow referencing other definitions in the specification. It can be used to reference parameters and responses that are defined at the top level for reuse. The Reference Object is a [JSON Reference](http://tools.ietf.org/html/draft-pbryan-zyp-json-ref-02) that uses a [JSON Pointer](http://tools.ietf.org/html/rfc6901) as its value. For this specification, only [canonical dereferencing](https://tools.ietf.org/html/draft-zyp-json-schema-04#section-7.2.3) is supported. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- $ref | `string` | **Required.** The reference string. ##### Reference Object Example ```js { "$ref": "#/definitions/Pet" } ``` ```yaml $ref: '#/definitions/Pet' ``` ##### Relative Schema File Example ```js { "$ref": "Pet.json" } ``` ```yaml $ref: 'Pet.yaml' ``` ##### Relative Files With Embedded Schema Example ```js { "$ref": "definitions.json#/Pet" } ``` ```yaml $ref: 'definitions.yaml#/Pet' ``` #### Schema Object The Schema Object allows the definition of input and output data types. These types can be objects, but also primitives and arrays. This object is based on the [JSON Schema Specification Draft 4](http://json-schema.org/) and uses a predefined subset of it. On top of this subset, there are extensions provided by this specification to allow for more complete documentation. Further information about the properties can be found in [JSON Schema Core](https://tools.ietf.org/html/draft-zyp-json-schema-04) and [JSON Schema Validation](https://tools.ietf.org/html/draft-fge-json-schema-validation-00). Unless stated otherwise, the property definitions follow the JSON Schema specification as referenced here. The following properties are taken directly from the JSON Schema definition and follow the same specifications: - $ref - As a [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03) - format (See [Data Type Formats](#dataTypeFormat) for further details) - title - description ([GFM syntax](https://guides.github.com/features/mastering-markdown/#GitHub-flavored-markdown) can be used for rich text representation) - default (Unlike JSON Schema, the value MUST conform to the defined type for the Schema Object) - multipleOf - maximum - exclusiveMaximum - minimum - exclusiveMinimum - maxLength - minLength - pattern - maxItems - minItems - uniqueItems - maxProperties - minProperties - required - enum - type The following properties are taken from the JSON Schema definition but their definitions were adjusted to the Swagger Specification. Their definition is the same as the one from JSON Schema, only where the original definition references the JSON Schema definition, the [Schema Object](#schema-object) definition is used instead. - items - allOf - properties - additionalProperties Other than the JSON Schema subset fields, the following fields may be used for further schema documentation. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- discriminator | `string` | Adds support for polymorphism. The discriminator is the schema property name that is used to differentiate between other schema that inherit this schema. The property name used MUST be defined at this schema and it MUST be in the `required` property list. When used, the value MUST be the name of this schema or any schema that inherits it. readOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but MUST NOT be sent as part of the request. Properties marked as `readOnly` being `true` SHOULD NOT be in the `required` list of the defined schema. Default value is `false`. xml | [XML Object](#xml-object) | This MAY be used only on properties schemas. It has no effect on root schemas. Adds Additional metadata to describe the XML representation format of this property. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this schema. example | Any | A free-form property to include an example of an instance for this schema. ##### Patterned Objects Field Pattern | Type | Description ---|:---:|--- ^x- | Any | Allows extensions to the Swagger Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be `null`, a primitive, an array or an object. See [Vendor Extensions](#specification-extensions) for further details. ###### Composition and Inheritance (Polymorphism) Swagger allows combining and extending model definitions using the `allOf` property of JSON Schema, in effect offering model composition. `allOf` takes in an array of object definitions that are validated *independently* but together compose a single object. While composition offers model extensibility, it does not imply a hierarchy between the models. To support polymorphism, Swagger adds the support of the `discriminator` field. When used, the `discriminator` will be the name of the property used to decide which schema definition is used to validate the structure of the model. As such, the `discriminator` field MUST be a required field. The value of the chosen property has to be the friendly name given to the model under the `definitions` property. As such, inline schema definitions, which do not have a given id, *cannot* be used in polymorphism. ###### XML Modeling The [xml](#schemaXml) property allows extra definitions when translating the JSON definition to XML. The [XML Object](#xml-object) contains additional information about the available options. ##### Schema Object Examples ###### Primitive Sample Unlike previous versions of Swagger, Schema definitions can be used to describe primitive and arrays as well. ```js { "type": "string", "format": "email" } ``` ```yaml type: string format: email ``` ###### Simple Model ```js { "type": "object", "required": [ "name" ], "properties": { "name": { "type": "string" }, "address": { "$ref": "#/definitions/Address" }, "age": { "type": "integer", "format": "int32", "minimum": 0 } } } ``` ```yaml type: object required: - name properties: name: type: string address: $ref: '#/definitions/Address' age: type: integer format: int32 minimum: 0 ``` ###### Model with Map/Dictionary Properties For a simple string to string mapping: ```js { "type": "object", "additionalProperties": { "type": "string" } } ``` ```yaml type: object additionalProperties: type: string ``` For a string to model mapping: ```js { "type": "object", "additionalProperties": { "$ref": "#/definitions/ComplexModel" } } ``` ```yaml type: object additionalProperties: $ref: '#/definitions/ComplexModel' ``` ###### Model with Example ```js { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } }, "required": [ "name" ], "example": { "name": "Puma", "id": 1 } } ``` ```yaml type: object properties: id: type: integer format: int64 name: type: string required: - name example: name: Puma id: 1 ``` ###### Models with Composition ```js { "definitions": { "ErrorModel": { "type": "object", "required": [ "message", "code" ], "properties": { "message": { "type": "string" }, "code": { "type": "integer", "minimum": 100, "maximum": 600 } } }, "ExtendedErrorModel": { "allOf": [ { "$ref": "#/definitions/ErrorModel" }, { "type": "object", "required": [ "rootCause" ], "properties": { "rootCause": { "type": "string" } } } ] } } } ``` ```yaml definitions: ErrorModel: type: object required: - message - code properties: message: type: string code: type: integer minimum: 100 maximum: 600 ExtendedErrorModel: allOf: - $ref: '#/definitions/ErrorModel' - type: object required: - rootCause properties: rootCause: type: string ``` ###### Models with Polymorphism Support ```js { "definitions": { "Pet": { "type": "object", "discriminator": "petType", "properties": { "name": { "type": "string" }, "petType": { "type": "string" } }, "required": [ "name", "petType" ] }, "Cat": { "description": "A representation of a cat", "allOf": [ { "$ref": "#/definitions/Pet" }, { "type": "object", "properties": { "huntingSkill": { "type": "string", "description": "The measured skill for hunting", "default": "lazy", "enum": [ "clueless", "lazy", "adventurous", "aggressive" ] } }, "required": [ "huntingSkill" ] } ] }, "Dog": { "description": "A representation of a dog", "allOf": [ { "$ref": "#/definitions/Pet" }, { "type": "object", "properties": { "packSize": { "type": "integer", "format": "int32", "description": "the size of the pack the dog is from", "default": 0, "minimum": 0 } }, "required": [ "packSize" ] } ] } } } ``` ```yaml definitions: Pet: type: object discriminator: petType properties: name: type: string petType: type: string required: - name - petType Cat: description: A representation of a cat allOf: - $ref: '#/definitions/Pet' - type: object properties: huntingSkill: type: string description: The measured skill for hunting default: lazy enum: - clueless - lazy - adventurous - aggressive required: - huntingSkill Dog: description: A representation of a dog allOf: - $ref: '#/definitions/Pet' - type: object properties: packSize: type: integer format: int32 description: the size of the pack the dog is from default: 0 minimum: 0 required: - packSize ``` #### XML Object A metadata object that allows for more fine-tuned XML model definitions. When using arrays, XML element names are *not* inferred (for singular/plural forms) and the `name` property should be used to add that information. See examples for expected behavior. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | Replaces the name of the element/attribute used for the described schema property. When defined within the Items Object (`items`), it will affect the name of the individual XML elements within the list. When defined alongside `type` being `array` (outside the `items`), it will affect the wrapping element and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. namespace | `string` | The URL of the namespace definition. Value SHOULD be in the form of a URL. prefix | `string` | The prefix to be used for the [name](#xmlName). attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `array` (outside the `items`). ##### Patterned Objects Field Pattern | Type | Description ---|:---:|--- ^x- | Any | Allows extensions to the Swagger Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be `null`, a primitive, an array or an object. See [Vendor Extensions](#specification-extensions) for further details. ##### XML Object Examples The examples of the XML object definitions are included inside a property definition of a [Schema Object](#schema-object) with a sample of the XML representation of it. ###### No XML Element Basic string property: ```js { "animals": { "type": "string" } } ``` ```yaml animals: type: string ``` ```xml ... ``` Basic string array property ([`wrapped`](#xmlWrapped) is `false` by default): ```js { "animals": { "type": "array", "items": { "type": "string" } } } ``` ```yaml animals: type: array items: type: string ``` ```xml ... ... ... ``` ###### XML Name Replacement ```js { "animals": { "type": "string", "xml": { "name": "animal" } } } ``` ```yaml animals: type: string xml: name: animal ``` ```xml ... ``` ###### XML Attribute, Prefix and Namespace In this example, a full model definition is shown. ```js { "Person": { "type": "object", "properties": { "id": { "type": "integer", "format": "int32", "xml": { "attribute": true } }, "name": { "type": "string", "xml": { "namespace": "http://swagger.io/schema/sample", "prefix": "sample" } } } } } ``` ```yaml Person: type: object properties: id: type: integer format: int32 xml: attribute: true name: type: string xml: namespace: http://swagger.io/schema/sample prefix: sample ``` ```xml example ``` ###### XML Arrays Changing the element names: ```js { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } } } } ``` ```yaml animals: type: array items: type: string xml: name: animal ``` ```xml value value ``` The external `name` property has no effect on the XML: ```js { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "name": "aliens" } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: name: aliens ``` ```xml value value ``` Even when the array is wrapped, if no name is explicitly defined, the same name will be used both internally and externally: ```js { "animals": { "type": "array", "items": { "type": "string" }, "xml": { "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: wrapped: true ``` ```xml value value ``` To overcome the above example, the following definition can be used: ```js { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: wrapped: true ``` ```xml value value ``` Affecting both internal and external names: ```js { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "name": "aliens", "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: name: aliens wrapped: true ``` ```xml value value ``` If we change the external element but not the internal ones: ```js { "animals": { "type": "array", "items": { "type": "string" }, "xml": { "name": "aliens", "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: aliens wrapped: true ``` ```xml value value ``` #### Definitions Object An object to hold data types that can be consumed and produced by operations. These data types can be primitives, arrays or models. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- {name} | [Schema Object](#schema-object) | A single definition, mapping a "name" to the schema it defines. ##### Definitions Object Example ```js { "Category": { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } } }, "Tag": { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } } } } ``` ```yaml Category: type: object properties: id: type: integer format: int64 name: type: string Tag: type: object properties: id: type: integer format: int64 name: type: string ``` #### Parameters Definitions Object An object to hold parameters to be reused across operations. Parameter definitions can be referenced to the ones defined here. This does *not* define global operation parameters. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- {name} | [Parameter Object](#parameter-object) | A single parameter definition, mapping a "name" to the parameter it defines. ##### Parameters Definition Object Example ```js { "skipParam": { "name": "skip", "in": "query", "description": "number of items to skip", "required": true, "type": "integer", "format": "int32" }, "limitParam": { "name": "limit", "in": "query", "description": "max records to return", "required": true, "type": "integer", "format": "int32" } } ``` ```yaml skipParam: name: skip in: query description: number of items to skip required: true type: integer format: int32 limitParam: name: limit in: query description: max records to return required: true type: integer format: int32 ``` #### Responses Definitions Object An object to hold responses to be reused across operations. Response definitions can be referenced to the ones defined here. This does *not* define global operation responses. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- {name} | [Response Object](#response-object) | A single response definition, mapping a "name" to the response it defines. ##### Responses Definitions Object Example ```js { "NotFound": { "description": "Entity not found." }, "IllegalInput": { "description": "Illegal input for operation." }, "GeneralError": { "description": "General Error", "schema": { "$ref": "#/definitions/GeneralError" } } } ``` ```yaml NotFound: description: Entity not found. IllegalInput: description: Illegal input for operation. GeneralError: description: General Error schema: $ref: '#/definitions/GeneralError' ``` #### Security Definitions Object A declaration of the security schemes available to be used in the specification. This does not enforce the security schemes on the operations and only serves to provide the relevant details for each scheme. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- {name} | [Security Scheme Object](#security-scheme-object) | A single security scheme definition, mapping a "name" to the scheme it defines. ##### Security Definitions Object Example ```js { "api_key": { "type": "apiKey", "name": "api_key", "in": "header" }, "petstore_auth": { "type": "oauth2", "authorizationUrl": "http://swagger.io/api/oauth/dialog", "flow": "implicit", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } ``` ```yaml api_key: type: apiKey name: api_key in: header petstore_auth: type: oauth2 authorizationUrl: http://swagger.io/api/oauth/dialog flow: implicit scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### Security Scheme Object Allows the definition of a security scheme that can be used by the operations. Supported schemes are basic authentication, an API key (either as a header or as a query parameter) and OAuth2's common flows (implicit, password, application and access code). ##### Fixed Fields Field Name | Type | Validity | Description ---|:---:|---|--- type | `string` | Any | **Required.** The type of the security scheme. Valid values are `"basic"`, `"apiKey"` or `"oauth2"`. description | `string` | Any | A short description for security scheme. name | `string` | `apiKey` | **Required.** The name of the header or query parameter to be used. in | `string` | `apiKey` | **Required** The location of the API key. Valid values are `"query"` or `"header"`. flow | `string` | `oauth2` | **Required.** The flow used by the OAuth2 security scheme. Valid values are `"implicit"`, `"password"`, `"application"` or `"accessCode"`. authorizationUrl | `string` | `oauth2` (`"implicit"`, `"accessCode"`) | **Required.** The authorization URL to be used for this flow. This SHOULD be in the form of a URL. tokenUrl | `string` | `oauth2` (`"password"`, `"application"`, `"accessCode"`) | **Required.** The token URL to be used for this flow. This SHOULD be in the form of a URL. scopes | [Scopes Object](#scopes-object) | `oauth2` | **Required.** The available scopes for the OAuth2 security scheme. ##### Patterned Fields Field Name | Type | Description ---|:---:|--- ^x- | Any | Allows extensions to the Swagger Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be `null`, a primitive, an array or an object. See [Vendor Extensions](#specification-extensions) for further details. ##### Security Scheme Object Example ###### Basic Authentication Sample ```js { "type": "basic" } ``` ```yaml type: basic ``` ###### API Key Sample ```js { "type": "apiKey", "name": "api_key", "in": "header" } ``` ```yaml type: apiKey name: api_key in: header ``` ###### Implicit OAuth2 Sample ```js { "type": "oauth2", "authorizationUrl": "http://swagger.io/api/oauth/dialog", "flow": "implicit", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } ``` ```yaml type: oauth2 authorizationUrl: http://swagger.io/api/oauth/dialog flow: implicit scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### Scopes Object Lists the available scopes for an OAuth2 security scheme. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- {name} | `string` | Maps between a name of a scope to a short description of it (as the value of the property). ##### Patterned Objects Field Pattern | Type | Description ---|:---:|--- ^x- | Any | Allows extensions to the Swagger Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be `null`, a primitive, an array or an object. See [Vendor Extensions](#specification-extensions) for further details. ##### Scopes Object Example ```js { "write:pets": "modify pets in your account", "read:pets": "read your pets" } ``` ```yaml write:pets: modify pets in your account read:pets: read your pets ``` #### Security Requirement Object Lists the required security schemes to execute this operation. The object can have multiple security schemes declared in it which are all required (that is, there is a logical AND between the schemes). The name used for each property MUST correspond to a security scheme declared in the [Security Definitions](#security-definitions-object). ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- {name} | [`string`] | Each name must correspond to a security scheme which is declared in the [Security Definitions](#securityDefinitions). If the security scheme is of type `"oauth2"`, then the value is a list of scope names required for the execution. For other security scheme types, the array MUST be empty. ##### Security Requirement Object Examples ###### Non-OAuth2 Security Requirement ```js { "api_key": [] } ``` ```yaml api_key: [] ``` ###### OAuth2 Security Requirement ```js { "petstore_auth": [ "write:pets", "read:pets" ] } ``` ```yaml petstore_auth: - write:pets - read:pets ``` ### Specification Extensions While the Swagger Specification tries to accommodate most use cases, additional data can be added to extend the specification at certain points. The extensions properties are always prefixed by `"x-"` and can have any valid JSON format value. The extensions may or may not be supported by the available tooling, but those may be extended as well to add requested support (if tools are internal or open-sourced). ### Security Filtering Some objects in the Swagger specification may be declared and remain empty, or completely be removed, even though they are inherently the core of the API documentation. The reasoning behind it is to allow an additional layer of access control over the documentation itself. While not part of the specification itself, certain libraries may choose to allow access to parts of the documentation based on some form of authentication/authorization. Two examples for this: 1. The [Paths Object](#paths-object) may be empty. It may be counterintuitive, but this may tell the viewer that they got to the right place, but can't access any documentation. They'd still have access to the [Info Object](#info-object) which may contain additional information regarding authentication. 2. The [Path Item Object](#path-item-object) may be empty. In this case, the viewer will be aware that the path exists, but will not be able to see any of its operations or parameters. This is different than hiding the path itself from the [Paths Object](#paths-object) so the user will not be aware of its existence. This allows the documentation provider a finer control over what the viewer can see. OpenAPI-Specification-3.2.0/versions/3.0.0-editors.md000066400000000000000000000004561506330113000220210ustar00rootroot00000000000000## Active * Jeremy Whitlock [@whitlockjc](https://github.com/whitlockjc) * Marsh Gardiner [@earth2marsh](https://github.com/earth2marsh) * Ron Ratovsky [@webron](https://github.com/webron) * Tony Tam [@fehguy](https://github.com/fehguy) ## Emeritus * Jason Harmon [@jharmn](https://github.com/jharmn) OpenAPI-Specification-3.2.0/versions/3.0.0.md000066400000000000000000003607601506330113000203610ustar00rootroot00000000000000# OpenAPI Specification #### Version 3.0.0 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [BCP 14](https://tools.ietf.org/html/bcp14) [RFC2119](https://tools.ietf.org/html/rfc2119) [RFC8174](https://tools.ietf.org/html/rfc8174) when, and only when, they appear in all capitals, as shown here. This document is licensed under [The Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0.html). ## Introduction The OpenAPI Specification (OAS) defines a standard, language-agnostic interface to RESTful APIs which allows both humans and computers to discover and understand the capabilities of the service without access to source code, documentation, or through network traffic inspection. When properly defined, a consumer can understand and interact with the remote service with a minimal amount of implementation logic. An OpenAPI definition can then be used by documentation generation tools to display the API, code generation tools to generate servers and clients in various programming languages, testing tools, and many other use cases. ## Table of Contents - [Definitions](#definitions) - [OpenAPI Document](#openapi-document) - [Path Templating](#path-templating) - [Media Types](#media-types) - [HTTP Status Codes](#http-status-codes) - [Specification](#specification) - [Versions](#versions) - [Format](#format) - [Document Structure](#document-structure) - [Data Types](#data-types) - [Rich Text Formatting](#rich-text-formatting) - [Relative References In URLs](#relative-references-in-urls) - [Schema](#schema) - [OpenAPI Object](#openapi-object) - [Info Object](#info-object) - [Contact Object](#contact-object) - [License Object](#license-object) - [Server Object](#server-object) - [Server Variable Object](#server-variable-object) - [Components Object](#components-object) - [Paths Object](#paths-object) - [Path Item Object](#path-item-object) - [Operation Object](#operation-object) - [External Documentation Object](#external-documentation-object) - [Parameter Object](#parameter-object) - [Request Body Object](#request-body-object) - [Media Type Object](#media-type-object) - [Encoding Object](#encoding-object) - [Responses Object](#responses-object) - [Response Object](#response-object) - [Callback Object](#callback-object) - [Example Object](#example-object) - [Link Object](#link-object) - [Header Object](#header-object) - [Tag Object](#tag-object) - [Reference Object](#reference-object) - [Schema Object](#schema-object) - [Discriminator Object](#discriminator-object) - [XML Object](#xml-object) - [Security Scheme Object](#security-scheme-object) - [OAuth Flows Object](#oauth-flows-object) - [OAuth Flow Object](#oauth-flow-object) - [Security Requirement Object](#security-requirement-object) - [Specification Extensions](#specification-extensions) - [Security Filtering](#security-filtering) - [Appendix A: Revision History](#appendix-a-revision-history) ## Definitions ##### OpenAPI Document A document (or set of documents) that defines or describes an API. An OpenAPI definition uses and conforms to the OpenAPI Specification. ##### Path Templating Path templating refers to the usage of curly braces ({}) to mark a section of a URL path as replaceable using path parameters. ##### Media Types Media type definitions are spread across several resources. The media type definitions SHOULD be in compliance with [RFC6838](http://tools.ietf.org/html/rfc6838). Some examples of possible media type definitions: ``` text/plain; charset=utf-8 application/json application/vnd.github+json application/vnd.github.v3+json application/vnd.github.v3.raw+json application/vnd.github.v3.text+json application/vnd.github.v3.html+json application/vnd.github.v3.full+json application/vnd.github.v3.diff application/vnd.github.v3.patch ``` ##### HTTP Status Codes The HTTP Status Codes are used to indicate the status of the executed operation. The available status codes are defined by [RFC7231](http://tools.ietf.org/html/rfc7231#section-6) and registered status codes are listed in the [IANA Status Code Registry](http://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml). ## Specification ### Versions The OpenAPI Specification is versioned using [Semantic Versioning 2.0.0](http://semver.org/spec/v2.0.0.html) (semver) and follows the semver specification. The `major`.`minor` portion of the semver (for example `3.0`) SHALL designate the OAS feature set. Typically, *`.patch`* versions address errors in this document, not the feature set. Tooling which supports OAS 3.0 SHOULD be compatible with all OAS 3.0.\* versions. The patch version SHOULD NOT be considered by tooling, making no distinction between `3.0.0` and `3.0.1` for example. Subsequent minor version releases of the OpenAPI Specification (incrementing the `minor` version number) SHOULD NOT interfere with tooling developed to a lower minor version and same major version. Thus a hypothetical `3.1.0` specification SHOULD be usable with tooling designed for `3.0.0`. An OpenAPI document compatible with OAS 3.\*.\* contains a required [`openapi`](#oasVersion) field which designates the semantic version of the OAS that it uses. (OAS 2.0 documents contain a top-level version field named [`swagger`](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#swaggerObject) and value `"2.0"`.) ### Format An OpenAPI document that conforms to the OpenAPI Specification is itself a JSON object, which may be represented either in JSON or YAML format. For example, if a field has an array value, the JSON array representation will be used: ```json { "field": [ 1, 2, 3 ] } ``` All field names in the specification are **case sensitive**. The schema exposes two types of fields: Fixed fields, which have a declared name, and Patterned fields, which declare a regex pattern for the field name. Patterned fields MUST have unique names within the containing object. In order to preserve the ability to round-trip between YAML and JSON formats, YAML version [1.2](http://www.yaml.org/spec/1.2/spec.html) is RECOMMENDED along with some additional constraints: - Tags MUST be limited to those allowed by the [JSON Schema ruleset](http://www.yaml.org/spec/1.2/spec.html#id2803231). - Keys used in YAML maps MUST be limited to a scalar string, as defined by the [YAML Failsafe schema ruleset](http://yaml.org/spec/1.2/spec.html#id2802346). **Note:** While APIs may be defined by OpenAPI documents in either YAML or JSON format, the API request and response bodies and other content are not required to be JSON or YAML. ### Document Structure An OpenAPI document MAY be made up of a single document or be divided into multiple, connected parts at the discretion of the user. In the latter case, `$ref` fields MUST be used in the specification to reference those parts as follows from the [JSON Schema](http://json-schema.org) definitions. It is RECOMMENDED that the root OpenAPI document be named: `openapi.json` or `openapi.yaml`. ### Data Types Primitive data types in the OAS are based on the types supported by the [JSON Schema Specification Wright Draft 00](https://tools.ietf.org/html/draft-wright-json-schema-00#section-4.2). Note that `integer` as a type is also supported and is defined as a JSON number without a fraction or exponent part. `null` is not supported as a type (see [`nullable`](#schemaNullable) for an alternative solution). Models are defined using the [Schema Object](#schema-object), which is an extended subset of JSON Schema Specification Wright Draft 00. Primitives have an optional modifier property: `format`. OAS uses several known formats to define in fine detail the data type being used. However, to support documentation needs, the `format` property is an open `string`-valued property, and can have any value. Formats such as `"email"`, `"uuid"`, and so on, MAY be used even though undefined by this specification. Types that are not accompanied by a `format` property follow the type definition in the JSON Schema. Tools that do not recognize a specific `format` MAY default back to the `type` alone, as if the `format` is not specified. The formats defined by the OAS are: Common Name | [`type`](#data-types) | [`format`](#dataTypeFormat) | Comments ----------- | ------ | -------- | -------- integer | `integer` | `int32` | signed 32 bits long | `integer` | `int64` | signed 64 bits float | `number` | `float` | | double | `number` | `double` | | string | `string` | | | byte | `string` | `byte` | base64 encoded characters binary | `string` | `binary` | any sequence of octets boolean | `boolean` | | | date | `string` | `date` | As defined by `full-date` - [RFC3339](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6) dateTime | `string` | `date-time` | As defined by `date-time` - [RFC3339](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6) password | `string` | `password` | A hint to UIs to obscure input. ### Rich Text Formatting Throughout the specification `description` fields are noted as supporting CommonMark markdown formatting. Where OpenAPI tooling renders rich text it MUST support, at a minimum, markdown syntax as described by [CommonMark 0.27](http://spec.commonmark.org/0.27/). Tooling MAY choose to ignore some CommonMark features to address security concerns. ### Relative References in URLs Unless specified otherwise, all properties that are URLs MAY be relative references as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-4.2). Relative references are resolved using the URLs defined in the [`Server Object`](#server-object) as a Base URI. Relative references used in `$ref` are processed as per [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03), using the URL of the current document as the base URI. See also the [Reference Object](#reference-object). ### Schema In the following description, if a field is not explicitly **REQUIRED** or described with a MUST or SHALL, it can be considered OPTIONAL. #### OpenAPI Object This is the root document object of the [OpenAPI document](#openapi-document). ##### Fixed Fields Field Name | Type | Description ---|:---:|--- openapi | `string` | **REQUIRED**. This string MUST be the [semantic version number](http://semver.org/spec/v2.0.0.html) of the [OpenAPI Specification version](#versions) that the OpenAPI document uses. The `openapi` field SHOULD be used by tooling specifications and clients to interpret the OpenAPI document. This is *not* related to the API [`info.version`](#infoVersion) string. info | [Info Object](#info-object) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` property is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#serverUrl) value of `/`. paths | [Paths Object](#paths-object) | **REQUIRED**. The available paths and operations for the API. components | [Components Object](#components-object) | An element to hold various schemas for the specification. security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. Individual operations can override this definition. tags | [[Tag Object](#tag-object)] | A list of tags used by the specification with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation. This object MAY be extended with [Specification Extensions](#specification-extensions). #### Info Object The object provides metadata about the API. The metadata MAY be used by the clients if needed, and MAY be presented in editing or documentation generation tools for convenience. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- title | `string` | **REQUIRED**. The title of the application. description | `string` | A short description of the application. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. termsOfService | `string` | A URL to the Terms of Service for the API. MUST be in the format of a URL. contact | [Contact Object](#contact-object) | The contact information for the exposed API. license | [License Object](#license-object) | The license information for the exposed API. version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oasVersion) or the API implementation version). This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Info Object Example: ```json { "title": "Sample Pet Store App", "description": "This is a sample server for a pet store.", "termsOfService": "http://example.com/terms/", "contact": { "name": "API Support", "url": "http://www.example.com/support", "email": "support@example.com" }, "license": { "name": "Apache 2.0", "url": "http://www.apache.org/licenses/LICENSE-2.0.html" }, "version": "1.0.1" } ``` ```yaml title: Sample Pet Store App description: This is a sample server for a pet store. termsOfService: http://example.com/terms/ contact: name: API Support url: http://www.example.com/support email: support@example.com license: name: Apache 2.0 url: http://www.apache.org/licenses/LICENSE-2.0.html version: 1.0.1 ``` #### Contact Object Contact information for the exposed API. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | The identifying name of the contact person/organization. url | `string` | The URL pointing to the contact information. MUST be in the format of a URL. email | `string` | The email address of the contact person/organization. MUST be in the format of an email address. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Contact Object Example: ```json { "name": "API Support", "url": "http://www.example.com/support", "email": "support@example.com" } ``` ```yaml name: API Support url: http://www.example.com/support email: support@example.com ``` #### License Object License information for the exposed API. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | **REQUIRED**. The license name used for the API. url | `string` | A URL to the license used for the API. MUST be in the format of a URL. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### License Object Example: ```json { "name": "Apache 2.0", "url": "http://www.apache.org/licenses/LICENSE-2.0.html" } ``` ```yaml name: Apache 2.0 url: http://www.apache.org/licenses/LICENSE-2.0.html ``` #### Server Object An object representing a Server. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the OpenAPI document is being served. Variable substitutions will be made when a variable is named in `{`brackets`}`. description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. variables | Map[`string`, [Server Variable Object](#server-variable-object)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Server Object Example A single server would be described as: ```json { "url": "https://development.gigantic-server.com/v1", "description": "Development server" } ``` ```yaml url: https://development.gigantic-server.com/v1 description: Development server ``` The following shows how multiple servers can be described, for example, at the OpenAPI Object's [`servers`](#oasServers): ```json { "servers": [ { "url": "https://development.gigantic-server.com/v1", "description": "Development server" }, { "url": "https://staging.gigantic-server.com/v1", "description": "Staging server" }, { "url": "https://api.gigantic-server.com/v1", "description": "Production server" } ] } ``` ```yaml servers: - url: https://development.gigantic-server.com/v1 description: Development server - url: https://staging.gigantic-server.com/v1 description: Staging server - url: https://api.gigantic-server.com/v1 description: Production server ``` The following shows how variables can be used for a server configuration: ```json { "servers": [ { "url": "https://{username}.gigantic-server.com:{port}/{basePath}", "description": "The production API server", "variables": { "username": { "default": "demo", "description": "this value is assigned by the service provider, in this example `gigantic-server.com`" }, "port": { "enum": [ "8443", "443" ], "default": "8443" }, "basePath": { "default": "v2" } } } ] } ``` ```yaml servers: - url: https://{username}.gigantic-server.com:{port}/{basePath} description: The production API server variables: username: # note! no enum here means it is an open value default: demo description: this value is assigned by the service provider, in this example `gigantic-server.com` port: enum: - '8443' - '443' default: '8443' basePath: # open meaning there is the opportunity to use special base paths as assigned by the provider, default is `v2` default: v2 ``` #### Server Variable Object An object representing a Server Variable for server URL template substitution. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- enum | [`string`] | An enumeration of string values to be used if the substitution options are from a limited set. default | `string` | **REQUIRED**. The default value to use for substitution, and to send, if an alternate value is _not_ supplied. Unlike the [Schema Object's](#schema-object) `default`, this value MUST be provided by the consumer. description | `string` | An optional description for the server variable. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. This object MAY be extended with [Specification Extensions](#specification-extensions). #### Components Object Holds a set of reusable objects for different aspects of the OAS. All objects defined within the components object will have no effect on the API unless they are explicitly referenced from properties outside the components object. ##### Fixed Fields Field Name | Type | Description ---|:---|--- schemas | Map[`string`, [Schema Object](#schema-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Schema Objects](#schema-object). responses | Map[`string`, [Response Object](#response-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Response Objects](#response-object). parameters | Map[`string`, [Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Parameter Objects](#parameter-object). examples | Map[`string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Example Objects](#example-object). requestBodies | Map[`string`, [Request Body Object](#request-body-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Request Body Objects](#request-body-object). headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Header Objects](#header-object). securitySchemes| Map[`string`, [Security Scheme Object](#security-scheme-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Security Scheme Objects](#security-scheme-object). links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Link Objects](#link-object). callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Callback Objects](#callback-object). This object MAY be extended with [Specification Extensions](#specification-extensions). All the fixed fields declared above are objects that MUST use keys that match the regular expression: `^[a-zA-Z0-9\.\-_]+$`. Field Name Examples: ``` User User_1 User_Name user-name my.org.User ``` ##### Components Object Example ```json "components": { "schemas": { "Category": { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } } }, "Tag": { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } } } }, "parameters": { "skipParam": { "name": "skip", "in": "query", "description": "number of items to skip", "required": true, "schema": { "type": "integer", "format": "int32" } }, "limitParam": { "name": "limit", "in": "query", "description": "max records to return", "required": true, "schema" : { "type": "integer", "format": "int32" } } }, "responses": { "NotFound": { "description": "Entity not found." }, "IllegalInput": { "description": "Illegal input for operation." }, "GeneralError": { "description": "General Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GeneralError" } } } } }, "securitySchemes": { "api_key": { "type": "apiKey", "name": "api_key", "in": "header" }, "petstore_auth": { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "http://example.org/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } } } } ``` ```yaml components: schemas: Category: type: object properties: id: type: integer format: int64 name: type: string Tag: type: object properties: id: type: integer format: int64 name: type: string parameters: skipParam: name: skip in: query description: number of items to skip required: true schema: type: integer format: int32 limitParam: name: limit in: query description: max records to return required: true schema: type: integer format: int32 responses: NotFound: description: Entity not found. IllegalInput: description: Illegal input for operation. GeneralError: description: General Error content: application/json: schema: $ref: '#/components/schemas/GeneralError' securitySchemes: api_key: type: apiKey name: api_key in: header petstore_auth: type: oauth2 flows: implicit: authorizationUrl: http://example.org/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### Paths Object Holds the relative paths to the individual endpoints and their operations. The path is appended to the URL from the [`Server Object`](#server-object) in order to construct the full URL. The Paths MAY be empty, due to [ACL constraints](#security-filtering). ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- /{path} | [Path Item Object](#path-item-object) | A relative path to an individual endpoint. The field name MUST begin with a slash. The path is **appended** (no relative URL resolution) to the expanded URL from the [`Server Object`](#server-object)'s `url` field in order to construct the full URL. [Path templating](#path-templating) is allowed. When matching URLs, concrete (non-templated) paths would be matched before their templated counterparts. Templated paths with the same hierarchy but different templated names MUST NOT exist as they are identical. In case of ambiguous matching, it's up to the tooling to decide which one to use. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Path Templating Matching Assuming the following paths, the concrete definition, `/pets/mine`, will be matched first if used: ``` /pets/{petId} /pets/mine ``` The following paths are considered identical and invalid: ``` /pets/{petId} /pets/{name} ``` The following may lead to ambiguous resolution: ``` /{entity}/me /books/{id} ``` ##### Paths Object Example ```json { "/pets": { "get": { "description": "Returns all pets from the system that the user has access to", "responses": { "200": { "description": "A list of pets.", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/pet" } } } } } } } } } ``` ```yaml /pets: get: description: Returns all pets from the system that the user has access to responses: '200': description: A list of pets. content: application/json: schema: type: array items: $ref: '#/components/schemas/pet' ``` #### Path Item Object Describes the operations available on a single path. A Path Item MAY be empty, due to [ACL constraints](#security-filtering). The path itself is still exposed to the documentation viewer but they will not know which operations and parameters are available. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- $ref | `string` | Allows for an external definition of this path item. The referenced structure MUST be in the format of a [Path Item Object](#path-item-object). If there are conflicts between the referenced definition and this Path Item's definition, the behavior is *undefined*. summary| `string` | An optional, string summary, intended to apply to all operations in this path. description | `string` | An optional, string description, intended to apply to all operations in this path. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. get | [Operation Object](#operation-object) | A definition of a GET operation on this path. put | [Operation Object](#operation-object) | A definition of a PUT operation on this path. post | [Operation Object](#operation-object) | A definition of a POST operation on this path. delete | [Operation Object](#operation-object) | A definition of a DELETE operation on this path. options | [Operation Object](#operation-object) | A definition of a OPTIONS operation on this path. head | [Operation Object](#operation-object) | A definition of a HEAD operation on this path. patch | [Operation Object](#operation-object) | A definition of a PATCH operation on this path. trace | [Operation Object](#operation-object) | A definition of a TRACE operation on this path. servers | [[Server Object](#server-object)] | An alternative `server` array to service all operations in this path. parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). The list can use the [Reference Object](#reference-object) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#componentsParameters). This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Path Item Object Example ```json { "get": { "description": "Returns pets based on ID", "summary": "Find pets by ID", "operationId": "getPetsById", "responses": { "200": { "description": "pet response", "content": { "*/*": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/Pet" } } } } }, "default": { "description": "error payload", "content": { "text/html": { "schema": { "$ref": "#/components/schemas/ErrorModel" } } } } } }, "parameters": [ { "name": "id", "in": "path", "description": "ID of pet to use", "required": true, "schema": { "type": "array", "items": { "type": "string" } }, "style": "simple" } ] } ``` ```yaml get: description: Returns pets based on ID summary: Find pets by ID operationId: getPetsById responses: '200': description: pet response content: '*/*' : schema: type: array items: $ref: '#/components/schemas/Pet' default: description: error payload content: 'text/html': schema: $ref: '#/components/schemas/ErrorModel' parameters: - name: id in: path description: ID of pet to use required: true schema: type: array style: simple items: type: string ``` #### Operation Object Describes a single API operation on a path. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- tags | [`string`] | A list of tags for API documentation control. Tags can be used for logical grouping of operations by resources or any other qualifier. summary | `string` | A short summary of what the operation does. description | `string` | A verbose explanation of the operation behavior. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this operation. operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is RECOMMENDED to follow common programming naming conventions. parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for this operation. If a parameter is already defined at the [Path Item](#pathItemParameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). The list can use the [Reference Object](#reference-object) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#componentsParameters). requestBody | [Request Body Object](#request-body-object) \| [Reference Object](#reference-object) | The request body applicable for this operation. The `requestBody` is only supported in HTTP methods where the HTTP 1.1 specification [RFC7231](https://tools.ietf.org/html/rfc7231#section-4.3.1) has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague, `requestBody` SHALL be ignored by consumers. responses | [Responses Object](#responses-object) | **REQUIRED**. The list of possible responses as they are returned from executing this operation. callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callback-object) that describes a request that may be initiated by the API provider and the expected responses. The key value used to identify the callback object is an expression, evaluated at runtime, that identifies a URL to use for the callback operation. deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. This definition overrides any declared top-level [`security`](#oasSecurity). To remove a top-level security declaration, an empty array can be used. servers | [[Server Object](#server-object)] | An alternative `server` array to service this operation. If an alternative `server` object is specified at the Path Item Object or Root level, it will be overridden by this value. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Operation Object Example ```json { "tags": [ "pet" ], "summary": "Updates a pet in the store with form data", "operationId": "updatePetWithForm", "parameters": [ { "name": "petId", "in": "path", "description": "ID of pet that needs to be updated", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/x-www-form-urlencoded": { "schema": { "type": "object", "properties": { "name": { "description": "Updated name of the pet", "type": "string" }, "status": { "description": "Updated status of the pet", "type": "string" } }, "required": ["status"] } } } }, "responses": { "200": { "description": "Pet updated.", "content": { "application/json": {}, "application/xml": {} } }, "405": { "description": "Invalid input", "content": { "application/json": {}, "application/xml": {} } } }, "security": [ { "petstore_auth": [ "write:pets", "read:pets" ] } ] } ``` ```yaml tags: - pet summary: Updates a pet in the store with form data operationId: updatePetWithForm parameters: - name: petId in: path description: ID of pet that needs to be updated required: true schema: type: string requestBody: content: 'application/x-www-form-urlencoded': schema: properties: name: description: Updated name of the pet type: string status: description: Updated status of the pet type: string required: - status responses: '200': description: Pet updated. content: 'application/json': {} 'application/xml': {} '405': description: Invalid input content: 'application/json': {} 'application/xml': {} security: - petstore_auth: - write:pets - read:pets ``` #### External Documentation Object Allows referencing an external resource for extended documentation. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- description | `string` | A short description of the target documentation. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. url | `string` | **REQUIRED**. The URL for the target documentation. Value MUST be in the format of a URL. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### External Documentation Object Example ```json { "description": "Find more info here", "url": "https://example.com" } ``` ```yaml description: Find more info here url: https://example.com ``` #### Parameter Object Describes a single operation parameter. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). ##### Parameter Locations There are four possible parameter locations specified by the `in` field: * path - Used together with [Path Templating](#path-templating), where the parameter value is actually part of the operation's URL. This does not include the host or base path of the API. For example, in `/items/{itemId}`, the path parameter is `itemId`. * query - Parameters that are appended to the URL. For example, in `/items?id=###`, the query parameter is `id`. * header - Custom headers that are expected as part of the request. Note that [RFC7230](https://tools.ietf.org/html/rfc7230#page-22) states header names are case insensitive. * cookie - Used to pass a specific cookie value to the API. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | **REQUIRED**. The name of the parameter. Parameter names are *case sensitive*.
  • If [`in`](#parameterIn) is `"path"`, the `name` field MUST correspond to the associated path segment from the [path](#pathsPath) field in the [Paths Object](#paths-object). See [Path Templating](#path-templating) for further information.
  • If [`in`](#parameterIn) is `"header"` and the `name` field is `"Accept"`, `"Content-Type"` or `"Authorization"`, the parameter definition SHALL be ignored.
  • For all other cases, the `name` corresponds to the parameter name used by the [`in`](#parameterIn) property.
in | `string` | **REQUIRED**. The location of the parameter. Possible values are "query", "header", "path" or "cookie". description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameterIn) is "path", this property is **REQUIRED** and its value MUST be `true`. Otherwise, the property MAY be included and its default value is `false`. deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. allowEmptyValue | `boolean` | Sets the ability to pass empty-valued parameters. This is valid only for `query` parameters and allows sending a parameter with an empty value. Default value is `false`. If [`style`](#parameterStyle) is used, and if behavior is `n/a` (cannot be serialized), the value of `allowEmptyValue` SHALL be ignored. The rules for serialization of the parameter are specified in one of two ways. For simpler scenarios, a [`schema`](#parameterSchema) and [`style`](#parameterStyle) can describe the structure and syntax of the parameter. Field Name | Type | Description ---|:---:|--- style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `query` - `form`; for `path` - `simple`; for `header` - `simple`; for `cookie` - `form`. explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this property has no effect. When [`style`](#parameterStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. allowReserved | `boolean` | Determines whether the parameter value SHOULD allow reserved characters, as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-2.2) `:/?#[]@!$&'()*+,;=` to be included without percent-encoding. This property only applies to parameters with an `in` value of `query`. The default value is `false`. schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the parameter. example | Any | Example of the media type. The example SHOULD match the specified schema and encoding properties if present. The `example` object is mutually exclusive of the `examples` object. Furthermore, if referencing a `schema` which contains an example, the `example` value SHALL _override_ the example provided by the schema. To represent examples of media types that cannot naturally be represented in JSON or YAML, a string value can contain the example with escaping where necessary. examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the media type. Each example SHOULD contain a value in the correct format as specified in the parameter encoding. The `examples` object is mutually exclusive of the `example` object. Furthermore, if referencing a `schema` which contains an example, the `examples` value SHALL _override_ the example provided by the schema. For more complex scenarios, the [`content`](#parameterContent) property can define the media type and schema of the parameter. A parameter MUST contain either a `schema` property, or a `content` property, but not both. When `example` or `examples` are provided in conjunction with the `schema` object, the example MUST follow the prescribed serialization strategy for the parameter. Field Name | Type | Description ---|:---:|--- content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing the representations for the parameter. The key is the media type and the value describes it. The map MUST only contain one entry. ##### Style Values In order to support common ways of serializing simple parameters, a set of `style` values are defined. `style` | [`type`](#data-types) | `in` | Comments ----------- | ------ | -------- | -------- matrix | `primitive`, `array`, `object` | `path` | Path-style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.7) label | `primitive`, `array`, `object` | `path` | Label style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.5) form | `primitive`, `array`, `object` | `query`, `cookie` | Form style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.8). This option replaces `collectionFormat` with a `csv` (when `explode` is false) or `multi` (when `explode` is true) value from OpenAPI 2.0. simple | `array` | `path`, `header` | Simple style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.2). This option replaces `collectionFormat` with a `csv` value from OpenAPI 2.0. spaceDelimited | `array` | `query` | Space separated array values. This option replaces `collectionFormat` equal to `ssv` from OpenAPI 2.0. pipeDelimited | `array` | `query` | Pipe separated array values. This option replaces `collectionFormat` equal to `pipes` from OpenAPI 2.0. deepObject | `object` | `query` | Provides a simple way of rendering nested objects using form parameters. ##### Style Examples Assume a parameter named `color` has one of the following values: ``` string -> "blue" array -> ["blue","black","brown"] object -> { "R": 100, "G": 200, "B": 150 } ``` The following table shows examples of rendering differences for each value. [`style`](#dataTypeFormat) | `explode` | `empty` | `string` | `array` | `object` ----------- | ------ | -------- | -------- | --------|------- matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 label | false | . | .blue | .blue.black.brown | .R.100.G.200.B.150 label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 form | false | color= | color=blue | color=blue,black,brown | color=R,100,G,200,B,150 form | true | color= | color=blue | color=blue&color=black&color=brown | R=100&G=200&B=150 simple | false | n/a | blue | blue,black,brown | R,100,G,200,B,150 simple | true | n/a | blue | blue,black,brown | R=100,G=200,B=150 spaceDelimited | false | n/a | n/a | blue%20black%20brown | R%20100%20G%20200%20B%20150 pipeDelimited | false | n/a | n/a | blue\|black\|brown | R\|100\|G\|200|G\|150 deepObject | true | n/a | n/a | n/a | color[R]=100&color[G]=200&color[B]=150 This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Parameter Object Examples A header parameter with an array of 64 bit integer numbers: ```json { "name": "token", "in": "header", "description": "token to be passed as a header", "required": true, "schema": { "type": "array", "items": { "type": "integer", "format": "int64" } }, "style": "simple" } ``` ```yaml name: token in: header description: token to be passed as a header required: true schema: type: array items: type: integer format: int64 style: simple ``` A path parameter of a string value: ```json { "name": "username", "in": "path", "description": "username to fetch", "required": true, "schema": { "type": "string" } } ``` ```yaml name: username in: path description: username to fetch required: true schema: type: string ``` An optional query parameter of a string value, allowing multiple values by repeating the query parameter: ```json { "name": "id", "in": "query", "description": "ID of the object to fetch", "required": false, "schema": { "type": "array", "items": { "type": "string" } }, "style": "form", "explode": true } ``` ```yaml name: id in: query description: ID of the object to fetch required: false schema: type: array items: type: string style: form explode: true ``` A free-form query parameter, allowing undefined parameters of a specific type: ```json { "in": "query", "name": "freeForm", "schema": { "type": "object", "additionalProperties": { "type": "integer" }, }, "style": "form" } ``` ```yaml in: query name: freeForm schema: type: object additionalProperties: type: integer style: form ``` A complex parameter using `content` to define serialization: ```json { "in": "query", "name": "coordinates", "content": { "application/json": { "schema": { "type": "object", "required": [ "lat", "long" ], "properties": { "lat": { "type": "number" }, "long": { "type": "number" } } } } } } ``` ```yaml in: query name: coordinates content: application/json: schema: type: object required: - lat - long properties: lat: type: number long: type: number ``` #### Request Body Object Describes a single request body. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- description | `string` | A brief description of the request body. This could contain examples of use. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. content | Map[`string`, [Media Type Object](#media-type-object)] | **REQUIRED**. The content of the request body. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For requests that match multiple keys, only the most specific key is applicable. e.g. text/plain overrides text/* required | `boolean` | Determines if the request body is required in the request. Defaults to `false`. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Request Body Examples A request body with a referenced model definition. ```json { "description": "user to add to the system", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/User" }, "examples": { "user" : { "summary": "User Example", "externalValue": "http://foo.bar/examples/user-example.json" } } }, "application/xml": { "schema": { "$ref": "#/components/schemas/User" }, "examples": { "user" : { "summary": "User example in XML", "externalValue": "http://foo.bar/examples/user-example.xml" } } }, "text/plain": { "examples": { "user" : { "summary": "User example in Plain text", "externalValue": "http://foo.bar/examples/user-example.txt" } } }, "*/*": { "examples": { "user" : { "summary": "User example in other format", "externalValue": "http://foo.bar/examples/user-example.whatever" } } } } } ``` ```yaml description: user to add to the system content: 'application/json': schema: $ref: '#/components/schemas/User' examples: user: summary: User Example externalValue: 'http://foo.bar/examples/user-example.json' 'application/xml': schema: $ref: '#/components/schemas/User' examples: user: summary: User Example in XML externalValue: 'http://foo.bar/examples/user-example.xml' 'text/plain': examples: user: summary: User example in text plain format externalValue: 'http://foo.bar/examples/user-example.txt' '*/*': examples: user: summary: User example in other format externalValue: 'http://foo.bar/examples/user-example.whatever' ``` A body parameter that is an array of string values: ```json { "description": "user to add to the system", "content": { "text/plain": { "schema": { "type": "array", "items": { "type": "string" } } } } } ``` ```yaml description: user to add to the system required: true content: text/plain: schema: type: array items: type: string ``` #### Media Type Object Each Media Type Object provides schema and examples for the media type identified by its key. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the request body. example | Any | Example of the media type. The example object SHOULD be in the correct format as specified by the media type. The `example` object is mutually exclusive of the `examples` object. Furthermore, if referencing a `schema` which contains an example, the `example` value SHALL _override_ the example provided by the schema. examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the media type. Each example object SHOULD match the media type and specified schema if present. The `examples` object is mutually exclusive of the `example` object. Furthermore, if referencing a `schema` which contains an example, the `examples` value SHALL _override_ the example provided by the schema. encoding | Map[`string`, [Encoding Object](#encoding-object)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The encoding object SHALL only apply to `requestBody` objects when the media type is `multipart` or `application/x-www-form-urlencoded`. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Media Type Examples ```js { "application/json": { "schema": { "$ref": "#/components/schemas/Pet" }, "examples": { "cat" : { "summary": "An example of a cat", "value": { "name": "Fluffy", "petType": "Cat", "color": "White", "gender": "male", "breed": "Persian" } }, "dog": { "summary": "An example of a dog with a cat's name", "value" : { "name": "Puma", "petType": "Dog", "color": "Black", "gender": "Female", "breed": "Mixed" }, "frog": { "$ref": "#/components/examples/frog-example" } } } } } ``` ```yaml application/json: schema: $ref: "#/components/schemas/Pet" examples: cat: summary: An example of a cat value: name: Fluffy petType: Cat color: White gender: male breed: Persian dog: summary: An example of a dog with a cat's name value: name: Puma petType: Dog color: Black gender: Female breed: Mixed frog: $ref: "#/components/examples/frog-example" ``` ##### Considerations for File Uploads In contrast with the 2.0 specification, `file` input/output content in OpenAPI is described with the same semantics as any other schema type. Specifically: ```yaml # content transferred with base64 encoding schema: type: string format: base64 ``` ```yaml # content transferred in binary (octet-stream): schema: type: string format: binary ``` These examples apply to either input payloads of file uploads or response payloads. A `requestBody` for submitting a file in a `POST` operation may look like the following example: ```yaml requestBody: content: application/octet-stream: # any media type is accepted, functionally equivalent to `*/*` schema: # a binary file of any type type: string format: binary ``` In addition, specific media types MAY be specified: ```yaml # multiple, specific media types may be specified: requestBody: content: # a binary file of type png or jpeg 'image/jpeg': schema: type: string format: binary 'image/png': schema: type: string format: binary ``` To upload multiple files, a `multipart` media type MUST be used: ```yaml requestBody: content: multipart/form-data: schema: properties: # The property name 'file' will be used for all files. file: type: array items: type: string format: binary ``` ##### Support for x-www-form-urlencoded Request Bodies To submit content using form url encoding via [RFC1866](https://tools.ietf.org/html/rfc1866), the following definition may be used: ```yaml requestBody: content: application/x-www-form-urlencoded: schema: type: object properties: id: type: string format: uuid address: # complex types are stringified to support RFC 1866 type: object properties: {} ``` In this example, the contents in the `requestBody` MUST be stringified per [RFC1866](https://tools.ietf.org/html/rfc1866/) when passed to the server. In addition, the `address` field complex object will be stringified. When passing complex objects in the `application/x-www-form-urlencoded` content type, the default serialization strategy of such properties is described in the [`Encoding Object`](#encoding-object)'s [`style`](#encodingStyle) property as `form`. ##### Special Considerations for `multipart` Content It is common to use `multipart/form-data` as a `Content-Type` when transferring request bodies to operations. In contrast to 2.0, a `schema` is REQUIRED to define the input parameters to the operation when using `multipart` content. This supports complex structures as well as supporting mechanisms for multiple file uploads. When passing in `multipart` types, boundaries MAY be used to separate sections of the content being transferred — thus, the following default `Content-Type`s are defined for `multipart`: * If the property is a primitive, or an array of primitive values, the default Content-Type is `text/plain` * If the property is complex, or an array of complex values, the default Content-Type is `application/json` * If the property is a `type: string` with `format: binary` or `format: base64` (aka a file object), the default Content-Type is `application/octet-stream` Examples: ```yaml requestBody: content: multipart/form-data: schema: type: object properties: id: type: string format: uuid address: # default Content-Type for objects is `application/json` type: object properties: {} profileImage: # default Content-Type for string/binary is `application/octet-stream` type: string format: binary children: # default Content-Type for arrays is based on the `inner` type (text/plain here) type: array items: type: string addresses: # default Content-Type for arrays is based on the `inner` type (object shown, so `application/json` in this example) type: array items: type: '#/components/schemas/Address' ``` An `encoding` attribute is introduced to give you control over the serialization of parts of `multipart` request bodies. This attribute is _only_ applicable to `multipart` and `application/x-www-form-urlencoded` request bodies. #### Encoding Object A single encoding definition applied to a single schema property. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- contentType | `string` | The Content-Type for encoding a specific property. Default value depends on the property type: for `string` with `format` being `binary` – `application/octet-stream`; for other primitive types – `text/plain`; for `object` - `application/json`; for `array` – the default is defined based on the inner type. The value can be a specific media type (e.g. `application/json`), a wildcard media type (e.g. `image/*`), or a comma-separated list of the two types. headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | A map allowing additional information to be provided as headers, for example `Content-Disposition`. `Content-Type` is described separately and SHALL be ignored in this section. This property SHALL be ignored if the request body media type is not a `multipart`. style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameter-object) for details on the [`style`](#parameterStyle) property. The behavior follows the same values as `query` parameters, including default values. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encodingStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. allowReserved | `boolean` | Determines whether the parameter value SHOULD allow reserved characters, as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-2.2) `:/?#[]@!$&'()*+,;=` to be included without percent-encoding. The default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Encoding Object Example ```yaml requestBody: content: multipart/mixed: schema: type: object properties: id: # default is text/plain type: string format: uuid address: # default is application/json type: object properties: {} historyMetadata: # need to declare XML format! description: metadata in XML format type: object properties: {} profileImage: # default is application/octet-stream, need to declare an image type only! type: string format: binary encoding: historyMetadata: # require XML Content-Type in utf-8 encoding contentType: application/xml; charset=utf-8 profileImage: # only accept png/jpeg contentType: image/png, image/jpeg headers: X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: integer ``` #### Responses Object A container for the expected responses of an operation. The container maps a HTTP response code to the expected response. The documentation is not necessarily expected to cover all possible HTTP response codes because they may not be known in advance. However, documentation is expected to cover a successful operation response and any known errors. The `default` MAY be used as a default response object for all HTTP codes that are not covered individually by the specification. The `Responses Object` MUST contain at least one response code, and it SHOULD be the response for a successful operation call. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- default | [Response Object](#response-object) \| [Reference Object](#reference-object) | The documentation of responses other than the ones declared for specific HTTP response codes. Use this field to cover undeclared responses. A [Reference Object](#reference-object) can link to a response that the [OpenAPI Object's components/responses](#componentsResponses) section defines. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- [HTTP Status Code](#http-status-codes) | [Response Object](#response-object) \| [Reference Object](#reference-object) | Any [HTTP status code](#http-status-codes) can be used as the property name, but only one property per code, to describe the expected response for that HTTP status code. A [Reference Object](#reference-object) can link to a response that is defined in the [OpenAPI Object's components/responses](#componentsResponses) section. This field MUST be enclosed in quotation marks (for example, "200") for compatibility between JSON and YAML. To define a range of response codes, this field MAY contain the uppercase wildcard character `X`. For example, `2XX` represents all response codes between `[200-299]`. The following range definitions are allowed: `1XX`, `2XX`, `3XX`, `4XX`, and `5XX`. If a response range is defined using an explicit code, the explicit code definition takes precedence over the range definition for that code. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Responses Object Example A 200 response for a successful operation and a default response for others (implying an error): ```json { "200": { "description": "a pet to be returned", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Pet" } } } }, "default": { "description": "Unexpected error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorModel" } } } } } ``` ```yaml '200': description: a pet to be returned content: application/json: schema: $ref: '#/components/schemas/Pet' default: description: Unexpected error content: application/json: schema: $ref: '#/components/schemas/ErrorModel' ``` #### Response Object Describes a single response from an API Operation, including design-time, static `links` to operations based on the response. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- description | `string` | **REQUIRED**. A short description of the response. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#page-22) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing descriptions of potential response payloads. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For responses that match multiple keys, only the most specific key is applicable. e.g. text/plain overrides text/* links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#components-object). This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Response Object Examples Response of an array of a complex type: ```json { "description": "A complex object array response", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/VeryComplexType" } } } } } ``` ```yaml description: A complex object array response content: application/json: schema: type: array items: $ref: '#/components/schemas/VeryComplexType' ``` Response with a string type: ```json { "description": "A simple string response", "content": { "text/plain": { "schema": { "type": "string" } } } } ``` ```yaml description: A simple string response representations: text/plain: schema: type: string ``` Plain text response with headers: ```json { "description": "A simple string response", "content": { "text/plain": { "schema": { "type": "string" } } }, "headers": { "X-Rate-Limit-Limit": { "description": "The number of allowed requests in the current period", "schema": { "type": "integer" } }, "X-Rate-Limit-Remaining": { "description": "The number of remaining requests in the current period", "schema": { "type": "integer" } }, "X-Rate-Limit-Reset": { "description": "The number of seconds left in the current period", "schema": { "type": "integer" } } } } ``` ```yaml description: A simple string response content: text/plain: schema: type: string example: 'whoa!' headers: X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: integer X-Rate-Limit-Remaining: description: The number of remaining requests in the current period schema: type: integer X-Rate-Limit-Reset: description: The number of seconds left in the current period schema: type: integer ``` Response with no return value: ```json { "description": "object created" } ``` ```yaml description: object created ``` #### Callback Object A map of possible out-of band callbacks related to the parent operation. Each value in the map is a [Path Item Object](#path-item-object) that describes a set of requests that may be initiated by the API provider and the expected responses. The key value used to identify the callback object is an expression, evaluated at runtime, that identifies a URL to use for the callback operation. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- {expression} | [Path Item Object](#path-item-object) | A Path Item Object used to define a callback request and expected responses. A [complete example](../examples/v3.0/callback-example.yaml) is available. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Key Expression The key that identifies the [Path Item Object](#path-item-object) is a [runtime expression](#runtime-expressions) that can be evaluated in the context of a runtime HTTP request/response to identify the URL to be used for the callback request. A simple example might be `$request.body#/url`. However, using a [runtime expression](#runtime-expressions) the complete HTTP message can be accessed. This includes accessing any part of a body that a JSON Pointer [RFC6901](https://tools.ietf.org/html/rfc6901) can reference. For example, given the following HTTP request: ```http POST /subscribe/myevent?queryUrl=http://clientdomain.com/stillrunning HTTP/1.1 Host: example.org Content-Type: application/json Content-Length: 187 { "failedUrl" : "http://clientdomain.com/failed", "successUrls" : [ "http://clientdomain.com/fast", "http://clientdomain.com/medium", "http://clientdomain.com/slow" ] } 201 Created Location: http://example.org/subscription/1 ``` The following examples show how the various expressions evaluate, assuming the callback operation has a path parameter named `eventType` and a query parameter named `queryUrl`. Expression | Value ---|:--- $url | http://example.org/subscribe/myevent?queryUrl=http://clientdomain.com/stillrunning $method | POST $request.path.eventType | myevent $request.query.queryUrl | http://clientdomain.com/stillrunning $request.header.content-Type | application/json $request.body#/failedUrl | http://clientdomain.com/stillrunning $request.body#/successUrls/2 | http://clientdomain.com/medium $response.header.Location | http://example.org/subscription/1 ##### Callback Object Example The following example shows a callback to the URL specified by the `id` and `email` property in the request body. ```yaml myWebhook: 'http://notificationServer.com?transactionId={$request.body#/id}&email={$request.body#/email}': post: requestBody: description: Callback payload content: 'application/json': schema: $ref: '#/components/schemas/SomePayload' responses: '200': description: webhook successfully processed and no retries will be performed ``` #### Example Object ##### Fixed Fields Field Name | Type | Description ---|:---:|--- summary | `string` | Short description for the example. description | `string` | Long description for the example. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. value | Any | Embedded literal example. The `value` field and `externalValue` field are mutually exclusive. To represent examples of media types that cannot naturally represented in JSON or YAML, use a string value to contain the example, escaping where necessary. externalValue | `string` | A URL that points to the literal example. This provides the capability to reference examples that cannot easily be included in JSON or YAML documents. The `value` field and `externalValue` field are mutually exclusive. This object MAY be extended with [Specification Extensions](#specification-extensions). In all cases, the example value is expected to be compatible with the type schema of its associated value. Tooling implementations MAY choose to validate compatibility automatically, and reject the example value(s) if incompatible. ##### Example Object Example ```yaml # in a model schemas: properties: name: type: string examples: name: $ref: http://example.org/petapi-examples/openapi.json#/components/examples/name-example # in a request body: requestBody: content: 'application/json': schema: $ref: '#/components/schemas/Address' examples: foo: summary: A foo example value: {"foo": "bar"} bar: summary: A bar example value: {"bar": "baz"} 'application/xml': examples: xmlExample: summary: This is an example in XML externalValue: 'http://example.org/examples/address-example.xml' 'text/plain': examples: textExample: summary: This is a text example externalValue: 'http://foo.bar/examples/address-example.txt' # in a parameter parameters: - name: 'zipCode' in: 'query' schema: type: 'string' format: 'zip-code' examples: zip-example: $ref: '#/components/examples/zip-example' # in a response responses: '200': description: your car appointment has been booked content: application/json: schema: $ref: '#/components/schemas/SuccessResponse' examples: confirmation-success: $ref: '#/components/examples/confirmation-success' ``` #### Link Object The `Link object` represents a possible design-time link for a response. The presence of a link does not guarantee the caller's ability to successfully invoke it, rather it provides a known relationship and traversal mechanism between responses and other operations. Unlike _dynamic_ links (i.e. links provided **in** the response payload), the OAS linking mechanism does not require link information in the runtime response. For computing links, and providing instructions to execute them, a [runtime expression](#runtime-expressions) is used for accessing values in an operation and using them as parameters while invoking the linked operation. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- operationRef | `string` | A relative or absolute reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operation-object). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operation-object) in the OpenAPI definition. operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. parameters | Map[`string`, Any \| [{expression}](#runtime-expressions)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used, whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. The parameter name can be qualified using the [parameter location](#parameterIn) `[{in}.]{name}` for operations that use the same parameter name in different locations (e.g. path.id). requestBody | Any \| [{expression}](#runtime-expressions) | A literal value or [{expression}](#runtime-expressions) to use as a request body when calling the target operation. description | `string` | A description of the link. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. server | [Server Object](#server-object) | A server object to be used by the target operation. This object MAY be extended with [Specification Extensions](#specification-extensions). A linked operation MUST be identified using either an `operationRef` or `operationId`. In the case of an `operationId`, it MUST be unique and resolved in the scope of the OAS document. Because of the potential for name clashes, the `operationRef` syntax is preferred for specifications with external references. ##### Examples Computing a link from a request operation where the `$request.path.id` is used to pass a request parameter to the linked operation. ```yaml paths: /users/{id}: parameters: - name: id in: path required: true description: the user identifier, as userId schema: type: string get: responses: '200': description: the user being returned content: application/json: schema: type: object properties: uuid: # the unique user id type: string format: uuid links: address: # the target link operationId operationId: getUserAddress parameters: # get the `id` field from the request path parameter named `id` userId: $request.path.id # the path item of the linked operation /users/{userid}/address: parameters: - name: userid in: path required: true description: the user identifier, as userId schema: type: string # linked operation get: operationId: getUserAddress responses: '200': description: the user's address ``` When a runtime expression fails to evaluate, no parameter value is passed to the target operation. Values from the response body can be used to drive a linked operation. ```yaml links: address: operationId: getUserAddressByUUID parameters: # get the `id` field from the request path parameter named `id` userUuid: $response.body#/uuid ``` Clients follow all links at their discretion. Neither permissions, nor the capability to make a successful call to that link, is guaranteed solely by the existence of a relationship. ##### OperationRef Examples As references to `operationId` MAY NOT be possible (the `operationId` is an optional value), references MAY also be made through a relative `operationRef`: ```yaml links: UserRepositories: # returns array of '#/components/schemas/repository' operationRef: '#/paths/~12.0~1repositories~1{username}/get' parameters: username: $response.body#/username ``` or an absolute `operationRef`: ```yaml links: UserRepositories: # returns array of '#/components/schemas/repository' operationRef: 'https://na2.gigantic-server.com/#/paths/~12.0~1repositories~1{username}/get' parameters: username: $response.body#/username ``` Note that in the use of `operationRef`, the _escaped forward-slash_ is necessary when using JSON references. ##### Runtime Expressions Runtime expressions allow defining values based on information that will only be available within the HTTP message in an actual API call. This mechanism is used by [Link Objects](#link-object) and [Callback Objects](#callback-object). The runtime expression is defined by the following [ABNF](https://tools.ietf.org/html/rfc5234) syntax ``` expression = ( "$url" | "$method" | "$statusCode" | "$request." source | "$response." source ) source = ( header-reference | query-reference | path-reference | body-reference ) header-reference = "header." token query-reference = "query." name path-reference = "path." name body-reference = "body" ["#" fragment] fragment = a JSON Pointer [RFC 6901](https://tools.ietf.org/html/rfc6901) name = *( char ) char = as per RFC [7159](https://tools.ietf.org/html/rfc7159#section-7) token = as per RFC [7230](https://tools.ietf.org/html/rfc7230#section-3.2.6) ``` The `name` identifier is case-sensitive, whereas `token` is not. The table below provides examples of runtime expressions and examples of their use in a value: ##### Examples Source Location | example expression | notes ---|:---|:---| HTTP Method | `$method` | The allowable values for the `$method` will be those for the HTTP operation. Requested media type | `$request.header.accept` | Request parameter | `$request.path.id` | Request parameters MUST be declared in the `parameters` section of the parent operation or they cannot be evaluated. This includes request headers. Request body property | `$request.body#/user/uuid` | In operations which accept payloads, references may be made to portions of the `requestBody` or the entire body. Request URL | `$url` | Response value | `$response.body#/status` | In operations which return payloads, references may be made to portions of the response body or the entire body. Response header | `$response.header.Server` | Single header values only are available Runtime expressions preserve the type of the referenced value. Expressions can be embedded into string values by surrounding the expression with `{}` curly braces. #### Header Object The Header Object follows the structure of the [Parameter Object](#parameter-object) with the following changes: 1. `name` MUST NOT be specified, it is given in the corresponding `headers` map. 1. `in` MUST NOT be specified, it is implicitly in `header`. 1. All traits that are affected by the location MUST be applicable to a location of `header` (for example, [`style`](#parameterStyle)). ##### Header Object Example A simple header of type `integer`: ```json { "description": "The number of allowed requests in the current period", "schema": { "type": "integer" } } ``` ```yaml description: The number of allowed requests in the current period schema: type: integer ``` #### Tag Object Adds metadata to a single tag that is used by the [Operation Object](#operation-object). It is not mandatory to have a Tag Object per tag defined in the Operation Object instances. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | **REQUIRED**. The name of the tag. description | `string` | A short description for the tag. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this tag. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Tag Object Example ```json { "name": "pet", "description": "Pets operations" } ``` ```yaml name: pet description: Pets operations ``` #### Examples Object In an `example`, a JSON Reference MAY be used, with the explicit restriction that examples having a JSON format with object named `$ref` are not allowed. Therefore, that `example`, structurally, can be either a string primitive or an object, similar to `additionalProperties`. In all cases, the payload is expected to be compatible with the type schema for the associated value. Tooling implementations MAY choose to validate compatibility automatically, and reject the example value(s) if they are incompatible. ```yaml # in a model schemas: properties: name: type: string example: $ref: http://foo.bar#/examples/name-example # in a request body, note the plural `examples` requestBody: content: 'application/json': schema: $ref: '#/components/schemas/Address' examples: foo: value: {"foo": "bar"} bar: value: {"bar": "baz"} 'application/xml': examples: xml: externalValue: 'http://foo.bar/examples/address-example.xml' 'text/plain': examples: text: externalValue: 'http://foo.bar/examples/address-example.txt' # in a parameter parameters: - name: 'zipCode' in: 'query' schema: type: 'string' format: 'zip-code' example: $ref: 'http://foo.bar#/examples/zip-example' # in a response, note the singular `example`: responses: '200': description: your car appointment has been booked content: application/json: schema: $ref: '#/components/schemas/SuccessResponse' example: $ref: http://foo.bar#/examples/address-example.json ``` #### Reference Object A simple object to allow referencing other components in the specification, internally and externally. The Reference Object is defined by [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03) and follows the same structure, behavior and rules. For this specification, reference resolution is accomplished as defined by the JSON Reference specification and not by the JSON Schema specification. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- $ref | `string` | **REQUIRED**. The reference string. This object cannot be extended with additional properties and any properties added SHALL be ignored. ##### Reference Object Example ```json { "$ref": "#/components/schemas/Pet" } ``` ```yaml $ref: '#/components/schemas/Pet' ``` ##### Relative Schema Document Example ```json { "$ref": "Pet.json" } ``` ```yaml $ref: Pet.yaml ``` ##### Relative Documents With Embedded Schema Example ```json { "$ref": "definitions.json#/Pet" } ``` ```yaml $ref: definitions.yaml#/Pet ``` #### Schema Object The Schema Object allows the definition of input and output data types. These types can be objects, but also primitives and arrays. This object is an extended subset of the [JSON Schema Specification Wright Draft 00](http://json-schema.org/). For more information about the properties, see [JSON Schema Core](https://tools.ietf.org/html/draft-wright-json-schema-00) and [JSON Schema Validation](https://tools.ietf.org/html/draft-wright-json-schema-validation-00). Unless stated otherwise, the property definitions follow the JSON Schema. ##### Properties The following properties are taken directly from the JSON Schema definition and follow the same specifications: - title - multipleOf - maximum - exclusiveMaximum - minimum - exclusiveMinimum - maxLength - minLength - pattern (This string SHOULD be a valid regular expression, according to the [ECMA 262 regular expression](https://www.ecma-international.org/ecma-262/5.1/#sec-7.8.5) dialect) - maxItems - minItems - uniqueItems - maxProperties - minProperties - required - enum The following properties are taken from the JSON Schema definition but their definitions were adjusted to the OpenAPI Specification. - type - Value MUST be a string. Multiple types via an array are not supported. - allOf - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. - oneOf - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. - anyOf - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. - not - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. - items - Value MUST be an object and not an array. Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. `items` MUST be present if the `type` is `array`. - properties - Property definitions MUST be a [Schema Object](#schema-object) and not a standard JSON Schema (inline or referenced). - additionalProperties - Value can be boolean or object. Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. - description - [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. - format - See [Data Type Formats](#dataTypeFormat) for further details. While relying on JSON Schema's defined formats, the OAS offers a few additional predefined formats. - default - The default value represents what would be assumed by the consumer of the input as the value of the schema if one is not provided. Unlike JSON Schema, the value MUST conform to the defined type for the Schema Object defined at the same level. For example, if `type` is `string`, then `default` can be `"foo"` but cannot be `1`. Alternatively, any time a Schema Object can be used, a [Reference Object](#reference-object) can be used in its place. This allows referencing definitions instead of defining them inline. Additional properties defined by the JSON Schema specification that are not mentioned here are strictly unsupported. Other than the JSON Schema subset fields, the following fields MAY be used for further schema documentation: ##### Fixed Fields Field Name | Type | Description ---|:---:|--- nullable | `boolean` | Allows sending a `null` value for the defined schema. Default value is `false`. discriminator | [Discriminator Object](#discriminator-object) | Adds support for polymorphism. The discriminator is an object name that is used to differentiate between other schemas which may satisfy the payload description. See [Composition and Inheritance](#composition-and-inheritance-polymorphism) for more details. readOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. writeOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. xml | [XML Object](#xml-object) | This MAY be used only on properties schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this schema. example | Any | A free-form property to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary. deprecated | `boolean` | Specifies that a schema is deprecated and SHOULD be transitioned out of usage. Default value is `false`. This object MAY be extended with [Specification Extensions](#specification-extensions). ###### Composition and Inheritance (Polymorphism) The OpenAPI Specification allows combining and extending model definitions using the `allOf` property of JSON Schema, in effect offering model composition. `allOf` takes an array of object definitions that are validated *independently* but together compose a single object. While composition offers model extensibility, it does not imply a hierarchy between the models. To support polymorphism, the OpenAPI Specification adds the `discriminator` field. When used, the `discriminator` will be the name of the property that decides which schema definition validates the structure of the model. As such, the `discriminator` field MUST be a required field. There are are two ways to define the value of a discriminator for an inheriting instance. - Use the schema name. - Override the schema name by overriding the property with a new value. If a new value exists, this takes precedence over the schema name. As such, inline schema definitions, which do not have a given id, *cannot* be used in polymorphism. ###### XML Modeling The [xml](#schemaXml) property allows extra definitions when translating the JSON definition to XML. The [XML Object](#xml-object) contains additional information about the available options. ##### Schema Object Examples ###### Primitive Sample ```json { "type": "string", "format": "email" } ``` ```yaml type: string format: email ``` ###### Simple Model ```json { "type": "object", "required": [ "name" ], "properties": { "name": { "type": "string" }, "address": { "$ref": "#/components/schemas/Address" }, "age": { "type": "integer", "format": "int32", "minimum": 0 } } } ``` ```yaml type: object required: - name properties: name: type: string address: $ref: '#/components/schemas/Address' age: type: integer format: int32 minimum: 0 ``` ###### Model with Map/Dictionary Properties For a simple string to string mapping: ```json { "type": "object", "additionalProperties": { "type": "string" } } ``` ```yaml type: object additionalProperties: type: string ``` For a string to model mapping: ```json { "type": "object", "additionalProperties": { "$ref": "#/components/schemas/ComplexModel" } } ``` ```yaml type: object additionalProperties: $ref: '#/components/schemas/ComplexModel' ``` ###### Model with Example ```json { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } }, "required": [ "name" ], "example": { "name": "Puma", "id": 1 } } ``` ```yaml type: object properties: id: type: integer format: int64 name: type: string required: - name example: name: Puma id: 1 ``` ###### Models with Composition ```json { "components": { "schemas": { "ErrorModel": { "type": "object", "required": [ "message", "code" ], "properties": { "message": { "type": "string" }, "code": { "type": "integer", "minimum": 100, "maximum": 600 } } }, "ExtendedErrorModel": { "allOf": [ { "$ref": "#/components/schemas/ErrorModel" }, { "type": "object", "required": [ "rootCause" ], "properties": { "rootCause": { "type": "string" } } } ] } } } } ``` ```yaml components: schemas: ErrorModel: type: object required: - message - code properties: message: type: string code: type: integer minimum: 100 maximum: 600 ExtendedErrorModel: allOf: - $ref: '#/components/schemas/ErrorModel' - type: object required: - rootCause properties: rootCause: type: string ``` ###### Models with Polymorphism Support ```json { "components": { "schemas": { "Pet": { "type": "object", "discriminator": { "propertyName": "petType" }, "properties": { "name": { "type": "string" }, "petType": { "type": "string" } }, "required": [ "name", "petType" ] }, "Cat": { "description": "A representation of a cat. Note that `Cat` will be used as the discriminator value.", "allOf": [ { "$ref": "#/components/schemas/Pet" }, { "type": "object", "properties": { "huntingSkill": { "type": "string", "description": "The measured skill for hunting", "default": "lazy", "enum": [ "clueless", "lazy", "adventurous", "aggressive" ] } }, "required": [ "huntingSkill" ] } ] }, "Dog": { "description": "A representation of a dog. Note that `Dog` will be used as the discriminator value.", "allOf": [ { "$ref": "#/components/schemas/Pet" }, { "type": "object", "properties": { "packSize": { "type": "integer", "format": "int32", "description": "the size of the pack the dog is from", "default": 0, "minimum": 0 } }, "required": [ "packSize" ] } ] } } } } ``` ```yaml components: schemas: Pet: type: object discriminator: propertyName: petType properties: name: type: string petType: type: string required: - name - petType Cat: ## "Cat" will be used as the discriminator value description: A representation of a cat allOf: - $ref: '#/components/schemas/Pet' - type: object properties: huntingSkill: type: string description: The measured skill for hunting enum: - clueless - lazy - adventurous - aggressive required: - huntingSkill Dog: ## "Dog" will be used as the discriminator value description: A representation of a dog allOf: - $ref: '#/components/schemas/Pet' - type: object properties: packSize: type: integer format: int32 description: the size of the pack the dog is from default: 0 minimum: 0 required: - packSize ``` #### Discriminator Object When request bodies or response payloads may be one of a number of different schemas, a `discriminator` object can be used to aid in serialization, deserialization, and validation. The discriminator is a specific object in a schema which is used to inform the consumer of the specification of an alternative schema based on the value associated with it. When using the discriminator, _inline_ schemas will not be considered. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminator value. mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or references. The discriminator attribute is legal only when using one of the composite keywords `oneOf`, `anyOf`, `allOf`. In OAS 3.0, a response payload MAY be described to be exactly one of any number of types: ``` MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' ``` which means the payload _MUST_, by validation, match exactly one of the schemas described by `Cat`, `Dog`, or `Lizard`. In this case, a discriminator MAY act as a "hint" to shortcut validation and selection of the matching schema which may be a costly operation, depending on the complexity of the schema. We can then describe exactly which field tells us which schema to use: ``` MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' discriminator: propertyName: pet_type ``` The expectation now is that a property with name `pet_type` _MUST_ be present in the response payload, and the value will correspond to the name of a schema defined in the OAS document. Thus the response payload: ``` { "id": 12345, "pet_type": "Cat" } ``` Will indicate that the `Cat` schema be used in conjunction with this payload. In scenarios where the value of the discriminator field does not match the schema name or implicit mapping is not possible, an optional `mapping` definition MAY be used: ``` MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' - $ref: 'https://gigantic-server.com/schemas/Monster/schema.json' discriminator: propertyName: pet_type mapping: dog: '#/components/schemas/Dog' monster: 'https://gigantic-server.com/schemas/Monster/schema.json' ``` Here the discriminator _value_ of `dog` will map to the schema `#/components/schemas/Dog`, rather than the default (implicit) value of `Dog`. If the discriminator _value_ does not match an implicit or explicit mapping, no schema can be determined and validation SHOULD fail. Mapping keys MUST be string values, but tooling MAY convert response values to strings for comparison. When used in conjunction with the `anyOf` construct, the use of the discriminator can avoid ambiguity where multiple schemas may satisfy a single payload. In both the `oneOf` and `anyOf` use cases, all possible schemas MUST be listed explicitly. To avoid redundancy, the discriminator MAY be added to a parent schema definition, and all schemas comprising the parent schema in an `allOf` construct may be used as an alternate schema. For example: ``` components: schemas: Pet: type: object required: - pet_type properties: pet_type: type: string discriminator: propertyName: pet_type mapping: cachorro: Dog Cat: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a `Cat` properties: name: type: string Dog: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a `Dog` properties: bark: type: string Lizard: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a `Lizard` properties: lovesRocks: type: boolean ``` a payload like this: ``` { "pet_type": "Cat", "name": "misty" } ``` will indicate that the `Cat` schema be used. Likewise this schema: ``` { "pet_type": "cachorro", "bark": "soft" } ``` will map to `Dog` because of the definition in the `mappings` element. #### XML Object A metadata object that allows for more fine-tuned XML model definitions. When using arrays, XML element names are *not* inferred (for singular/plural forms) and the `name` property SHOULD be used to add that information. See examples for expected behavior. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | Replaces the name of the element/attribute used for the described schema property. When defined within `items`, it will affect the name of the individual XML elements within the list. When defined alongside `type` being `array` (outside the `items`), it will affect the wrapping element and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. namespace | `string` | The URI of the namespace definition. Value MUST be in the form of an absolute URI. prefix | `string` | The prefix to be used for the [name](#xmlName). attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `array` (outside the `items`). This object MAY be extended with [Specification Extensions](#specification-extensions). ##### XML Object Examples The examples of the XML object definitions are included inside a property definition of a [Schema Object](#schema-object) with a sample of the XML representation of it. ###### No XML Element Basic string property: ```json { "animals": { "type": "string" } } ``` ```yaml animals: type: string ``` ```xml ... ``` Basic string array property ([`wrapped`](#xmlWrapped) is `false` by default): ```json { "animals": { "type": "array", "items": { "type": "string" } } } ``` ```yaml animals: type: array items: type: string ``` ```xml ... ... ... ``` ###### XML Name Replacement ```json { "animals": { "type": "string", "xml": { "name": "animal" } } } ``` ```yaml animals: type: string xml: name: animal ``` ```xml ... ``` ###### XML Attribute, Prefix and Namespace In this example, a full model definition is shown. ```json { "Person": { "type": "object", "properties": { "id": { "type": "integer", "format": "int32", "xml": { "attribute": true } }, "name": { "type": "string", "xml": { "namespace": "http://example.com/schema/sample", "prefix": "sample" } } } } } ``` ```yaml Person: type: object properties: id: type: integer format: int32 xml: attribute: true name: type: string xml: namespace: http://example.com/schema/sample prefix: sample ``` ```xml example ``` ###### XML Arrays Changing the element names: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } } } } ``` ```yaml animals: type: array items: type: string xml: name: animal ``` ```xml value value ``` The external `name` property has no effect on the XML: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "name": "aliens" } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: name: aliens ``` ```xml value value ``` Even when the array is wrapped, if a name is not explicitly defined, the same name will be used both internally and externally: ```json { "animals": { "type": "array", "items": { "type": "string" }, "xml": { "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: wrapped: true ``` ```xml value value ``` To overcome the naming problem in the example above, the following definition can be used: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: wrapped: true ``` ```xml value value ``` Affecting both internal and external names: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "name": "aliens", "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: name: aliens wrapped: true ``` ```xml value value ``` If we change the external element but not the internal ones: ```json { "animals": { "type": "array", "items": { "type": "string" }, "xml": { "name": "aliens", "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: aliens wrapped: true ``` ```xml value value ``` #### Security Scheme Object Defines a security scheme that can be used by the operations. Supported schemes are HTTP authentication, an API key (either as a header or as a query parameter), OAuth2's common flows (implicit, password, application and access code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [OpenID Connect Discovery](https://tools.ietf.org/html/draft-ietf-oauth-discovery-06). ##### Fixed Fields Field Name | Type | Applies To | Description ---|:---:|---|--- type | `string` | Any | **REQUIRED**. The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"oauth2"`, `"openIdConnect"`. description | `string` | Any | A short description for security scheme. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"` or `"cookie"`. scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authorization scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. flows | [OAuth Flows Object](#oauth-flows-object) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. OpenId Connect URL to discover OAuth2 configuration values. This MUST be in the form of a URL. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Security Scheme Object Example ###### Basic Authentication Sample ```json { "type": "http", "scheme": "basic" } ``` ```yaml type: http scheme: basic ``` ###### API Key Sample ```json { "type": "apiKey", "name": "api_key", "in": "header" } ``` ```yaml type: apiKey name: api_key in: header ``` ###### JWT Bearer Sample ```json { "type": "http", "scheme": "bearer", "bearerFormat": "JWT", } ``` ```yaml type: http scheme: bearer bearerFormat: JWT ``` ###### Implicit OAuth2 Sample ```json { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "https://example.com/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } } ``` ```yaml type: oauth2 flows: implicit: authorizationUrl: https://example.com/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### OAuth Flows Object Allows configuration of the supported OAuth Flows. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- implicit| [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Implicit flow password| [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Resource Owner Password flow clientCredentials| [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Client Credentials flow. Previously called `application` in OpenAPI 2.0. authorizationCode| [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Authorization Code flow. Previously called `accessCode` in OpenAPI 2.0. This object MAY be extended with [Specification Extensions](#specification-extensions). #### OAuth Flow Object Configuration details for a supported OAuth Flow ##### Fixed Fields Field Name | Type | Applies To | Description ---|:---:|---|--- authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### OAuth Flow Object Examples ```JSON { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "https://example.com/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } }, "authorizationCode": { "authorizationUrl": "https://example.com/api/oauth/dialog", "tokenUrl": "https://example.com/api/oauth/token", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } } ``` ```YAML type: oauth2 flows: implicit: authorizationUrl: https://example.com/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets authorizationCode: authorizationUrl: https://example.com/api/oauth/dialog tokenUrl: https://example.com/api/oauth/token scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### Security Requirement Object Lists the required security schemes to execute this operation. The name used for each property MUST correspond to a security scheme declared in the [Security Schemes](#componentsSecuritySchemes) under the [Components Object](#components-object). Security Requirement Objects that contain multiple schemes require that all schemes MUST be satisfied for a request to be authorized. This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information. When a list of Security Requirement Objects is defined on the [Open API object](#openapi-object) or [Operation Object](#operation-object), only one of Security Requirement Objects in the list needs to be satisfied to authorize the request. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- {name} | [`string`] | Each name MUST correspond to a security scheme which is declared in the [Security Schemes](#componentsSecuritySchemes) under the [Components Object](#components-object). If the security scheme is of type `"oauth2"` or `"openIdConnect"`, then the value is a list of scope names required for the execution. For other security scheme types, the array MUST be empty. ##### Security Requirement Object Examples ###### Non-OAuth2 Security Requirement ```json { "api_key": [] } ``` ```yaml api_key: [] ``` ###### OAuth2 Security Requirement ```json { "petstore_auth": [ "write:pets", "read:pets" ] } ``` ```yaml petstore_auth: - write:pets - read:pets ``` ### Specification Extensions While the OpenAPI Specification tries to accommodate most use cases, additional data can be added to extend the specification at certain points. The extensions properties are implemented as patterned fields that are always prefixed by `"x-"`. Field Pattern | Type | Description ---|:---:|--- ^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be `null`, a primitive, an array or an object. Can have any valid JSON format value. The extensions may or may not be supported by the available tooling, but those may be extended as well to add requested support (if tools are internal or open-sourced). ### Security Filtering Some objects in the OpenAPI Specification MAY be declared and remain empty, or be completely removed, even though they are inherently the core of the API documentation. The reasoning is to allow an additional layer of access control over the documentation. While not part of the specification itself, certain libraries MAY choose to allow access to parts of the documentation based on some form of authentication/authorization. Two examples of this: 1. The [Paths Object](#paths-object) MAY be empty. It may be counterintuitive, but this may tell the viewer that they got to the right place, but can't access any documentation. They'd still have access to the [Info Object](#info-object) which may contain additional information regarding authentication. 2. The [Path Item Object](#path-item-object) MAY be empty. In this case, the viewer will be aware that the path exists, but will not be able to see any of its operations or parameters. This is different than hiding the path itself from the [Paths Object](#paths-object), so the user will not be aware of its existence. This allows the documentation provider to finely control what the viewer can see. ## Appendix A: Revision History Version | Date | Notes --- | --- | --- 3.0.0 | 2017-07-26 | Release of the OpenAPI Specification 3.0.0 3.0.0-rc2 | 2017-06-16 | rc2 of the 3.0 specification 3.0.0-rc1 | 2017-04-27 | rc1 of the 3.0 specification 3.0.0-rc0 | 2017-02-28 | Implementer's Draft of the 3.0 specification 2.0 | 2015-12-31 | Donation of Swagger 2.0 to the Open API Initiative 2.0 | 2014-09-08 | Release of Swagger 2.0 1.2 | 2014-03-14 | Initial release of the formal document. 1.1 | 2012-08-22 | Release of Swagger 1.1 1.0 | 2011-08-10 | First release of the Swagger Specification OpenAPI-Specification-3.2.0/versions/3.0.1-editors.md000066400000000000000000000005571506330113000220240ustar00rootroot00000000000000## Active * Darrel Miller [@darrelmiller](https://github.com/darrelmiller) * Jeremy Whitlock [@whitlockjc](https://github.com/whitlockjc) * Marsh Gardiner [@earth2marsh](https://github.com/earth2marsh) * Ron Ratovsky [@webron](https://github.com/webron) ## Emeritus * Jason Harmon [@jharmn](https://github.com/jharmn) * Tony Tam [@fehguy](https://github.com/fehguy) OpenAPI-Specification-3.2.0/versions/3.0.1.md000066400000000000000000003555211506330113000203610ustar00rootroot00000000000000# OpenAPI Specification #### Version 3.0.1 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [BCP 14](https://tools.ietf.org/html/bcp14) [RFC2119](https://tools.ietf.org/html/rfc2119) [RFC8174](https://tools.ietf.org/html/rfc8174) when, and only when, they appear in all capitals, as shown here. This document is licensed under [The Apache License, Version 2.0](https://www.apache.org/licenses/LICENSE-2.0.html). ## Introduction The OpenAPI Specification (OAS) defines a standard, language-agnostic interface to RESTful APIs which allows both humans and computers to discover and understand the capabilities of the service without access to source code, documentation, or through network traffic inspection. When properly defined, a consumer can understand and interact with the remote service with a minimal amount of implementation logic. An OpenAPI definition can then be used by documentation generation tools to display the API, code generation tools to generate servers and clients in various programming languages, testing tools, and many other use cases. ## Table of Contents - [Definitions](#definitions) - [OpenAPI Document](#openapi-document) - [Path Templating](#path-templating) - [Media Types](#media-types) - [HTTP Status Codes](#http-status-codes) - [Specification](#specification) - [Versions](#versions) - [Format](#format) - [Document Structure](#document-structure) - [Data Types](#data-types) - [Rich Text Formatting](#rich-text-formatting) - [Relative References In URLs](#relative-references-in-urls) - [Schema](#schema) - [OpenAPI Object](#openapi-object) - [Info Object](#info-object) - [Contact Object](#contact-object) - [License Object](#license-object) - [Server Object](#server-object) - [Server Variable Object](#server-variable-object) - [Components Object](#components-object) - [Paths Object](#paths-object) - [Path Item Object](#path-item-object) - [Operation Object](#operation-object) - [External Documentation Object](#external-documentation-object) - [Parameter Object](#parameter-object) - [Request Body Object](#request-body-object) - [Media Type Object](#media-type-object) - [Encoding Object](#encoding-object) - [Responses Object](#responses-object) - [Response Object](#response-object) - [Callback Object](#callback-object) - [Example Object](#example-object) - [Link Object](#link-object) - [Header Object](#header-object) - [Tag Object](#tag-object) - [Reference Object](#reference-object) - [Schema Object](#schema-object) - [Discriminator Object](#discriminator-object) - [XML Object](#xml-object) - [Security Scheme Object](#security-scheme-object) - [OAuth Flows Object](#oauth-flows-object) - [OAuth Flow Object](#oauth-flow-object) - [Security Requirement Object](#security-requirement-object) - [Specification Extensions](#specification-extensions) - [Security Filtering](#security-filtering) - [Appendix A: Revision History](#appendix-a-revision-history) ## Definitions ##### OpenAPI Document A document (or set of documents) that defines or describes an API. An OpenAPI definition uses and conforms to the OpenAPI Specification. ##### Path Templating Path templating refers to the usage of curly braces ({}) to mark a section of a URL path as replaceable using path parameters. ##### Media Types Media type definitions are spread across several resources. The media type definitions SHOULD be in compliance with [RFC6838](https://tools.ietf.org/html/rfc6838). Some examples of possible media type definitions: ``` text/plain; charset=utf-8 application/json application/vnd.github+json application/vnd.github.v3+json application/vnd.github.v3.raw+json application/vnd.github.v3.text+json application/vnd.github.v3.html+json application/vnd.github.v3.full+json application/vnd.github.v3.diff application/vnd.github.v3.patch ``` ##### HTTP Status Codes The HTTP Status Codes are used to indicate the status of the executed operation. The available status codes are defined by [RFC7231](https://tools.ietf.org/html/rfc7231#section-6) and registered status codes are listed in the [IANA Status Code Registry](https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml). ## Specification ### Versions The OpenAPI Specification is versioned using [Semantic Versioning 2.0.0](https://semver.org/spec/v2.0.0.html) (semver) and follows the semver specification. The `major`.`minor` portion of the semver (for example `3.0`) SHALL designate the OAS feature set. Typically, *`.patch`* versions address errors in this document, not the feature set. Tooling which supports OAS 3.0 SHOULD be compatible with all OAS 3.0.\* versions. The patch version SHOULD NOT be considered by tooling, making no distinction between `3.0.0` and `3.0.1` for example. Subsequent minor version releases of the OpenAPI Specification (incrementing the `minor` version number) SHOULD NOT interfere with tooling developed to a lower minor version and same major version. Thus a hypothetical `3.1.0` specification SHOULD be usable with tooling designed for `3.0.0`. An OpenAPI document compatible with OAS 3.\*.\* contains a required [`openapi`](#oasVersion) field which designates the semantic version of the OAS that it uses. (OAS 2.0 documents contain a top-level version field named [`swagger`](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#swaggerObject) and value `"2.0"`.) ### Format An OpenAPI document that conforms to the OpenAPI Specification is itself a JSON object, which may be represented either in JSON or YAML format. For example, if a field has an array value, the JSON array representation will be used: ```json { "field": [ 1, 2, 3 ] } ``` All field names in the specification are **case sensitive**. The schema exposes two types of fields: Fixed fields, which have a declared name, and Patterned fields, which declare a regex pattern for the field name. Patterned fields MUST have unique names within the containing object. In order to preserve the ability to round-trip between YAML and JSON formats, YAML version [1.2](http://www.yaml.org/spec/1.2/spec.html) is RECOMMENDED along with some additional constraints: - Tags MUST be limited to those allowed by the [JSON Schema ruleset](http://www.yaml.org/spec/1.2/spec.html#id2803231). - Keys used in YAML maps MUST be limited to a scalar string, as defined by the [YAML Failsafe schema ruleset](http://yaml.org/spec/1.2/spec.html#id2802346). **Note:** While APIs may be defined by OpenAPI documents in either YAML or JSON format, the API request and response bodies and other content are not required to be JSON or YAML. ### Document Structure An OpenAPI document MAY be made up of a single document or be divided into multiple, connected parts at the discretion of the user. In the latter case, `$ref` fields MUST be used in the specification to reference those parts as follows from the [JSON Schema](http://json-schema.org) definitions. It is RECOMMENDED that the root OpenAPI document be named: `openapi.json` or `openapi.yaml`. ### Data Types Primitive data types in the OAS are based on the types supported by the [JSON Schema Specification Wright Draft 00](https://tools.ietf.org/html/draft-wright-json-schema-00#section-4.2). Note that `integer` as a type is also supported and is defined as a JSON number without a fraction or exponent part. `null` is not supported as a type (see [`nullable`](#schemaNullable) for an alternative solution). Models are defined using the [Schema Object](#schema-object), which is an extended subset of JSON Schema Specification Wright Draft 00. Primitives have an optional modifier property: `format`. OAS uses several known formats to define in fine detail the data type being used. However, to support documentation needs, the `format` property is an open `string`-valued property, and can have any value. Formats such as `"email"`, `"uuid"`, and so on, MAY be used even though undefined by this specification. Types that are not accompanied by a `format` property follow the type definition in the JSON Schema. Tools that do not recognize a specific `format` MAY default back to the `type` alone, as if the `format` is not specified. The formats defined by the OAS are: Common Name | [`type`](#data-types) | [`format`](#dataTypeFormat) | Comments ----------- | ------ | -------- | -------- integer | `integer` | `int32` | signed 32 bits long | `integer` | `int64` | signed 64 bits float | `number` | `float` | | double | `number` | `double` | | string | `string` | | | byte | `string` | `byte` | base64 encoded characters binary | `string` | `binary` | any sequence of octets boolean | `boolean` | | | date | `string` | `date` | As defined by `full-date` - [RFC3339](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6) dateTime | `string` | `date-time` | As defined by `date-time` - [RFC3339](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6) password | `string` | `password` | A hint to UIs to obscure input. ### Rich Text Formatting Throughout the specification `description` fields are noted as supporting CommonMark markdown formatting. Where OpenAPI tooling renders rich text it MUST support, at a minimum, markdown syntax as described by [CommonMark 0.27](http://spec.commonmark.org/0.27/). Tooling MAY choose to ignore some CommonMark features to address security concerns. ### Relative References in URLs Unless specified otherwise, all properties that are URLs MAY be relative references as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-4.2). Relative references are resolved using the URLs defined in the [`Server Object`](#server-object) as a Base URI. Relative references used in `$ref` are processed as per [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03), using the URL of the current document as the base URI. See also the [Reference Object](#reference-object). ### Schema In the following description, if a field is not explicitly **REQUIRED** or described with a MUST or SHALL, it can be considered OPTIONAL. #### OpenAPI Object This is the root document object of the [OpenAPI document](#openapi-document). ##### Fixed Fields Field Name | Type | Description ---|:---:|--- openapi | `string` | **REQUIRED**. This string MUST be the [semantic version number](https://semver.org/spec/v2.0.0.html) of the [OpenAPI Specification version](#versions) that the OpenAPI document uses. The `openapi` field SHOULD be used by tooling specifications and clients to interpret the OpenAPI document. This is *not* related to the API [`info.version`](#infoVersion) string. info | [Info Object](#info-object) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` property is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#serverUrl) value of `/`. paths | [Paths Object](#paths-object) | **REQUIRED**. The available paths and operations for the API. components | [Components Object](#components-object) | An element to hold various schemas for the specification. security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. Individual operations can override this definition. tags | [[Tag Object](#tag-object)] | A list of tags used by the specification with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation. This object MAY be extended with [Specification Extensions](#specification-extensions). #### Info Object The object provides metadata about the API. The metadata MAY be used by the clients if needed, and MAY be presented in editing or documentation generation tools for convenience. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- title | `string` | **REQUIRED**. The title of the application. description | `string` | A short description of the application. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. termsOfService | `string` | A URL to the Terms of Service for the API. MUST be in the format of a URL. contact | [Contact Object](#contact-object) | The contact information for the exposed API. license | [License Object](#license-object) | The license information for the exposed API. version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oasVersion) or the API implementation version). This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Info Object Example: ```json { "title": "Sample Pet Store App", "description": "This is a sample server for a pet store.", "termsOfService": "http://example.com/terms/", "contact": { "name": "API Support", "url": "http://www.example.com/support", "email": "support@example.com" }, "license": { "name": "Apache 2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" }, "version": "1.0.1" } ``` ```yaml title: Sample Pet Store App description: This is a sample server for a pet store. termsOfService: http://example.com/terms/ contact: name: API Support url: http://www.example.com/support email: support@example.com license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html version: 1.0.1 ``` #### Contact Object Contact information for the exposed API. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | The identifying name of the contact person/organization. url | `string` | The URL pointing to the contact information. MUST be in the format of a URL. email | `string` | The email address of the contact person/organization. MUST be in the format of an email address. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Contact Object Example: ```json { "name": "API Support", "url": "http://www.example.com/support", "email": "support@example.com" } ``` ```yaml name: API Support url: http://www.example.com/support email: support@example.com ``` #### License Object License information for the exposed API. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | **REQUIRED**. The license name used for the API. url | `string` | A URL to the license used for the API. MUST be in the format of a URL. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### License Object Example: ```json { "name": "Apache 2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" } ``` ```yaml name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html ``` #### Server Object An object representing a Server. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the OpenAPI document is being served. Variable substitutions will be made when a variable is named in `{`brackets`}`. description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. variables | Map[`string`, [Server Variable Object](#server-variable-object)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Server Object Example A single server would be described as: ```json { "url": "https://development.gigantic-server.com/v1", "description": "Development server" } ``` ```yaml url: https://development.gigantic-server.com/v1 description: Development server ``` The following shows how multiple servers can be described, for example, at the OpenAPI Object's [`servers`](#oasServers): ```json { "servers": [ { "url": "https://development.gigantic-server.com/v1", "description": "Development server" }, { "url": "https://staging.gigantic-server.com/v1", "description": "Staging server" }, { "url": "https://api.gigantic-server.com/v1", "description": "Production server" } ] } ``` ```yaml servers: - url: https://development.gigantic-server.com/v1 description: Development server - url: https://staging.gigantic-server.com/v1 description: Staging server - url: https://api.gigantic-server.com/v1 description: Production server ``` The following shows how variables can be used for a server configuration: ```json { "servers": [ { "url": "https://{username}.gigantic-server.com:{port}/{basePath}", "description": "The production API server", "variables": { "username": { "default": "demo", "description": "this value is assigned by the service provider, in this example `gigantic-server.com`" }, "port": { "enum": [ "8443", "443" ], "default": "8443" }, "basePath": { "default": "v2" } } } ] } ``` ```yaml servers: - url: https://{username}.gigantic-server.com:{port}/{basePath} description: The production API server variables: username: # note! no enum here means it is an open value default: demo description: this value is assigned by the service provider, in this example `gigantic-server.com` port: enum: - '8443' - '443' default: '8443' basePath: # open meaning there is the opportunity to use special base paths as assigned by the provider, default is `v2` default: v2 ``` #### Server Variable Object An object representing a Server Variable for server URL template substitution. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- enum | [`string`] | An enumeration of string values to be used if the substitution options are from a limited set. default | `string` | **REQUIRED**. The default value to use for substitution, and to send, if an alternate value is _not_ supplied. Unlike the [Schema Object's](#schema-object) `default`, this value MUST be provided by the consumer. description | `string` | An optional description for the server variable. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. This object MAY be extended with [Specification Extensions](#specification-extensions). #### Components Object Holds a set of reusable objects for different aspects of the OAS. All objects defined within the components object will have no effect on the API unless they are explicitly referenced from properties outside the components object. ##### Fixed Fields Field Name | Type | Description ---|:---|--- schemas | Map[`string`, [Schema Object](#schema-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Schema Objects](#schema-object). responses | Map[`string`, [Response Object](#response-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Response Objects](#response-object). parameters | Map[`string`, [Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Parameter Objects](#parameter-object). examples | Map[`string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Example Objects](#example-object). requestBodies | Map[`string`, [Request Body Object](#request-body-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Request Body Objects](#request-body-object). headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Header Objects](#header-object). securitySchemes| Map[`string`, [Security Scheme Object](#security-scheme-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Security Scheme Objects](#security-scheme-object). links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Link Objects](#link-object). callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Callback Objects](#callback-object). This object MAY be extended with [Specification Extensions](#specification-extensions). All the fixed fields declared above are objects that MUST use keys that match the regular expression: `^[a-zA-Z0-9\.\-_]+$`. Field Name Examples: ``` User User_1 User_Name user-name my.org.User ``` ##### Components Object Example ```json "components": { "schemas": { "Category": { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } } }, "Tag": { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } } } }, "parameters": { "skipParam": { "name": "skip", "in": "query", "description": "number of items to skip", "required": true, "schema": { "type": "integer", "format": "int32" } }, "limitParam": { "name": "limit", "in": "query", "description": "max records to return", "required": true, "schema" : { "type": "integer", "format": "int32" } } }, "responses": { "NotFound": { "description": "Entity not found." }, "IllegalInput": { "description": "Illegal input for operation." }, "GeneralError": { "description": "General Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GeneralError" } } } } }, "securitySchemes": { "api_key": { "type": "apiKey", "name": "api_key", "in": "header" }, "petstore_auth": { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "http://example.org/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } } } } ``` ```yaml components: schemas: Category: type: object properties: id: type: integer format: int64 name: type: string Tag: type: object properties: id: type: integer format: int64 name: type: string parameters: skipParam: name: skip in: query description: number of items to skip required: true schema: type: integer format: int32 limitParam: name: limit in: query description: max records to return required: true schema: type: integer format: int32 responses: NotFound: description: Entity not found. IllegalInput: description: Illegal input for operation. GeneralError: description: General Error content: application/json: schema: $ref: '#/components/schemas/GeneralError' securitySchemes: api_key: type: apiKey name: api_key in: header petstore_auth: type: oauth2 flows: implicit: authorizationUrl: http://example.org/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### Paths Object Holds the relative paths to the individual endpoints and their operations. The path is appended to the URL from the [`Server Object`](#server-object) in order to construct the full URL. The Paths MAY be empty, due to [ACL constraints](#security-filtering). ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- /{path} | [Path Item Object](#path-item-object) | A relative path to an individual endpoint. The field name MUST begin with a slash. The path is **appended** (no relative URL resolution) to the expanded URL from the [`Server Object`](#server-object)'s `url` field in order to construct the full URL. [Path templating](#path-templating) is allowed. When matching URLs, concrete (non-templated) paths would be matched before their templated counterparts. Templated paths with the same hierarchy but different templated names MUST NOT exist as they are identical. In case of ambiguous matching, it's up to the tooling to decide which one to use. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Path Templating Matching Assuming the following paths, the concrete definition, `/pets/mine`, will be matched first if used: ``` /pets/{petId} /pets/mine ``` The following paths are considered identical and invalid: ``` /pets/{petId} /pets/{name} ``` The following may lead to ambiguous resolution: ``` /{entity}/me /books/{id} ``` ##### Paths Object Example ```json { "/pets": { "get": { "description": "Returns all pets from the system that the user has access to", "responses": { "200": { "description": "A list of pets.", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/pet" } } } } } } } } } ``` ```yaml /pets: get: description: Returns all pets from the system that the user has access to responses: '200': description: A list of pets. content: application/json: schema: type: array items: $ref: '#/components/schemas/pet' ``` #### Path Item Object Describes the operations available on a single path. A Path Item MAY be empty, due to [ACL constraints](#security-filtering). The path itself is still exposed to the documentation viewer but they will not know which operations and parameters are available. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- $ref | `string` | Allows for an external definition of this path item. The referenced structure MUST be in the format of a [Path Item Object](#path-item-object). If there are conflicts between the referenced definition and this Path Item's definition, the behavior is *undefined*. summary| `string` | An optional, string summary, intended to apply to all operations in this path. description | `string` | An optional, string description, intended to apply to all operations in this path. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. get | [Operation Object](#operation-object) | A definition of a GET operation on this path. put | [Operation Object](#operation-object) | A definition of a PUT operation on this path. post | [Operation Object](#operation-object) | A definition of a POST operation on this path. delete | [Operation Object](#operation-object) | A definition of a DELETE operation on this path. options | [Operation Object](#operation-object) | A definition of a OPTIONS operation on this path. head | [Operation Object](#operation-object) | A definition of a HEAD operation on this path. patch | [Operation Object](#operation-object) | A definition of a PATCH operation on this path. trace | [Operation Object](#operation-object) | A definition of a TRACE operation on this path. servers | [[Server Object](#server-object)] | An alternative `server` array to service all operations in this path. parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). The list can use the [Reference Object](#reference-object) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#componentsParameters). This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Path Item Object Example ```json { "get": { "description": "Returns pets based on ID", "summary": "Find pets by ID", "operationId": "getPetsById", "responses": { "200": { "description": "pet response", "content": { "*/*": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/Pet" } } } } }, "default": { "description": "error payload", "content": { "text/html": { "schema": { "$ref": "#/components/schemas/ErrorModel" } } } } } }, "parameters": [ { "name": "id", "in": "path", "description": "ID of pet to use", "required": true, "schema": { "type": "array", "items": { "type": "string" } }, "style": "simple" } ] } ``` ```yaml get: description: Returns pets based on ID summary: Find pets by ID operationId: getPetsById responses: '200': description: pet response content: '*/*' : schema: type: array items: $ref: '#/components/schemas/Pet' default: description: error payload content: 'text/html': schema: $ref: '#/components/schemas/ErrorModel' parameters: - name: id in: path description: ID of pet to use required: true schema: type: array style: simple items: type: string ``` #### Operation Object Describes a single API operation on a path. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- tags | [`string`] | A list of tags for API documentation control. Tags can be used for logical grouping of operations by resources or any other qualifier. summary | `string` | A short summary of what the operation does. description | `string` | A verbose explanation of the operation behavior. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this operation. operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is RECOMMENDED to follow common programming naming conventions. parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for this operation. If a parameter is already defined at the [Path Item](#pathItemParameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). The list can use the [Reference Object](#reference-object) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#componentsParameters). requestBody | [Request Body Object](#request-body-object) \| [Reference Object](#reference-object) | The request body applicable for this operation. The `requestBody` is only supported in HTTP methods where the HTTP 1.1 specification [RFC7231](https://tools.ietf.org/html/rfc7231#section-4.3.1) has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague, `requestBody` SHALL be ignored by consumers. responses | [Responses Object](#responses-object) | **REQUIRED**. The list of possible responses as they are returned from executing this operation. callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callback-object) that describes a request that may be initiated by the API provider and the expected responses. The key value used to identify the callback object is an expression, evaluated at runtime, that identifies a URL to use for the callback operation. deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. This definition overrides any declared top-level [`security`](#oasSecurity). To remove a top-level security declaration, an empty array can be used. servers | [[Server Object](#server-object)] | An alternative `server` array to service this operation. If an alternative `server` object is specified at the Path Item Object or Root level, it will be overridden by this value. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Operation Object Example ```json { "tags": [ "pet" ], "summary": "Updates a pet in the store with form data", "operationId": "updatePetWithForm", "parameters": [ { "name": "petId", "in": "path", "description": "ID of pet that needs to be updated", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/x-www-form-urlencoded": { "schema": { "type": "object", "properties": { "name": { "description": "Updated name of the pet", "type": "string" }, "status": { "description": "Updated status of the pet", "type": "string" } }, "required": ["status"] } } } }, "responses": { "200": { "description": "Pet updated.", "content": { "application/json": {}, "application/xml": {} } }, "405": { "description": "Invalid input", "content": { "application/json": {}, "application/xml": {} } } }, "security": [ { "petstore_auth": [ "write:pets", "read:pets" ] } ] } ``` ```yaml tags: - pet summary: Updates a pet in the store with form data operationId: updatePetWithForm parameters: - name: petId in: path description: ID of pet that needs to be updated required: true schema: type: string requestBody: content: 'application/x-www-form-urlencoded': schema: properties: name: description: Updated name of the pet type: string status: description: Updated status of the pet type: string required: - status responses: '200': description: Pet updated. content: 'application/json': {} 'application/xml': {} '405': description: Invalid input content: 'application/json': {} 'application/xml': {} security: - petstore_auth: - write:pets - read:pets ``` #### External Documentation Object Allows referencing an external resource for extended documentation. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- description | `string` | A short description of the target documentation. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. url | `string` | **REQUIRED**. The URL for the target documentation. Value MUST be in the format of a URL. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### External Documentation Object Example ```json { "description": "Find more info here", "url": "https://example.com" } ``` ```yaml description: Find more info here url: https://example.com ``` #### Parameter Object Describes a single operation parameter. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). ##### Parameter Locations There are four possible parameter locations specified by the `in` field: * path - Used together with [Path Templating](#path-templating), where the parameter value is actually part of the operation's URL. This does not include the host or base path of the API. For example, in `/items/{itemId}`, the path parameter is `itemId`. * query - Parameters that are appended to the URL. For example, in `/items?id=###`, the query parameter is `id`. * header - Custom headers that are expected as part of the request. Note that [RFC7230](https://tools.ietf.org/html/rfc7230#page-22) states header names are case insensitive. * cookie - Used to pass a specific cookie value to the API. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | **REQUIRED**. The name of the parameter. Parameter names are *case sensitive*.
  • If [`in`](#parameterIn) is `"path"`, the `name` field MUST correspond to the associated path segment from the [path](#pathsPath) field in the [Paths Object](#paths-object). See [Path Templating](#path-templating) for further information.
  • If [`in`](#parameterIn) is `"header"` and the `name` field is `"Accept"`, `"Content-Type"` or `"Authorization"`, the parameter definition SHALL be ignored.
  • For all other cases, the `name` corresponds to the parameter name used by the [`in`](#parameterIn) property.
in | `string` | **REQUIRED**. The location of the parameter. Possible values are "query", "header", "path" or "cookie". description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameterIn) is "path", this property is **REQUIRED** and its value MUST be `true`. Otherwise, the property MAY be included and its default value is `false`. deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. allowEmptyValue | `boolean` | Sets the ability to pass empty-valued parameters. This is valid only for `query` parameters and allows sending a parameter with an empty value. Default value is `false`. If [`style`](#parameterStyle) is used, and if behavior is `n/a` (cannot be serialized), the value of `allowEmptyValue` SHALL be ignored. The rules for serialization of the parameter are specified in one of two ways. For simpler scenarios, a [`schema`](#parameterSchema) and [`style`](#parameterStyle) can describe the structure and syntax of the parameter. Field Name | Type | Description ---|:---:|--- style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `query` - `form`; for `path` - `simple`; for `header` - `simple`; for `cookie` - `form`. explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this property has no effect. When [`style`](#parameterStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. allowReserved | `boolean` | Determines whether the parameter value SHOULD allow reserved characters, as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-2.2) `:/?#[]@!$&'()*+,;=` to be included without percent-encoding. This property only applies to parameters with an `in` value of `query`. The default value is `false`. schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the parameter. example | Any | Example of the media type. The example SHOULD match the specified schema and encoding properties if present. The `example` field is mutually exclusive of the `examples` field. Furthermore, if referencing a `schema` which contains an example, the `example` value SHALL _override_ the example provided by the schema. To represent examples of media types that cannot naturally be represented in JSON or YAML, a string value can contain the example with escaping where necessary. examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the media type. Each example SHOULD contain a value in the correct format as specified in the parameter encoding. The `examples` field is mutually exclusive of the `example` field. Furthermore, if referencing a `schema` which contains an example, the `examples` value SHALL _override_ the example provided by the schema. For more complex scenarios, the [`content`](#parameterContent) property can define the media type and schema of the parameter. A parameter MUST contain either a `schema` property, or a `content` property, but not both. When `example` or `examples` are provided in conjunction with the `schema` object, the example MUST follow the prescribed serialization strategy for the parameter. Field Name | Type | Description ---|:---:|--- content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing the representations for the parameter. The key is the media type and the value describes it. The map MUST only contain one entry. ##### Style Values In order to support common ways of serializing simple parameters, a set of `style` values are defined. `style` | [`type`](#data-types) | `in` | Comments ----------- | ------ | -------- | -------- matrix | `primitive`, `array`, `object` | `path` | Path-style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.7) label | `primitive`, `array`, `object` | `path` | Label style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.5) form | `primitive`, `array`, `object` | `query`, `cookie` | Form style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.8). This option replaces `collectionFormat` with a `csv` (when `explode` is false) or `multi` (when `explode` is true) value from OpenAPI 2.0. simple | `array` | `path`, `header` | Simple style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.2). This option replaces `collectionFormat` with a `csv` value from OpenAPI 2.0. spaceDelimited | `array` | `query` | Space separated array values. This option replaces `collectionFormat` equal to `ssv` from OpenAPI 2.0. pipeDelimited | `array` | `query` | Pipe separated array values. This option replaces `collectionFormat` equal to `pipes` from OpenAPI 2.0. deepObject | `object` | `query` | Provides a simple way of rendering nested objects using form parameters. ##### Style Examples Assume a parameter named `color` has one of the following values: ``` string -> "blue" array -> ["blue","black","brown"] object -> { "R": 100, "G": 200, "B": 150 } ``` The following table shows examples of rendering differences for each value. [`style`](#dataTypeFormat) | `explode` | `empty` | `string` | `array` | `object` ----------- | ------ | -------- | -------- | --------|------- matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 label | false | . | .blue | .blue.black.brown | .R.100.G.200.B.150 label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 form | false | color= | color=blue | color=blue,black,brown | color=R,100,G,200,B,150 form | true | color= | color=blue | color=blue&color=black&color=brown | R=100&G=200&B=150 simple | false | n/a | blue | blue,black,brown | R,100,G,200,B,150 simple | true | n/a | blue | blue,black,brown | R=100,G=200,B=150 spaceDelimited | false | n/a | n/a | blue%20black%20brown | R%20100%20G%20200%20B%20150 pipeDelimited | false | n/a | n/a | blue\|black\|brown | R\|100\|G\|200|G\|150 deepObject | true | n/a | n/a | n/a | color[R]=100&color[G]=200&color[B]=150 This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Parameter Object Examples A header parameter with an array of 64 bit integer numbers: ```json { "name": "token", "in": "header", "description": "token to be passed as a header", "required": true, "schema": { "type": "array", "items": { "type": "integer", "format": "int64" } }, "style": "simple" } ``` ```yaml name: token in: header description: token to be passed as a header required: true schema: type: array items: type: integer format: int64 style: simple ``` A path parameter of a string value: ```json { "name": "username", "in": "path", "description": "username to fetch", "required": true, "schema": { "type": "string" } } ``` ```yaml name: username in: path description: username to fetch required: true schema: type: string ``` An optional query parameter of a string value, allowing multiple values by repeating the query parameter: ```json { "name": "id", "in": "query", "description": "ID of the object to fetch", "required": false, "schema": { "type": "array", "items": { "type": "string" } }, "style": "form", "explode": true } ``` ```yaml name: id in: query description: ID of the object to fetch required: false schema: type: array items: type: string style: form explode: true ``` A free-form query parameter, allowing undefined parameters of a specific type: ```json { "in": "query", "name": "freeForm", "schema": { "type": "object", "additionalProperties": { "type": "integer" }, }, "style": "form" } ``` ```yaml in: query name: freeForm schema: type: object additionalProperties: type: integer style: form ``` A complex parameter using `content` to define serialization: ```json { "in": "query", "name": "coordinates", "content": { "application/json": { "schema": { "type": "object", "required": [ "lat", "long" ], "properties": { "lat": { "type": "number" }, "long": { "type": "number" } } } } } } ``` ```yaml in: query name: coordinates content: application/json: schema: type: object required: - lat - long properties: lat: type: number long: type: number ``` #### Request Body Object Describes a single request body. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- description | `string` | A brief description of the request body. This could contain examples of use. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. content | Map[`string`, [Media Type Object](#media-type-object)] | **REQUIRED**. The content of the request body. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For requests that match multiple keys, only the most specific key is applicable. e.g. text/plain overrides text/* required | `boolean` | Determines if the request body is required in the request. Defaults to `false`. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Request Body Examples A request body with a referenced model definition. ```json { "description": "user to add to the system", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/User" }, "examples": { "user" : { "summary": "User Example", "externalValue": "http://foo.bar/examples/user-example.json" } } }, "application/xml": { "schema": { "$ref": "#/components/schemas/User" }, "examples": { "user" : { "summary": "User example in XML", "externalValue": "http://foo.bar/examples/user-example.xml" } } }, "text/plain": { "examples": { "user" : { "summary": "User example in Plain text", "externalValue": "http://foo.bar/examples/user-example.txt" } } }, "*/*": { "examples": { "user" : { "summary": "User example in other format", "externalValue": "http://foo.bar/examples/user-example.whatever" } } } } } ``` ```yaml description: user to add to the system content: 'application/json': schema: $ref: '#/components/schemas/User' examples: user: summary: User Example externalValue: 'http://foo.bar/examples/user-example.json' 'application/xml': schema: $ref: '#/components/schemas/User' examples: user: summary: User Example in XML externalValue: 'http://foo.bar/examples/user-example.xml' 'text/plain': examples: user: summary: User example in text plain format externalValue: 'http://foo.bar/examples/user-example.txt' '*/*': examples: user: summary: User example in other format externalValue: 'http://foo.bar/examples/user-example.whatever' ``` A body parameter that is an array of string values: ```json { "description": "user to add to the system", "content": { "text/plain": { "schema": { "type": "array", "items": { "type": "string" } } } } } ``` ```yaml description: user to add to the system required: true content: text/plain: schema: type: array items: type: string ``` #### Media Type Object Each Media Type Object provides schema and examples for the media type identified by its key. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the request body. example | Any | Example of the media type. The example object SHOULD be in the correct format as specified by the media type. The `example` field is mutually exclusive of the `examples` field. Furthermore, if referencing a `schema` which contains an example, the `example` value SHALL _override_ the example provided by the schema. examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the media type. Each example object SHOULD match the media type and specified schema if present. The `examples` field is mutually exclusive of the `example` field. Furthermore, if referencing a `schema` which contains an example, the `examples` value SHALL _override_ the example provided by the schema. encoding | Map[`string`, [Encoding Object](#encoding-object)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The encoding object SHALL only apply to `requestBody` objects when the media type is `multipart` or `application/x-www-form-urlencoded`. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Media Type Examples ```js { "application/json": { "schema": { "$ref": "#/components/schemas/Pet" }, "examples": { "cat" : { "summary": "An example of a cat", "value": { "name": "Fluffy", "petType": "Cat", "color": "White", "gender": "male", "breed": "Persian" } }, "dog": { "summary": "An example of a dog with a cat's name", "value" : { "name": "Puma", "petType": "Dog", "color": "Black", "gender": "Female", "breed": "Mixed" }, "frog": { "$ref": "#/components/examples/frog-example" } } } } } ``` ```yaml application/json: schema: $ref: "#/components/schemas/Pet" examples: cat: summary: An example of a cat value: name: Fluffy petType: Cat color: White gender: male breed: Persian dog: summary: An example of a dog with a cat's name value: name: Puma petType: Dog color: Black gender: Female breed: Mixed frog: $ref: "#/components/examples/frog-example" ``` ##### Considerations for File Uploads In contrast with the 2.0 specification, `file` input/output content in OpenAPI is described with the same semantics as any other schema type. Specifically: ```yaml # content transferred with base64 encoding schema: type: string format: base64 ``` ```yaml # content transferred in binary (octet-stream): schema: type: string format: binary ``` These examples apply to either input payloads of file uploads or response payloads. A `requestBody` for submitting a file in a `POST` operation may look like the following example: ```yaml requestBody: content: application/octet-stream: # any media type is accepted, functionally equivalent to `*/*` schema: # a binary file of any type type: string format: binary ``` In addition, specific media types MAY be specified: ```yaml # multiple, specific media types may be specified: requestBody: content: # a binary file of type png or jpeg 'image/jpeg': schema: type: string format: binary 'image/png': schema: type: string format: binary ``` To upload multiple files, a `multipart` media type MUST be used: ```yaml requestBody: content: multipart/form-data: schema: properties: # The property name 'file' will be used for all files. file: type: array items: type: string format: binary ``` ##### Support for x-www-form-urlencoded Request Bodies To submit content using form url encoding via [RFC1866](https://tools.ietf.org/html/rfc1866), the following definition may be used: ```yaml requestBody: content: application/x-www-form-urlencoded: schema: type: object properties: id: type: string format: uuid address: # complex types are stringified to support RFC 1866 type: object properties: {} ``` In this example, the contents in the `requestBody` MUST be stringified per [RFC1866](https://tools.ietf.org/html/rfc1866/) when passed to the server. In addition, the `address` field complex object will be stringified. When passing complex objects in the `application/x-www-form-urlencoded` content type, the default serialization strategy of such properties is described in the [`Encoding Object`](#encoding-object)'s [`style`](#encodingStyle) property as `form`. ##### Special Considerations for `multipart` Content It is common to use `multipart/form-data` as a `Content-Type` when transferring request bodies to operations. In contrast to 2.0, a `schema` is REQUIRED to define the input parameters to the operation when using `multipart` content. This supports complex structures as well as supporting mechanisms for multiple file uploads. When passing in `multipart` types, boundaries MAY be used to separate sections of the content being transferred — thus, the following default `Content-Type`s are defined for `multipart`: * If the property is a primitive, or an array of primitive values, the default Content-Type is `text/plain` * If the property is complex, or an array of complex values, the default Content-Type is `application/json` * If the property is a `type: string` with `format: binary` or `format: base64` (aka a file object), the default Content-Type is `application/octet-stream` Examples: ```yaml requestBody: content: multipart/form-data: schema: type: object properties: id: type: string format: uuid address: # default Content-Type for objects is `application/json` type: object properties: {} profileImage: # default Content-Type for string/binary is `application/octet-stream` type: string format: binary children: # default Content-Type for arrays is based on the `inner` type (text/plain here) type: array items: type: string addresses: # default Content-Type for arrays is based on the `inner` type (object shown, so `application/json` in this example) type: array items: type: '#/components/schemas/Address' ``` An `encoding` attribute is introduced to give you control over the serialization of parts of `multipart` request bodies. This attribute is _only_ applicable to `multipart` and `application/x-www-form-urlencoded` request bodies. #### Encoding Object A single encoding definition applied to a single schema property. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- contentType | `string` | The Content-Type for encoding a specific property. Default value depends on the property type: for `string` with `format` being `binary` – `application/octet-stream`; for other primitive types – `text/plain`; for `object` - `application/json`; for `array` – the default is defined based on the inner type. The value can be a specific media type (e.g. `application/json`), a wildcard media type (e.g. `image/*`), or a comma-separated list of the two types. headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | A map allowing additional information to be provided as headers, for example `Content-Disposition`. `Content-Type` is described separately and SHALL be ignored in this section. This property SHALL be ignored if the request body media type is not a `multipart`. style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameter-object) for details on the [`style`](#parameterStyle) property. The behavior follows the same values as `query` parameters, including default values. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encodingStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. allowReserved | `boolean` | Determines whether the parameter value SHOULD allow reserved characters, as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-2.2) `:/?#[]@!$&'()*+,;=` to be included without percent-encoding. The default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Encoding Object Example ```yaml requestBody: content: multipart/mixed: schema: type: object properties: id: # default is text/plain type: string format: uuid address: # default is application/json type: object properties: {} historyMetadata: # need to declare XML format! description: metadata in XML format type: object properties: {} profileImage: # default is application/octet-stream, need to declare an image type only! type: string format: binary encoding: historyMetadata: # require XML Content-Type in utf-8 encoding contentType: application/xml; charset=utf-8 profileImage: # only accept png/jpeg contentType: image/png, image/jpeg headers: X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: integer ``` #### Responses Object A container for the expected responses of an operation. The container maps a HTTP response code to the expected response. The documentation is not necessarily expected to cover all possible HTTP response codes because they may not be known in advance. However, documentation is expected to cover a successful operation response and any known errors. The `default` MAY be used as a default response object for all HTTP codes that are not covered individually by the specification. The `Responses Object` MUST contain at least one response code, and it SHOULD be the response for a successful operation call. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- default | [Response Object](#response-object) \| [Reference Object](#reference-object) | The documentation of responses other than the ones declared for specific HTTP response codes. Use this field to cover undeclared responses. A [Reference Object](#reference-object) can link to a response that the [OpenAPI Object's components/responses](#componentsResponses) section defines. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- [HTTP Status Code](#http-status-codes) | [Response Object](#response-object) \| [Reference Object](#reference-object) | Any [HTTP status code](#http-status-codes) can be used as the property name, but only one property per code, to describe the expected response for that HTTP status code. A [Reference Object](#reference-object) can link to a response that is defined in the [OpenAPI Object's components/responses](#componentsResponses) section. This field MUST be enclosed in quotation marks (for example, "200") for compatibility between JSON and YAML. To define a range of response codes, this field MAY contain the uppercase wildcard character `X`. For example, `2XX` represents all response codes between `[200-299]`. The following range definitions are allowed: `1XX`, `2XX`, `3XX`, `4XX`, and `5XX`. If a response range is defined using an explicit code, the explicit code definition takes precedence over the range definition for that code. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Responses Object Example A 200 response for a successful operation and a default response for others (implying an error): ```json { "200": { "description": "a pet to be returned", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Pet" } } } }, "default": { "description": "Unexpected error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorModel" } } } } } ``` ```yaml '200': description: a pet to be returned content: application/json: schema: $ref: '#/components/schemas/Pet' default: description: Unexpected error content: application/json: schema: $ref: '#/components/schemas/ErrorModel' ``` #### Response Object Describes a single response from an API Operation, including design-time, static `links` to operations based on the response. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- description | `string` | **REQUIRED**. A short description of the response. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#page-22) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing descriptions of potential response payloads. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For responses that match multiple keys, only the most specific key is applicable. e.g. text/plain overrides text/* links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#components-object). This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Response Object Examples Response of an array of a complex type: ```json { "description": "A complex object array response", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/VeryComplexType" } } } } } ``` ```yaml description: A complex object array response content: application/json: schema: type: array items: $ref: '#/components/schemas/VeryComplexType' ``` Response with a string type: ```json { "description": "A simple string response", "content": { "text/plain": { "schema": { "type": "string" } } } } ``` ```yaml description: A simple string response content: text/plain: schema: type: string ``` Plain text response with headers: ```json { "description": "A simple string response", "content": { "text/plain": { "schema": { "type": "string" } } }, "headers": { "X-Rate-Limit-Limit": { "description": "The number of allowed requests in the current period", "schema": { "type": "integer" } }, "X-Rate-Limit-Remaining": { "description": "The number of remaining requests in the current period", "schema": { "type": "integer" } }, "X-Rate-Limit-Reset": { "description": "The number of seconds left in the current period", "schema": { "type": "integer" } } } } ``` ```yaml description: A simple string response content: text/plain: schema: type: string example: 'whoa!' headers: X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: integer X-Rate-Limit-Remaining: description: The number of remaining requests in the current period schema: type: integer X-Rate-Limit-Reset: description: The number of seconds left in the current period schema: type: integer ``` Response with no return value: ```json { "description": "object created" } ``` ```yaml description: object created ``` #### Callback Object A map of possible out-of band callbacks related to the parent operation. Each value in the map is a [Path Item Object](#path-item-object) that describes a set of requests that may be initiated by the API provider and the expected responses. The key value used to identify the callback object is an expression, evaluated at runtime, that identifies a URL to use for the callback operation. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- {expression} | [Path Item Object](#path-item-object) | A Path Item Object used to define a callback request and expected responses. A [complete example](../examples/v3.0/callback-example.yaml) is available. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Key Expression The key that identifies the [Path Item Object](#path-item-object) is a [runtime expression](#runtime-expressions) that can be evaluated in the context of a runtime HTTP request/response to identify the URL to be used for the callback request. A simple example might be `$request.body#/url`. However, using a [runtime expression](#runtime-expressions) the complete HTTP message can be accessed. This includes accessing any part of a body that a JSON Pointer [RFC6901](https://tools.ietf.org/html/rfc6901) can reference. For example, given the following HTTP request: ```http POST /subscribe/myevent?queryUrl=http://clientdomain.com/stillrunning HTTP/1.1 Host: example.org Content-Type: application/json Content-Length: 187 { "failedUrl" : "http://clientdomain.com/failed", "successUrls" : [ "http://clientdomain.com/fast", "http://clientdomain.com/medium", "http://clientdomain.com/slow" ] } 201 Created Location: http://example.org/subscription/1 ``` The following examples show how the various expressions evaluate, assuming the callback operation has a path parameter named `eventType` and a query parameter named `queryUrl`. Expression | Value ---|:--- $url | http://example.org/subscribe/myevent?queryUrl=http://clientdomain.com/stillrunning $method | POST $request.path.eventType | myevent $request.query.queryUrl | http://clientdomain.com/stillrunning $request.header.content-Type | application/json $request.body#/failedUrl | http://clientdomain.com/stillrunning $request.body#/successUrls/2 | http://clientdomain.com/medium $response.header.Location | http://example.org/subscription/1 ##### Callback Object Example The following example shows a callback to the URL specified by the `id` and `email` property in the request body. ```yaml myWebhook: 'http://notificationServer.com?transactionId={$request.body#/id}&email={$request.body#/email}': post: requestBody: description: Callback payload content: 'application/json': schema: $ref: '#/components/schemas/SomePayload' responses: '200': description: webhook successfully processed and no retries will be performed ``` #### Example Object ##### Fixed Fields Field Name | Type | Description ---|:---:|--- summary | `string` | Short description for the example. description | `string` | Long description for the example. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. value | Any | Embedded literal example. The `value` field and `externalValue` field are mutually exclusive. To represent examples of media types that cannot naturally represented in JSON or YAML, use a string value to contain the example, escaping where necessary. externalValue | `string` | A URL that points to the literal example. This provides the capability to reference examples that cannot easily be included in JSON or YAML documents. The `value` field and `externalValue` field are mutually exclusive. This object MAY be extended with [Specification Extensions](#specification-extensions). In all cases, the example value is expected to be compatible with the type schema of its associated value. Tooling implementations MAY choose to validate compatibility automatically, and reject the example value(s) if incompatible. ##### Example Object Example ```yaml # in a model schemas: properties: name: type: string examples: name: $ref: http://example.org/petapi-examples/openapi.json#/components/examples/name-example # in a request body: requestBody: content: 'application/json': schema: $ref: '#/components/schemas/Address' examples: foo: summary: A foo example value: {"foo": "bar"} bar: summary: A bar example value: {"bar": "baz"} 'application/xml': examples: xmlExample: summary: This is an example in XML externalValue: 'http://example.org/examples/address-example.xml' 'text/plain': examples: textExample: summary: This is a text example externalValue: 'http://foo.bar/examples/address-example.txt' # in a parameter parameters: - name: 'zipCode' in: 'query' schema: type: 'string' format: 'zip-code' examples: zip-example: $ref: '#/components/examples/zip-example' # in a response responses: '200': description: your car appointment has been booked content: application/json: schema: $ref: '#/components/schemas/SuccessResponse' examples: confirmation-success: $ref: '#/components/examples/confirmation-success' ``` #### Link Object The `Link object` represents a possible design-time link for a response. The presence of a link does not guarantee the caller's ability to successfully invoke it, rather it provides a known relationship and traversal mechanism between responses and other operations. Unlike _dynamic_ links (i.e. links provided **in** the response payload), the OAS linking mechanism does not require link information in the runtime response. For computing links, and providing instructions to execute them, a [runtime expression](#runtime-expressions) is used for accessing values in an operation and using them as parameters while invoking the linked operation. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- operationRef | `string` | A relative or absolute reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operation-object). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operation-object) in the OpenAPI definition. operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. parameters | Map[`string`, Any \| [{expression}](#runtime-expressions)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used, whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. The parameter name can be qualified using the [parameter location](#parameterIn) `[{in}.]{name}` for operations that use the same parameter name in different locations (e.g. path.id). requestBody | Any \| [{expression}](#runtime-expressions) | A literal value or [{expression}](#runtime-expressions) to use as a request body when calling the target operation. description | `string` | A description of the link. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. server | [Server Object](#server-object) | A server object to be used by the target operation. This object MAY be extended with [Specification Extensions](#specification-extensions). A linked operation MUST be identified using either an `operationRef` or `operationId`. In the case of an `operationId`, it MUST be unique and resolved in the scope of the OAS document. Because of the potential for name clashes, the `operationRef` syntax is preferred for specifications with external references. ##### Examples Computing a link from a request operation where the `$request.path.id` is used to pass a request parameter to the linked operation. ```yaml paths: /users/{id}: parameters: - name: id in: path required: true description: the user identifier, as userId schema: type: string get: responses: '200': description: the user being returned content: application/json: schema: type: object properties: uuid: # the unique user id type: string format: uuid links: address: # the target link operationId operationId: getUserAddress parameters: # get the `id` field from the request path parameter named `id` userId: $request.path.id # the path item of the linked operation /users/{userid}/address: parameters: - name: userid in: path required: true description: the user identifier, as userId schema: type: string # linked operation get: operationId: getUserAddress responses: '200': description: the user's address ``` When a runtime expression fails to evaluate, no parameter value is passed to the target operation. Values from the response body can be used to drive a linked operation. ```yaml links: address: operationId: getUserAddressByUUID parameters: # get the `uuid` field from the `uuid` field in the response body userUuid: $response.body#/uuid ``` Clients follow all links at their discretion. Neither permissions, nor the capability to make a successful call to that link, is guaranteed solely by the existence of a relationship. ##### OperationRef Examples As references to `operationId` MAY NOT be possible (the `operationId` is an optional value), references MAY also be made through a relative `operationRef`: ```yaml links: UserRepositories: # returns array of '#/components/schemas/repository' operationRef: '#/paths/~12.0~1repositories~1{username}/get' parameters: username: $response.body#/username ``` or an absolute `operationRef`: ```yaml links: UserRepositories: # returns array of '#/components/schemas/repository' operationRef: 'https://na2.gigantic-server.com/#/paths/~12.0~1repositories~1{username}/get' parameters: username: $response.body#/username ``` Note that in the use of `operationRef`, the _escaped forward-slash_ is necessary when using JSON references. ##### Runtime Expressions Runtime expressions allow defining values based on information that will only be available within the HTTP message in an actual API call. This mechanism is used by [Link Objects](#link-object) and [Callback Objects](#callback-object). The runtime expression is defined by the following [ABNF](https://tools.ietf.org/html/rfc5234) syntax ``` expression = ( "$url" | "$method" | "$statusCode" | "$request." source | "$response." source ) source = ( header-reference | query-reference | path-reference | body-reference ) header-reference = "header." token query-reference = "query." name path-reference = "path." name body-reference = "body" ["#" fragment] fragment = a JSON Pointer [RFC 6901](https://tools.ietf.org/html/rfc6901) name = *( char ) char = as per RFC [7159](https://tools.ietf.org/html/rfc7159#section-7) token = as per RFC [7230](https://tools.ietf.org/html/rfc7230#section-3.2.6) ``` The `name` identifier is case-sensitive, whereas `token` is not. The table below provides examples of runtime expressions and examples of their use in a value: ##### Examples Source Location | example expression | notes ---|:---|:---| HTTP Method | `$method` | The allowable values for the `$method` will be those for the HTTP operation. Requested media type | `$request.header.accept` | Request parameter | `$request.path.id` | Request parameters MUST be declared in the `parameters` section of the parent operation or they cannot be evaluated. This includes request headers. Request body property | `$request.body#/user/uuid` | In operations which accept payloads, references may be made to portions of the `requestBody` or the entire body. Request URL | `$url` | Response value | `$response.body#/status` | In operations which return payloads, references may be made to portions of the response body or the entire body. Response header | `$response.header.Server` | Single header values only are available Runtime expressions preserve the type of the referenced value. Expressions can be embedded into string values by surrounding the expression with `{}` curly braces. #### Header Object The Header Object follows the structure of the [Parameter Object](#parameter-object) with the following changes: 1. `name` MUST NOT be specified, it is given in the corresponding `headers` map. 1. `in` MUST NOT be specified, it is implicitly in `header`. 1. All traits that are affected by the location MUST be applicable to a location of `header` (for example, [`style`](#parameterStyle)). ##### Header Object Example A simple header of type `integer`: ```json { "description": "The number of allowed requests in the current period", "schema": { "type": "integer" } } ``` ```yaml description: The number of allowed requests in the current period schema: type: integer ``` #### Tag Object Adds metadata to a single tag that is used by the [Operation Object](#operation-object). It is not mandatory to have a Tag Object per tag defined in the Operation Object instances. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | **REQUIRED**. The name of the tag. description | `string` | A short description for the tag. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this tag. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Tag Object Example ```json { "name": "pet", "description": "Pets operations" } ``` ```yaml name: pet description: Pets operations ``` #### Reference Object A simple object to allow referencing other components in the specification, internally and externally. The Reference Object is defined by [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03) and follows the same structure, behavior and rules. For this specification, reference resolution is accomplished as defined by the JSON Reference specification and not by the JSON Schema specification. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- $ref | `string` | **REQUIRED**. The reference string. This object cannot be extended with additional properties and any properties added SHALL be ignored. ##### Reference Object Example ```json { "$ref": "#/components/schemas/Pet" } ``` ```yaml $ref: '#/components/schemas/Pet' ``` ##### Relative Schema Document Example ```json { "$ref": "Pet.json" } ``` ```yaml $ref: Pet.yaml ``` ##### Relative Documents With Embedded Schema Example ```json { "$ref": "definitions.json#/Pet" } ``` ```yaml $ref: definitions.yaml#/Pet ``` #### Schema Object The Schema Object allows the definition of input and output data types. These types can be objects, but also primitives and arrays. This object is an extended subset of the [JSON Schema Specification Wright Draft 00](http://json-schema.org/). For more information about the properties, see [JSON Schema Core](https://tools.ietf.org/html/draft-wright-json-schema-00) and [JSON Schema Validation](https://tools.ietf.org/html/draft-wright-json-schema-validation-00). Unless stated otherwise, the property definitions follow the JSON Schema. ##### Properties The following properties are taken directly from the JSON Schema definition and follow the same specifications: - title - multipleOf - maximum - exclusiveMaximum - minimum - exclusiveMinimum - maxLength - minLength - pattern (This string SHOULD be a valid regular expression, according to the [ECMA 262 regular expression](https://www.ecma-international.org/ecma-262/5.1/#sec-7.8.5) dialect) - maxItems - minItems - uniqueItems - maxProperties - minProperties - required - enum The following properties are taken from the JSON Schema definition but their definitions were adjusted to the OpenAPI Specification. - type - Value MUST be a string. Multiple types via an array are not supported. - allOf - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. - oneOf - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. - anyOf - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. - not - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. - items - Value MUST be an object and not an array. Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. `items` MUST be present if the `type` is `array`. - properties - Property definitions MUST be a [Schema Object](#schema-object) and not a standard JSON Schema (inline or referenced). - additionalProperties - Value can be boolean or object. Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. - description - [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. - format - See [Data Type Formats](#dataTypeFormat) for further details. While relying on JSON Schema's defined formats, the OAS offers a few additional predefined formats. - default - The default value represents what would be assumed by the consumer of the input as the value of the schema if one is not provided. Unlike JSON Schema, the value MUST conform to the defined type for the Schema Object defined at the same level. For example, if `type` is `string`, then `default` can be `"foo"` but cannot be `1`. Alternatively, any time a Schema Object can be used, a [Reference Object](#reference-object) can be used in its place. This allows referencing definitions instead of defining them inline. Additional properties defined by the JSON Schema specification that are not mentioned here are strictly unsupported. Other than the JSON Schema subset fields, the following fields MAY be used for further schema documentation: ##### Fixed Fields Field Name | Type | Description ---|:---:|--- nullable | `boolean` | Allows sending a `null` value for the defined schema. Default value is `false`. discriminator | [Discriminator Object](#discriminator-object) | Adds support for polymorphism. The discriminator is an object name that is used to differentiate between other schemas which may satisfy the payload description. See [Composition and Inheritance](#composition-and-inheritance-polymorphism) for more details. readOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. writeOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. xml | [XML Object](#xml-object) | This MAY be used only on properties schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this schema. example | Any | A free-form property to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary. deprecated | `boolean` | Specifies that a schema is deprecated and SHOULD be transitioned out of usage. Default value is `false`. This object MAY be extended with [Specification Extensions](#specification-extensions). ###### Composition and Inheritance (Polymorphism) The OpenAPI Specification allows combining and extending model definitions using the `allOf` property of JSON Schema, in effect offering model composition. `allOf` takes an array of object definitions that are validated *independently* but together compose a single object. While composition offers model extensibility, it does not imply a hierarchy between the models. To support polymorphism, the OpenAPI Specification adds the `discriminator` field. When used, the `discriminator` will be the name of the property that decides which schema definition validates the structure of the model. As such, the `discriminator` field MUST be a required field. There are two ways to define the value of a discriminator for an inheriting instance. - Use the schema name. - Override the schema name by overriding the property with a new value. If a new value exists, this takes precedence over the schema name. As such, inline schema definitions, which do not have a given id, *cannot* be used in polymorphism. ###### XML Modeling The [xml](#schemaXml) property allows extra definitions when translating the JSON definition to XML. The [XML Object](#xml-object) contains additional information about the available options. ##### Schema Object Examples ###### Primitive Sample ```json { "type": "string", "format": "email" } ``` ```yaml type: string format: email ``` ###### Simple Model ```json { "type": "object", "required": [ "name" ], "properties": { "name": { "type": "string" }, "address": { "$ref": "#/components/schemas/Address" }, "age": { "type": "integer", "format": "int32", "minimum": 0 } } } ``` ```yaml type: object required: - name properties: name: type: string address: $ref: '#/components/schemas/Address' age: type: integer format: int32 minimum: 0 ``` ###### Model with Map/Dictionary Properties For a simple string to string mapping: ```json { "type": "object", "additionalProperties": { "type": "string" } } ``` ```yaml type: object additionalProperties: type: string ``` For a string to model mapping: ```json { "type": "object", "additionalProperties": { "$ref": "#/components/schemas/ComplexModel" } } ``` ```yaml type: object additionalProperties: $ref: '#/components/schemas/ComplexModel' ``` ###### Model with Example ```json { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } }, "required": [ "name" ], "example": { "name": "Puma", "id": 1 } } ``` ```yaml type: object properties: id: type: integer format: int64 name: type: string required: - name example: name: Puma id: 1 ``` ###### Models with Composition ```json { "components": { "schemas": { "ErrorModel": { "type": "object", "required": [ "message", "code" ], "properties": { "message": { "type": "string" }, "code": { "type": "integer", "minimum": 100, "maximum": 600 } } }, "ExtendedErrorModel": { "allOf": [ { "$ref": "#/components/schemas/ErrorModel" }, { "type": "object", "required": [ "rootCause" ], "properties": { "rootCause": { "type": "string" } } } ] } } } } ``` ```yaml components: schemas: ErrorModel: type: object required: - message - code properties: message: type: string code: type: integer minimum: 100 maximum: 600 ExtendedErrorModel: allOf: - $ref: '#/components/schemas/ErrorModel' - type: object required: - rootCause properties: rootCause: type: string ``` ###### Models with Polymorphism Support ```json { "components": { "schemas": { "Pet": { "type": "object", "discriminator": { "propertyName": "petType" }, "properties": { "name": { "type": "string" }, "petType": { "type": "string" } }, "required": [ "name", "petType" ] }, "Cat": { "description": "A representation of a cat. Note that `Cat` will be used as the discriminator value.", "allOf": [ { "$ref": "#/components/schemas/Pet" }, { "type": "object", "properties": { "huntingSkill": { "type": "string", "description": "The measured skill for hunting", "default": "lazy", "enum": [ "clueless", "lazy", "adventurous", "aggressive" ] } }, "required": [ "huntingSkill" ] } ] }, "Dog": { "description": "A representation of a dog. Note that `Dog` will be used as the discriminator value.", "allOf": [ { "$ref": "#/components/schemas/Pet" }, { "type": "object", "properties": { "packSize": { "type": "integer", "format": "int32", "description": "the size of the pack the dog is from", "default": 0, "minimum": 0 } }, "required": [ "packSize" ] } ] } } } } ``` ```yaml components: schemas: Pet: type: object discriminator: propertyName: petType properties: name: type: string petType: type: string required: - name - petType Cat: ## "Cat" will be used as the discriminator value description: A representation of a cat allOf: - $ref: '#/components/schemas/Pet' - type: object properties: huntingSkill: type: string description: The measured skill for hunting enum: - clueless - lazy - adventurous - aggressive required: - huntingSkill Dog: ## "Dog" will be used as the discriminator value description: A representation of a dog allOf: - $ref: '#/components/schemas/Pet' - type: object properties: packSize: type: integer format: int32 description: the size of the pack the dog is from default: 0 minimum: 0 required: - packSize ``` #### Discriminator Object When request bodies or response payloads may be one of a number of different schemas, a `discriminator` object can be used to aid in serialization, deserialization, and validation. The discriminator is a specific object in a schema which is used to inform the consumer of the specification of an alternative schema based on the value associated with it. When using the discriminator, _inline_ schemas will not be considered. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminator value. mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or references. The discriminator attribute is legal only when using one of the composite keywords `oneOf`, `anyOf`, `allOf`. In OAS 3.0, a response payload MAY be described to be exactly one of any number of types: ``` MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' ``` which means the payload _MUST_, by validation, match exactly one of the schemas described by `Cat`, `Dog`, or `Lizard`. In this case, a discriminator MAY act as a "hint" to shortcut validation and selection of the matching schema which may be a costly operation, depending on the complexity of the schema. We can then describe exactly which field tells us which schema to use: ``` MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' discriminator: propertyName: pet_type ``` The expectation now is that a property with name `pet_type` _MUST_ be present in the response payload, and the value will correspond to the name of a schema defined in the OAS document. Thus the response payload: ``` { "id": 12345, "pet_type": "Cat" } ``` Will indicate that the `Cat` schema be used in conjunction with this payload. In scenarios where the value of the discriminator field does not match the schema name or implicit mapping is not possible, an optional `mapping` definition MAY be used: ``` MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' - $ref: 'https://gigantic-server.com/schemas/Monster/schema.json' discriminator: propertyName: pet_type mapping: dog: '#/components/schemas/Dog' monster: 'https://gigantic-server.com/schemas/Monster/schema.json' ``` Here the discriminator _value_ of `dog` will map to the schema `#/components/schemas/Dog`, rather than the default (implicit) value of `Dog`. If the discriminator _value_ does not match an implicit or explicit mapping, no schema can be determined and validation SHOULD fail. Mapping keys MUST be string values, but tooling MAY convert response values to strings for comparison. When used in conjunction with the `anyOf` construct, the use of the discriminator can avoid ambiguity where multiple schemas may satisfy a single payload. In both the `oneOf` and `anyOf` use cases, all possible schemas MUST be listed explicitly. To avoid redundancy, the discriminator MAY be added to a parent schema definition, and all schemas comprising the parent schema in an `allOf` construct may be used as an alternate schema. For example: ``` components: schemas: Pet: type: object required: - pet_type properties: pet_type: type: string discriminator: propertyName: pet_type mapping: cachorro: Dog Cat: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a `Cat` properties: name: type: string Dog: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a `Dog` properties: bark: type: string Lizard: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a `Lizard` properties: lovesRocks: type: boolean ``` a payload like this: ``` { "pet_type": "Cat", "name": "misty" } ``` will indicate that the `Cat` schema be used. Likewise this schema: ``` { "pet_type": "cachorro", "bark": "soft" } ``` will map to `Dog` because of the definition in the `mappings` element. #### XML Object A metadata object that allows for more fine-tuned XML model definitions. When using arrays, XML element names are *not* inferred (for singular/plural forms) and the `name` property SHOULD be used to add that information. See examples for expected behavior. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | Replaces the name of the element/attribute used for the described schema property. When defined within `items`, it will affect the name of the individual XML elements within the list. When defined alongside `type` being `array` (outside the `items`), it will affect the wrapping element and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. namespace | `string` | The URI of the namespace definition. Value MUST be in the form of an absolute URI. prefix | `string` | The prefix to be used for the [name](#xmlName). attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `array` (outside the `items`). This object MAY be extended with [Specification Extensions](#specification-extensions). ##### XML Object Examples The examples of the XML object definitions are included inside a property definition of a [Schema Object](#schema-object) with a sample of the XML representation of it. ###### No XML Element Basic string property: ```json { "animals": { "type": "string" } } ``` ```yaml animals: type: string ``` ```xml ... ``` Basic string array property ([`wrapped`](#xmlWrapped) is `false` by default): ```json { "animals": { "type": "array", "items": { "type": "string" } } } ``` ```yaml animals: type: array items: type: string ``` ```xml ... ... ... ``` ###### XML Name Replacement ```json { "animals": { "type": "string", "xml": { "name": "animal" } } } ``` ```yaml animals: type: string xml: name: animal ``` ```xml ... ``` ###### XML Attribute, Prefix and Namespace In this example, a full model definition is shown. ```json { "Person": { "type": "object", "properties": { "id": { "type": "integer", "format": "int32", "xml": { "attribute": true } }, "name": { "type": "string", "xml": { "namespace": "http://example.com/schema/sample", "prefix": "sample" } } } } } ``` ```yaml Person: type: object properties: id: type: integer format: int32 xml: attribute: true name: type: string xml: namespace: http://example.com/schema/sample prefix: sample ``` ```xml example ``` ###### XML Arrays Changing the element names: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } } } } ``` ```yaml animals: type: array items: type: string xml: name: animal ``` ```xml value value ``` The external `name` property has no effect on the XML: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "name": "aliens" } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: name: aliens ``` ```xml value value ``` Even when the array is wrapped, if a name is not explicitly defined, the same name will be used both internally and externally: ```json { "animals": { "type": "array", "items": { "type": "string" }, "xml": { "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: wrapped: true ``` ```xml value value ``` To overcome the naming problem in the example above, the following definition can be used: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: wrapped: true ``` ```xml value value ``` Affecting both internal and external names: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "name": "aliens", "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: name: aliens wrapped: true ``` ```xml value value ``` If we change the external element but not the internal ones: ```json { "animals": { "type": "array", "items": { "type": "string" }, "xml": { "name": "aliens", "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: aliens wrapped: true ``` ```xml value value ``` #### Security Scheme Object Defines a security scheme that can be used by the operations. Supported schemes are HTTP authentication, an API key (either as a header or as a query parameter), OAuth2's common flows (implicit, password, application and access code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [OpenID Connect Discovery](https://tools.ietf.org/html/draft-ietf-oauth-discovery-06). ##### Fixed Fields Field Name | Type | Applies To | Description ---|:---:|---|--- type | `string` | Any | **REQUIRED**. The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"oauth2"`, `"openIdConnect"`. description | `string` | Any | A short description for security scheme. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"` or `"cookie"`. scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authorization scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. flows | [OAuth Flows Object](#oauth-flows-object) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. OpenId Connect URL to discover OAuth2 configuration values. This MUST be in the form of a URL. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Security Scheme Object Example ###### Basic Authentication Sample ```json { "type": "http", "scheme": "basic" } ``` ```yaml type: http scheme: basic ``` ###### API Key Sample ```json { "type": "apiKey", "name": "api_key", "in": "header" } ``` ```yaml type: apiKey name: api_key in: header ``` ###### JWT Bearer Sample ```json { "type": "http", "scheme": "bearer", "bearerFormat": "JWT", } ``` ```yaml type: http scheme: bearer bearerFormat: JWT ``` ###### Implicit OAuth2 Sample ```json { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "https://example.com/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } } ``` ```yaml type: oauth2 flows: implicit: authorizationUrl: https://example.com/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### OAuth Flows Object Allows configuration of the supported OAuth Flows. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- implicit| [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Implicit flow password| [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Resource Owner Password flow clientCredentials| [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Client Credentials flow. Previously called `application` in OpenAPI 2.0. authorizationCode| [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Authorization Code flow. Previously called `accessCode` in OpenAPI 2.0. This object MAY be extended with [Specification Extensions](#specification-extensions). #### OAuth Flow Object Configuration details for a supported OAuth Flow ##### Fixed Fields Field Name | Type | Applies To | Description ---|:---:|---|--- authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### OAuth Flow Object Examples ```JSON { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "https://example.com/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } }, "authorizationCode": { "authorizationUrl": "https://example.com/api/oauth/dialog", "tokenUrl": "https://example.com/api/oauth/token", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } } ``` ```YAML type: oauth2 flows: implicit: authorizationUrl: https://example.com/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets authorizationCode: authorizationUrl: https://example.com/api/oauth/dialog tokenUrl: https://example.com/api/oauth/token scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### Security Requirement Object Lists the required security schemes to execute this operation. The name used for each property MUST correspond to a security scheme declared in the [Security Schemes](#componentsSecuritySchemes) under the [Components Object](#components-object). Security Requirement Objects that contain multiple schemes require that all schemes MUST be satisfied for a request to be authorized. This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information. When a list of Security Requirement Objects is defined on the [Open API object](#openapi-object) or [Operation Object](#operation-object), only one of Security Requirement Objects in the list needs to be satisfied to authorize the request. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- {name} | [`string`] | Each name MUST correspond to a security scheme which is declared in the [Security Schemes](#componentsSecuritySchemes) under the [Components Object](#components-object). If the security scheme is of type `"oauth2"` or `"openIdConnect"`, then the value is a list of scope names required for the execution. For other security scheme types, the array MUST be empty. ##### Security Requirement Object Examples ###### Non-OAuth2 Security Requirement ```json { "api_key": [] } ``` ```yaml api_key: [] ``` ###### OAuth2 Security Requirement ```json { "petstore_auth": [ "write:pets", "read:pets" ] } ``` ```yaml petstore_auth: - write:pets - read:pets ``` ### Specification Extensions While the OpenAPI Specification tries to accommodate most use cases, additional data can be added to extend the specification at certain points. The extensions properties are implemented as patterned fields that are always prefixed by `"x-"`. Field Pattern | Type | Description ---|:---:|--- ^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be `null`, a primitive, an array or an object. Can have any valid JSON format value. The extensions may or may not be supported by the available tooling, but those may be extended as well to add requested support (if tools are internal or open-sourced). ### Security Filtering Some objects in the OpenAPI Specification MAY be declared and remain empty, or be completely removed, even though they are inherently the core of the API documentation. The reasoning is to allow an additional layer of access control over the documentation. While not part of the specification itself, certain libraries MAY choose to allow access to parts of the documentation based on some form of authentication/authorization. Two examples of this: 1. The [Paths Object](#paths-object) MAY be empty. It may be counterintuitive, but this may tell the viewer that they got to the right place, but can't access any documentation. They'd still have access to the [Info Object](#info-object) which may contain additional information regarding authentication. 2. The [Path Item Object](#path-item-object) MAY be empty. In this case, the viewer will be aware that the path exists, but will not be able to see any of its operations or parameters. This is different than hiding the path itself from the [Paths Object](#paths-object), so the user will not be aware of its existence. This allows the documentation provider to finely control what the viewer can see. ## Appendix A: Revision History Version | Date | Notes --- | --- | --- 3.0.1 | 2017-12-06 | Patch release of the OpenAPI Specification 3.0.1 3.0.0 | 2017-07-26 | Release of the OpenAPI Specification 3.0.0 3.0.0-rc2 | 2017-06-16 | rc2 of the 3.0 specification 3.0.0-rc1 | 2017-04-27 | rc1 of the 3.0 specification 3.0.0-rc0 | 2017-02-28 | Implementer's Draft of the 3.0 specification 2.0 | 2015-12-31 | Donation of Swagger 2.0 to the Open API Initiative 2.0 | 2014-09-08 | Release of Swagger 2.0 1.2 | 2014-03-14 | Initial release of the formal document. 1.1 | 2012-08-22 | Release of Swagger 1.1 1.0 | 2011-08-10 | First release of the Swagger Specification OpenAPI-Specification-3.2.0/versions/3.0.2-editors.md000066400000000000000000000007411506330113000220200ustar00rootroot00000000000000## Active * Darrel Miller [@darrelmiller](https://github.com/darrelmiller) * Jeremy Whitlock [@whitlockjc](https://github.com/whitlockjc) * Marsh Gardiner [@earth2marsh](https://github.com/earth2marsh) * Mike Ralphson [@MikeRalphson](https://github.com/MikeRalphson) * Ron Ratovsky [@webron](https://github.com/webron) * Uri Sarid [@usarid](https://github.com/usarid) ## Emeritus * Jason Harmon [@jharmn](https://github.com/jharmn) * Tony Tam [@fehguy](https://github.com/fehguy) OpenAPI-Specification-3.2.0/versions/3.0.2.md000066400000000000000000003571201506330113000203570ustar00rootroot00000000000000# OpenAPI Specification #### Version 3.0.2 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [BCP 14](https://tools.ietf.org/html/bcp14) [RFC2119](https://tools.ietf.org/html/rfc2119) [RFC8174](https://tools.ietf.org/html/rfc8174) when, and only when, they appear in all capitals, as shown here. This document is licensed under [The Apache License, Version 2.0](https://www.apache.org/licenses/LICENSE-2.0.html). ## Introduction The OpenAPI Specification (OAS) defines a standard, language-agnostic interface to RESTful APIs which allows both humans and computers to discover and understand the capabilities of the service without access to source code, documentation, or through network traffic inspection. When properly defined, a consumer can understand and interact with the remote service with a minimal amount of implementation logic. An OpenAPI definition can then be used by documentation generation tools to display the API, code generation tools to generate servers and clients in various programming languages, testing tools, and many other use cases. ## Table of Contents - [Definitions](#definitions) - [OpenAPI Document](#openapi-document) - [Path Templating](#path-templating) - [Media Types](#media-types) - [HTTP Status Codes](#http-status-codes) - [Specification](#specification) - [Versions](#versions) - [Format](#format) - [Document Structure](#document-structure) - [Data Types](#data-types) - [Rich Text Formatting](#rich-text-formatting) - [Relative References In URLs](#relative-references-in-urls) - [Schema](#schema) - [OpenAPI Object](#openapi-object) - [Info Object](#info-object) - [Contact Object](#contact-object) - [License Object](#license-object) - [Server Object](#server-object) - [Server Variable Object](#server-variable-object) - [Components Object](#components-object) - [Paths Object](#paths-object) - [Path Item Object](#path-item-object) - [Operation Object](#operation-object) - [External Documentation Object](#external-documentation-object) - [Parameter Object](#parameter-object) - [Request Body Object](#request-body-object) - [Media Type Object](#media-type-object) - [Encoding Object](#encoding-object) - [Responses Object](#responses-object) - [Response Object](#response-object) - [Callback Object](#callback-object) - [Example Object](#example-object) - [Link Object](#link-object) - [Header Object](#header-object) - [Tag Object](#tag-object) - [Reference Object](#reference-object) - [Schema Object](#schema-object) - [Discriminator Object](#discriminator-object) - [XML Object](#xml-object) - [Security Scheme Object](#security-scheme-object) - [OAuth Flows Object](#oauth-flows-object) - [OAuth Flow Object](#oauth-flow-object) - [Security Requirement Object](#security-requirement-object) - [Specification Extensions](#specification-extensions) - [Security Filtering](#security-filtering) - [Appendix A: Revision History](#appendix-a-revision-history) ## Definitions ##### OpenAPI Document A document (or set of documents) that defines or describes an API. An OpenAPI definition uses and conforms to the OpenAPI Specification. ##### Path Templating Path templating refers to the usage of curly braces ({}) to mark a section of a URL path as replaceable using path parameters. ##### Media Types Media type definitions are spread across several resources. The media type definitions SHOULD be in compliance with [RFC6838](https://tools.ietf.org/html/rfc6838). Some examples of possible media type definitions: ``` text/plain; charset=utf-8 application/json application/vnd.github+json application/vnd.github.v3+json application/vnd.github.v3.raw+json application/vnd.github.v3.text+json application/vnd.github.v3.html+json application/vnd.github.v3.full+json application/vnd.github.v3.diff application/vnd.github.v3.patch ``` ##### HTTP Status Codes The HTTP Status Codes are used to indicate the status of the executed operation. The available status codes are defined by [RFC7231](https://tools.ietf.org/html/rfc7231#section-6) and registered status codes are listed in the [IANA Status Code Registry](https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml). ## Specification ### Versions The OpenAPI Specification is versioned using [Semantic Versioning 2.0.0](https://semver.org/spec/v2.0.0.html) (semver) and follows the semver specification. The `major`.`minor` portion of the semver (for example `3.0`) SHALL designate the OAS feature set. Typically, *`.patch`* versions address errors in this document, not the feature set. Tooling which supports OAS 3.0 SHOULD be compatible with all OAS 3.0.\* versions. The patch version SHOULD NOT be considered by tooling, making no distinction between `3.0.0` and `3.0.1` for example. Subsequent minor version releases of the OpenAPI Specification (incrementing the `minor` version number) SHOULD NOT interfere with tooling developed to a lower minor version and same major version. Thus a hypothetical `3.1.0` specification SHOULD be usable with tooling designed for `3.0.0`. An OpenAPI document compatible with OAS 3.\*.\* contains a required [`openapi`](#oasVersion) field which designates the semantic version of the OAS that it uses. (OAS 2.0 documents contain a top-level version field named [`swagger`](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#swaggerObject) and value `"2.0"`.) ### Format An OpenAPI document that conforms to the OpenAPI Specification is itself a JSON object, which may be represented either in JSON or YAML format. For example, if a field has an array value, the JSON array representation will be used: ```json { "field": [ 1, 2, 3 ] } ``` All field names in the specification are **case sensitive**. This includes all fields that are used as keys in a map, except where explicitly noted that keys are **case insensitive**. The schema exposes two types of fields: Fixed fields, which have a declared name, and Patterned fields, which declare a regex pattern for the field name. Patterned fields MUST have unique names within the containing object. In order to preserve the ability to round-trip between YAML and JSON formats, YAML version [1.2](http://www.yaml.org/spec/1.2/spec.html) is RECOMMENDED along with some additional constraints: - Tags MUST be limited to those allowed by the [JSON Schema ruleset](http://www.yaml.org/spec/1.2/spec.html#id2803231). - Keys used in YAML maps MUST be limited to a scalar string, as defined by the [YAML Failsafe schema ruleset](http://yaml.org/spec/1.2/spec.html#id2802346). **Note:** While APIs may be defined by OpenAPI documents in either YAML or JSON format, the API request and response bodies and other content are not required to be JSON or YAML. ### Document Structure An OpenAPI document MAY be made up of a single document or be divided into multiple, connected parts at the discretion of the user. In the latter case, `$ref` fields MUST be used in the specification to reference those parts as follows from the [JSON Schema](http://json-schema.org) definitions. It is RECOMMENDED that the root OpenAPI document be named: `openapi.json` or `openapi.yaml`. ### Data Types Primitive data types in the OAS are based on the types supported by the [JSON Schema Specification Wright Draft 00](https://tools.ietf.org/html/draft-wright-json-schema-00#section-4.2). Note that `integer` as a type is also supported and is defined as a JSON number without a fraction or exponent part. `null` is not supported as a type (see [`nullable`](#schemaNullable) for an alternative solution). Models are defined using the [Schema Object](#schema-object), which is an extended subset of JSON Schema Specification Wright Draft 00. Primitives have an optional modifier property: `format`. OAS uses several known formats to define in fine detail the data type being used. However, to support documentation needs, the `format` property is an open `string`-valued property, and can have any value. Formats such as `"email"`, `"uuid"`, and so on, MAY be used even though undefined by this specification. Types that are not accompanied by a `format` property follow the type definition in the JSON Schema. Tools that do not recognize a specific `format` MAY default back to the `type` alone, as if the `format` is not specified. The formats defined by the OAS are: [`type`](#data-types) | [`format`](#dataTypeFormat) | Comments ------ | -------- | -------- `integer` | `int32` | signed 32 bits `integer` | `int64` | signed 64 bits (a.k.a long) `number` | `float` | | `number` | `double` | | `string` | | | `string` | `byte` | base64 encoded characters `string` | `binary` | any sequence of octets `boolean` | | | `string` | `date` | As defined by `full-date` - [RFC3339](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6) `string` | `date-time` | As defined by `date-time` - [RFC3339](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6) `string` | `password` | A hint to UIs to obscure input. ### Rich Text Formatting Throughout the specification `description` fields are noted as supporting CommonMark markdown formatting. Where OpenAPI tooling renders rich text it MUST support, at a minimum, markdown syntax as described by [CommonMark 0.27](http://spec.commonmark.org/0.27/). Tooling MAY choose to ignore some CommonMark features to address security concerns. ### Relative References in URLs Unless specified otherwise, all properties that are URLs MAY be relative references as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-4.2). Relative references are resolved using the URLs defined in the [`Server Object`](#server-object) as a Base URI. Relative references used in `$ref` are processed as per [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03), using the URL of the current document as the base URI. See also the [Reference Object](#reference-object). ### Schema In the following description, if a field is not explicitly **REQUIRED** or described with a MUST or SHALL, it can be considered OPTIONAL. #### OpenAPI Object This is the root document object of the [OpenAPI document](#openapi-document). ##### Fixed Fields Field Name | Type | Description ---|:---:|--- openapi | `string` | **REQUIRED**. This string MUST be the [semantic version number](https://semver.org/spec/v2.0.0.html) of the [OpenAPI Specification version](#versions) that the OpenAPI document uses. The `openapi` field SHOULD be used by tooling specifications and clients to interpret the OpenAPI document. This is *not* related to the API [`info.version`](#infoVersion) string. info | [Info Object](#info-object) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` property is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#serverUrl) value of `/`. paths | [Paths Object](#paths-object) | **REQUIRED**. The available paths and operations for the API. components | [Components Object](#components-object) | An element to hold various schemas for the specification. security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. Individual operations can override this definition. tags | [[Tag Object](#tag-object)] | A list of tags used by the specification with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation. This object MAY be extended with [Specification Extensions](#specification-extensions). #### Info Object The object provides metadata about the API. The metadata MAY be used by the clients if needed, and MAY be presented in editing or documentation generation tools for convenience. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- title | `string` | **REQUIRED**. The title of the application. description | `string` | A short description of the application. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. termsOfService | `string` | A URL to the Terms of Service for the API. MUST be in the format of a URL. contact | [Contact Object](#contact-object) | The contact information for the exposed API. license | [License Object](#license-object) | The license information for the exposed API. version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oasVersion) or the API implementation version). This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Info Object Example ```json { "title": "Sample Pet Store App", "description": "This is a sample server for a pet store.", "termsOfService": "http://example.com/terms/", "contact": { "name": "API Support", "url": "http://www.example.com/support", "email": "support@example.com" }, "license": { "name": "Apache 2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" }, "version": "1.0.1" } ``` ```yaml title: Sample Pet Store App description: This is a sample server for a pet store. termsOfService: http://example.com/terms/ contact: name: API Support url: http://www.example.com/support email: support@example.com license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html version: 1.0.1 ``` #### Contact Object Contact information for the exposed API. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | The identifying name of the contact person/organization. url | `string` | The URL pointing to the contact information. MUST be in the format of a URL. email | `string` | The email address of the contact person/organization. MUST be in the format of an email address. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Contact Object Example ```json { "name": "API Support", "url": "http://www.example.com/support", "email": "support@example.com" } ``` ```yaml name: API Support url: http://www.example.com/support email: support@example.com ``` #### License Object License information for the exposed API. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | **REQUIRED**. The license name used for the API. url | `string` | A URL to the license used for the API. MUST be in the format of a URL. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### License Object Example ```json { "name": "Apache 2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" } ``` ```yaml name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html ``` #### Server Object An object representing a Server. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the OpenAPI document is being served. Variable substitutions will be made when a variable is named in `{`brackets`}`. description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. variables | Map[`string`, [Server Variable Object](#server-variable-object)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Server Object Example A single server would be described as: ```json { "url": "https://development.gigantic-server.com/v1", "description": "Development server" } ``` ```yaml url: https://development.gigantic-server.com/v1 description: Development server ``` The following shows how multiple servers can be described, for example, at the OpenAPI Object's [`servers`](#oasServers): ```json { "servers": [ { "url": "https://development.gigantic-server.com/v1", "description": "Development server" }, { "url": "https://staging.gigantic-server.com/v1", "description": "Staging server" }, { "url": "https://api.gigantic-server.com/v1", "description": "Production server" } ] } ``` ```yaml servers: - url: https://development.gigantic-server.com/v1 description: Development server - url: https://staging.gigantic-server.com/v1 description: Staging server - url: https://api.gigantic-server.com/v1 description: Production server ``` The following shows how variables can be used for a server configuration: ```json { "servers": [ { "url": "https://{username}.gigantic-server.com:{port}/{basePath}", "description": "The production API server", "variables": { "username": { "default": "demo", "description": "this value is assigned by the service provider, in this example `gigantic-server.com`" }, "port": { "enum": [ "8443", "443" ], "default": "8443" }, "basePath": { "default": "v2" } } } ] } ``` ```yaml servers: - url: https://{username}.gigantic-server.com:{port}/{basePath} description: The production API server variables: username: # note! no enum here means it is an open value default: demo description: this value is assigned by the service provider, in this example `gigantic-server.com` port: enum: - '8443' - '443' default: '8443' basePath: # open meaning there is the opportunity to use special base paths as assigned by the provider, default is `v2` default: v2 ``` #### Server Variable Object An object representing a Server Variable for server URL template substitution. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- enum | [`string`] | An enumeration of string values to be used if the substitution options are from a limited set. default | `string` | **REQUIRED**. The default value to use for substitution, which SHALL be sent if an alternate value is _not_ supplied. Note this behavior is different than the [Schema Object's](#schema-object) treatment of default values, because in those cases parameter values are optional. description | `string` | An optional description for the server variable. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. This object MAY be extended with [Specification Extensions](#specification-extensions). #### Components Object Holds a set of reusable objects for different aspects of the OAS. All objects defined within the components object will have no effect on the API unless they are explicitly referenced from properties outside the components object. ##### Fixed Fields Field Name | Type | Description ---|:---|--- schemas | Map[`string`, [Schema Object](#schema-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Schema Objects](#schema-object). responses | Map[`string`, [Response Object](#response-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Response Objects](#response-object). parameters | Map[`string`, [Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Parameter Objects](#parameter-object). examples | Map[`string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Example Objects](#example-object). requestBodies | Map[`string`, [Request Body Object](#request-body-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Request Body Objects](#request-body-object). headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Header Objects](#header-object). securitySchemes| Map[`string`, [Security Scheme Object](#security-scheme-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Security Scheme Objects](#security-scheme-object). links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Link Objects](#link-object). callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Callback Objects](#callback-object). This object MAY be extended with [Specification Extensions](#specification-extensions). All the fixed fields declared above are objects that MUST use keys that match the regular expression: `^[a-zA-Z0-9\.\-_]+$`. Field Name Examples: ``` User User_1 User_Name user-name my.org.User ``` ##### Components Object Example ```json "components": { "schemas": { "GeneralError": { "type": "object", "properties": { "code": { "type": "integer", "format": "int32" }, "message": { "type": "string" } } }, "Category": { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } } }, "Tag": { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } } } }, "parameters": { "skipParam": { "name": "skip", "in": "query", "description": "number of items to skip", "required": true, "schema": { "type": "integer", "format": "int32" } }, "limitParam": { "name": "limit", "in": "query", "description": "max records to return", "required": true, "schema" : { "type": "integer", "format": "int32" } } }, "responses": { "NotFound": { "description": "Entity not found." }, "IllegalInput": { "description": "Illegal input for operation." }, "GeneralError": { "description": "General Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GeneralError" } } } } }, "securitySchemes": { "api_key": { "type": "apiKey", "name": "api_key", "in": "header" }, "petstore_auth": { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "http://example.org/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } } } } ``` ```yaml components: schemas: GeneralError: type: object properties: code: type: integer format: int32 message: type: string Category: type: object properties: id: type: integer format: int64 name: type: string Tag: type: object properties: id: type: integer format: int64 name: type: string parameters: skipParam: name: skip in: query description: number of items to skip required: true schema: type: integer format: int32 limitParam: name: limit in: query description: max records to return required: true schema: type: integer format: int32 responses: NotFound: description: Entity not found. IllegalInput: description: Illegal input for operation. GeneralError: description: General Error content: application/json: schema: $ref: '#/components/schemas/GeneralError' securitySchemes: api_key: type: apiKey name: api_key in: header petstore_auth: type: oauth2 flows: implicit: authorizationUrl: http://example.org/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### Paths Object Holds the relative paths to the individual endpoints and their operations. The path is appended to the URL from the [`Server Object`](#server-object) in order to construct the full URL. The Paths MAY be empty, due to [ACL constraints](#security-filtering). ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- /{path} | [Path Item Object](#path-item-object) | A relative path to an individual endpoint. The field name MUST begin with a slash. The path is **appended** (no relative URL resolution) to the expanded URL from the [`Server Object`](#server-object)'s `url` field in order to construct the full URL. [Path templating](#path-templating) is allowed. When matching URLs, concrete (non-templated) paths would be matched before their templated counterparts. Templated paths with the same hierarchy but different templated names MUST NOT exist as they are identical. In case of ambiguous matching, it's up to the tooling to decide which one to use. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Path Templating Matching Assuming the following paths, the concrete definition, `/pets/mine`, will be matched first if used: ``` /pets/{petId} /pets/mine ``` The following paths are considered identical and invalid: ``` /pets/{petId} /pets/{name} ``` The following may lead to ambiguous resolution: ``` /{entity}/me /books/{id} ``` ##### Paths Object Example ```json { "/pets": { "get": { "description": "Returns all pets from the system that the user has access to", "responses": { "200": { "description": "A list of pets.", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/pet" } } } } } } } } } ``` ```yaml /pets: get: description: Returns all pets from the system that the user has access to responses: '200': description: A list of pets. content: application/json: schema: type: array items: $ref: '#/components/schemas/pet' ``` #### Path Item Object Describes the operations available on a single path. A Path Item MAY be empty, due to [ACL constraints](#security-filtering). The path itself is still exposed to the documentation viewer but they will not know which operations and parameters are available. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- $ref | `string` | Allows for an external definition of this path item. The referenced structure MUST be in the format of a [Path Item Object](#path-item-object). If there are conflicts between the referenced definition and this Path Item's definition, the behavior is *undefined*. summary| `string` | An optional, string summary, intended to apply to all operations in this path. description | `string` | An optional, string description, intended to apply to all operations in this path. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. get | [Operation Object](#operation-object) | A definition of a GET operation on this path. put | [Operation Object](#operation-object) | A definition of a PUT operation on this path. post | [Operation Object](#operation-object) | A definition of a POST operation on this path. delete | [Operation Object](#operation-object) | A definition of a DELETE operation on this path. options | [Operation Object](#operation-object) | A definition of a OPTIONS operation on this path. head | [Operation Object](#operation-object) | A definition of a HEAD operation on this path. patch | [Operation Object](#operation-object) | A definition of a PATCH operation on this path. trace | [Operation Object](#operation-object) | A definition of a TRACE operation on this path. servers | [[Server Object](#server-object)] | An alternative `server` array to service all operations in this path. parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). The list can use the [Reference Object](#reference-object) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#componentsParameters). This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Path Item Object Example ```json { "get": { "description": "Returns pets based on ID", "summary": "Find pets by ID", "operationId": "getPetsById", "responses": { "200": { "description": "pet response", "content": { "*/*": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/Pet" } } } } }, "default": { "description": "error payload", "content": { "text/html": { "schema": { "$ref": "#/components/schemas/ErrorModel" } } } } } }, "parameters": [ { "name": "id", "in": "path", "description": "ID of pet to use", "required": true, "schema": { "type": "array", "items": { "type": "string" } }, "style": "simple" } ] } ``` ```yaml get: description: Returns pets based on ID summary: Find pets by ID operationId: getPetsById responses: '200': description: pet response content: '*/*' : schema: type: array items: $ref: '#/components/schemas/Pet' default: description: error payload content: 'text/html': schema: $ref: '#/components/schemas/ErrorModel' parameters: - name: id in: path description: ID of pet to use required: true schema: type: array style: simple items: type: string ``` #### Operation Object Describes a single API operation on a path. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- tags | [`string`] | A list of tags for API documentation control. Tags can be used for logical grouping of operations by resources or any other qualifier. summary | `string` | A short summary of what the operation does. description | `string` | A verbose explanation of the operation behavior. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this operation. operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. The operationId value is **case-sensitive**. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is RECOMMENDED to follow common programming naming conventions. parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for this operation. If a parameter is already defined at the [Path Item](#pathItemParameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). The list can use the [Reference Object](#reference-object) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#componentsParameters). requestBody | [Request Body Object](#request-body-object) \| [Reference Object](#reference-object) | The request body applicable for this operation. The `requestBody` is only supported in HTTP methods where the HTTP 1.1 specification [RFC7231](https://tools.ietf.org/html/rfc7231#section-4.3.1) has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague, `requestBody` SHALL be ignored by consumers. responses | [Responses Object](#responses-object) | **REQUIRED**. The list of possible responses as they are returned from executing this operation. callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callback-object) that describes a request that may be initiated by the API provider and the expected responses. The key value used to identify the callback object is an expression, evaluated at runtime, that identifies a URL to use for the callback operation. deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. This definition overrides any declared top-level [`security`](#oasSecurity). To remove a top-level security declaration, an empty array can be used. servers | [[Server Object](#server-object)] | An alternative `server` array to service this operation. If an alternative `server` object is specified at the Path Item Object or Root level, it will be overridden by this value. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Operation Object Example ```json { "tags": [ "pet" ], "summary": "Updates a pet in the store with form data", "operationId": "updatePetWithForm", "parameters": [ { "name": "petId", "in": "path", "description": "ID of pet that needs to be updated", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/x-www-form-urlencoded": { "schema": { "type": "object", "properties": { "name": { "description": "Updated name of the pet", "type": "string" }, "status": { "description": "Updated status of the pet", "type": "string" } }, "required": ["status"] } } } }, "responses": { "200": { "description": "Pet updated.", "content": { "application/json": {}, "application/xml": {} } }, "405": { "description": "Method Not Allowed", "content": { "application/json": {}, "application/xml": {} } } }, "security": [ { "petstore_auth": [ "write:pets", "read:pets" ] } ] } ``` ```yaml tags: - pet summary: Updates a pet in the store with form data operationId: updatePetWithForm parameters: - name: petId in: path description: ID of pet that needs to be updated required: true schema: type: string requestBody: content: 'application/x-www-form-urlencoded': schema: properties: name: description: Updated name of the pet type: string status: description: Updated status of the pet type: string required: - status responses: '200': description: Pet updated. content: 'application/json': {} 'application/xml': {} '405': description: Method Not Allowed content: 'application/json': {} 'application/xml': {} security: - petstore_auth: - write:pets - read:pets ``` #### External Documentation Object Allows referencing an external resource for extended documentation. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- description | `string` | A short description of the target documentation. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. url | `string` | **REQUIRED**. The URL for the target documentation. Value MUST be in the format of a URL. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### External Documentation Object Example ```json { "description": "Find more info here", "url": "https://example.com" } ``` ```yaml description: Find more info here url: https://example.com ``` #### Parameter Object Describes a single operation parameter. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). ##### Parameter Locations There are four possible parameter locations specified by the `in` field: * path - Used together with [Path Templating](#path-templating), where the parameter value is actually part of the operation's URL. This does not include the host or base path of the API. For example, in `/items/{itemId}`, the path parameter is `itemId`. * query - Parameters that are appended to the URL. For example, in `/items?id=###`, the query parameter is `id`. * header - Custom headers that are expected as part of the request. Note that [RFC7230](https://tools.ietf.org/html/rfc7230#page-22) states header names are case insensitive. * cookie - Used to pass a specific cookie value to the API. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | **REQUIRED**. The name of the parameter. Parameter names are *case sensitive*.
  • If [`in`](#parameterIn) is `"path"`, the `name` field MUST correspond to the associated path segment from the [path](#pathsPath) field in the [Paths Object](#paths-object). See [Path Templating](#path-templating) for further information.
  • If [`in`](#parameterIn) is `"header"` and the `name` field is `"Accept"`, `"Content-Type"` or `"Authorization"`, the parameter definition SHALL be ignored.
  • For all other cases, the `name` corresponds to the parameter name used by the [`in`](#parameterIn) property.
in | `string` | **REQUIRED**. The location of the parameter. Possible values are "query", "header", "path" or "cookie". description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameterIn) is "path", this property is **REQUIRED** and its value MUST be `true`. Otherwise, the property MAY be included and its default value is `false`. deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. allowEmptyValue | `boolean` | Sets the ability to pass empty-valued parameters. This is valid only for `query` parameters and allows sending a parameter with an empty value. Default value is `false`. If [`style`](#parameterStyle) is used, and if behavior is `n/a` (cannot be serialized), the value of `allowEmptyValue` SHALL be ignored. Use of this property is NOT RECOMMENDED, as it is likely to be removed in a later revision. The rules for serialization of the parameter are specified in one of two ways. For simpler scenarios, a [`schema`](#parameterSchema) and [`style`](#parameterStyle) can describe the structure and syntax of the parameter. Field Name | Type | Description ---|:---:|--- style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `query` - `form`; for `path` - `simple`; for `header` - `simple`; for `cookie` - `form`. explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this property has no effect. When [`style`](#parameterStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. allowReserved | `boolean` | Determines whether the parameter value SHOULD allow reserved characters, as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-2.2) `:/?#[]@!$&'()*+,;=` to be included without percent-encoding. This property only applies to parameters with an `in` value of `query`. The default value is `false`. schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the parameter. example | Any | Example of the media type. The example SHOULD match the specified schema and encoding properties if present. The `example` field is mutually exclusive of the `examples` field. Furthermore, if referencing a `schema` which contains an example, the `example` value SHALL _override_ the example provided by the schema. To represent examples of media types that cannot naturally be represented in JSON or YAML, a string value can contain the example with escaping where necessary. examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the media type. Each example SHOULD contain a value in the correct format as specified in the parameter encoding. The `examples` field is mutually exclusive of the `example` field. Furthermore, if referencing a `schema` which contains an example, the `examples` value SHALL _override_ the example provided by the schema. For more complex scenarios, the [`content`](#parameterContent) property can define the media type and schema of the parameter. A parameter MUST contain either a `schema` property, or a `content` property, but not both. When `example` or `examples` are provided in conjunction with the `schema` object, the example MUST follow the prescribed serialization strategy for the parameter. Field Name | Type | Description ---|:---:|--- content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing the representations for the parameter. The key is the media type and the value describes it. The map MUST only contain one entry. ##### Style Values In order to support common ways of serializing simple parameters, a set of `style` values are defined. `style` | [`type`](#data-types) | `in` | Comments ----------- | ------ | -------- | -------- matrix | `primitive`, `array`, `object` | `path` | Path-style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.7) label | `primitive`, `array`, `object` | `path` | Label style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.5) form | `primitive`, `array`, `object` | `query`, `cookie` | Form style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.8). This option replaces `collectionFormat` with a `csv` (when `explode` is false) or `multi` (when `explode` is true) value from OpenAPI 2.0. simple | `array` | `path`, `header` | Simple style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.2). This option replaces `collectionFormat` with a `csv` value from OpenAPI 2.0. spaceDelimited | `array` | `query` | Space separated array values. This option replaces `collectionFormat` equal to `ssv` from OpenAPI 2.0. pipeDelimited | `array` | `query` | Pipe separated array values. This option replaces `collectionFormat` equal to `pipes` from OpenAPI 2.0. deepObject | `object` | `query` | Provides a simple way of rendering nested objects using form parameters. ##### Style Examples Assume a parameter named `color` has one of the following values: ``` string -> "blue" array -> ["blue","black","brown"] object -> { "R": 100, "G": 200, "B": 150 } ``` The following table shows examples of rendering differences for each value. [`style`](#dataTypeFormat) | `explode` | `empty` | `string` | `array` | `object` ----------- | ------ | -------- | -------- | --------|------- matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 label | false | . | .blue | .blue.black.brown | .R.100.G.200.B.150 label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 form | false | color= | color=blue | color=blue,black,brown | color=R,100,G,200,B,150 form | true | color= | color=blue | color=blue&color=black&color=brown | R=100&G=200&B=150 simple | false | n/a | blue | blue,black,brown | R,100,G,200,B,150 simple | true | n/a | blue | blue,black,brown | R=100,G=200,B=150 spaceDelimited | false | n/a | n/a | blue%20black%20brown | R%20100%20G%20200%20B%20150 pipeDelimited | false | n/a | n/a | blue\|black\|brown | R\|100\|G\|200|G\|150 deepObject | true | n/a | n/a | n/a | color[R]=100&color[G]=200&color[B]=150 This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Parameter Object Examples A header parameter with an array of 64 bit integer numbers: ```json { "name": "token", "in": "header", "description": "token to be passed as a header", "required": true, "schema": { "type": "array", "items": { "type": "integer", "format": "int64" } }, "style": "simple" } ``` ```yaml name: token in: header description: token to be passed as a header required: true schema: type: array items: type: integer format: int64 style: simple ``` A path parameter of a string value: ```json { "name": "username", "in": "path", "description": "username to fetch", "required": true, "schema": { "type": "string" } } ``` ```yaml name: username in: path description: username to fetch required: true schema: type: string ``` An optional query parameter of a string value, allowing multiple values by repeating the query parameter: ```json { "name": "id", "in": "query", "description": "ID of the object to fetch", "required": false, "schema": { "type": "array", "items": { "type": "string" } }, "style": "form", "explode": true } ``` ```yaml name: id in: query description: ID of the object to fetch required: false schema: type: array items: type: string style: form explode: true ``` A free-form query parameter, allowing undefined parameters of a specific type: ```json { "in": "query", "name": "freeForm", "schema": { "type": "object", "additionalProperties": { "type": "integer" }, }, "style": "form" } ``` ```yaml in: query name: freeForm schema: type: object additionalProperties: type: integer style: form ``` A complex parameter using `content` to define serialization: ```json { "in": "query", "name": "coordinates", "content": { "application/json": { "schema": { "type": "object", "required": [ "lat", "long" ], "properties": { "lat": { "type": "number" }, "long": { "type": "number" } } } } } } ``` ```yaml in: query name: coordinates content: application/json: schema: type: object required: - lat - long properties: lat: type: number long: type: number ``` #### Request Body Object Describes a single request body. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- description | `string` | A brief description of the request body. This could contain examples of use. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. content | Map[`string`, [Media Type Object](#media-type-object)] | **REQUIRED**. The content of the request body. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For requests that match multiple keys, only the most specific key is applicable. e.g. text/plain overrides text/* required | `boolean` | Determines if the request body is required in the request. Defaults to `false`. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Request Body Examples A request body with a referenced model definition. ```json { "description": "user to add to the system", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/User" }, "examples": { "user" : { "summary": "User Example", "externalValue": "http://foo.bar/examples/user-example.json" } } }, "application/xml": { "schema": { "$ref": "#/components/schemas/User" }, "examples": { "user" : { "summary": "User example in XML", "externalValue": "http://foo.bar/examples/user-example.xml" } } }, "text/plain": { "examples": { "user" : { "summary": "User example in Plain text", "externalValue": "http://foo.bar/examples/user-example.txt" } } }, "*/*": { "examples": { "user" : { "summary": "User example in other format", "externalValue": "http://foo.bar/examples/user-example.whatever" } } } } } ``` ```yaml description: user to add to the system content: 'application/json': schema: $ref: '#/components/schemas/User' examples: user: summary: User Example externalValue: 'http://foo.bar/examples/user-example.json' 'application/xml': schema: $ref: '#/components/schemas/User' examples: user: summary: User Example in XML externalValue: 'http://foo.bar/examples/user-example.xml' 'text/plain': examples: user: summary: User example in text plain format externalValue: 'http://foo.bar/examples/user-example.txt' '*/*': examples: user: summary: User example in other format externalValue: 'http://foo.bar/examples/user-example.whatever' ``` A body parameter that is an array of string values: ```json { "description": "user to add to the system", "content": { "text/plain": { "schema": { "type": "array", "items": { "type": "string" } } } } } ``` ```yaml description: user to add to the system required: true content: text/plain: schema: type: array items: type: string ``` #### Media Type Object Each Media Type Object provides schema and examples for the media type identified by its key. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the content of the request, response, or parameter. example | Any | Example of the media type. The example object SHOULD be in the correct format as specified by the media type. The `example` field is mutually exclusive of the `examples` field. Furthermore, if referencing a `schema` which contains an example, the `example` value SHALL _override_ the example provided by the schema. examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the media type. Each example object SHOULD match the media type and specified schema if present. The `examples` field is mutually exclusive of the `example` field. Furthermore, if referencing a `schema` which contains an example, the `examples` value SHALL _override_ the example provided by the schema. encoding | Map[`string`, [Encoding Object](#encoding-object)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The encoding object SHALL only apply to `requestBody` objects when the media type is `multipart` or `application/x-www-form-urlencoded`. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Media Type Examples ```json { "application/json": { "schema": { "$ref": "#/components/schemas/Pet" }, "examples": { "cat" : { "summary": "An example of a cat", "value": { "name": "Fluffy", "petType": "Cat", "color": "White", "gender": "male", "breed": "Persian" } }, "dog": { "summary": "An example of a dog with a cat's name", "value" : { "name": "Puma", "petType": "Dog", "color": "Black", "gender": "Female", "breed": "Mixed" }, "frog": { "$ref": "#/components/examples/frog-example" } } } } } ``` ```yaml application/json: schema: $ref: "#/components/schemas/Pet" examples: cat: summary: An example of a cat value: name: Fluffy petType: Cat color: White gender: male breed: Persian dog: summary: An example of a dog with a cat's name value: name: Puma petType: Dog color: Black gender: Female breed: Mixed frog: $ref: "#/components/examples/frog-example" ``` ##### Considerations for File Uploads In contrast with the 2.0 specification, `file` input/output content in OpenAPI is described with the same semantics as any other schema type. Specifically: ```yaml # content transferred with base64 encoding schema: type: string format: base64 ``` ```yaml # content transferred in binary (octet-stream): schema: type: string format: binary ``` These examples apply to either input payloads of file uploads or response payloads. A `requestBody` for submitting a file in a `POST` operation may look like the following example: ```yaml requestBody: content: application/octet-stream: # any media type is accepted, functionally equivalent to `*/*` schema: # a binary file of any type type: string format: binary ``` In addition, specific media types MAY be specified: ```yaml # multiple, specific media types may be specified: requestBody: content: # a binary file of type png or jpeg 'image/jpeg': schema: type: string format: binary 'image/png': schema: type: string format: binary ``` To upload multiple files, a `multipart` media type MUST be used: ```yaml requestBody: content: multipart/form-data: schema: properties: # The property name 'file' will be used for all files. file: type: array items: type: string format: binary ``` ##### Support for x-www-form-urlencoded Request Bodies To submit content using form url encoding via [RFC1866](https://tools.ietf.org/html/rfc1866), the following definition may be used: ```yaml requestBody: content: application/x-www-form-urlencoded: schema: type: object properties: id: type: string format: uuid address: # complex types are stringified to support RFC 1866 type: object properties: {} ``` In this example, the contents in the `requestBody` MUST be stringified per [RFC1866](https://tools.ietf.org/html/rfc1866/) when passed to the server. In addition, the `address` field complex object will be stringified. When passing complex objects in the `application/x-www-form-urlencoded` content type, the default serialization strategy of such properties is described in the [`Encoding Object`](#encoding-object)'s [`style`](#encodingStyle) property as `form`. ##### Special Considerations for `multipart` Content It is common to use `multipart/form-data` as a `Content-Type` when transferring request bodies to operations. In contrast to 2.0, a `schema` is REQUIRED to define the input parameters to the operation when using `multipart` content. This supports complex structures as well as supporting mechanisms for multiple file uploads. When passing in `multipart` types, boundaries MAY be used to separate sections of the content being transferred — thus, the following default `Content-Type`s are defined for `multipart`: * If the property is a primitive, or an array of primitive values, the default Content-Type is `text/plain` * If the property is complex, or an array of complex values, the default Content-Type is `application/json` * If the property is a `type: string` with `format: binary` or `format: base64` (aka a file object), the default Content-Type is `application/octet-stream` Examples: ```yaml requestBody: content: multipart/form-data: schema: type: object properties: id: type: string format: uuid address: # default Content-Type for objects is `application/json` type: object properties: {} profileImage: # default Content-Type for string/binary is `application/octet-stream` type: string format: binary children: # default Content-Type for arrays is based on the `inner` type (text/plain here) type: array items: type: string addresses: # default Content-Type for arrays is based on the `inner` type (object shown, so `application/json` in this example) type: array items: type: '#/components/schemas/Address' ``` An `encoding` attribute is introduced to give you control over the serialization of parts of `multipart` request bodies. This attribute is _only_ applicable to `multipart` and `application/x-www-form-urlencoded` request bodies. #### Encoding Object A single encoding definition applied to a single schema property. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- contentType | `string` | The Content-Type for encoding a specific property. Default value depends on the property type: for `string` with `format` being `binary` – `application/octet-stream`; for other primitive types – `text/plain`; for `object` - `application/json`; for `array` – the default is defined based on the inner type. The value can be a specific media type (e.g. `application/json`), a wildcard media type (e.g. `image/*`), or a comma-separated list of the two types. headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | A map allowing additional information to be provided as headers, for example `Content-Disposition`. `Content-Type` is described separately and SHALL be ignored in this section. This property SHALL be ignored if the request body media type is not a `multipart`. style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameter-object) for details on the [`style`](#parameterStyle) property. The behavior follows the same values as `query` parameters, including default values. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encodingStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. allowReserved | `boolean` | Determines whether the parameter value SHOULD allow reserved characters, as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-2.2) `:/?#[]@!$&'()*+,;=` to be included without percent-encoding. The default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Encoding Object Example ```yaml requestBody: content: multipart/mixed: schema: type: object properties: id: # default is text/plain type: string format: uuid address: # default is application/json type: object properties: {} historyMetadata: # need to declare XML format! description: metadata in XML format type: object properties: {} profileImage: # default is application/octet-stream, need to declare an image type only! type: string format: binary encoding: historyMetadata: # require XML Content-Type in utf-8 encoding contentType: application/xml; charset=utf-8 profileImage: # only accept png/jpeg contentType: image/png, image/jpeg headers: X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: integer ``` #### Responses Object A container for the expected responses of an operation. The container maps a HTTP response code to the expected response. The documentation is not necessarily expected to cover all possible HTTP response codes because they may not be known in advance. However, documentation is expected to cover a successful operation response and any known errors. The `default` MAY be used as a default response object for all HTTP codes that are not covered individually by the specification. The `Responses Object` MUST contain at least one response code, and it SHOULD be the response for a successful operation call. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- default | [Response Object](#response-object) \| [Reference Object](#reference-object) | The documentation of responses other than the ones declared for specific HTTP response codes. Use this field to cover undeclared responses. A [Reference Object](#reference-object) can link to a response that the [OpenAPI Object's components/responses](#componentsResponses) section defines. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- [HTTP Status Code](#http-status-codes) | [Response Object](#response-object) \| [Reference Object](#reference-object) | Any [HTTP status code](#http-status-codes) can be used as the property name, but only one property per code, to describe the expected response for that HTTP status code. A [Reference Object](#reference-object) can link to a response that is defined in the [OpenAPI Object's components/responses](#componentsResponses) section. This field MUST be enclosed in quotation marks (for example, "200") for compatibility between JSON and YAML. To define a range of response codes, this field MAY contain the uppercase wildcard character `X`. For example, `2XX` represents all response codes between `[200-299]`. Only the following range definitions are allowed: `1XX`, `2XX`, `3XX`, `4XX`, and `5XX`. If a response is defined using an explicit code, the explicit code definition takes precedence over the range definition for that code. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Responses Object Example A 200 response for a successful operation and a default response for others (implying an error): ```json { "200": { "description": "a pet to be returned", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Pet" } } } }, "default": { "description": "Unexpected error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorModel" } } } } } ``` ```yaml '200': description: a pet to be returned content: application/json: schema: $ref: '#/components/schemas/Pet' default: description: Unexpected error content: application/json: schema: $ref: '#/components/schemas/ErrorModel' ``` #### Response Object Describes a single response from an API Operation, including design-time, static `links` to operations based on the response. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- description | `string` | **REQUIRED**. A short description of the response. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#page-22) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing descriptions of potential response payloads. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For responses that match multiple keys, only the most specific key is applicable. e.g. text/plain overrides text/* links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#components-object). This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Response Object Examples Response of an array of a complex type: ```json { "description": "A complex object array response", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/VeryComplexType" } } } } } ``` ```yaml description: A complex object array response content: application/json: schema: type: array items: $ref: '#/components/schemas/VeryComplexType' ``` Response with a string type: ```json { "description": "A simple string response", "content": { "text/plain": { "schema": { "type": "string" } } } } ``` ```yaml description: A simple string response content: text/plain: schema: type: string ``` Plain text response with headers: ```json { "description": "A simple string response", "content": { "text/plain": { "schema": { "type": "string" } } }, "headers": { "X-Rate-Limit-Limit": { "description": "The number of allowed requests in the current period", "schema": { "type": "integer" } }, "X-Rate-Limit-Remaining": { "description": "The number of remaining requests in the current period", "schema": { "type": "integer" } }, "X-Rate-Limit-Reset": { "description": "The number of seconds left in the current period", "schema": { "type": "integer" } } } } ``` ```yaml description: A simple string response content: text/plain: schema: type: string example: 'whoa!' headers: X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: integer X-Rate-Limit-Remaining: description: The number of remaining requests in the current period schema: type: integer X-Rate-Limit-Reset: description: The number of seconds left in the current period schema: type: integer ``` Response with no return value: ```json { "description": "object created" } ``` ```yaml description: object created ``` #### Callback Object A map of possible out-of band callbacks related to the parent operation. Each value in the map is a [Path Item Object](#path-item-object) that describes a set of requests that may be initiated by the API provider and the expected responses. The key value used to identify the callback object is an expression, evaluated at runtime, that identifies a URL to use for the callback operation. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- {expression} | [Path Item Object](#path-item-object) | A Path Item Object used to define a callback request and expected responses. A [complete example](../examples/v3.0/callback-example.yaml) is available. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Key Expression The key that identifies the [Path Item Object](#path-item-object) is a [runtime expression](#runtime-expressions) that can be evaluated in the context of a runtime HTTP request/response to identify the URL to be used for the callback request. A simple example might be `$request.body#/url`. However, using a [runtime expression](#runtime-expressions) the complete HTTP message can be accessed. This includes accessing any part of a body that a JSON Pointer [RFC6901](https://tools.ietf.org/html/rfc6901) can reference. For example, given the following HTTP request: ```http POST /subscribe/myevent?queryUrl=http://clientdomain.com/stillrunning HTTP/1.1 Host: example.org Content-Type: application/json Content-Length: 187 { "failedUrl" : "http://clientdomain.com/failed", "successUrls" : [ "http://clientdomain.com/fast", "http://clientdomain.com/medium", "http://clientdomain.com/slow" ] } 201 Created Location: http://example.org/subscription/1 ``` The following examples show how the various expressions evaluate, assuming the callback operation has a path parameter named `eventType` and a query parameter named `queryUrl`. Expression | Value ---|:--- $url | http://example.org/subscribe/myevent?queryUrl=http://clientdomain.com/stillrunning $method | POST $request.path.eventType | myevent $request.query.queryUrl | http://clientdomain.com/stillrunning $request.header.content-Type | application/json $request.body#/failedUrl | http://clientdomain.com/failed $request.body#/successUrls/2 | http://clientdomain.com/medium $response.header.Location | http://example.org/subscription/1 ##### Callback Object Example The following example shows a callback to the URL specified by the `id` and `email` property in the request body. ```yaml myWebhook: 'http://notificationServer.com?transactionId={$request.body#/id}&email={$request.body#/email}': post: requestBody: description: Callback payload content: 'application/json': schema: $ref: '#/components/schemas/SomePayload' responses: '200': description: webhook successfully processed and no retries will be performed ``` #### Example Object ##### Fixed Fields Field Name | Type | Description ---|:---:|--- summary | `string` | Short description for the example. description | `string` | Long description for the example. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. value | Any | Embedded literal example. The `value` field and `externalValue` field are mutually exclusive. To represent examples of media types that cannot naturally represented in JSON or YAML, use a string value to contain the example, escaping where necessary. externalValue | `string` | A URL that points to the literal example. This provides the capability to reference examples that cannot easily be included in JSON or YAML documents. The `value` field and `externalValue` field are mutually exclusive. This object MAY be extended with [Specification Extensions](#specification-extensions). In all cases, the example value is expected to be compatible with the type schema of its associated value. Tooling implementations MAY choose to validate compatibility automatically, and reject the example value(s) if incompatible. ##### Example Object Examples In a model: ```yaml schemas: properties: name: type: string examples: name: $ref: http://example.org/petapi-examples/openapi.json#/components/examples/name-example ``` In a request body: ```yaml requestBody: content: 'application/json': schema: $ref: '#/components/schemas/Address' examples: foo: summary: A foo example value: {"foo": "bar"} bar: summary: A bar example value: {"bar": "baz"} 'application/xml': examples: xmlExample: summary: This is an example in XML externalValue: 'http://example.org/examples/address-example.xml' 'text/plain': examples: textExample: summary: This is a text example externalValue: 'http://foo.bar/examples/address-example.txt' ``` In a parameter: ```yaml parameters: - name: 'zipCode' in: 'query' schema: type: 'string' format: 'zip-code' examples: zip-example: $ref: '#/components/examples/zip-example' ``` In a response: ```yaml responses: '200': description: your car appointment has been booked content: application/json: schema: $ref: '#/components/schemas/SuccessResponse' examples: confirmation-success: $ref: '#/components/examples/confirmation-success' ``` #### Link Object The `Link object` represents a possible design-time link for a response. The presence of a link does not guarantee the caller's ability to successfully invoke it, rather it provides a known relationship and traversal mechanism between responses and other operations. Unlike _dynamic_ links (i.e. links provided **in** the response payload), the OAS linking mechanism does not require link information in the runtime response. For computing links, and providing instructions to execute them, a [runtime expression](#runtime-expressions) is used for accessing values in an operation and using them as parameters while invoking the linked operation. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- operationRef | `string` | A relative or absolute reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operation-object). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operation-object) in the OpenAPI definition. operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. parameters | Map[`string`, Any \| [{expression}](#runtime-expressions)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used, whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. The parameter name can be qualified using the [parameter location](#parameterIn) `[{in}.]{name}` for operations that use the same parameter name in different locations (e.g. path.id). requestBody | Any \| [{expression}](#runtime-expressions) | A literal value or [{expression}](#runtime-expressions) to use as a request body when calling the target operation. description | `string` | A description of the link. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. server | [Server Object](#server-object) | A server object to be used by the target operation. This object MAY be extended with [Specification Extensions](#specification-extensions). A linked operation MUST be identified using either an `operationRef` or `operationId`. In the case of an `operationId`, it MUST be unique and resolved in the scope of the OAS document. Because of the potential for name clashes, the `operationRef` syntax is preferred for specifications with external references. ##### Examples Computing a link from a request operation where the `$request.path.id` is used to pass a request parameter to the linked operation. ```yaml paths: /users/{id}: parameters: - name: id in: path required: true description: the user identifier, as userId schema: type: string get: responses: '200': description: the user being returned content: application/json: schema: type: object properties: uuid: # the unique user id type: string format: uuid links: address: # the target link operationId operationId: getUserAddress parameters: # get the `id` field from the request path parameter named `id` userId: $request.path.id # the path item of the linked operation /users/{userid}/address: parameters: - name: userid in: path required: true description: the user identifier, as userId schema: type: string # linked operation get: operationId: getUserAddress responses: '200': description: the user's address ``` When a runtime expression fails to evaluate, no parameter value is passed to the target operation. Values from the response body can be used to drive a linked operation. ```yaml links: address: operationId: getUserAddressByUUID parameters: # get the `uuid` field from the `uuid` field in the response body userUuid: $response.body#/uuid ``` Clients follow all links at their discretion. Neither permissions, nor the capability to make a successful call to that link, is guaranteed solely by the existence of a relationship. ##### OperationRef Examples As references to `operationId` MAY NOT be possible (the `operationId` is an optional value), references MAY also be made through a relative `operationRef`: ```yaml links: UserRepositories: # returns array of '#/components/schemas/repository' operationRef: '#/paths/~12.0~1repositories~1{username}/get' parameters: username: $response.body#/username ``` or an absolute `operationRef`: ```yaml links: UserRepositories: # returns array of '#/components/schemas/repository' operationRef: 'https://na2.gigantic-server.com/#/paths/~12.0~1repositories~1{username}/get' parameters: username: $response.body#/username ``` Note that in the use of `operationRef`, the _escaped forward-slash_ is necessary when using JSON references. ##### Runtime Expressions Runtime expressions allow defining values based on information that will only be available within the HTTP message in an actual API call. This mechanism is used by [Link Objects](#link-object) and [Callback Objects](#callback-object). The runtime expression is defined by the following [ABNF](https://tools.ietf.org/html/rfc5234) syntax ``` expression = ( "$url" | "$method" | "$statusCode" | "$request." source | "$response." source ) source = ( header-reference | query-reference | path-reference | body-reference ) header-reference = "header." token query-reference = "query." name path-reference = "path." name body-reference = "body" ["#" fragment] fragment = a JSON Pointer [RFC 6901](https://tools.ietf.org/html/rfc6901) name = *( char ) char = as per RFC [7159](https://tools.ietf.org/html/rfc7159#section-7) token = as per RFC [7230](https://tools.ietf.org/html/rfc7230#section-3.2.6) ``` The `name` identifier is case-sensitive, whereas `token` is not. The table below provides examples of runtime expressions and examples of their use in a value: ##### Examples Source Location | example expression | notes ---|:---|:---| HTTP Method | `$method` | The allowable values for the `$method` will be those for the HTTP operation. Requested media type | `$request.header.accept` | Request parameter | `$request.path.id` | Request parameters MUST be declared in the `parameters` section of the parent operation or they cannot be evaluated. This includes request headers. Request body property | `$request.body#/user/uuid` | In operations which accept payloads, references may be made to portions of the `requestBody` or the entire body. Request URL | `$url` | Response value | `$response.body#/status` | In operations which return payloads, references may be made to portions of the response body or the entire body. Response header | `$response.header.Server` | Single header values only are available Runtime expressions preserve the type of the referenced value. Expressions can be embedded into string values by surrounding the expression with `{}` curly braces. #### Header Object The Header Object follows the structure of the [Parameter Object](#parameter-object) with the following changes: 1. `name` MUST NOT be specified, it is given in the corresponding `headers` map. 1. `in` MUST NOT be specified, it is implicitly in `header`. 1. All traits that are affected by the location MUST be applicable to a location of `header` (for example, [`style`](#parameterStyle)). ##### Header Object Example A simple header of type `integer`: ```json { "description": "The number of allowed requests in the current period", "schema": { "type": "integer" } } ``` ```yaml description: The number of allowed requests in the current period schema: type: integer ``` #### Tag Object Adds metadata to a single tag that is used by the [Operation Object](#operation-object). It is not mandatory to have a Tag Object per tag defined in the Operation Object instances. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | **REQUIRED**. The name of the tag. description | `string` | A short description for the tag. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this tag. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Tag Object Example ```json { "name": "pet", "description": "Pets operations" } ``` ```yaml name: pet description: Pets operations ``` #### Reference Object A simple object to allow referencing other components in the specification, internally and externally. The Reference Object is defined by [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03) and follows the same structure, behavior and rules. For this specification, reference resolution is accomplished as defined by the JSON Reference specification and not by the JSON Schema specification. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- $ref | `string` | **REQUIRED**. The reference string. This object cannot be extended with additional properties and any properties added SHALL be ignored. ##### Reference Object Example ```json { "$ref": "#/components/schemas/Pet" } ``` ```yaml $ref: '#/components/schemas/Pet' ``` ##### Relative Schema Document Example ```json { "$ref": "Pet.json" } ``` ```yaml $ref: Pet.yaml ``` ##### Relative Documents With Embedded Schema Example ```json { "$ref": "definitions.json#/Pet" } ``` ```yaml $ref: definitions.yaml#/Pet ``` #### Schema Object The Schema Object allows the definition of input and output data types. These types can be objects, but also primitives and arrays. This object is an extended subset of the [JSON Schema Specification Wright Draft 00](http://json-schema.org/). For more information about the properties, see [JSON Schema Core](https://tools.ietf.org/html/draft-wright-json-schema-00) and [JSON Schema Validation](https://tools.ietf.org/html/draft-wright-json-schema-validation-00). Unless stated otherwise, the property definitions follow the JSON Schema. ##### Properties The following properties are taken directly from the JSON Schema definition and follow the same specifications: - title - multipleOf - maximum - exclusiveMaximum - minimum - exclusiveMinimum - maxLength - minLength - pattern (This string SHOULD be a valid regular expression, according to the [ECMA 262 regular expression](https://www.ecma-international.org/ecma-262/5.1/#sec-7.8.5) dialect) - maxItems - minItems - uniqueItems - maxProperties - minProperties - required - enum The following properties are taken from the JSON Schema definition but their definitions were adjusted to the OpenAPI Specification. - type - Value MUST be a string. Multiple types via an array are not supported. - allOf - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. - oneOf - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. - anyOf - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. - not - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. - items - Value MUST be an object and not an array. Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. `items` MUST be present if the `type` is `array`. - properties - Property definitions MUST be a [Schema Object](#schema-object) and not a standard JSON Schema (inline or referenced). - additionalProperties - Value can be boolean or object. Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. Consistent with JSON Schema, `additionalProperties` defaults to `true`. - description - [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. - format - See [Data Type Formats](#dataTypeFormat) for further details. While relying on JSON Schema's defined formats, the OAS offers a few additional predefined formats. - default - The default value represents what would be assumed by the consumer of the input as the value of the schema if one is not provided. Unlike JSON Schema, the value MUST conform to the defined type for the Schema Object defined at the same level. For example, if `type` is `string`, then `default` can be `"foo"` but cannot be `1`. Alternatively, any time a Schema Object can be used, a [Reference Object](#reference-object) can be used in its place. This allows referencing definitions instead of defining them inline. Additional properties defined by the JSON Schema specification that are not mentioned here are strictly unsupported. Other than the JSON Schema subset fields, the following fields MAY be used for further schema documentation: ##### Fixed Fields Field Name | Type | Description ---|:---:|--- nullable | `boolean` | Allows sending a `null` value for the defined schema. Default value is `false`. discriminator | [Discriminator Object](#discriminator-object) | Adds support for polymorphism. The discriminator is an object name that is used to differentiate between other schemas which may satisfy the payload description. See [Composition and Inheritance](#composition-and-inheritance-polymorphism) for more details. readOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. writeOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. xml | [XML Object](#xml-object) | This MAY be used only on properties schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this schema. example | Any | A free-form property to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary. deprecated | `boolean` | Specifies that a schema is deprecated and SHOULD be transitioned out of usage. Default value is `false`. This object MAY be extended with [Specification Extensions](#specification-extensions). ###### Composition and Inheritance (Polymorphism) The OpenAPI Specification allows combining and extending model definitions using the `allOf` property of JSON Schema, in effect offering model composition. `allOf` takes an array of object definitions that are validated *independently* but together compose a single object. While composition offers model extensibility, it does not imply a hierarchy between the models. To support polymorphism, the OpenAPI Specification adds the `discriminator` field. When used, the `discriminator` will be the name of the property that decides which schema definition validates the structure of the model. As such, the `discriminator` field MUST be a required field. There are two ways to define the value of a discriminator for an inheriting instance. - Use the schema name. - Override the schema name by overriding the property with a new value. If a new value exists, this takes precedence over the schema name. As such, inline schema definitions, which do not have a given id, *cannot* be used in polymorphism. ###### XML Modeling The [xml](#schemaXml) property allows extra definitions when translating the JSON definition to XML. The [XML Object](#xml-object) contains additional information about the available options. ##### Schema Object Examples ###### Primitive Sample ```json { "type": "string", "format": "email" } ``` ```yaml type: string format: email ``` ###### Simple Model ```json { "type": "object", "required": [ "name" ], "properties": { "name": { "type": "string" }, "address": { "$ref": "#/components/schemas/Address" }, "age": { "type": "integer", "format": "int32", "minimum": 0 } } } ``` ```yaml type: object required: - name properties: name: type: string address: $ref: '#/components/schemas/Address' age: type: integer format: int32 minimum: 0 ``` ###### Model with Map/Dictionary Properties For a simple string to string mapping: ```json { "type": "object", "additionalProperties": { "type": "string" } } ``` ```yaml type: object additionalProperties: type: string ``` For a string to model mapping: ```json { "type": "object", "additionalProperties": { "$ref": "#/components/schemas/ComplexModel" } } ``` ```yaml type: object additionalProperties: $ref: '#/components/schemas/ComplexModel' ``` ###### Model with Example ```json { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } }, "required": [ "name" ], "example": { "name": "Puma", "id": 1 } } ``` ```yaml type: object properties: id: type: integer format: int64 name: type: string required: - name example: name: Puma id: 1 ``` ###### Models with Composition ```json { "components": { "schemas": { "ErrorModel": { "type": "object", "required": [ "message", "code" ], "properties": { "message": { "type": "string" }, "code": { "type": "integer", "minimum": 100, "maximum": 600 } } }, "ExtendedErrorModel": { "allOf": [ { "$ref": "#/components/schemas/ErrorModel" }, { "type": "object", "required": [ "rootCause" ], "properties": { "rootCause": { "type": "string" } } } ] } } } } ``` ```yaml components: schemas: ErrorModel: type: object required: - message - code properties: message: type: string code: type: integer minimum: 100 maximum: 600 ExtendedErrorModel: allOf: - $ref: '#/components/schemas/ErrorModel' - type: object required: - rootCause properties: rootCause: type: string ``` ###### Models with Polymorphism Support ```json { "components": { "schemas": { "Pet": { "type": "object", "discriminator": { "propertyName": "petType" }, "properties": { "name": { "type": "string" }, "petType": { "type": "string" } }, "required": [ "name", "petType" ] }, "Cat": { "description": "A representation of a cat. Note that `Cat` will be used as the discriminator value.", "allOf": [ { "$ref": "#/components/schemas/Pet" }, { "type": "object", "properties": { "huntingSkill": { "type": "string", "description": "The measured skill for hunting", "default": "lazy", "enum": [ "clueless", "lazy", "adventurous", "aggressive" ] } }, "required": [ "huntingSkill" ] } ] }, "Dog": { "description": "A representation of a dog. Note that `Dog` will be used as the discriminator value.", "allOf": [ { "$ref": "#/components/schemas/Pet" }, { "type": "object", "properties": { "packSize": { "type": "integer", "format": "int32", "description": "the size of the pack the dog is from", "default": 0, "minimum": 0 } }, "required": [ "packSize" ] } ] } } } } ``` ```yaml components: schemas: Pet: type: object discriminator: propertyName: petType properties: name: type: string petType: type: string required: - name - petType Cat: ## "Cat" will be used as the discriminator value description: A representation of a cat allOf: - $ref: '#/components/schemas/Pet' - type: object properties: huntingSkill: type: string description: The measured skill for hunting enum: - clueless - lazy - adventurous - aggressive required: - huntingSkill Dog: ## "Dog" will be used as the discriminator value description: A representation of a dog allOf: - $ref: '#/components/schemas/Pet' - type: object properties: packSize: type: integer format: int32 description: the size of the pack the dog is from default: 0 minimum: 0 required: - packSize ``` #### Discriminator Object When request bodies or response payloads may be one of a number of different schemas, a `discriminator` object can be used to aid in serialization, deserialization, and validation. The discriminator is a specific object in a schema which is used to inform the consumer of the specification of an alternative schema based on the value associated with it. When using the discriminator, _inline_ schemas will not be considered. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminator value. mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or references. The discriminator object is legal only when using one of the composite keywords `oneOf`, `anyOf`, `allOf`. In OAS 3.0, a response payload MAY be described to be exactly one of any number of types: ```yaml MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' ``` which means the payload _MUST_, by validation, match exactly one of the schemas described by `Cat`, `Dog`, or `Lizard`. In this case, a discriminator MAY act as a "hint" to shortcut validation and selection of the matching schema which may be a costly operation, depending on the complexity of the schema. We can then describe exactly which field tells us which schema to use: ```yaml MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' discriminator: propertyName: petType ``` The expectation now is that a property with name `petType` _MUST_ be present in the response payload, and the value will correspond to the name of a schema defined in the OAS document. Thus the response payload: ```json { "id": 12345, "petType": "Cat" } ``` Will indicate that the `Cat` schema be used in conjunction with this payload. In scenarios where the value of the discriminator field does not match the schema name or implicit mapping is not possible, an optional `mapping` definition MAY be used: ```yaml MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' - $ref: 'https://gigantic-server.com/schemas/Monster/schema.json' discriminator: propertyName: petType mapping: dog: '#/components/schemas/Dog' monster: 'https://gigantic-server.com/schemas/Monster/schema.json' ``` Here the discriminator _value_ of `dog` will map to the schema `#/components/schemas/Dog`, rather than the default (implicit) value of `Dog`. If the discriminator _value_ does not match an implicit or explicit mapping, no schema can be determined and validation SHOULD fail. Mapping keys MUST be string values, but tooling MAY convert response values to strings for comparison. When used in conjunction with the `anyOf` construct, the use of the discriminator can avoid ambiguity where multiple schemas may satisfy a single payload. In both the `oneOf` and `anyOf` use cases, all possible schemas MUST be listed explicitly. To avoid redundancy, the discriminator MAY be added to a parent schema definition, and all schemas comprising the parent schema in an `allOf` construct may be used as an alternate schema. For example: ```yaml components: schemas: Pet: type: object required: - petType properties: petType: type: string discriminator: propertyName: petType mapping: dog: Dog Cat: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a `Cat` properties: name: type: string Dog: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a `Dog` properties: bark: type: string Lizard: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a `Lizard` properties: lovesRocks: type: boolean ``` a payload like this: ```json { "petType": "Cat", "name": "misty" } ``` will indicate that the `Cat` schema be used. Likewise this schema: ```json { "petType": "dog", "bark": "soft" } ``` will map to `Dog` because of the definition in the `mappings` element. #### XML Object A metadata object that allows for more fine-tuned XML model definitions. When using arrays, XML element names are *not* inferred (for singular/plural forms) and the `name` property SHOULD be used to add that information. See examples for expected behavior. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | Replaces the name of the element/attribute used for the described schema property. When defined within `items`, it will affect the name of the individual XML elements within the list. When defined alongside `type` being `array` (outside the `items`), it will affect the wrapping element and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. namespace | `string` | The URI of the namespace definition. Value MUST be in the form of an absolute URI. prefix | `string` | The prefix to be used for the [name](#xmlName). attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `array` (outside the `items`). This object MAY be extended with [Specification Extensions](#specification-extensions). ##### XML Object Examples The examples of the XML object definitions are included inside a property definition of a [Schema Object](#schema-object) with a sample of the XML representation of it. ###### No XML Element Basic string property: ```json { "animals": { "type": "string" } } ``` ```yaml animals: type: string ``` ```xml ... ``` Basic string array property ([`wrapped`](#xmlWrapped) is `false` by default): ```json { "animals": { "type": "array", "items": { "type": "string" } } } ``` ```yaml animals: type: array items: type: string ``` ```xml ... ... ... ``` ###### XML Name Replacement ```json { "animals": { "type": "string", "xml": { "name": "animal" } } } ``` ```yaml animals: type: string xml: name: animal ``` ```xml ... ``` ###### XML Attribute, Prefix and Namespace In this example, a full model definition is shown. ```json { "Person": { "type": "object", "properties": { "id": { "type": "integer", "format": "int32", "xml": { "attribute": true } }, "name": { "type": "string", "xml": { "namespace": "http://example.com/schema/sample", "prefix": "sample" } } } } } ``` ```yaml Person: type: object properties: id: type: integer format: int32 xml: attribute: true name: type: string xml: namespace: http://example.com/schema/sample prefix: sample ``` ```xml example ``` ###### XML Arrays Changing the element names: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } } } } ``` ```yaml animals: type: array items: type: string xml: name: animal ``` ```xml value value ``` The external `name` property has no effect on the XML: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "name": "aliens" } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: name: aliens ``` ```xml value value ``` Even when the array is wrapped, if a name is not explicitly defined, the same name will be used both internally and externally: ```json { "animals": { "type": "array", "items": { "type": "string" }, "xml": { "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: wrapped: true ``` ```xml value value ``` To overcome the naming problem in the example above, the following definition can be used: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: wrapped: true ``` ```xml value value ``` Affecting both internal and external names: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "name": "aliens", "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: name: aliens wrapped: true ``` ```xml value value ``` If we change the external element but not the internal ones: ```json { "animals": { "type": "array", "items": { "type": "string" }, "xml": { "name": "aliens", "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: aliens wrapped: true ``` ```xml value value ``` #### Security Scheme Object Defines a security scheme that can be used by the operations. Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), OAuth2's common flows (implicit, password, application and access code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [OpenID Connect Discovery](https://tools.ietf.org/html/draft-ietf-oauth-discovery-06). ##### Fixed Fields Field Name | Type | Applies To | Description ---|:---:|---|--- type | `string` | Any | **REQUIRED**. The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"oauth2"`, `"openIdConnect"`. description | `string` | Any | A short description for security scheme. [CommonMark syntax](http://spec.commonmark.org/) MAY be used for rich text representation. name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"` or `"cookie"`. scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authorization scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. flows | [OAuth Flows Object](#oauth-flows-object) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. OpenId Connect URL to discover OAuth2 configuration values. This MUST be in the form of a URL. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Security Scheme Object Example ###### Basic Authentication Sample ```json { "type": "http", "scheme": "basic" } ``` ```yaml type: http scheme: basic ``` ###### API Key Sample ```json { "type": "apiKey", "name": "api_key", "in": "header" } ``` ```yaml type: apiKey name: api_key in: header ``` ###### JWT Bearer Sample ```json { "type": "http", "scheme": "bearer", "bearerFormat": "JWT", } ``` ```yaml type: http scheme: bearer bearerFormat: JWT ``` ###### Implicit OAuth2 Sample ```json { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "https://example.com/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } } ``` ```yaml type: oauth2 flows: implicit: authorizationUrl: https://example.com/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### OAuth Flows Object Allows configuration of the supported OAuth Flows. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- implicit| [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Implicit flow password| [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Resource Owner Password flow clientCredentials| [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Client Credentials flow. Previously called `application` in OpenAPI 2.0. authorizationCode| [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Authorization Code flow. Previously called `accessCode` in OpenAPI 2.0. This object MAY be extended with [Specification Extensions](#specification-extensions). #### OAuth Flow Object Configuration details for a supported OAuth Flow ##### Fixed Fields Field Name | Type | Applies To | Description ---|:---:|---|--- authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### OAuth Flow Object Examples ```JSON { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "https://example.com/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } }, "authorizationCode": { "authorizationUrl": "https://example.com/api/oauth/dialog", "tokenUrl": "https://example.com/api/oauth/token", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } } ``` ```yaml type: oauth2 flows: implicit: authorizationUrl: https://example.com/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets authorizationCode: authorizationUrl: https://example.com/api/oauth/dialog tokenUrl: https://example.com/api/oauth/token scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### Security Requirement Object Lists the required security schemes to execute this operation. The name used for each property MUST correspond to a security scheme declared in the [Security Schemes](#componentsSecuritySchemes) under the [Components Object](#components-object). Security Requirement Objects that contain multiple schemes require that all schemes MUST be satisfied for a request to be authorized. This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information. When a list of Security Requirement Objects is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object), only one of the Security Requirement Objects in the list needs to be satisfied to authorize the request. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- {name} | [`string`] | Each name MUST correspond to a security scheme which is declared in the [Security Schemes](#componentsSecuritySchemes) under the [Components Object](#components-object). If the security scheme is of type `"oauth2"` or `"openIdConnect"`, then the value is a list of scope names required for the execution. For other security scheme types, the array MUST be empty. ##### Security Requirement Object Examples ###### Non-OAuth2 Security Requirement ```json { "api_key": [] } ``` ```yaml api_key: [] ``` ###### OAuth2 Security Requirement ```json { "petstore_auth": [ "write:pets", "read:pets" ] } ``` ```yaml petstore_auth: - write:pets - read:pets ``` ### Specification Extensions While the OpenAPI Specification tries to accommodate most use cases, additional data can be added to extend the specification at certain points. The extensions properties are implemented as patterned fields that are always prefixed by `"x-"`. Field Pattern | Type | Description ---|:---:|--- ^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be `null`, a primitive, an array or an object. Can have any valid JSON format value. The extensions may or may not be supported by the available tooling, but those may be extended as well to add requested support (if tools are internal or open-sourced). ### Security Filtering Some objects in the OpenAPI Specification MAY be declared and remain empty, or be completely removed, even though they are inherently the core of the API documentation. The reasoning is to allow an additional layer of access control over the documentation. While not part of the specification itself, certain libraries MAY choose to allow access to parts of the documentation based on some form of authentication/authorization. Two examples of this: 1. The [Paths Object](#paths-object) MAY be empty. It may be counterintuitive, but this may tell the viewer that they got to the right place, but can't access any documentation. They'd still have access to the [Info Object](#info-object) which may contain additional information regarding authentication. 2. The [Path Item Object](#path-item-object) MAY be empty. In this case, the viewer will be aware that the path exists, but will not be able to see any of its operations or parameters. This is different than hiding the path itself from the [Paths Object](#paths-object), so the user will not be aware of its existence. This allows the documentation provider to finely control what the viewer can see. ## Appendix A: Revision History Version | Date | Notes --- | --- | --- 3.0.2 | 2018-10-08 | Patch release of the OpenAPI Specification 3.0.2 3.0.1 | 2017-12-06 | Patch release of the OpenAPI Specification 3.0.1 3.0.0 | 2017-07-26 | Release of the OpenAPI Specification 3.0.0 3.0.0-rc2 | 2017-06-16 | rc2 of the 3.0 specification 3.0.0-rc1 | 2017-04-27 | rc1 of the 3.0 specification 3.0.0-rc0 | 2017-02-28 | Implementer's Draft of the 3.0 specification 2.0 | 2015-12-31 | Donation of Swagger 2.0 to the Open API Initiative 2.0 | 2014-09-08 | Release of Swagger 2.0 1.2 | 2014-03-14 | Initial release of the formal document. 1.1 | 2012-08-22 | Release of Swagger 1.1 1.0 | 2011-08-10 | First release of the Swagger Specification OpenAPI-Specification-3.2.0/versions/3.0.3-editors.md000066400000000000000000000007411506330113000220210ustar00rootroot00000000000000## Active * Darrel Miller [@darrelmiller](https://github.com/darrelmiller) * Jeremy Whitlock [@whitlockjc](https://github.com/whitlockjc) * Marsh Gardiner [@earth2marsh](https://github.com/earth2marsh) * Mike Ralphson [@MikeRalphson](https://github.com/MikeRalphson) * Ron Ratovsky [@webron](https://github.com/webron) * Uri Sarid [@usarid](https://github.com/usarid) ## Emeritus * Jason Harmon [@jharmn](https://github.com/jharmn) * Tony Tam [@fehguy](https://github.com/fehguy) OpenAPI-Specification-3.2.0/versions/3.0.3.md000066400000000000000000003644261506330113000203670ustar00rootroot00000000000000# OpenAPI Specification #### Version 3.0.3 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [BCP 14](https://tools.ietf.org/html/bcp14) [RFC2119](https://tools.ietf.org/html/rfc2119) [RFC8174](https://tools.ietf.org/html/rfc8174) when, and only when, they appear in all capitals, as shown here. This document is licensed under [The Apache License, Version 2.0](https://www.apache.org/licenses/LICENSE-2.0.html). ## Introduction The OpenAPI Specification (OAS) defines a standard, language-agnostic interface to RESTful APIs which allows both humans and computers to discover and understand the capabilities of the service without access to source code, documentation, or through network traffic inspection. When properly defined, a consumer can understand and interact with the remote service with a minimal amount of implementation logic. An OpenAPI definition can then be used by documentation generation tools to display the API, code generation tools to generate servers and clients in various programming languages, testing tools, and many other use cases. ## Table of Contents - [Definitions](#definitions) - [OpenAPI Document](#openapi-document) - [Path Templating](#path-templating) - [Media Types](#media-types) - [HTTP Status Codes](#http-status-codes) - [Specification](#specification) - [Versions](#versions) - [Format](#format) - [Document Structure](#document-structure) - [Data Types](#data-types) - [Rich Text Formatting](#rich-text-formatting) - [Relative References In URLs](#relative-references-in-urls) - [Schema](#schema) - [OpenAPI Object](#openapi-object) - [Info Object](#info-object) - [Contact Object](#contact-object) - [License Object](#license-object) - [Server Object](#server-object) - [Server Variable Object](#server-variable-object) - [Components Object](#components-object) - [Paths Object](#paths-object) - [Path Item Object](#path-item-object) - [Operation Object](#operation-object) - [External Documentation Object](#external-documentation-object) - [Parameter Object](#parameter-object) - [Request Body Object](#request-body-object) - [Media Type Object](#media-type-object) - [Encoding Object](#encoding-object) - [Responses Object](#responses-object) - [Response Object](#response-object) - [Callback Object](#callback-object) - [Example Object](#example-object) - [Link Object](#link-object) - [Header Object](#header-object) - [Tag Object](#tag-object) - [Reference Object](#reference-object) - [Schema Object](#schema-object) - [Discriminator Object](#discriminator-object) - [XML Object](#xml-object) - [Security Scheme Object](#security-scheme-object) - [OAuth Flows Object](#oauth-flows-object) - [OAuth Flow Object](#oauth-flow-object) - [Security Requirement Object](#security-requirement-object) - [Specification Extensions](#specification-extensions) - [Security Filtering](#security-filtering) - [Appendix A: Revision History](#appendix-a-revision-history) ## Definitions ##### OpenAPI Document A document (or set of documents) that defines or describes an API. An OpenAPI definition uses and conforms to the OpenAPI Specification. ##### Path Templating Path templating refers to the usage of template expressions, delimited by curly braces ({}), to mark a section of a URL path as replaceable using path parameters. Each template expression in the path MUST correspond to a path parameter that is included in the [Path Item](#path-item-object) itself and/or in each of the Path Item's [Operations](#operation-object). ##### Media Types Media type definitions are spread across several resources. The media type definitions SHOULD be in compliance with [RFC6838](https://tools.ietf.org/html/rfc6838). Some examples of possible media type definitions: ``` text/plain; charset=utf-8 application/json application/vnd.github+json application/vnd.github.v3+json application/vnd.github.v3.raw+json application/vnd.github.v3.text+json application/vnd.github.v3.html+json application/vnd.github.v3.full+json application/vnd.github.v3.diff application/vnd.github.v3.patch ``` ##### HTTP Status Codes The HTTP Status Codes are used to indicate the status of the executed operation. The available status codes are defined by [RFC7231](https://tools.ietf.org/html/rfc7231#section-6) and registered status codes are listed in the [IANA Status Code Registry](https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml). ## Specification ### Versions The OpenAPI Specification is versioned using [Semantic Versioning 2.0.0](https://semver.org/spec/v2.0.0.html) (semver) and follows the semver specification. The `major`.`minor` portion of the semver (for example `3.0`) SHALL designate the OAS feature set. Typically, *`.patch`* versions address errors in this document, not the feature set. Tooling which supports OAS 3.0 SHOULD be compatible with all OAS 3.0.\* versions. The patch version SHOULD NOT be considered by tooling, making no distinction between `3.0.0` and `3.0.1` for example. Each new minor version of the OpenAPI Specification SHALL allow any OpenAPI document that is valid against any previous minor version of the Specification, within the same major version, to be updated to the new Specification version with equivalent semantics. Such an update MUST only require changing the `openapi` property to the new minor version. For example, a valid OpenAPI 3.0.2 document, upon changing its `openapi` property to `3.1.0`, SHALL be a valid OpenAPI 3.1.0 document, semantically equivalent to the original OpenAPI 3.0.2 document. New minor versions of the OpenAPI Specification MUST be written to ensure this form of backward compatibility. An OpenAPI document compatible with OAS 3.\*.\* contains a required [`openapi`](#oasVersion) field which designates the semantic version of the OAS that it uses. (OAS 2.0 documents contain a top-level version field named [`swagger`](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#swaggerObject) and value `"2.0"`.) ### Format An OpenAPI document that conforms to the OpenAPI Specification is itself a JSON object, which may be represented either in JSON or YAML format. For example, if a field has an array value, the JSON array representation will be used: ```json { "field": [ 1, 2, 3 ] } ``` All field names in the specification are **case sensitive**. This includes all fields that are used as keys in a map, except where explicitly noted that keys are **case insensitive**. The schema exposes two types of fields: Fixed fields, which have a declared name, and Patterned fields, which declare a regex pattern for the field name. Patterned fields MUST have unique names within the containing object. In order to preserve the ability to round-trip between YAML and JSON formats, YAML version [1.2](https://yaml.org/spec/1.2/spec.html) is RECOMMENDED along with some additional constraints: - Tags MUST be limited to those allowed by the [JSON Schema ruleset](https://yaml.org/spec/1.2/spec.html#id2803231). - Keys used in YAML maps MUST be limited to a scalar string, as defined by the [YAML Failsafe schema ruleset](https://yaml.org/spec/1.2/spec.html#id2802346). **Note:** While APIs may be defined by OpenAPI documents in either YAML or JSON format, the API request and response bodies and other content are not required to be JSON or YAML. ### Document Structure An OpenAPI document MAY be made up of a single document or be divided into multiple, connected parts at the discretion of the user. In the latter case, `$ref` fields MUST be used in the specification to reference those parts as follows from the [JSON Schema](https://json-schema.org) definitions. It is RECOMMENDED that the root OpenAPI document be named: `openapi.json` or `openapi.yaml`. ### Data Types Primitive data types in the OAS are based on the types supported by the [JSON Schema Specification Wright Draft 00](https://tools.ietf.org/html/draft-wright-json-schema-00#section-4.2). Note that `integer` as a type is also supported and is defined as a JSON number without a fraction or exponent part. `null` is not supported as a type (see [`nullable`](#schemaNullable) for an alternative solution). Models are defined using the [Schema Object](#schema-object), which is an extended subset of JSON Schema Specification Wright Draft 00. Primitives have an optional modifier property: `format`. OAS uses several known formats to define in fine detail the data type being used. However, to support documentation needs, the `format` property is an open `string`-valued property, and can have any value. Formats such as `"email"`, `"uuid"`, and so on, MAY be used even though undefined by this specification. Types that are not accompanied by a `format` property follow the type definition in the JSON Schema. Tools that do not recognize a specific `format` MAY default back to the `type` alone, as if the `format` is not specified. The formats defined by the OAS are: [`type`](#data-types) | [`format`](#dataTypeFormat) | Comments ------ | -------- | -------- `integer` | `int32` | signed 32 bits `integer` | `int64` | signed 64 bits (a.k.a long) `number` | `float` | | `number` | `double` | | `string` | | | `string` | `byte` | base64 encoded characters `string` | `binary` | any sequence of octets `boolean` | | | `string` | `date` | As defined by `full-date` - [RFC3339](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6) `string` | `date-time` | As defined by `date-time` - [RFC3339](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6) `string` | `password` | A hint to UIs to obscure input. ### Rich Text Formatting Throughout the specification `description` fields are noted as supporting CommonMark markdown formatting. Where OpenAPI tooling renders rich text it MUST support, at a minimum, markdown syntax as described by [CommonMark 0.27](https://spec.commonmark.org/0.27/). Tooling MAY choose to ignore some CommonMark features to address security concerns. ### Relative References in URLs Unless specified otherwise, all properties that are URLs MAY be relative references as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-4.2). Relative references are resolved using the URLs defined in the [`Server Object`](#server-object) as a Base URI. Relative references used in `$ref` are processed as per [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03), using the URL of the current document as the base URI. See also the [Reference Object](#reference-object). ### Schema In the following description, if a field is not explicitly **REQUIRED** or described with a MUST or SHALL, it can be considered OPTIONAL. #### OpenAPI Object This is the root document object of the [OpenAPI document](#openapi-document). ##### Fixed Fields Field Name | Type | Description ---|:---:|--- openapi | `string` | **REQUIRED**. This string MUST be the [semantic version number](https://semver.org/spec/v2.0.0.html) of the [OpenAPI Specification version](#versions) that the OpenAPI document uses. The `openapi` field SHOULD be used by tooling specifications and clients to interpret the OpenAPI document. This is *not* related to the API [`info.version`](#infoVersion) string. info | [Info Object](#info-object) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` property is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#serverUrl) value of `/`. paths | [Paths Object](#paths-object) | **REQUIRED**. The available paths and operations for the API. components | [Components Object](#components-object) | An element to hold various schemas for the specification. security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. Individual operations can override this definition. To make security optional, an empty security requirement (`{}`) can be included in the array. tags | [[Tag Object](#tag-object)] | A list of tags used by the specification with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation. This object MAY be extended with [Specification Extensions](#specification-extensions). #### Info Object The object provides metadata about the API. The metadata MAY be used by the clients if needed, and MAY be presented in editing or documentation generation tools for convenience. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- title | `string` | **REQUIRED**. The title of the API. description | `string` | A short description of the API. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. termsOfService | `string` | A URL to the Terms of Service for the API. MUST be in the format of a URL. contact | [Contact Object](#contact-object) | The contact information for the exposed API. license | [License Object](#license-object) | The license information for the exposed API. version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oasVersion) or the API implementation version). This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Info Object Example ```json { "title": "Sample Pet Store App", "description": "This is a sample server for a pet store.", "termsOfService": "http://example.com/terms/", "contact": { "name": "API Support", "url": "http://www.example.com/support", "email": "support@example.com" }, "license": { "name": "Apache 2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" }, "version": "1.0.1" } ``` ```yaml title: Sample Pet Store App description: This is a sample server for a pet store. termsOfService: http://example.com/terms/ contact: name: API Support url: http://www.example.com/support email: support@example.com license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html version: 1.0.1 ``` #### Contact Object Contact information for the exposed API. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | The identifying name of the contact person/organization. url | `string` | The URL pointing to the contact information. MUST be in the format of a URL. email | `string` | The email address of the contact person/organization. MUST be in the format of an email address. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Contact Object Example ```json { "name": "API Support", "url": "http://www.example.com/support", "email": "support@example.com" } ``` ```yaml name: API Support url: http://www.example.com/support email: support@example.com ``` #### License Object License information for the exposed API. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | **REQUIRED**. The license name used for the API. url | `string` | A URL to the license used for the API. MUST be in the format of a URL. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### License Object Example ```json { "name": "Apache 2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" } ``` ```yaml name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html ``` #### Server Object An object representing a Server. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the OpenAPI document is being served. Variable substitutions will be made when a variable is named in `{`brackets`}`. description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. variables | Map[`string`, [Server Variable Object](#server-variable-object)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Server Object Example A single server would be described as: ```json { "url": "https://development.gigantic-server.com/v1", "description": "Development server" } ``` ```yaml url: https://development.gigantic-server.com/v1 description: Development server ``` The following shows how multiple servers can be described, for example, at the OpenAPI Object's [`servers`](#oasServers): ```json { "servers": [ { "url": "https://development.gigantic-server.com/v1", "description": "Development server" }, { "url": "https://staging.gigantic-server.com/v1", "description": "Staging server" }, { "url": "https://api.gigantic-server.com/v1", "description": "Production server" } ] } ``` ```yaml servers: - url: https://development.gigantic-server.com/v1 description: Development server - url: https://staging.gigantic-server.com/v1 description: Staging server - url: https://api.gigantic-server.com/v1 description: Production server ``` The following shows how variables can be used for a server configuration: ```json { "servers": [ { "url": "https://{username}.gigantic-server.com:{port}/{basePath}", "description": "The production API server", "variables": { "username": { "default": "demo", "description": "this value is assigned by the service provider, in this example `gigantic-server.com`" }, "port": { "enum": [ "8443", "443" ], "default": "8443" }, "basePath": { "default": "v2" } } } ] } ``` ```yaml servers: - url: https://{username}.gigantic-server.com:{port}/{basePath} description: The production API server variables: username: # note! no enum here means it is an open value default: demo description: this value is assigned by the service provider, in this example `gigantic-server.com` port: enum: - '8443' - '443' default: '8443' basePath: # open meaning there is the opportunity to use special base paths as assigned by the provider, default is `v2` default: v2 ``` #### Server Variable Object An object representing a Server Variable for server URL template substitution. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- enum | [`string`] | An enumeration of string values to be used if the substitution options are from a limited set. The array SHOULD NOT be empty. default | `string` | **REQUIRED**. The default value to use for substitution, which SHALL be sent if an alternate value is _not_ supplied. Note this behavior is different than the [Schema Object's](#schema-object) treatment of default values, because in those cases parameter values are optional. If the [`enum`](#serverVariableEnum) is defined, the value SHOULD exist in the enum's values. description | `string` | An optional description for the server variable. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. This object MAY be extended with [Specification Extensions](#specification-extensions). #### Components Object Holds a set of reusable objects for different aspects of the OAS. All objects defined within the components object will have no effect on the API unless they are explicitly referenced from properties outside the components object. ##### Fixed Fields Field Name | Type | Description ---|:---|--- schemas | Map[`string`, [Schema Object](#schema-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Schema Objects](#schema-object). responses | Map[`string`, [Response Object](#response-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Response Objects](#response-object). parameters | Map[`string`, [Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Parameter Objects](#parameter-object). examples | Map[`string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Example Objects](#example-object). requestBodies | Map[`string`, [Request Body Object](#request-body-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Request Body Objects](#request-body-object). headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Header Objects](#header-object). securitySchemes| Map[`string`, [Security Scheme Object](#security-scheme-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Security Scheme Objects](#security-scheme-object). links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Link Objects](#link-object). callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Callback Objects](#callback-object). This object MAY be extended with [Specification Extensions](#specification-extensions). All the fixed fields declared above are objects that MUST use keys that match the regular expression: `^[a-zA-Z0-9\.\-_]+$`. Field Name Examples: ``` User User_1 User_Name user-name my.org.User ``` ##### Components Object Example ```json "components": { "schemas": { "GeneralError": { "type": "object", "properties": { "code": { "type": "integer", "format": "int32" }, "message": { "type": "string" } } }, "Category": { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } } }, "Tag": { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } } } }, "parameters": { "skipParam": { "name": "skip", "in": "query", "description": "number of items to skip", "required": true, "schema": { "type": "integer", "format": "int32" } }, "limitParam": { "name": "limit", "in": "query", "description": "max records to return", "required": true, "schema" : { "type": "integer", "format": "int32" } } }, "responses": { "NotFound": { "description": "Entity not found." }, "IllegalInput": { "description": "Illegal input for operation." }, "GeneralError": { "description": "General Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GeneralError" } } } } }, "securitySchemes": { "api_key": { "type": "apiKey", "name": "api_key", "in": "header" }, "petstore_auth": { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "http://example.org/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } } } } ``` ```yaml components: schemas: GeneralError: type: object properties: code: type: integer format: int32 message: type: string Category: type: object properties: id: type: integer format: int64 name: type: string Tag: type: object properties: id: type: integer format: int64 name: type: string parameters: skipParam: name: skip in: query description: number of items to skip required: true schema: type: integer format: int32 limitParam: name: limit in: query description: max records to return required: true schema: type: integer format: int32 responses: NotFound: description: Entity not found. IllegalInput: description: Illegal input for operation. GeneralError: description: General Error content: application/json: schema: $ref: '#/components/schemas/GeneralError' securitySchemes: api_key: type: apiKey name: api_key in: header petstore_auth: type: oauth2 flows: implicit: authorizationUrl: http://example.org/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### Paths Object Holds the relative paths to the individual endpoints and their operations. The path is appended to the URL from the [`Server Object`](#server-object) in order to construct the full URL. The Paths MAY be empty, due to [ACL constraints](#security-filtering). ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- /{path} | [Path Item Object](#path-item-object) | A relative path to an individual endpoint. The field name MUST begin with a forward slash (`/`). The path is **appended** (no relative URL resolution) to the expanded URL from the [`Server Object`](#server-object)'s `url` field in order to construct the full URL. [Path templating](#path-templating) is allowed. When matching URLs, concrete (non-templated) paths would be matched before their templated counterparts. Templated paths with the same hierarchy but different templated names MUST NOT exist as they are identical. In case of ambiguous matching, it's up to the tooling to decide which one to use. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Path Templating Matching Assuming the following paths, the concrete definition, `/pets/mine`, will be matched first if used: ``` /pets/{petId} /pets/mine ``` The following paths are considered identical and invalid: ``` /pets/{petId} /pets/{name} ``` The following may lead to ambiguous resolution: ``` /{entity}/me /books/{id} ``` ##### Paths Object Example ```json { "/pets": { "get": { "description": "Returns all pets from the system that the user has access to", "responses": { "200": { "description": "A list of pets.", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/pet" } } } } } } } } } ``` ```yaml /pets: get: description: Returns all pets from the system that the user has access to responses: '200': description: A list of pets. content: application/json: schema: type: array items: $ref: '#/components/schemas/pet' ``` #### Path Item Object Describes the operations available on a single path. A Path Item MAY be empty, due to [ACL constraints](#security-filtering). The path itself is still exposed to the documentation viewer but they will not know which operations and parameters are available. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- $ref | `string` | Allows for an external definition of this path item. The referenced structure MUST be in the format of a [Path Item Object](#path-item-object). In case a Path Item Object field appears both in the defined object and the referenced object, the behavior is undefined. summary| `string` | An optional, string summary, intended to apply to all operations in this path. description | `string` | An optional, string description, intended to apply to all operations in this path. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. get | [Operation Object](#operation-object) | A definition of a GET operation on this path. put | [Operation Object](#operation-object) | A definition of a PUT operation on this path. post | [Operation Object](#operation-object) | A definition of a POST operation on this path. delete | [Operation Object](#operation-object) | A definition of a DELETE operation on this path. options | [Operation Object](#operation-object) | A definition of a OPTIONS operation on this path. head | [Operation Object](#operation-object) | A definition of a HEAD operation on this path. patch | [Operation Object](#operation-object) | A definition of a PATCH operation on this path. trace | [Operation Object](#operation-object) | A definition of a TRACE operation on this path. servers | [[Server Object](#server-object)] | An alternative `server` array to service all operations in this path. parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). The list can use the [Reference Object](#reference-object) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#componentsParameters). This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Path Item Object Example ```json { "get": { "description": "Returns pets based on ID", "summary": "Find pets by ID", "operationId": "getPetsById", "responses": { "200": { "description": "pet response", "content": { "*/*": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/Pet" } } } } }, "default": { "description": "error payload", "content": { "text/html": { "schema": { "$ref": "#/components/schemas/ErrorModel" } } } } } }, "parameters": [ { "name": "id", "in": "path", "description": "ID of pet to use", "required": true, "schema": { "type": "array", "items": { "type": "string" } }, "style": "simple" } ] } ``` ```yaml get: description: Returns pets based on ID summary: Find pets by ID operationId: getPetsById responses: '200': description: pet response content: '*/*' : schema: type: array items: $ref: '#/components/schemas/Pet' default: description: error payload content: 'text/html': schema: $ref: '#/components/schemas/ErrorModel' parameters: - name: id in: path description: ID of pet to use required: true schema: type: array items: type: string style: simple ``` #### Operation Object Describes a single API operation on a path. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- tags | [`string`] | A list of tags for API documentation control. Tags can be used for logical grouping of operations by resources or any other qualifier. summary | `string` | A short summary of what the operation does. description | `string` | A verbose explanation of the operation behavior. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this operation. operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. The operationId value is **case-sensitive**. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is RECOMMENDED to follow common programming naming conventions. parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for this operation. If a parameter is already defined at the [Path Item](#pathItemParameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). The list can use the [Reference Object](#reference-object) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#componentsParameters). requestBody | [Request Body Object](#request-body-object) \| [Reference Object](#reference-object) | The request body applicable for this operation. The `requestBody` is only supported in HTTP methods where the HTTP 1.1 specification [RFC7231](https://tools.ietf.org/html/rfc7231#section-4.3.1) has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague, `requestBody` SHALL be ignored by consumers. responses | [Responses Object](#responses-object) | **REQUIRED**. The list of possible responses as they are returned from executing this operation. callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callback-object) that describes a request that may be initiated by the API provider and the expected responses. deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. To make security optional, an empty security requirement (`{}`) can be included in the array. This definition overrides any declared top-level [`security`](#oasSecurity). To remove a top-level security declaration, an empty array can be used. servers | [[Server Object](#server-object)] | An alternative `server` array to service this operation. If an alternative `server` object is specified at the Path Item Object or Root level, it will be overridden by this value. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Operation Object Example ```json { "tags": [ "pet" ], "summary": "Updates a pet in the store with form data", "operationId": "updatePetWithForm", "parameters": [ { "name": "petId", "in": "path", "description": "ID of pet that needs to be updated", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/x-www-form-urlencoded": { "schema": { "type": "object", "properties": { "name": { "description": "Updated name of the pet", "type": "string" }, "status": { "description": "Updated status of the pet", "type": "string" } }, "required": ["status"] } } } }, "responses": { "200": { "description": "Pet updated.", "content": { "application/json": {}, "application/xml": {} } }, "405": { "description": "Method Not Allowed", "content": { "application/json": {}, "application/xml": {} } } }, "security": [ { "petstore_auth": [ "write:pets", "read:pets" ] } ] } ``` ```yaml tags: - pet summary: Updates a pet in the store with form data operationId: updatePetWithForm parameters: - name: petId in: path description: ID of pet that needs to be updated required: true schema: type: string requestBody: content: 'application/x-www-form-urlencoded': schema: properties: name: description: Updated name of the pet type: string status: description: Updated status of the pet type: string required: - status responses: '200': description: Pet updated. content: 'application/json': {} 'application/xml': {} '405': description: Method Not Allowed content: 'application/json': {} 'application/xml': {} security: - petstore_auth: - write:pets - read:pets ``` #### External Documentation Object Allows referencing an external resource for extended documentation. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- description | `string` | A short description of the target documentation. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. url | `string` | **REQUIRED**. The URL for the target documentation. Value MUST be in the format of a URL. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### External Documentation Object Example ```json { "description": "Find more info here", "url": "https://example.com" } ``` ```yaml description: Find more info here url: https://example.com ``` #### Parameter Object Describes a single operation parameter. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). ##### Parameter Locations There are four possible parameter locations specified by the `in` field: * path - Used together with [Path Templating](#path-templating), where the parameter value is actually part of the operation's URL. This does not include the host or base path of the API. For example, in `/items/{itemId}`, the path parameter is `itemId`. * query - Parameters that are appended to the URL. For example, in `/items?id=###`, the query parameter is `id`. * header - Custom headers that are expected as part of the request. Note that [RFC7230](https://tools.ietf.org/html/rfc7230#page-22) states header names are case insensitive. * cookie - Used to pass a specific cookie value to the API. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | **REQUIRED**. The name of the parameter. Parameter names are *case sensitive*.
  • If [`in`](#parameterIn) is `"path"`, the `name` field MUST correspond to a template expression occurring within the [path](#pathsPath) field in the [Paths Object](#paths-object). See [Path Templating](#path-templating) for further information.
  • If [`in`](#parameterIn) is `"header"` and the `name` field is `"Accept"`, `"Content-Type"` or `"Authorization"`, the parameter definition SHALL be ignored.
  • For all other cases, the `name` corresponds to the parameter name used by the [`in`](#parameterIn) property.
in | `string` | **REQUIRED**. The location of the parameter. Possible values are `"query"`, `"header"`, `"path"` or `"cookie"`. description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameterIn) is `"path"`, this property is **REQUIRED** and its value MUST be `true`. Otherwise, the property MAY be included and its default value is `false`. deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. allowEmptyValue | `boolean` | Sets the ability to pass empty-valued parameters. This is valid only for `query` parameters and allows sending a parameter with an empty value. Default value is `false`. If [`style`](#parameterStyle) is used, and if behavior is `n/a` (cannot be serialized), the value of `allowEmptyValue` SHALL be ignored. Use of this property is NOT RECOMMENDED, as it is likely to be removed in a later revision. The rules for serialization of the parameter are specified in one of two ways. For simpler scenarios, a [`schema`](#parameterSchema) and [`style`](#parameterStyle) can describe the structure and syntax of the parameter. Field Name | Type | Description ---|:---:|--- style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `query` - `form`; for `path` - `simple`; for `header` - `simple`; for `cookie` - `form`. explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this property has no effect. When [`style`](#parameterStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. allowReserved | `boolean` | Determines whether the parameter value SHOULD allow reserved characters, as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-2.2) `:/?#[]@!$&'()*+,;=` to be included without percent-encoding. This property only applies to parameters with an `in` value of `query`. The default value is `false`. schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the parameter. example | Any | Example of the parameter's potential value. The example SHOULD match the specified schema and encoding properties if present. The `example` field is mutually exclusive of the `examples` field. Furthermore, if referencing a `schema` that contains an example, the `example` value SHALL _override_ the example provided by the schema. To represent examples of media types that cannot naturally be represented in JSON or YAML, a string value can contain the example with escaping where necessary. examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the parameter's potential value. Each example SHOULD contain a value in the correct format as specified in the parameter encoding. The `examples` field is mutually exclusive of the `example` field. Furthermore, if referencing a `schema` that contains an example, the `examples` value SHALL _override_ the example provided by the schema. For more complex scenarios, the [`content`](#parameterContent) property can define the media type and schema of the parameter. A parameter MUST contain either a `schema` property, or a `content` property, but not both. When `example` or `examples` are provided in conjunction with the `schema` object, the example MUST follow the prescribed serialization strategy for the parameter. Field Name | Type | Description ---|:---:|--- content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing the representations for the parameter. The key is the media type and the value describes it. The map MUST only contain one entry. ##### Style Values In order to support common ways of serializing simple parameters, a set of `style` values are defined. `style` | [`type`](#data-types) | `in` | Comments ----------- | ------ | -------- | -------- matrix | `primitive`, `array`, `object` | `path` | Path-style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.7) label | `primitive`, `array`, `object` | `path` | Label style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.5) form | `primitive`, `array`, `object` | `query`, `cookie` | Form style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.8). This option replaces `collectionFormat` with a `csv` (when `explode` is false) or `multi` (when `explode` is true) value from OpenAPI 2.0. simple | `array` | `path`, `header` | Simple style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.2). This option replaces `collectionFormat` with a `csv` value from OpenAPI 2.0. spaceDelimited | `array` | `query` | Space separated array values. This option replaces `collectionFormat` equal to `ssv` from OpenAPI 2.0. pipeDelimited | `array` | `query` | Pipe separated array values. This option replaces `collectionFormat` equal to `pipes` from OpenAPI 2.0. deepObject | `object` | `query` | Provides a simple way of rendering nested objects using form parameters. ##### Style Examples Assume a parameter named `color` has one of the following values: ``` string -> "blue" array -> ["blue","black","brown"] object -> { "R": 100, "G": 200, "B": 150 } ``` The following table shows examples of rendering differences for each value. [`style`](#dataTypeFormat) | `explode` | `empty` | `string` | `array` | `object` ----------- | ------ | -------- | -------- | -------- | ------- matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 label | false | . | .blue | .blue.black.brown | .R.100.G.200.B.150 label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 form | false | color= | color=blue | color=blue,black,brown | color=R,100,G,200,B,150 form | true | color= | color=blue | color=blue&color=black&color=brown | R=100&G=200&B=150 simple | false | n/a | blue | blue,black,brown | R,100,G,200,B,150 simple | true | n/a | blue | blue,black,brown | R=100,G=200,B=150 spaceDelimited | false | n/a | n/a | blue%20black%20brown | R%20100%20G%20200%20B%20150 pipeDelimited | false | n/a | n/a | blue\|black\|brown | R\|100\|G\|200\|B\|150 deepObject | true | n/a | n/a | n/a | color[R]=100&color[G]=200&color[B]=150 This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Parameter Object Examples A header parameter with an array of 64 bit integer numbers: ```json { "name": "token", "in": "header", "description": "token to be passed as a header", "required": true, "schema": { "type": "array", "items": { "type": "integer", "format": "int64" } }, "style": "simple" } ``` ```yaml name: token in: header description: token to be passed as a header required: true schema: type: array items: type: integer format: int64 style: simple ``` A path parameter of a string value: ```json { "name": "username", "in": "path", "description": "username to fetch", "required": true, "schema": { "type": "string" } } ``` ```yaml name: username in: path description: username to fetch required: true schema: type: string ``` An optional query parameter of a string value, allowing multiple values by repeating the query parameter: ```json { "name": "id", "in": "query", "description": "ID of the object to fetch", "required": false, "schema": { "type": "array", "items": { "type": "string" } }, "style": "form", "explode": true } ``` ```yaml name: id in: query description: ID of the object to fetch required: false schema: type: array items: type: string style: form explode: true ``` A free-form query parameter, allowing undefined parameters of a specific type: ```json { "in": "query", "name": "freeForm", "schema": { "type": "object", "additionalProperties": { "type": "integer" }, }, "style": "form" } ``` ```yaml in: query name: freeForm schema: type: object additionalProperties: type: integer style: form ``` A complex parameter using `content` to define serialization: ```json { "in": "query", "name": "coordinates", "content": { "application/json": { "schema": { "type": "object", "required": [ "lat", "long" ], "properties": { "lat": { "type": "number" }, "long": { "type": "number" } } } } } } ``` ```yaml in: query name: coordinates content: application/json: schema: type: object required: - lat - long properties: lat: type: number long: type: number ``` #### Request Body Object Describes a single request body. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- description | `string` | A brief description of the request body. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. content | Map[`string`, [Media Type Object](#media-type-object)] | **REQUIRED**. The content of the request body. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For requests that match multiple keys, only the most specific key is applicable. e.g. text/plain overrides text/* required | `boolean` | Determines if the request body is required in the request. Defaults to `false`. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Request Body Examples A request body with a referenced model definition. ```json { "description": "user to add to the system", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/User" }, "examples": { "user" : { "summary": "User Example", "externalValue": "http://foo.bar/examples/user-example.json" } } }, "application/xml": { "schema": { "$ref": "#/components/schemas/User" }, "examples": { "user" : { "summary": "User example in XML", "externalValue": "http://foo.bar/examples/user-example.xml" } } }, "text/plain": { "examples": { "user" : { "summary": "User example in Plain text", "externalValue": "http://foo.bar/examples/user-example.txt" } } }, "*/*": { "examples": { "user" : { "summary": "User example in other format", "externalValue": "http://foo.bar/examples/user-example.whatever" } } } } } ``` ```yaml description: user to add to the system content: 'application/json': schema: $ref: '#/components/schemas/User' examples: user: summary: User Example externalValue: 'http://foo.bar/examples/user-example.json' 'application/xml': schema: $ref: '#/components/schemas/User' examples: user: summary: User Example in XML externalValue: 'http://foo.bar/examples/user-example.xml' 'text/plain': examples: user: summary: User example in text plain format externalValue: 'http://foo.bar/examples/user-example.txt' '*/*': examples: user: summary: User example in other format externalValue: 'http://foo.bar/examples/user-example.whatever' ``` A body parameter that is an array of string values: ```json { "description": "user to add to the system", "content": { "text/plain": { "schema": { "type": "array", "items": { "type": "string" } } } } } ``` ```yaml description: user to add to the system required: true content: text/plain: schema: type: array items: type: string ``` #### Media Type Object Each Media Type Object provides schema and examples for the media type identified by its key. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the content of the request, response, or parameter. example | Any | Example of the media type. The example object SHOULD be in the correct format as specified by the media type. The `example` field is mutually exclusive of the `examples` field. Furthermore, if referencing a `schema` which contains an example, the `example` value SHALL _override_ the example provided by the schema. examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the media type. Each example object SHOULD match the media type and specified schema if present. The `examples` field is mutually exclusive of the `example` field. Furthermore, if referencing a `schema` which contains an example, the `examples` value SHALL _override_ the example provided by the schema. encoding | Map[`string`, [Encoding Object](#encoding-object)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The encoding object SHALL only apply to `requestBody` objects when the media type is `multipart` or `application/x-www-form-urlencoded`. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Media Type Examples ```json { "application/json": { "schema": { "$ref": "#/components/schemas/Pet" }, "examples": { "cat" : { "summary": "An example of a cat", "value": { "name": "Fluffy", "petType": "Cat", "color": "White", "gender": "male", "breed": "Persian" } }, "dog": { "summary": "An example of a dog with a cat's name", "value" : { "name": "Puma", "petType": "Dog", "color": "Black", "gender": "Female", "breed": "Mixed" }, "frog": { "$ref": "#/components/examples/frog-example" } } } } } ``` ```yaml application/json: schema: $ref: "#/components/schemas/Pet" examples: cat: summary: An example of a cat value: name: Fluffy petType: Cat color: White gender: male breed: Persian dog: summary: An example of a dog with a cat's name value: name: Puma petType: Dog color: Black gender: Female breed: Mixed frog: $ref: "#/components/examples/frog-example" ``` ##### Considerations for File Uploads In contrast with the 2.0 specification, `file` input/output content in OpenAPI is described with the same semantics as any other schema type. Specifically: ```yaml # content transferred with base64 encoding schema: type: string format: base64 ``` ```yaml # content transferred in binary (octet-stream): schema: type: string format: binary ``` These examples apply to either input payloads of file uploads or response payloads. A `requestBody` for submitting a file in a `POST` operation may look like the following example: ```yaml requestBody: content: application/octet-stream: schema: # a binary file of any type type: string format: binary ``` In addition, specific media types MAY be specified: ```yaml # multiple, specific media types may be specified: requestBody: content: # a binary file of type png or jpeg 'image/jpeg': schema: type: string format: binary 'image/png': schema: type: string format: binary ``` To upload multiple files, a `multipart` media type MUST be used: ```yaml requestBody: content: multipart/form-data: schema: properties: # The property name 'file' will be used for all files. file: type: array items: type: string format: binary ``` ##### Support for x-www-form-urlencoded Request Bodies To submit content using form url encoding via [RFC1866](https://tools.ietf.org/html/rfc1866), the following definition may be used: ```yaml requestBody: content: application/x-www-form-urlencoded: schema: type: object properties: id: type: string format: uuid address: # complex types are stringified to support RFC 1866 type: object properties: {} ``` In this example, the contents in the `requestBody` MUST be stringified per [RFC1866](https://tools.ietf.org/html/rfc1866/) when passed to the server. In addition, the `address` field complex object will be stringified. When passing complex objects in the `application/x-www-form-urlencoded` content type, the default serialization strategy of such properties is described in the [`Encoding Object`](#encoding-object)'s [`style`](#encodingStyle) property as `form`. ##### Special Considerations for `multipart` Content It is common to use `multipart/form-data` as a `Content-Type` when transferring request bodies to operations. In contrast to 2.0, a `schema` is REQUIRED to define the input parameters to the operation when using `multipart` content. This supports complex structures as well as supporting mechanisms for multiple file uploads. When passing in `multipart` types, boundaries MAY be used to separate sections of the content being transferred — thus, the following default `Content-Type`s are defined for `multipart`: * If the property is a primitive, or an array of primitive values, the default Content-Type is `text/plain` * If the property is complex, or an array of complex values, the default Content-Type is `application/json` * If the property is a `type: string` with `format: binary` or `format: base64` (aka a file object), the default Content-Type is `application/octet-stream` Examples: ```yaml requestBody: content: multipart/form-data: schema: type: object properties: id: type: string format: uuid address: # default Content-Type for objects is `application/json` type: object properties: {} profileImage: # default Content-Type for string/binary is `application/octet-stream` type: string format: binary children: # default Content-Type for arrays is based on the `inner` type (text/plain here) type: array items: type: string addresses: # default Content-Type for arrays is based on the `inner` type (object shown, so `application/json` in this example) type: array items: type: '#/components/schemas/Address' ``` An `encoding` attribute is introduced to give you control over the serialization of parts of `multipart` request bodies. This attribute is _only_ applicable to `multipart` and `application/x-www-form-urlencoded` request bodies. #### Encoding Object A single encoding definition applied to a single schema property. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- contentType | `string` | The Content-Type for encoding a specific property. Default value depends on the property type: for `string` with `format` being `binary` – `application/octet-stream`; for other primitive types – `text/plain`; for `object` - `application/json`; for `array` – the default is defined based on the inner type. The value can be a specific media type (e.g. `application/json`), a wildcard media type (e.g. `image/*`), or a comma-separated list of the two types. headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | A map allowing additional information to be provided as headers, for example `Content-Disposition`. `Content-Type` is described separately and SHALL be ignored in this section. This property SHALL be ignored if the request body media type is not a `multipart`. style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameter-object) for details on the [`style`](#parameterStyle) property. The behavior follows the same values as `query` parameters, including default values. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encodingStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. allowReserved | `boolean` | Determines whether the parameter value SHOULD allow reserved characters, as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-2.2) `:/?#[]@!$&'()*+,;=` to be included without percent-encoding. The default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Encoding Object Example ```yaml requestBody: content: multipart/mixed: schema: type: object properties: id: # default is text/plain type: string format: uuid address: # default is application/json type: object properties: {} historyMetadata: # need to declare XML format! description: metadata in XML format type: object properties: {} profileImage: # default is application/octet-stream, need to declare an image type only! type: string format: binary encoding: historyMetadata: # require XML Content-Type in utf-8 encoding contentType: application/xml; charset=utf-8 profileImage: # only accept png/jpeg contentType: image/png, image/jpeg headers: X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: integer ``` #### Responses Object A container for the expected responses of an operation. The container maps a HTTP response code to the expected response. The documentation is not necessarily expected to cover all possible HTTP response codes because they may not be known in advance. However, documentation is expected to cover a successful operation response and any known errors. The `default` MAY be used as a default response object for all HTTP codes that are not covered individually by the specification. The `Responses Object` MUST contain at least one response code, and it SHOULD be the response for a successful operation call. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- default | [Response Object](#response-object) \| [Reference Object](#reference-object) | The documentation of responses other than the ones declared for specific HTTP response codes. Use this field to cover undeclared responses. A [Reference Object](#reference-object) can link to a response that the [OpenAPI Object's components/responses](#componentsResponses) section defines. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- [HTTP Status Code](#http-status-codes) | [Response Object](#response-object) \| [Reference Object](#reference-object) | Any [HTTP status code](#http-status-codes) can be used as the property name, but only one property per code, to describe the expected response for that HTTP status code. A [Reference Object](#reference-object) can link to a response that is defined in the [OpenAPI Object's components/responses](#componentsResponses) section. This field MUST be enclosed in quotation marks (for example, "200") for compatibility between JSON and YAML. To define a range of response codes, this field MAY contain the uppercase wildcard character `X`. For example, `2XX` represents all response codes between `[200-299]`. Only the following range definitions are allowed: `1XX`, `2XX`, `3XX`, `4XX`, and `5XX`. If a response is defined using an explicit code, the explicit code definition takes precedence over the range definition for that code. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Responses Object Example A 200 response for a successful operation and a default response for others (implying an error): ```json { "200": { "description": "a pet to be returned", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Pet" } } } }, "default": { "description": "Unexpected error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorModel" } } } } } ``` ```yaml '200': description: a pet to be returned content: application/json: schema: $ref: '#/components/schemas/Pet' default: description: Unexpected error content: application/json: schema: $ref: '#/components/schemas/ErrorModel' ``` #### Response Object Describes a single response from an API Operation, including design-time, static `links` to operations based on the response. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- description | `string` | **REQUIRED**. A short description of the response. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#page-22) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing descriptions of potential response payloads. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For responses that match multiple keys, only the most specific key is applicable. e.g. text/plain overrides text/* links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#components-object). This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Response Object Examples Response of an array of a complex type: ```json { "description": "A complex object array response", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/VeryComplexType" } } } } } ``` ```yaml description: A complex object array response content: application/json: schema: type: array items: $ref: '#/components/schemas/VeryComplexType' ``` Response with a string type: ```json { "description": "A simple string response", "content": { "text/plain": { "schema": { "type": "string" } } } } ``` ```yaml description: A simple string response content: text/plain: schema: type: string ``` Plain text response with headers: ```json { "description": "A simple string response", "content": { "text/plain": { "schema": { "type": "string", "example": "whoa!" } } }, "headers": { "X-Rate-Limit-Limit": { "description": "The number of allowed requests in the current period", "schema": { "type": "integer" } }, "X-Rate-Limit-Remaining": { "description": "The number of remaining requests in the current period", "schema": { "type": "integer" } }, "X-Rate-Limit-Reset": { "description": "The number of seconds left in the current period", "schema": { "type": "integer" } } } } ``` ```yaml description: A simple string response content: text/plain: schema: type: string example: 'whoa!' headers: X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: integer X-Rate-Limit-Remaining: description: The number of remaining requests in the current period schema: type: integer X-Rate-Limit-Reset: description: The number of seconds left in the current period schema: type: integer ``` Response with no return value: ```json { "description": "object created" } ``` ```yaml description: object created ``` #### Callback Object A map of possible out-of band callbacks related to the parent operation. Each value in the map is a [Path Item Object](#path-item-object) that describes a set of requests that may be initiated by the API provider and the expected responses. The key value used to identify the path item object is an expression, evaluated at runtime, that identifies a URL to use for the callback operation. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- {expression} | [Path Item Object](#path-item-object) | A Path Item Object used to define a callback request and expected responses. A [complete example](../examples/v3.0/callback-example.yaml) is available. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Key Expression The key that identifies the [Path Item Object](#path-item-object) is a [runtime expression](#runtime-expressions) that can be evaluated in the context of a runtime HTTP request/response to identify the URL to be used for the callback request. A simple example might be `$request.body#/url`. However, using a [runtime expression](#runtime-expressions) the complete HTTP message can be accessed. This includes accessing any part of a body that a JSON Pointer [RFC6901](https://tools.ietf.org/html/rfc6901) can reference. For example, given the following HTTP request: ```http POST /subscribe/myevent?queryUrl=http://clientdomain.com/stillrunning HTTP/1.1 Host: example.org Content-Type: application/json Content-Length: 187 { "failedUrl" : "http://clientdomain.com/failed", "successUrls" : [ "http://clientdomain.com/fast", "http://clientdomain.com/medium", "http://clientdomain.com/slow" ] } 201 Created Location: http://example.org/subscription/1 ``` The following examples show how the various expressions evaluate, assuming the callback operation has a path parameter named `eventType` and a query parameter named `queryUrl`. Expression | Value ---|:--- $url | http://example.org/subscribe/myevent?queryUrl=http://clientdomain.com/stillrunning $method | POST $request.path.eventType | myevent $request.query.queryUrl | http://clientdomain.com/stillrunning $request.header.content-Type | application/json $request.body#/failedUrl | http://clientdomain.com/failed $request.body#/successUrls/2 | http://clientdomain.com/medium $response.header.Location | http://example.org/subscription/1 ##### Callback Object Examples The following example uses the user provided `queryUrl` query string parameter to define the callback URL. This is an example of how to use a callback object to describe a WebHook callback that goes with the subscription operation to enable registering for the WebHook. ```yaml myCallback: '{$request.query.queryUrl}': post: requestBody: description: Callback payload content: 'application/json': schema: $ref: '#/components/schemas/SomePayload' responses: '200': description: callback successfully processed ``` The following example shows a callback where the server is hard-coded, but the query string parameters are populated from the `id` and `email` property in the request body. ```yaml transactionCallback: 'http://notificationServer.com?transactionId={$request.body#/id}&email={$request.body#/email}': post: requestBody: description: Callback payload content: 'application/json': schema: $ref: '#/components/schemas/SomePayload' responses: '200': description: callback successfully processed ``` #### Example Object ##### Fixed Fields Field Name | Type | Description ---|:---:|--- summary | `string` | Short description for the example. description | `string` | Long description for the example. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. value | Any | Embedded literal example. The `value` field and `externalValue` field are mutually exclusive. To represent examples of media types that cannot naturally represented in JSON or YAML, use a string value to contain the example, escaping where necessary. externalValue | `string` | A URL that points to the literal example. This provides the capability to reference examples that cannot easily be included in JSON or YAML documents. The `value` field and `externalValue` field are mutually exclusive. This object MAY be extended with [Specification Extensions](#specification-extensions). In all cases, the example value is expected to be compatible with the type schema of its associated value. Tooling implementations MAY choose to validate compatibility automatically, and reject the example value(s) if incompatible. ##### Example Object Examples In a request body: ```yaml requestBody: content: 'application/json': schema: $ref: '#/components/schemas/Address' examples: foo: summary: A foo example value: {"foo": "bar"} bar: summary: A bar example value: {"bar": "baz"} 'application/xml': examples: xmlExample: summary: This is an example in XML externalValue: 'http://example.org/examples/address-example.xml' 'text/plain': examples: textExample: summary: This is a text example externalValue: 'http://foo.bar/examples/address-example.txt' ``` In a parameter: ```yaml parameters: - name: 'zipCode' in: 'query' schema: type: 'string' format: 'zip-code' examples: zip-example: $ref: '#/components/examples/zip-example' ``` In a response: ```yaml responses: '200': description: your car appointment has been booked content: application/json: schema: $ref: '#/components/schemas/SuccessResponse' examples: confirmation-success: $ref: '#/components/examples/confirmation-success' ``` #### Link Object The `Link object` represents a possible design-time link for a response. The presence of a link does not guarantee the caller's ability to successfully invoke it, rather it provides a known relationship and traversal mechanism between responses and other operations. Unlike _dynamic_ links (i.e. links provided **in** the response payload), the OAS linking mechanism does not require link information in the runtime response. For computing links, and providing instructions to execute them, a [runtime expression](#runtime-expressions) is used for accessing values in an operation and using them as parameters while invoking the linked operation. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- operationRef | `string` | A relative or absolute URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operation-object). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operation-object) in the OpenAPI definition. operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. parameters | Map[`string`, Any \| [{expression}](#runtime-expressions)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used, whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. The parameter name can be qualified using the [parameter location](#parameterIn) `[{in}.]{name}` for operations that use the same parameter name in different locations (e.g. path.id). requestBody | Any \| [{expression}](#runtime-expressions) | A literal value or [{expression}](#runtime-expressions) to use as a request body when calling the target operation. description | `string` | A description of the link. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. server | [Server Object](#server-object) | A server object to be used by the target operation. This object MAY be extended with [Specification Extensions](#specification-extensions). A linked operation MUST be identified using either an `operationRef` or `operationId`. In the case of an `operationId`, it MUST be unique and resolved in the scope of the OAS document. Because of the potential for name clashes, the `operationRef` syntax is preferred for specifications with external references. ##### Examples Computing a link from a request operation where the `$request.path.id` is used to pass a request parameter to the linked operation. ```yaml paths: /users/{id}: parameters: - name: id in: path required: true description: the user identifier, as userId schema: type: string get: responses: '200': description: the user being returned content: application/json: schema: type: object properties: uuid: # the unique user id type: string format: uuid links: address: # the target link operationId operationId: getUserAddress parameters: # get the `id` field from the request path parameter named `id` userId: $request.path.id # the path item of the linked operation /users/{userid}/address: parameters: - name: userid in: path required: true description: the user identifier, as userId schema: type: string # linked operation get: operationId: getUserAddress responses: '200': description: the user's address ``` When a runtime expression fails to evaluate, no parameter value is passed to the target operation. Values from the response body can be used to drive a linked operation. ```yaml links: address: operationId: getUserAddressByUUID parameters: # get the `uuid` field from the `uuid` field in the response body userUuid: $response.body#/uuid ``` Clients follow all links at their discretion. Neither permissions, nor the capability to make a successful call to that link, is guaranteed solely by the existence of a relationship. ##### OperationRef Examples As references to `operationId` MAY NOT be possible (the `operationId` is an optional field in an [Operation Object](#operation-object)), references MAY also be made through a relative `operationRef`: ```yaml links: UserRepositories: # returns array of '#/components/schemas/repository' operationRef: '#/paths/~12.0~1repositories~1{username}/get' parameters: username: $response.body#/username ``` or an absolute `operationRef`: ```yaml links: UserRepositories: # returns array of '#/components/schemas/repository' operationRef: 'https://na2.gigantic-server.com/#/paths/~12.0~1repositories~1{username}/get' parameters: username: $response.body#/username ``` Note that in the use of `operationRef`, the _escaped forward-slash_ is necessary when using JSON references. ##### Runtime Expressions Runtime expressions allow defining values based on information that will only be available within the HTTP message in an actual API call. This mechanism is used by [Link Objects](#link-object) and [Callback Objects](#callback-object). The runtime expression is defined by the following [ABNF](https://tools.ietf.org/html/rfc5234) syntax ```abnf expression = ( "$url" / "$method" / "$statusCode" / "$request." source / "$response." source ) source = ( header-reference / query-reference / path-reference / body-reference ) header-reference = "header." token query-reference = "query." name path-reference = "path." name body-reference = "body" ["#" json-pointer ] json-pointer = *( "/" reference-token ) reference-token = *( unescaped / escaped ) unescaped = %x00-2E / %x30-7D / %x7F-10FFFF ; %x2F ('/') and %x7E ('~') are excluded from 'unescaped' escaped = "~" ( "0" / "1" ) ; representing '~' and '/', respectively name = *( CHAR ) token = 1*tchar tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA ``` Here, `json-pointer` is taken from [RFC 6901](https://tools.ietf.org/html/rfc6901), `char` from [RFC 7159](https://tools.ietf.org/html/rfc7159#section-7) and `token` from [RFC 7230](https://tools.ietf.org/html/rfc7230#section-3.2.6). The `name` identifier is case-sensitive, whereas `token` is not. The table below provides examples of runtime expressions and examples of their use in a value: ##### Examples Source Location | example expression | notes ---|:---|:---| HTTP Method | `$method` | The allowable values for the `$method` will be those for the HTTP operation. Requested media type | `$request.header.accept` | Request parameter | `$request.path.id` | Request parameters MUST be declared in the `parameters` section of the parent operation or they cannot be evaluated. This includes request headers. Request body property | `$request.body#/user/uuid` | In operations which accept payloads, references may be made to portions of the `requestBody` or the entire body. Request URL | `$url` | Response value | `$response.body#/status` | In operations which return payloads, references may be made to portions of the response body or the entire body. Response header | `$response.header.Server` | Single header values only are available Runtime expressions preserve the type of the referenced value. Expressions can be embedded into string values by surrounding the expression with `{}` curly braces. #### Header Object The Header Object follows the structure of the [Parameter Object](#parameter-object) with the following changes: 1. `name` MUST NOT be specified, it is given in the corresponding `headers` map. 1. `in` MUST NOT be specified, it is implicitly in `header`. 1. All traits that are affected by the location MUST be applicable to a location of `header` (for example, [`style`](#parameterStyle)). ##### Header Object Example A simple header of type `integer`: ```json { "description": "The number of allowed requests in the current period", "schema": { "type": "integer" } } ``` ```yaml description: The number of allowed requests in the current period schema: type: integer ``` #### Tag Object Adds metadata to a single tag that is used by the [Operation Object](#operation-object). It is not mandatory to have a Tag Object per tag defined in the Operation Object instances. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | **REQUIRED**. The name of the tag. description | `string` | A short description for the tag. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this tag. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Tag Object Example ```json { "name": "pet", "description": "Pets operations" } ``` ```yaml name: pet description: Pets operations ``` #### Reference Object A simple object to allow referencing other components in the specification, internally and externally. The Reference Object is defined by [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03) and follows the same structure, behavior and rules. For this specification, reference resolution is accomplished as defined by the JSON Reference specification and not by the JSON Schema specification. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- $ref | `string` | **REQUIRED**. The reference string. This object cannot be extended with additional properties and any properties added SHALL be ignored. ##### Reference Object Example ```json { "$ref": "#/components/schemas/Pet" } ``` ```yaml $ref: '#/components/schemas/Pet' ``` ##### Relative Schema Document Example ```json { "$ref": "Pet.json" } ``` ```yaml $ref: Pet.yaml ``` ##### Relative Documents With Embedded Schema Example ```json { "$ref": "definitions.json#/Pet" } ``` ```yaml $ref: definitions.yaml#/Pet ``` #### Schema Object The Schema Object allows the definition of input and output data types. These types can be objects, but also primitives and arrays. This object is an extended subset of the [JSON Schema Specification Wright Draft 00](https://json-schema.org/). For more information about the properties, see [JSON Schema Core](https://tools.ietf.org/html/draft-wright-json-schema-00) and [JSON Schema Validation](https://tools.ietf.org/html/draft-wright-json-schema-validation-00). Unless stated otherwise, the property definitions follow the JSON Schema. ##### Properties The following properties are taken directly from the JSON Schema definition and follow the same specifications: - title - multipleOf - maximum - exclusiveMaximum - minimum - exclusiveMinimum - maxLength - minLength - pattern (This string SHOULD be a valid regular expression, according to the [Ecma-262 Edition 5.1 regular expression](https://www.ecma-international.org/ecma-262/5.1/#sec-15.10.1) dialect) - maxItems - minItems - uniqueItems - maxProperties - minProperties - required - enum The following properties are taken from the JSON Schema definition but their definitions were adjusted to the OpenAPI Specification. - type - Value MUST be a string. Multiple types via an array are not supported. - allOf - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. - oneOf - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. - anyOf - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. - not - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. - items - Value MUST be an object and not an array. Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. `items` MUST be present if the `type` is `array`. - properties - Property definitions MUST be a [Schema Object](#schema-object) and not a standard JSON Schema (inline or referenced). - additionalProperties - Value can be boolean or object. Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. Consistent with JSON Schema, `additionalProperties` defaults to `true`. - description - [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. - format - See [Data Type Formats](#dataTypeFormat) for further details. While relying on JSON Schema's defined formats, the OAS offers a few additional predefined formats. - default - The default value represents what would be assumed by the consumer of the input as the value of the schema if one is not provided. Unlike JSON Schema, the value MUST conform to the defined type for the Schema Object defined at the same level. For example, if `type` is `string`, then `default` can be `"foo"` but cannot be `1`. Alternatively, any time a Schema Object can be used, a [Reference Object](#reference-object) can be used in its place. This allows referencing definitions instead of defining them inline. Additional properties defined by the JSON Schema specification that are not mentioned here are strictly unsupported. Other than the JSON Schema subset fields, the following fields MAY be used for further schema documentation: ##### Fixed Fields Field Name | Type | Description ---|:---:|--- nullable | `boolean` | A `true` value adds `"null"` to the allowed type specified by the `type` keyword, only if `type` is explicitly defined within the same Schema Object. Other Schema Object constraints retain their defined behavior, and therefore may disallow the use of `null` as a value. A `false` value leaves the specified or default `type` unmodified. The default value is `false`. discriminator | [Discriminator Object](#discriminator-object) | Adds support for polymorphism. The discriminator is an object name that is used to differentiate between other schemas which may satisfy the payload description. See [Composition and Inheritance](#composition-and-inheritance-polymorphism) for more details. readOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. writeOnly | `boolean` | Relevant only for Schema `"properties"` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. xml | [XML Object](#xml-object) | This MAY be used only on properties schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this schema. example | Any | A free-form property to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary. deprecated | `boolean` | Specifies that a schema is deprecated and SHOULD be transitioned out of usage. Default value is `false`. This object MAY be extended with [Specification Extensions](#specification-extensions). ###### Composition and Inheritance (Polymorphism) The OpenAPI Specification allows combining and extending model definitions using the `allOf` property of JSON Schema, in effect offering model composition. `allOf` takes an array of object definitions that are validated *independently* but together compose a single object. While composition offers model extensibility, it does not imply a hierarchy between the models. To support polymorphism, the OpenAPI Specification adds the `discriminator` field. When used, the `discriminator` will be the name of the property that decides which schema definition validates the structure of the model. As such, the `discriminator` field MUST be a required field. There are two ways to define the value of a discriminator for an inheriting instance. - Use the schema name. - Override the schema name by overriding the property with a new value. If a new value exists, this takes precedence over the schema name. As such, inline schema definitions, which do not have a given id, *cannot* be used in polymorphism. ###### XML Modeling The [xml](#schemaXml) property allows extra definitions when translating the JSON definition to XML. The [XML Object](#xml-object) contains additional information about the available options. ##### Schema Object Examples ###### Primitive Sample ```json { "type": "string", "format": "email" } ``` ```yaml type: string format: email ``` ###### Simple Model ```json { "type": "object", "required": [ "name" ], "properties": { "name": { "type": "string" }, "address": { "$ref": "#/components/schemas/Address" }, "age": { "type": "integer", "format": "int32", "minimum": 0 } } } ``` ```yaml type: object required: - name properties: name: type: string address: $ref: '#/components/schemas/Address' age: type: integer format: int32 minimum: 0 ``` ###### Model with Map/Dictionary Properties For a simple string to string mapping: ```json { "type": "object", "additionalProperties": { "type": "string" } } ``` ```yaml type: object additionalProperties: type: string ``` For a string to model mapping: ```json { "type": "object", "additionalProperties": { "$ref": "#/components/schemas/ComplexModel" } } ``` ```yaml type: object additionalProperties: $ref: '#/components/schemas/ComplexModel' ``` ###### Model with Example ```json { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } }, "required": [ "name" ], "example": { "name": "Puma", "id": 1 } } ``` ```yaml type: object properties: id: type: integer format: int64 name: type: string required: - name example: name: Puma id: 1 ``` ###### Models with Composition ```json { "components": { "schemas": { "ErrorModel": { "type": "object", "required": [ "message", "code" ], "properties": { "message": { "type": "string" }, "code": { "type": "integer", "minimum": 100, "maximum": 600 } } }, "ExtendedErrorModel": { "allOf": [ { "$ref": "#/components/schemas/ErrorModel" }, { "type": "object", "required": [ "rootCause" ], "properties": { "rootCause": { "type": "string" } } } ] } } } } ``` ```yaml components: schemas: ErrorModel: type: object required: - message - code properties: message: type: string code: type: integer minimum: 100 maximum: 600 ExtendedErrorModel: allOf: - $ref: '#/components/schemas/ErrorModel' - type: object required: - rootCause properties: rootCause: type: string ``` ###### Models with Polymorphism Support ```json { "components": { "schemas": { "Pet": { "type": "object", "discriminator": { "propertyName": "petType" }, "properties": { "name": { "type": "string" }, "petType": { "type": "string" } }, "required": [ "name", "petType" ] }, "Cat": { "description": "A representation of a cat. Note that `Cat` will be used as the discriminator value.", "allOf": [ { "$ref": "#/components/schemas/Pet" }, { "type": "object", "properties": { "huntingSkill": { "type": "string", "description": "The measured skill for hunting", "default": "lazy", "enum": [ "clueless", "lazy", "adventurous", "aggressive" ] } }, "required": [ "huntingSkill" ] } ] }, "Dog": { "description": "A representation of a dog. Note that `Dog` will be used as the discriminator value.", "allOf": [ { "$ref": "#/components/schemas/Pet" }, { "type": "object", "properties": { "packSize": { "type": "integer", "format": "int32", "description": "the size of the pack the dog is from", "default": 0, "minimum": 0 } }, "required": [ "packSize" ] } ] } } } } ``` ```yaml components: schemas: Pet: type: object discriminator: propertyName: petType properties: name: type: string petType: type: string required: - name - petType Cat: ## "Cat" will be used as the discriminator value description: A representation of a cat allOf: - $ref: '#/components/schemas/Pet' - type: object properties: huntingSkill: type: string description: The measured skill for hunting enum: - clueless - lazy - adventurous - aggressive required: - huntingSkill Dog: ## "Dog" will be used as the discriminator value description: A representation of a dog allOf: - $ref: '#/components/schemas/Pet' - type: object properties: packSize: type: integer format: int32 description: the size of the pack the dog is from default: 0 minimum: 0 required: - packSize ``` #### Discriminator Object When request bodies or response payloads may be one of a number of different schemas, a `discriminator` object can be used to aid in serialization, deserialization, and validation. The discriminator is a specific object in a schema which is used to inform the consumer of the specification of an alternative schema based on the value associated with it. When using the discriminator, _inline_ schemas will not be considered. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminator value. mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or references. The discriminator object is legal only when using one of the composite keywords `oneOf`, `anyOf`, `allOf`. In OAS 3.0, a response payload MAY be described to be exactly one of any number of types: ```yaml MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' ``` which means the payload _MUST_, by validation, match exactly one of the schemas described by `Cat`, `Dog`, or `Lizard`. In this case, a discriminator MAY act as a "hint" to shortcut validation and selection of the matching schema which may be a costly operation, depending on the complexity of the schema. We can then describe exactly which field tells us which schema to use: ```yaml MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' discriminator: propertyName: petType ``` The expectation now is that a property with name `petType` _MUST_ be present in the response payload, and the value will correspond to the name of a schema defined in the OAS document. Thus the response payload: ```json { "id": 12345, "petType": "Cat" } ``` Will indicate that the `Cat` schema be used in conjunction with this payload. In scenarios where the value of the discriminator field does not match the schema name or implicit mapping is not possible, an optional `mapping` definition MAY be used: ```yaml MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' - $ref: 'https://gigantic-server.com/schemas/Monster/schema.json' discriminator: propertyName: petType mapping: dog: '#/components/schemas/Dog' monster: 'https://gigantic-server.com/schemas/Monster/schema.json' ``` Here the discriminator _value_ of `dog` will map to the schema `#/components/schemas/Dog`, rather than the default (implicit) value of `Dog`. If the discriminator _value_ does not match an implicit or explicit mapping, no schema can be determined and validation SHOULD fail. Mapping keys MUST be string values, but tooling MAY convert response values to strings for comparison. When used in conjunction with the `anyOf` construct, the use of the discriminator can avoid ambiguity where multiple schemas may satisfy a single payload. In both the `oneOf` and `anyOf` use cases, all possible schemas MUST be listed explicitly. To avoid redundancy, the discriminator MAY be added to a parent schema definition, and all schemas comprising the parent schema in an `allOf` construct may be used as an alternate schema. For example: ```yaml components: schemas: Pet: type: object required: - petType properties: petType: type: string discriminator: propertyName: petType mapping: dog: Dog Cat: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a `Cat` properties: name: type: string Dog: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a `Dog` properties: bark: type: string Lizard: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a `Lizard` properties: lovesRocks: type: boolean ``` a payload like this: ```json { "petType": "Cat", "name": "misty" } ``` will indicate that the `Cat` schema be used. Likewise this schema: ```json { "petType": "dog", "bark": "soft" } ``` will map to `Dog` because of the definition in the `mappings` element. #### XML Object A metadata object that allows for more fine-tuned XML model definitions. When using arrays, XML element names are *not* inferred (for singular/plural forms) and the `name` property SHOULD be used to add that information. See examples for expected behavior. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | Replaces the name of the element/attribute used for the described schema property. When defined within `items`, it will affect the name of the individual XML elements within the list. When defined alongside `type` being `array` (outside the `items`), it will affect the wrapping element and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. namespace | `string` | The URI of the namespace definition. Value MUST be in the form of an absolute URI. prefix | `string` | The prefix to be used for the [name](#xmlName). attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `array` (outside the `items`). This object MAY be extended with [Specification Extensions](#specification-extensions). ##### XML Object Examples The examples of the XML object definitions are included inside a property definition of a [Schema Object](#schema-object) with a sample of the XML representation of it. ###### No XML Element Basic string property: ```json { "animals": { "type": "string" } } ``` ```yaml animals: type: string ``` ```xml ... ``` Basic string array property ([`wrapped`](#xmlWrapped) is `false` by default): ```json { "animals": { "type": "array", "items": { "type": "string" } } } ``` ```yaml animals: type: array items: type: string ``` ```xml ... ... ... ``` ###### XML Name Replacement ```json { "animals": { "type": "string", "xml": { "name": "animal" } } } ``` ```yaml animals: type: string xml: name: animal ``` ```xml ... ``` ###### XML Attribute, Prefix and Namespace In this example, a full model definition is shown. ```json { "Person": { "type": "object", "properties": { "id": { "type": "integer", "format": "int32", "xml": { "attribute": true } }, "name": { "type": "string", "xml": { "namespace": "http://example.com/schema/sample", "prefix": "sample" } } } } } ``` ```yaml Person: type: object properties: id: type: integer format: int32 xml: attribute: true name: type: string xml: namespace: http://example.com/schema/sample prefix: sample ``` ```xml example ``` ###### XML Arrays Changing the element names: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } } } } ``` ```yaml animals: type: array items: type: string xml: name: animal ``` ```xml value value ``` The external `name` property has no effect on the XML: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "name": "aliens" } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: name: aliens ``` ```xml value value ``` Even when the array is wrapped, if a name is not explicitly defined, the same name will be used both internally and externally: ```json { "animals": { "type": "array", "items": { "type": "string" }, "xml": { "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: wrapped: true ``` ```xml value value ``` To overcome the naming problem in the example above, the following definition can be used: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: wrapped: true ``` ```xml value value ``` Affecting both internal and external names: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "name": "aliens", "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: name: aliens wrapped: true ``` ```xml value value ``` If we change the external element but not the internal ones: ```json { "animals": { "type": "array", "items": { "type": "string" }, "xml": { "name": "aliens", "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: aliens wrapped: true ``` ```xml value value ``` #### Security Scheme Object Defines a security scheme that can be used by the operations. Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [OpenID Connect Discovery](https://tools.ietf.org/html/draft-ietf-oauth-discovery-06). ##### Fixed Fields Field Name | Type | Applies To | Description ---|:---:|---|--- type | `string` | Any | **REQUIRED**. The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"oauth2"`, `"openIdConnect"`. description | `string` | Any | A short description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"` or `"cookie"`. scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authorization scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. flows | [OAuth Flows Object](#oauth-flows-object) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. OpenId Connect URL to discover OAuth2 configuration values. This MUST be in the form of a URL. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Security Scheme Object Example ###### Basic Authentication Sample ```json { "type": "http", "scheme": "basic" } ``` ```yaml type: http scheme: basic ``` ###### API Key Sample ```json { "type": "apiKey", "name": "api_key", "in": "header" } ``` ```yaml type: apiKey name: api_key in: header ``` ###### JWT Bearer Sample ```json { "type": "http", "scheme": "bearer", "bearerFormat": "JWT", } ``` ```yaml type: http scheme: bearer bearerFormat: JWT ``` ###### Implicit OAuth2 Sample ```json { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "https://example.com/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } } ``` ```yaml type: oauth2 flows: implicit: authorizationUrl: https://example.com/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### OAuth Flows Object Allows configuration of the supported OAuth Flows. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- implicit| [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Implicit flow password| [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Resource Owner Password flow clientCredentials| [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Client Credentials flow. Previously called `application` in OpenAPI 2.0. authorizationCode| [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Authorization Code flow. Previously called `accessCode` in OpenAPI 2.0. This object MAY be extended with [Specification Extensions](#specification-extensions). #### OAuth Flow Object Configuration details for a supported OAuth Flow ##### Fixed Fields Field Name | Type | Applies To | Description ---|:---:|---|--- authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### OAuth Flow Object Examples ```JSON { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "https://example.com/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } }, "authorizationCode": { "authorizationUrl": "https://example.com/api/oauth/dialog", "tokenUrl": "https://example.com/api/oauth/token", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } } ``` ```yaml type: oauth2 flows: implicit: authorizationUrl: https://example.com/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets authorizationCode: authorizationUrl: https://example.com/api/oauth/dialog tokenUrl: https://example.com/api/oauth/token scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### Security Requirement Object Lists the required security schemes to execute this operation. The name used for each property MUST correspond to a security scheme declared in the [Security Schemes](#componentsSecuritySchemes) under the [Components Object](#components-object). Security Requirement Objects that contain multiple schemes require that all schemes MUST be satisfied for a request to be authorized. This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information. When a list of Security Requirement Objects is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object), only one of the Security Requirement Objects in the list needs to be satisfied to authorize the request. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- {name} | [`string`] | Each name MUST correspond to a security scheme which is declared in the [Security Schemes](#componentsSecuritySchemes) under the [Components Object](#components-object). If the security scheme is of type `"oauth2"` or `"openIdConnect"`, then the value is a list of scope names required for the execution, and the list MAY be empty if authorization does not require a specified scope. For other security scheme types, the array MUST be empty. ##### Security Requirement Object Examples ###### Non-OAuth2 Security Requirement ```json { "api_key": [] } ``` ```yaml api_key: [] ``` ###### OAuth2 Security Requirement ```json { "petstore_auth": [ "write:pets", "read:pets" ] } ``` ```yaml petstore_auth: - write:pets - read:pets ``` ###### Optional OAuth2 Security Optional OAuth2 security as would be defined in an OpenAPI Object or an Operation Object: ```json { "security": [ {}, { "petstore_auth": [ "write:pets", "read:pets" ] } ] } ``` ```yaml security: - {} - petstore_auth: - write:pets - read:pets ``` ### Specification Extensions While the OpenAPI Specification tries to accommodate most use cases, additional data can be added to extend the specification at certain points. The extensions properties are implemented as patterned fields that are always prefixed by `"x-"`. Field Pattern | Type | Description ---|:---:|--- ^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be `null`, a primitive, an array or an object. Can have any valid JSON format value. The extensions may or may not be supported by the available tooling, but those may be extended as well to add requested support (if tools are internal or open-sourced). ### Security Filtering Some objects in the OpenAPI Specification MAY be declared and remain empty, or be completely removed, even though they are inherently the core of the API documentation. The reasoning is to allow an additional layer of access control over the documentation. While not part of the specification itself, certain libraries MAY choose to allow access to parts of the documentation based on some form of authentication/authorization. Two examples of this: 1. The [Paths Object](#paths-object) MAY be empty. It may be counterintuitive, but this may tell the viewer that they got to the right place, but can't access any documentation. They'd still have access to the [Info Object](#info-object) which may contain additional information regarding authentication. 2. The [Path Item Object](#path-item-object) MAY be empty. In this case, the viewer will be aware that the path exists, but will not be able to see any of its operations or parameters. This is different from hiding the path itself from the [Paths Object](#paths-object), because the user will be aware of its existence. This allows the documentation provider to finely control what the viewer can see. ## Appendix A: Revision History Version | Date | Notes --- | --- | --- 3.0.3 | 2020-02-20 | Patch release of the OpenAPI Specification 3.0.3 3.0.2 | 2018-10-08 | Patch release of the OpenAPI Specification 3.0.2 3.0.1 | 2017-12-06 | Patch release of the OpenAPI Specification 3.0.1 3.0.0 | 2017-07-26 | Release of the OpenAPI Specification 3.0.0 3.0.0-rc2 | 2017-06-16 | rc2 of the 3.0 specification 3.0.0-rc1 | 2017-04-27 | rc1 of the 3.0 specification 3.0.0-rc0 | 2017-02-28 | Implementer's Draft of the 3.0 specification 2.0 | 2015-12-31 | Donation of Swagger 2.0 to the OpenAPI Initiative 2.0 | 2014-09-08 | Release of Swagger 2.0 1.2 | 2014-03-14 | Initial release of the formal document. 1.1 | 2012-08-22 | Release of Swagger 1.1 1.0 | 2011-08-10 | First release of the Swagger Specification OpenAPI-Specification-3.2.0/versions/3.0.4-editors.md000066400000000000000000000014421506330113000220210ustar00rootroot00000000000000# OpenAPI Specification Editors ## Active * Darrel Miller [@darrelmiller](https://github.com/darrelmiller) * Henry Andrews [@handrews](https://github.com/handrews) * Jeremy Whitlock [@whitlockjc](https://github.com/whitlockjc) * Lorna Mitchell [@lornajane](https://github.com/lornajane) * Marsh Gardiner [@earth2marsh](https://github.com/earth2marsh) * Miguel Quintero [@miqui](https://github.com/miqui) * Mike Kistler [@mikekistler](https://github.com/mikekistler) * Ralf Handl [@ralfhandl](https://github.com/ralfhandl) * Ron Ratovsky [@webron](https://github.com/webron) ## Emeritus * Mike Ralphson [@MikeRalphson](https://github.com/MikeRalphson) * Uri Sarid [@usarid](https://github.com/usarid) * Jason Harmon [@jharmn](https://github.com/jharmn) * Tony Tam [@fehguy](https://github.com/fehguy) OpenAPI-Specification-3.2.0/versions/3.0.4.md000066400000000000000000005746061506330113000203730ustar00rootroot00000000000000# OpenAPI Specification ## Version 3.0.4 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [BCP 14](https://tools.ietf.org/html/bcp14) [RFC2119](https://tools.ietf.org/html/rfc2119) [RFC8174](https://tools.ietf.org/html/rfc8174) when, and only when, they appear in all capitals, as shown here. This document is licensed under [The Apache License, Version 2.0](https://www.apache.org/licenses/LICENSE-2.0.html). ## Introduction The OpenAPI Specification (OAS) defines a standard, language-agnostic interface to HTTP APIs which allows both humans and computers to discover and understand the capabilities of the service without access to source code, documentation, or through network traffic inspection. When properly defined, a consumer can understand and interact with the remote service with a minimal amount of implementation logic. An OpenAPI Description can then be used by documentation generation tools to display the API, code generation tools to generate servers and clients in various programming languages, testing tools, and many other use cases. For examples of OpenAPI usage and additional documentation, please visit [[?OpenAPI-Learn]]. For extension registries and other specifications published by the OpenAPI Initiative, as well as the authoritative rendering of this specification, please visit [spec.openapis.org](https://spec.openapis.org/). ## Definitions ### OpenAPI Description An OpenAPI Description (OAD) formally describes the surface of an API and its semantics. It is composed of an [entry document](#openapi-description-structure), which must be an OpenAPI Document, and any/all of its referenced documents. An OAD uses and conforms to the OpenAPI Specification. ### OpenAPI Document An OpenAPI Document is a single JSON or YAML document that conforms to the OpenAPI Specification. An OpenAPI Document compatible with OAS 3.\*.\* contains a required [`openapi`](#oas-version) field which designates the version of the OAS that it uses. ### Schema A "schema" is a formal description of syntax and structure. This document serves as the [schema](#schema) for the OpenAPI Specification format; a non-authoritative JSON Schema based on this document is also provided on [spec.openapis.org](https://spec.openapis.org) for informational purposes. This specification also _uses_ schemas in the form of the [Schema Object](#schema-object). ### Object When capitalized, the word "Object" refers to any of the Objects that are named by section headings in this document. ### Path Templating Path templating refers to the usage of template expressions, delimited by curly braces (`{}`), to mark a section of a URL path as replaceable using path parameters. Each template expression in the path MUST correspond to a path parameter that is included in the [Path Item](#path-item-object) itself and/or in each of the Path Item's [Operations](#operation-object). ### Media Types Media type definitions are spread across several resources. The media type definitions SHOULD be in compliance with [RFC6838](https://tools.ietf.org/html/rfc6838). Some examples of possible media type definitions: ```text text/plain; charset=utf-8 application/json application/vnd.github+json application/vnd.github.v3+json application/vnd.github.v3.raw+json application/vnd.github.v3.text+json application/vnd.github.v3.html+json application/vnd.github.v3.full+json application/vnd.github.v3.diff application/vnd.github.v3.patch ``` ### HTTP Status Codes The HTTP Status Codes are used to indicate the status of the executed operation. Status codes SHOULD be selected from the available status codes registered in the [IANA Status Code Registry](https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml). ### Case Sensitivity As most field names and values in the OpenAPI Specification are case-sensitive, this document endeavors to call out any case-insensitive names and values. However, the case sensitivity of field names and values that map directly to HTTP concepts follow the case sensitivity rules of HTTP, even if this document does not make a note of every concept. ### Undefined and Implementation-Defined Behavior This specification deems certain situations to have either _undefined_ or _implementation-defined_ behavior. Behavior described as _undefined_ is likely, at least in some circumstances, to result in outcomes that contradict the specification. This description is used when detecting the contradiction is impossible or impractical. Implementations MAY support undefined scenarios for historical reasons, including ambiguous text in prior versions of the specification. This support might produce correct outcomes in many cases, but relying on it is NOT RECOMMENDED as there is no guarantee that it will work across all tools or with future specification versions, even if those versions are otherwise strictly compatible with this one. Behavior described as _implementation-defined_ allows implementations to choose which of several different-but-compliant approaches to a requirement to implement. This documents ambiguous requirements that API description authors are RECOMMENDED to avoid in order to maximize interoperability. Unlike undefined behavior, it is safe to rely on implementation-defined behavior if _and only if_ it can be guaranteed that all relevant tools support the same behavior. ## Specification ### Versions The OpenAPI Specification is versioned using a `major`.`minor`.`patch` versioning scheme. The `major`.`minor` portion of the version string (for example `3.1`) SHALL designate the OAS feature set. _`.patch`_ versions address errors in, or provide clarifications to, this document, not the feature set. Tooling which supports OAS 3.1 SHOULD be compatible with all OAS 3.1.\* versions. The patch version SHOULD NOT be considered by tooling, making no distinction between `3.1.0` and `3.1.1` for example. Occasionally, non-backwards compatible changes may be made in `minor` versions of the OAS where impact is believed to be low relative to the benefit provided. ### Format An OpenAPI Document that conforms to the OpenAPI Specification is itself a JSON object, which may be represented either in JSON or YAML format. For example, if a field has an array value, the JSON array representation will be used: ```json { "field": [1, 2, 3] } ``` All field names in the specification are **case sensitive**. This includes all fields that are used as keys in a map, except where explicitly noted that keys are **case insensitive**. The [schema](#schema) exposes two types of fields: _fixed fields_, which have a declared name, and _patterned fields_, which have a declared pattern for the field name. Patterned fields MUST have unique names within the containing object. In order to preserve the ability to round-trip between YAML and JSON formats, YAML version [1.2](https://yaml.org/spec/1.2/spec.html) is RECOMMENDED along with some additional constraints: * Tags MUST be limited to those allowed by [YAML's JSON schema ruleset](https://yaml.org/spec/1.2/spec.html#id2803231), which defines a subset of the YAML syntax and is unrelated to [[JSON-Schema-05|JSON Schema]]. * Keys used in YAML maps MUST be limited to a scalar string, as defined by the [YAML Failsafe schema ruleset](https://yaml.org/spec/1.2/spec.html#id2802346). **Note:** While APIs may be described by OpenAPI Descriptions in either YAML or JSON format, the API request and response bodies and other content are not required to be JSON or YAML. ### OpenAPI Description Structure An OpenAPI Description (OAD) MAY be made up of a single JSON or YAML document or be divided into multiple, connected parts at the discretion of the author. In the latter case, [Reference Object](#reference-object) and [Path Item Object](#path-item-object) `$ref` fields, as well as the [Link Object](#link-object) `operationRef` field, and the URI form of the [Discriminator Object](#discriminator-object) `mapping` field, are used to identify the referenced elements. In a multi-document OAD, the document containing the OpenAPI Object where parsing begins is known as that OAD's **entry document**. It is RECOMMENDED that the entry document of an OAD be named: `openapi.json` or `openapi.yaml`. #### Structural Interoperability JSON or YAML objects within an OAD are interpreted as specific Objects (such as [Operation Objects](#operation-object), [Response Objects](#response-object), [Reference Objects](#reference-object), etc.) based on their context. Depending on how references are arranged, a given JSON or YAML object can be interpreted in multiple different contexts: * As the root object of the [entry document](#openapi-description-structure), which is always interpreted as an OpenAPI Object * As the Object type implied by its parent Object within the document * As a reference target, with the Object type matching the reference source's context If the same JSON/YAML object is parsed multiple times and the respective contexts require it to be parsed as _different_ Object types, the resulting behavior is _implementation defined_, and MAY be treated as an error if detected. An example would be referencing an empty Schema Object under `#/components/schemas` where a Path Item Object is expected, as an empty object is valid for both types. For maximum interoperability, it is RECOMMENDED that OpenAPI Description authors avoid such scenarios. #### Resolving Implicit Connections Several features of this specification require resolution of non-URI-based connections to some other part of the OpenAPI Description (OAD). These connections are unambiguously resolved in single-document OADs, but the resolution process in multi-document OADs is _implementation-defined_, within the constraints described in this section. In some cases, an unambiguous URI-based alternative is available, and OAD authors are RECOMMENDED to always use the alternative: | Source | Target | Alternative | | ---- | ---- | ---- | | [Security Requirement Object](#security-requirement-object) `{name}` | [Security Scheme Object](#security-scheme-object) name under the [Components Object](#components-object) | _n/a_ | | [Discriminator Object](#discriminator-object) `mapping` _(implicit, or explicit name syntax)_ | [Schema Object](#schema-object) name under the Components Object | `mapping` _(explicit URI syntax)_ | | [Operation Object](#operation-object) `tags` | [Tag Object](#tag-object) `name` (in the [OpenAPI Object](#openapi-object)'s `tags` array) | _n/a_ | | [Link Object](#link-object) `operationId` | [Path Item Object](#path-item-object) `operationId` | `operationRef` | A fifth implicit connection involves appending the templated URL paths of the [Paths Object](#paths-object) to the appropriate [Server Object](#server-object)'s `url` field. This is unambiguous because only the entry document's Paths Object contributes URLs to the described API. It is RECOMMENDED to consider all Operation Objects from all parsed documents when resolving any Link Object `operationId`. This requires parsing all referenced documents prior to determining an `operationId` to be unresolvable. The implicit connections in the Security Requirement Object and Discriminator Object rely on the _component name_, which is the name of the property holding the component in the appropriately typed sub-object of the Components Object. For example, the component name of the Schema Object at `#/components/schemas/Foo` is `Foo`. The implicit connection of `tags` in the Operation Object uses the `name` field of Tag Objects, which (like the Components Object) are found under the root OpenAPI Object. This means resolving component names and tag names both depend on starting from the correct OpenAPI Object. For resolving component and tag name connections from a referenced (non-entry) document, it is RECOMMENDED that tools resolve from the entry document, rather than the current document. This allows Security Scheme Objects and Tag Objects to be defined next to the API's deployment information (the top-level array of Server Objects), and treated as an interface for referenced documents to access. The interface approach can also work for Discriminator Objects and Schema Objects, but it is also possible to keep the Discriminator Object's behavior within a single document using the relative URI-reference syntax of `mapping`. There are no URI-based alternatives for the Security Requirement Object or for the Operation Object's `tags` field. These limitations are expected to be addressed in a future release. See [Appendix F: Resolving Security Requirements in a Referenced Document](#appendix-f-resolving-security-requirements-in-a-referenced-document) for an example of the possible resolutions, including which one is recommended by this section. The behavior for Discrimator Object non-URI mappings and for the Operation Object's `tags` field operate on the same principles. Note that no aspect of implicit connection resolution changes how [URLs are resolved](#relative-references-in-urls) or restricts their possible targets. ### Data Types Data types in the OAS are based on the non-`null` types supported by the [JSON Schema Validation Specification Draft Wright-00](https://datatracker.ietf.org/doc/html/draft-wright-json-schema-validation-00#autoid-32): "boolean", "object", "array", "number", "string", or "integer". See [`nullable`](#schema-nullable) for an alternative solution to "null" as a type. Models are defined using the [Schema Object](#schema-object), which is an extended subset of JSON Schema Specification Draft Wright-00. JSON Schema keywords and `format` values operate on JSON "instances" which may be one of the six JSON data types, "null", "boolean", "object", "array", "number", or "string", with certain keywords and formats [only applying to a specific type](https://datatracker.ietf.org/doc/html/draft-wright-json-schema-validation-00#section-4.1). For example, the `pattern` keyword and the `date-time` format only apply to strings, and treat any instance of the other five types as _automatically valid._ This means JSON Schema keywords and formats do **NOT** implicitly require the expected type. Use the `type` keyword to explicitly constrain the type. Note that the `type` keyword allows `"integer"` as a value for convenience, but keyword and format applicability does not recognize integers as being of a distinct JSON type from other numbers because [[RFC7159|JSON]] itself does not make that distinction. Since there is no distinct JSON integer type, JSON Schema defines integers mathematically. This means that both `1` and `1.0` are [equivalent](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-4.2.2), and are both considered to be integers. #### Data Type Format As defined by the [JSON Schema Validation specification](https://datatracker.ietf.org/doc/html/draft-wright-json-schema-validation-00#section-7.3), data types can have an optional modifier keyword: `format`. As described in that specification, `format` is treated as a non-validating annotation by default; the ability to validate `format` varies across implementations. The OpenAPI Initiative also hosts a [Format Registry](https://spec.openapis.org/registry/format/) for formats defined by OAS users and other specifications. Support for any registered format is strictly OPTIONAL, and support for one registered format does not imply support for any others. Types that are not accompanied by a `format` keyword follow the type definition in the JSON Schema. Tools that do not recognize a specific `format` MAY default back to the `type` alone, as if the `format` is not specified. For the purpose of [JSON Schema validation](https://datatracker.ietf.org/doc/html/draft-wright-json-schema-validation-00#section-7.1), each format should specify the set of JSON data types for which it applies. In this registry, these types are shown in the "JSON Data Type" column. The formats defined by the OAS are: | `format` | JSON Data Type | Comments | | ---- | ---- | ---- | | `int32` | number | signed 32 bits | | `int64` | number | signed 64 bits (a.k.a long) | | `float` | number | | | `double` | number | | | `byte` | string | base64 encoded characters - [RFC4648](https://www.rfc-editor.org/rfc/rfc4648#section-4) | | `binary` | string | any sequence of octets | | `date` | string | As defined by `full-date` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | | `date-time` | string | As defined by `date-time` - [RFC3339](https://www.rfc-editor.org/rfc/rfc3339#section-5.6) | | `password` | string | A hint to obscure the value. | #### Working with Binary Data Two formats, `binary` and `byte`, describe different ways to work with binary data: * `binary` is used where unencoded binary data is allowed, such as when sending a binary payload as an HTTP message body, or as part of a `multipart/*` payload that allows binary parts * `byte` is used where binary data is embedded in a text-only format such as `application/json` or `application/x-www-form-urlencoded` The `maxLength` keyword MAY be used to set an expected upper bound on the length of a streaming payload. The keyword can be applied to either string data, including encoded binary data, or to unencoded binary data. For unencoded binary, the length is the number of octets. Note that the encoding indicated by `byte`, which inflates the size of data in order to represent it as 7-bit ASCII text, is unrelated to HTTP's `Content-Encoding` header, which indicates whether and how a message body has been compressed. ### Rich Text Formatting Throughout the specification `description` fields are noted as supporting CommonMark markdown formatting. Where OpenAPI tooling renders rich text it MUST support, at a minimum, markdown syntax as described by [CommonMark 0.27](https://spec.commonmark.org/0.27/). Tooling MAY choose to ignore some CommonMark or extension features to address security concerns. While the framing of CommonMark 0.27 as a minimum requirement means that tooling MAY choose to implement extensions on top of it, note that any such extensions are by definition implementation-defined and will not be interoperable. OpenAPI Description authors SHOULD consider how text using such extensions will be rendered by tools that offer only the minimum support. ### Relative References in URLs Unless specified otherwise, all fields that are URLs MAY be relative references as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-4.2). Relative references are resolved using the URLs defined in the [Server Object](#server-object) as a Base URI. Relative references used in `$ref` are processed as per [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03), using the URL of the current document as the base URI. See also the [Reference Object](#reference-object). It is _implementation_defined_ whether the resolution of relative references in each of the `operationRef` field of the [Link Object](#link-object), the URI form of the `mapping` field of the [Discriminator Object](#discriminator-object), the `externalValue` field of the [Example Object](#example-object), and the `url` fields of the [External Documentation](#external-documentation-object), [Contact](#contact-object), and [License](#license-object) Objects resolve by using the same process as `$ref` or by using the Server Object. For compatibility with future versions of this specification, the `$ref` process is RECOMMENDED for all of these fields. Relative references in CommonMark hyperlinks are resolved in their rendered context, which might differ from the context of the API description. ### Schema This section describes the structure of the OpenAPI Description format. This text is the only normative description of the format. A JSON Schema is hosted on [spec.openapis.org](https://spec.openapis.org) for informational purposes. If the JSON Schema differs from this section, then this section MUST be considered authoritative. In the following description, if a field is not explicitly **REQUIRED** or described with a MUST or SHALL, it can be considered OPTIONAL. #### OpenAPI Object This is the root object of the [OpenAPI Description](#openapi-description). ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | openapi | `string` | **REQUIRED**. This string MUST be the [version number](#versions) of the OpenAPI Specification that the OpenAPI Document uses. The `openapi` field SHOULD be used by tooling to interpret the OpenAPI Document. This is _not_ related to the API [`info.version`](#info-version) string. | | info | [Info Object](#info-object) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. | | servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` field is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#server-url) value of `/`. | | paths | [Paths Object](#paths-object) | **REQUIRED**. The available paths and operations for the API. | | components | [Components Object](#components-object) | An element to hold various Objects for the OpenAPI Description. | | security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. Individual operations can override this definition. The list can be incomplete, up to being empty or absent. To make security explicitly optional, an empty security requirement (`{}`) can be included in the array. | | tags | [[Tag Object](#tag-object)] | A list of tags used by the OpenAPI Description with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation. | This object MAY be extended with [Specification Extensions](#specification-extensions). #### Info Object The object provides metadata about the API. The metadata MAY be used by the clients if needed, and MAY be presented in editing or documentation generation tools for convenience. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | title | `string` | **REQUIRED**. The title of the API. | | description | `string` | A description of the API. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | termsOfService | `string` | A URL for the Terms of Service for the API. This MUST be in the form of a URL. | | contact | [Contact Object](#contact-object) | The contact information for the exposed API. | | license | [License Object](#license-object) | The license information for the exposed API. | | version | `string` | **REQUIRED**. The version of the OpenAPI Document (which is distinct from the [OpenAPI Specification version](#oas-version) or the version of the API being described or the version of the OpenAPI Description). | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Info Object Example ```json { "title": "Example Pet Store App", "description": "This is an example server for a pet store.", "termsOfService": "https://example.com/terms/", "contact": { "name": "API Support", "url": "https://www.example.com/support", "email": "support@example.com" }, "license": { "name": "Apache 2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" }, "version": "1.0.1" } ``` ```yaml title: Example Pet Store App description: This is an example server for a pet store. termsOfService: https://example.com/terms/ contact: name: API Support url: https://www.example.com/support email: support@example.com license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html version: 1.0.1 ``` #### Contact Object Contact information for the exposed API. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | name | `string` | The identifying name of the contact person/organization. | | url | `string` | The URL for the contact information. This MUST be in the form of a URL. | | email | `string` | The email address of the contact person/organization. This MUST be in the form of an email address. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Contact Object Example ```json { "name": "API Support", "url": "https://www.example.com/support", "email": "support@example.com" } ``` ```yaml name: API Support url: https://www.example.com/support email: support@example.com ``` #### License Object License information for the exposed API. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | name | `string` | **REQUIRED**. The license name used for the API. | | url | `string` | A URL for the license used for the API. This MUST be in the form of a URL. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### License Object Example ```json { "name": "Apache 2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" } ``` ```yaml name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html ``` #### Server Object An object representing a Server. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the document containing the Server Object is being served. Variable substitutions will be made when a variable is named in `{`braces`}`. | | description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | variables | Map[`string`, [Server Variable Object](#server-variable-object)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Server Object Example A single server would be described as: ```json { "url": "https://development.gigantic-server.com/v1", "description": "Development server" } ``` ```yaml url: https://development.gigantic-server.com/v1 description: Development server ``` The following shows how multiple servers can be described, for example, at the OpenAPI Object's [`servers`](#oas-servers): ```json { "servers": [ { "url": "https://development.gigantic-server.com/v1", "description": "Development server" }, { "url": "https://staging.gigantic-server.com/v1", "description": "Staging server" }, { "url": "https://api.gigantic-server.com/v1", "description": "Production server" } ] } ``` ```yaml servers: - url: https://development.gigantic-server.com/v1 description: Development server - url: https://staging.gigantic-server.com/v1 description: Staging server - url: https://api.gigantic-server.com/v1 description: Production server ``` The following shows how variables can be used for a server configuration: ```json { "servers": [ { "url": "https://{username}.gigantic-server.com:{port}/{basePath}", "description": "The production API server", "variables": { "username": { "default": "demo", "description": "A user-specific subdomain. Use `demo` for a free sandbox environment." }, "port": { "enum": ["8443", "443"], "default": "8443" }, "basePath": { "default": "v2" } } } ] } ``` ```yaml servers: - url: https://{username}.gigantic-server.com:{port}/{basePath} description: The production API server variables: username: # note! no enum here means it is an open value default: demo description: A user-specific subdomain. Use `demo` for a free sandbox environment. port: enum: - '8443' - '443' default: '8443' basePath: # open meaning there is the opportunity to use special base paths as assigned by the provider, default is `v2` default: v2 ``` #### Server Variable Object An object representing a Server Variable for server URL template substitution. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | enum | [`string`] | An enumeration of string values to be used if the substitution options are from a limited set. The array SHOULD NOT be empty. | | default | `string` | **REQUIRED**. The default value to use for substitution, which SHALL be sent if an alternate value is _not_ supplied. If the [`enum`](#server-variable-enum) is defined, the value SHOULD exist in the enum's values. Note that this behavior is different from the [Schema Object](#schema-object)'s `default` keyword, which documents the receiver's behavior rather than inserting the value into the data. | | description | `string` | An optional description for the server variable. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | This object MAY be extended with [Specification Extensions](#specification-extensions). #### Components Object Holds a set of reusable objects for different aspects of the OAS. All objects defined within the Components Object will have no effect on the API unless they are explicitly referenced from outside the Components Object. ##### Fixed Fields | Field Name | Type | Description | | ---- | :---- | ---- | | schemas | Map[`string`, [Schema Object](#schema-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Schema Objects](#schema-object). | | responses | Map[`string`, [Response Object](#response-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Response Objects](#response-object). | | parameters | Map[`string`, [Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Parameter Objects](#parameter-object). | | examples | Map[`string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Example Objects](#example-object). | | requestBodies | Map[`string`, [Request Body Object](#request-body-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Request Body Objects](#request-body-object). | | headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Header Objects](#header-object). | | securitySchemes | Map[`string`, [Security Scheme Object](#security-scheme-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Security Scheme Objects](#security-scheme-object). | | links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Link Objects](#link-object). | | callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Callback Objects](#callback-object). | This object MAY be extended with [Specification Extensions](#specification-extensions). All the fixed fields declared above are objects that MUST use keys that match the regular expression: `^[a-zA-Z0-9\.\-_]+$`. Field Name Examples: ```text User User_1 User_Name user-name my.org.User ``` ##### Components Object Example ```json "components": { "schemas": { "GeneralError": { "type": "object", "properties": { "code": { "type": "integer", "format": "int32" }, "message": { "type": "string" } } }, "Category": { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } } }, "Tag": { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } } } }, "parameters": { "skipParam": { "name": "skip", "in": "query", "description": "number of items to skip", "required": true, "schema": { "type": "integer", "format": "int32" } }, "limitParam": { "name": "limit", "in": "query", "description": "max records to return", "required": true, "schema" : { "type": "integer", "format": "int32" } } }, "responses": { "NotFound": { "description": "Entity not found." }, "IllegalInput": { "description": "Illegal input for operation." }, "GeneralError": { "description": "General Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GeneralError" } } } } }, "securitySchemes": { "api_key": { "type": "apiKey", "name": "api-key", "in": "header" }, "petstore_auth": { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "https://example.org/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } } } } ``` ```yaml components: schemas: GeneralError: type: object properties: code: type: integer format: int32 message: type: string Category: type: object properties: id: type: integer format: int64 name: type: string Tag: type: object properties: id: type: integer format: int64 name: type: string parameters: skipParam: name: skip in: query description: number of items to skip required: true schema: type: integer format: int32 limitParam: name: limit in: query description: max records to return required: true schema: type: integer format: int32 responses: NotFound: description: Entity not found. IllegalInput: description: Illegal input for operation. GeneralError: description: General Error content: application/json: schema: $ref: '#/components/schemas/GeneralError' securitySchemes: api_key: type: apiKey name: api-key in: header petstore_auth: type: oauth2 flows: implicit: authorizationUrl: https://example.org/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### Paths Object Holds the relative paths to the individual endpoints and their operations. The path is appended to the URL from the [Server Object](#server-object) in order to construct the full URL. The Paths Object MAY be empty, due to [Access Control List (ACL) constraints](#security-filtering). ##### Patterned Fields | Field Pattern | Type | Description | | ---- | :----: | ---- | | /{path} | [Path Item Object](#path-item-object) | A relative path to an individual endpoint. The field name MUST begin with a forward slash (`/`). The path is **appended** (no relative URL resolution) to the expanded URL from the [Server Object](#server-object)'s `url` field in order to construct the full URL. [Path templating](#path-templating) is allowed. When matching URLs, concrete (non-templated) paths would be matched before their templated counterparts. Templated paths with the same hierarchy but different templated names MUST NOT exist as they are identical. In case of ambiguous matching, it's up to the tooling to decide which one to use. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Path Templating Matching Assuming the following paths, the concrete definition, `/pets/mine`, will be matched first if used: ```text /pets/{petId} /pets/mine ``` The following paths are considered identical and invalid: ```text /pets/{petId} /pets/{name} ``` The following may lead to ambiguous resolution: ```text /{entity}/me /books/{id} ``` ##### Paths Object Example ```json { "/pets": { "get": { "description": "Returns all pets from the system that the user has access to", "responses": { "200": { "description": "A list of pets.", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/pet" } } } } } } } } } ``` ```yaml /pets: get: description: Returns all pets from the system that the user has access to responses: '200': description: A list of pets. content: application/json: schema: type: array items: $ref: '#/components/schemas/pet' ``` #### Path Item Object Describes the operations available on a single path. A Path Item MAY be empty, due to [ACL constraints](#security-filtering). The path itself is still exposed to the documentation viewer but they will not know which operations and parameters are available. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | $ref | `string` | Allows for a referenced definition of this path item. The value MUST be in the form of a URL, and the referenced structure MUST be in the form of a [Path Item Object](#path-item-object). In case a Path Item Object field appears both in the defined object and the referenced object, the behavior is undefined. See the rules for resolving [Relative References](#relative-references-in-urls). | | summary | `string` | An optional string summary, intended to apply to all operations in this path. | | description | `string` | An optional string description, intended to apply to all operations in this path. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | get | [Operation Object](#operation-object) | A definition of a GET operation on this path. | | put | [Operation Object](#operation-object) | A definition of a PUT operation on this path. | | post | [Operation Object](#operation-object) | A definition of a POST operation on this path. | | delete | [Operation Object](#operation-object) | A definition of a DELETE operation on this path. | | options | [Operation Object](#operation-object) | A definition of a OPTIONS operation on this path. | | head | [Operation Object](#operation-object) | A definition of a HEAD operation on this path. | | patch | [Operation Object](#operation-object) | A definition of a PATCH operation on this path. | | trace | [Operation Object](#operation-object) | A definition of a TRACE operation on this path. | | servers | [[Server Object](#server-object)] | An alternative `servers` array to service all operations in this path. If a `servers` array is specified at the [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | | parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined in the [OpenAPI Object's `components.parameters`](#components-parameters). | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Path Item Object Example ```json { "get": { "description": "Returns pets based on ID", "summary": "Find pets by ID", "operationId": "getPetsById", "responses": { "200": { "description": "pet response", "content": { "*/*": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/Pet" } } } } }, "default": { "description": "error payload", "content": { "text/html": { "schema": { "$ref": "#/components/schemas/ErrorModel" } } } } } }, "parameters": [ { "name": "id", "in": "path", "description": "ID of pet to use", "required": true, "schema": { "type": "array", "items": { "type": "string" } }, "style": "simple" } ] } ``` ```yaml get: description: Returns pets based on ID summary: Find pets by ID operationId: getPetsById responses: '200': description: pet response content: '*/*': schema: type: array items: $ref: '#/components/schemas/Pet' default: description: error payload content: text/html: schema: $ref: '#/components/schemas/ErrorModel' parameters: - name: id in: path description: ID of pet to use required: true schema: type: array items: type: string style: simple ``` #### Operation Object Describes a single API operation on a path. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | tags | [`string`] | A list of tags for API documentation control. Tags can be used for logical grouping of operations by resources or any other qualifier. | | summary | `string` | A short summary of what the operation does. | | description | `string` | A verbose explanation of the operation behavior. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this operation. | | operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. The operationId value is **case-sensitive**. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is RECOMMENDED to follow common programming naming conventions. | | parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for this operation. If a parameter is already defined in the [Path Item](#path-item-parameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined in the [OpenAPI Object's `components.parameters`](#components-parameters). | | requestBody | [Request Body Object](#request-body-object) \| [Reference Object](#reference-object) | The request body applicable for this operation. The `requestBody` is only supported in HTTP methods where the HTTP 1.1 specification [RFC7231](https://tools.ietf.org/html/rfc7231#section-4.3.1) has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague (such as [GET](https://tools.ietf.org/html/rfc7231#section-4.3.1), [HEAD](https://tools.ietf.org/html/rfc7231#section-4.3.2) and [DELETE](https://tools.ietf.org/html/rfc7231#section-4.3.5)), `requestBody` SHALL be ignored by consumers. | | responses | [Responses Object](#responses-object) | **REQUIRED**. The list of possible responses as they are returned from executing this operation. | | callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callback-object) that describes a request that may be initiated by the API provider and the expected responses. | | deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. | | security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. To make security optional, an empty security requirement (`{}`) can be included in the array. This definition overrides any declared top-level [`security`](#oas-security). To remove a top-level security declaration, an empty array can be used. | | servers | [[Server Object](#server-object)] | An alternative `servers` array to service this operation. If a `servers` array is specified at the [Path Item Object](#path-item-servers) or [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Operation Object Example ```json { "tags": ["pet"], "summary": "Updates a pet in the store with form data", "operationId": "updatePetWithForm", "parameters": [ { "name": "petId", "in": "path", "description": "ID of pet that needs to be updated", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/x-www-form-urlencoded": { "schema": { "type": "object", "properties": { "name": { "description": "Updated name of the pet", "type": "string" }, "status": { "description": "Updated status of the pet", "type": "string" } }, "required": ["status"] } } } }, "responses": { "200": { "description": "Pet updated.", "content": { "application/json": {}, "application/xml": {} } }, "405": { "description": "Method Not Allowed", "content": { "application/json": {}, "application/xml": {} } } }, "security": [ { "petstore_auth": ["write:pets", "read:pets"] } ] } ``` ```yaml tags: - pet summary: Updates a pet in the store with form data operationId: updatePetWithForm parameters: - name: petId in: path description: ID of pet that needs to be updated required: true schema: type: string requestBody: content: application/x-www-form-urlencoded: schema: type: object properties: name: description: Updated name of the pet type: string status: description: Updated status of the pet type: string required: - status responses: '200': description: Pet updated. content: application/json: {} application/xml: {} '405': description: Method Not Allowed content: application/json: {} application/xml: {} security: - petstore_auth: - write:pets - read:pets ``` #### External Documentation Object Allows referencing an external resource for extended documentation. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | description | `string` | A description of the target documentation. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | url | `string` | **REQUIRED**. The URL for the target documentation. This MUST be in the form of a URL. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### External Documentation Object Example ```json { "description": "Find more info here", "url": "https://example.com" } ``` ```yaml description: Find more info here url: https://example.com ``` #### Parameter Object Describes a single operation parameter. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detailed examination of percent-encoding concerns, including interactions with the `application/x-www-form-urlencoded` query string format. ##### Parameter Locations There are four possible parameter locations specified by the `in` field: * path - Used together with [Path Templating](#path-templating), where the parameter value is actually part of the operation's URL. This does not include the host or base path of the API. For example, in `/items/{itemId}`, the path parameter is `itemId`. * query - Parameters that are appended to the URL. For example, in `/items?id=###`, the query parameter is `id`. * header - Custom headers that are expected as part of the request. Note that [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. * cookie - Used to pass a specific cookie value to the API. ##### Fixed Fields The rules for serialization of the parameter are specified in one of two ways. Parameter Objects MUST include either a `content` field or a `schema` field, but not both. See [Appendix B](#appendix-b-data-type-conversion) for a discussion of converting values of various types to string representations. ###### Common Fixed Fields These fields MAY be used with either `content` or `schema`. | Field Name | Type | Description | | ---- | :----: | ---- | | name | `string` | **REQUIRED**. The name of the parameter. Parameter names are _case sensitive_.
  • If [`in`](#parameter-in) is `"path"`, the `name` field MUST correspond to a template expression occurring within the [path](#paths-path) field in the [Paths Object](#paths-object). See [Path Templating](#path-templating) for further information.
  • If [`in`](#parameter-in) is `"header"` and the `name` field is `"Accept"`, `"Content-Type"` or `"Authorization"`, the parameter definition SHALL be ignored.
  • For all other cases, the `name` corresponds to the parameter name used by the [`in`](#parameter-in) field.
| | in | `string` | **REQUIRED**. The location of the parameter. Possible values are `"query"`, `"header"`, `"path"` or `"cookie"`. | | description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameter-in) is `"path"`, this field is **REQUIRED** and its value MUST be `true`. Otherwise, the field MAY be included and its default value is `false`. | | deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | | allowEmptyValue | `boolean` | If `true`, clients MAY pass a zero-length string value in place of parameters that would otherwise be omitted entirely, which the server SHOULD interpret as the parameter being unused. Default value is `false`. If [`style`](#parameter-style) is used, and if [behavior is _n/a_ (cannot be serialized)](#style-examples), the value of `allowEmptyValue` SHALL be ignored. Interactions between this field and the parameter's [Schema Object](#schema-object) are implementation-defined. This field is valid only for `query` parameters. Use of this field is NOT RECOMMENDED, and it is likely to be removed in a later revision. | This object MAY be extended with [Specification Extensions](#specification-extensions). Note that while `"Cookie"` as a `name` is not forbidden if `in` is `"header"`, the effect of defining a cookie parameter that way is undefined; use `in: "cookie"` instead. ###### Fixed Fields for use with `schema` For simpler scenarios, a [`schema`](#parameter-schema) and [`style`](#parameter-style) can describe the structure and syntax of the parameter. When `example` or `examples` are provided in conjunction with the `schema` field, the example SHOULD match the specified schema and follow the prescribed serialization strategy for the parameter. The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. Serializing with `schema` is NOT RECOMMENDED for `in: "cookie"` parameters, `in: "header"` parameters that use HTTP header parameters (name=value pairs following a `;`) in their values, or `in: "header"` parameters where values might have non-URL-safe characters; see [Appendix D](#appendix-d-serializing-headers-and-cookies) for details. | Field Name | Type | Description | | ---- | :----: | ---- | | style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `"query"` - `"form"`; for `"path"` - `"simple"`; for `"header"` - `"simple"`; for `"cookie"` - `"form"`. | | explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this field has no effect. When [`style`](#parameter-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. | | allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-based-serialization) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. This field only applies to parameters with an `in` value of `query`. The default value is `false`. | | schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the parameter. | | example | Any | Example of the parameter's potential value; see [Working With Examples](#working-with-examples). | | examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the parameter's potential value; see [Working With Examples](#working-with-examples). | See also [Appendix C: Using RFC6570-Based Serialization](#appendix-c-using-rfc6570-based-serialization) for additional guidance. ###### Fixed Fields for use with `content` For more complex scenarios, the [`content`](#parameter-content) field can define the media type and schema of the parameter, as well as give examples of its use. Using `content` with a `text/plain` media type is RECOMMENDED for `in: "header"` and `in: "cookie"` parameters where the `schema` strategy is not appropriate. | Field Name | Type | Description | | ---- | :----: | ---- | | content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing the representations for the parameter. The key is the media type and the value describes it. The map MUST only contain one entry. | ##### Style Values In order to support common ways of serializing simple parameters, a set of `style` values are defined. | `style` | [`type`](#data-types) | `in` | Comments | | ---- | ---- | ---- | ---- | | matrix | `primitive`, `array`, `object` | `path` | Path-style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.7) | | label | `primitive`, `array`, `object` | `path` | Label style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.5) | | simple | `primitive`, `array`, `object` | `path`, `header` | Simple style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.2). This option replaces `collectionFormat` with a `csv` value from OpenAPI 2.0. | | form | `primitive`, `array`, `object` | `query`, `cookie` | Form style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.8). This option replaces `collectionFormat` with a `csv` (when `explode` is false) or `multi` (when `explode` is true) value from OpenAPI 2.0. | | spaceDelimited | `array`, `object` | `query` | Space separated array values or object properties and values. This option replaces `collectionFormat` equal to `ssv` from OpenAPI 2.0. | | pipeDelimited | `array`, `object` | `query` | Pipe separated array values or object properties and values. This option replaces `collectionFormat` equal to `pipes` from OpenAPI 2.0. | | deepObject | `object` | `query` | Allows objects with scalar properties to be represented using form parameters. The representation of array or object properties is not defined. | See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a discussion of percent-encoding, including when delimiters need to be percent-encoded and options for handling collisions with percent-encoded data. ##### Style Examples Assume a parameter named `color` has one of the following values: ```js string -> "blue" array -> ["blue", "black", "brown"] object -> { "R": 100, "G": 200, "B": 150 } ``` The following table shows examples, as would be shown with the `example` or `examples` keywords, of the different serializations for each value. * The value _empty_ denotes the empty string, and is unrelated to the `allowEmptyValue` field * The behavior of combinations marked _n/a_ is undefined * The `undefined` column replaces the `empty` column in previous versions of this specification in order to better align with [RFC6570](https://www.rfc-editor.org/rfc/rfc6570.html#section-2.3) terminology, which describes certain values including but not limited to `null` as "undefined" values with special handling; notably, the empty string is _not_ undefined * For `form` and the non-RFC6570 query string styles `spaceDelimited`, `pipeDelimited`, and `deepObject`, each example is shown prefixed with `?` as if it were the only query parameter; see [Appendix C](#appendix-c-using-rfc6570-based-serialization) for more information on constructing query strings from multiple parameters, and [Appendix D](#appendix-d-serializing-headers-and-cookies) for warnings regarding `form` and cookie parameters * Note that the `?` prefix is not appropriate for serializing `application/x-www-form-urlencoded` HTTP message bodies, and MUST be stripped or (if constructing the string manually) not added when used in that context; see the [Encoding Object](#encoding-object) for more information * The examples are percent-encoded as required by RFC6570 and RFC3986; see [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a thorough discussion of percent-encoding concerns, including why unencoded `|` (`%7C`), `[` (`%5B`), and `]` (`%5D`) seem to work in some environments despite not being compliant. | [`style`](#style-values) | `explode` | `undefined` | `string` | `array` | `object` | | ---- | ---- | ---- | ---- | ---- | ---- | | matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 | | matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 | | label | false | . | .blue | .blue,black,brown | .R,100,G,200,B,150 | | label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 | | simple | false | _empty_ | blue | blue,black,brown | R,100,G,200,B,150 | | simple | true | _empty_ | blue | blue,black,brown | R=100,G=200,B=150 | | form | false | ?color= | ?color=blue | ?color=blue,black,brown | ?color=R,100,G,200,B,150 | | form | true | ?color= | ?color=blue | ?color=blue&color=black&color=brown | ?R=100&G=200&B=150 | | spaceDelimited | false | _n/a_ | _n/a_ | ?color=blue%20black%20brown | ?color=R%20100%20G%20200%20B%20150 | | spaceDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | | pipeDelimited | false | _n/a_ | _n/a_ | ?color=blue%7Cblack%7Cbrown | ?color=R%7C100%7CG%7C200%7CB%7C150 | | pipeDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | | deepObject | false | _n/a_ | _n/a_ | _n/a_ | _n/a_ | | deepObject | true | _n/a_ | _n/a_ | _n/a_ | ?color%5BR%5D=100&color%5BG%5D=200&color%5BB%5D=150 | ##### Parameter Object Examples A header parameter with an array of 64-bit integer numbers: ```json { "name": "token", "in": "header", "description": "token to be passed as a header", "required": true, "schema": { "type": "array", "items": { "type": "integer", "format": "int64" } }, "style": "simple" } ``` ```yaml name: token in: header description: token to be passed as a header required: true schema: type: array items: type: integer format: int64 style: simple ``` A path parameter of a string value: ```json { "name": "username", "in": "path", "description": "username to fetch", "required": true, "schema": { "type": "string" } } ``` ```yaml name: username in: path description: username to fetch required: true schema: type: string ``` An optional query parameter of a string value, allowing multiple values by repeating the query parameter: ```json { "name": "id", "in": "query", "description": "ID of the object to fetch", "required": false, "schema": { "type": "array", "items": { "type": "string" } }, "style": "form", "explode": true } ``` ```yaml name: id in: query description: ID of the object to fetch required: false schema: type: array items: type: string style: form explode: true ``` A free-form query parameter, allowing undefined parameters of a specific type: ```json { "in": "query", "name": "freeForm", "schema": { "type": "object", "additionalProperties": { "type": "integer" } }, "style": "form" } ``` ```yaml in: query name: freeForm schema: type: object additionalProperties: type: integer style: form ``` A complex parameter using `content` to define serialization: ```json { "in": "query", "name": "coordinates", "content": { "application/json": { "schema": { "type": "object", "required": ["lat", "long"], "properties": { "lat": { "type": "number" }, "long": { "type": "number" } } } } } } ``` ```yaml in: query name: coordinates content: application/json: schema: type: object required: - lat - long properties: lat: type: number long: type: number ``` #### Request Body Object Describes a single request body. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | description | `string` | A brief description of the request body. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | content | Map[`string`, [Media Type Object](#media-type-object)] | **REQUIRED**. The content of the request body. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For requests that match multiple keys, only the most specific key is applicable. e.g. `"text/plain"` overrides `"text/*"` | | required | `boolean` | Determines if the request body is required in the request. Defaults to `false`. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Request Body Examples A request body with a referenced schema definition. ```json { "description": "user to add to the system", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/User" }, "examples": { "user": { "summary": "User Example", "externalValue": "https://foo.bar/examples/user-example.json" } } }, "application/xml": { "schema": { "$ref": "#/components/schemas/User" }, "examples": { "user": { "summary": "User example in XML", "externalValue": "https://foo.bar/examples/user-example.xml" } } }, "text/plain": { "examples": { "user": { "summary": "User example in Plain text", "externalValue": "https://foo.bar/examples/user-example.txt" } } }, "*/*": { "examples": { "user": { "summary": "User example in other format", "externalValue": "https://foo.bar/examples/user-example.whatever" } } } } } ``` ```yaml description: user to add to the system content: application/json: schema: $ref: '#/components/schemas/User' examples: user: summary: User example externalValue: https://foo.bar/examples/user-example.json application/xml: schema: $ref: '#/components/schemas/User' examples: user: summary: User example in XML externalValue: https://foo.bar/examples/user-example.xml text/plain: examples: user: summary: User example in plain text externalValue: https://foo.bar/examples/user-example.txt '*/*': examples: user: summary: User example in other format externalValue: https://foo.bar/examples/user-example.whatever ``` #### Media Type Object Each Media Type Object provides schema and examples for the media type identified by its key. When `example` or `examples` are provided, the example SHOULD match the specified schema and be in the correct format as specified by the media type and its encoding. The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. See [Working With Examples](#working-with-examples) for further guidance regarding the different ways of specifying examples, including non-JSON/YAML values. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the content of the request, response, parameter, or header. | | example | Any | Example of the media type; see [Working With Examples](#working-with-examples). | | examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the media type; see [Working With Examples](#working-with-examples). | | encoding | Map[`string`, [Encoding Object](#encoding-object)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The `encoding` field SHALL only apply to [Request Body Objects](#request-body-object), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Media Type Examples ```json { "application/json": { "schema": { "$ref": "#/components/schemas/Pet" }, "examples": { "cat": { "summary": "An example of a cat", "value": { "name": "Fluffy", "petType": "Cat", "color": "White", "gender": "male", "breed": "Persian" } }, "dog": { "summary": "An example of a dog with a cat's name", "value": { "name": "Puma", "petType": "Dog", "color": "Black", "gender": "Female", "breed": "Mixed" } }, "frog": { "$ref": "#/components/examples/frog-example" } } } } ``` ```yaml application/json: schema: $ref: '#/components/schemas/Pet' examples: cat: summary: An example of a cat value: name: Fluffy petType: Cat color: White gender: male breed: Persian dog: summary: An example of a dog with a cat's name value: name: Puma petType: Dog color: Black gender: Female breed: Mixed frog: $ref: '#/components/examples/frog-example' ``` ##### Considerations for File Uploads In contrast to OpenAPI 2.0, `file` input/output content in OpenAPI 3 is described with the same semantics as any other schema type. Specifically: ```yaml # content transferred in binary (octet-stream): schema: type: string format: binary ``` These examples apply to either input payloads of file uploads or response payloads. A `requestBody` for submitting a file in a `POST` operation may look like the following example: ```yaml requestBody: content: application/octet-stream: schema: # a binary file of any type type: string format: binary ``` In addition, specific media types MAY be specified: ```yaml # multiple, specific media types may be specified: requestBody: content: # a binary file of type png or jpeg 'image/jpeg': schema: type: string format: binary 'image/png': schema: type: string format: binary ``` To upload multiple files, a `multipart` media type MUST be used as shown under [Example: Multipart Form with Multiple Files](#example-multipart-form-with-multiple-files). ##### Support for x-www-form-urlencoded Request Bodies See [Encoding the `x-www-form-urlencoded` Media Type](#encoding-the-x-www-form-urlencoded-media-type) for guidance and examples, both with and without the `encoding` field. ##### Special Considerations for `multipart` Content See [Encoding `multipart` Media Types](#encoding-multipart-media-types) for further guidance and examples, both with and without the `encoding` field. #### Encoding Object A single encoding definition applied to a single schema property. See [Appendix B](#appendix-b-data-type-conversion) for a discussion of converting values of various types to string representations. Properties are correlated with `multipart` parts using the [`name` parameter](https://www.rfc-editor.org/rfc/rfc7578#section-4.2) of `Content-Disposition: form-data`, and with `application/x-www-form-urlencoded` using the query string parameter names. In both cases, their order is implementation-defined. See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detailed examination of percent-encoding concerns for form media types. ##### Fixed Fields ###### Common Fixed Fields These fields MAY be used either with or without the RFC6570-style serialization fields defined in the next section below. | Field Name | Type | Description | | ---- | :----: | ---- | | contentType | `string` | The `Content-Type` for encoding a specific property. The value is a comma-separated list, each element of which is either a specific media type (e.g. `image/png`) or a wildcard media type (e.g. `image/*`). Default value depends on the property type as shown in the table below. | | headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | A map allowing additional information to be provided as headers. `Content-Type` is described separately and SHALL be ignored in this section. This field SHALL be ignored if the request body media type is not a `multipart`. | This object MAY be extended with [Specification Extensions](#specification-extensions). The default values for `contentType` are as follows, where an _n/a_ in the `format` column means that the presence or value of `format` is irrelevant: | `type` | `format` | Default `contentType` | | ---- | ---- | ---- | | `string` | `binary` _or_ `byte` | `application/octet-stream` | | `string` | _none, or any except `binary` or `byte`_ | `text/plain` | | `number`, `integer`, or `boolean` | _n/a_ | `text/plain` | | `object` | _n/a_ | `application/json` | | `array` | _n/a_ | according to the `type` and `format` of the `items` schema | Determining how to handle `null` values if `nullable: true` is present depends on how `null` values are being serialized. If `null` values are entirely omitted, then the `contentType` is irrelevant. See [Appendix B](#appendix-b-data-type-conversion) for a discussion of data type conversion options. ###### Fixed Fields for RFC6570-style Serialization | Field Name | Type | Description | | ---- | :----: | ---- | | style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameter-object) for details on the [`style`](#parameter-style) field. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` used in query strings is not used in `application/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | | explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this field has no effect. When [`style`](#encoding-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | | allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-based-serialization) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. The default value is `false`. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded`. | See also [Appendix C: Using RFC6570-Based Serialization](#appendix-c-using-rfc6570-based-serialization) for additional guidance. The role of `contentType` with `application/x-www-form-urlencoded` request bodies was not described in detail in version 3.0.3 and earlier of this specification. To match the intent of these fields and be compatible with version 3.1 of this specification, it is RECOMMENDED that whenever any of `style`, `explode`, or `allowReserved` are present with an explicit value: * The value of `contentType`, whether it is explicitly defined or has the default value, is to be ignored * If any of `style`, `explode`, or `allowReserved` are _not_ present with explicit values, then they are to be treated as if they were present with their default values However, if all three of `style`, `explode`, and `allowReserved` fields are absent, it is RECOMMENDED that: * All three keywords are to be entirely ignored, rather than treated as having their default values * Encoding is to be based on `contentType` alone, whether it is present with an explicit value or absent and treated as having its default value Note that the presence of at least one of `style`, `explode`, or `allowReserved` with an explicit value is equivalent to using `schema` with `in: "query"` Parameter Objects. The absence of all three of those fields is the equivalent of using `content`, but with the media type specified in `contentType` rather than through a Media Type Object. ##### Encoding the `x-www-form-urlencoded` Media Type To submit content using form url encoding via [RFC1866](https://tools.ietf.org/html/rfc1866), use the `application/x-www-form-urlencoded` media type in the [Media Type Object](#media-type-object) under the [Request Body Object](#request-body-object). This configuration means that the request body MUST be encoded per [RFC1866](https://tools.ietf.org/html/rfc1866) when passed to the server, after any complex objects have been serialized to a string representation. See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detailed examination of percent-encoding concerns for form media types. ###### Example: URL Encoded Form with JSON Values When there is no [`encoding`](#media-type-encoding) field, the serialization strategy is based on the Encoding Object's default values: ```yaml requestBody: content: application/x-www-form-urlencoded: schema: type: object properties: id: type: string format: uuid address: # complex types are stringified to support RFC 1866 type: object properties: {} ``` With this example, consider an `id` of `f81d4fae-7dec-11d0-a765-00a0c91e6bf6` and a US-style address (with ZIP+4) as follows: ```json { "streetAddress": "123 Example Dr.", "city": "Somewhere", "state": "CA", "zip": "99999+1234" } ``` Assuming the most compact representation of the JSON value (with unnecessary whitespace removed), we would expect to see the following request body, where space characters have been replaced with `+` and `+`, `"`, `{`, and `}` have been percent-encoded to `%2B`, `%22`, `%7B`, and `%7D`, respectively: ```uri id=f81d4fae-7dec-11d0-a765-00a0c91e6bf6&address=%7B%22streetAddress%22:%22123+Example+Dr.%22,%22city%22:%22Somewhere%22,%22state%22:%22CA%22,%22zip%22:%2299999%2B1234%22%7D ``` Note that the `id` keyword is treated as `text/plain` per the [Encoding Object](#encoding-object)'s default behavior, and is serialized as-is. If it were treated as `application/json`, then the serialized value would be a JSON string including quotation marks, which would be percent-encoded as `%22`. Here is the `id` parameter (without `address`) serialized as `application/json` instead of `text/plain`, and then encoded per RFC1866: ```uri id=%22f81d4fae-7dec-11d0-a765-00a0c91e6bf6%22 ``` ###### Example: URL Encoded Form with Binary Values Note that `application/x-www-form-urlencoded` is a text format, which requires base64-encoding any binary data: ```YAML requestBody: content: application/x-www-form-urlencoded: schema: type: object properties: name: type: string icon: # The default with "format: byte" is application/octet-stream, # so we need to set image media type(s) in the Encoding Object. type: string format: byte encoding: icon: contentType: image/png, image/jpeg ``` Given a name of `example` and a solid red 2x2-pixel PNG for `icon`, this would produce a request body of: ```uri name=example&icon=iVBORw0KGgoAAAANSUhEUgAAAAIAAAACCAIAAAD91JpzAAAABGdBTUEAALGPC%2FxhBQAAADhlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAAqACAAQAAAABAAAAAqADAAQAAAABAAAAAgAAAADO0J6QAAAAEElEQVQIHWP8zwACTGCSAQANHQEDqtPptQAAAABJRU5ErkJggg%3D%3D ``` Note that this base64-encoded value had to be futher percent-encoded, replacing `/` with `%2F` and each of two final `=` padding characters with `%3D`. Some base64-decoding implementations may be able to use the string without the padding per [RFC4648](https://datatracker.ietf.org/doc/html/rfc4648#section-3.2). However, this is not guaranteed and the value would still need to be percent-decoded due to the `%2F`. ##### Encoding `multipart` Media Types It is common to use `multipart/form-data` as a `Content-Type` when transferring forms as request bodies. In contrast to OpenAPI 2.0, a `schema` is REQUIRED to define the input parameters to the operation when using `multipart` content. This supports complex structures as well as supporting mechanisms for multiple file uploads. The `form-data` disposition and its `name` parameter are mandatory for `multipart/form-data` ([RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.2)). Array properties are handled by applying the same `name` to multiple parts, as is recommended by [RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.3) for supplying multiple values per form field. See [RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-5) for guidance regarding non-ASCII part names. Various other `multipart` types, most notable `multipart/mixed` ([RFC2046](https://www.rfc-editor.org/rfc/rfc2046.html#section-5.1.3)) neither require nor forbid specific `Content-Disposition` values, which means care must be taken to ensure that any values used are supported by all relevant software. It is not currently possible to correlate schema properties with unnamed, ordered parts in media types such as `multipart/mixed`, but implementations MAY choose to support such types when `Content-Disposition: form-data` is used with a `name` parameter. Note that there are significant restrictions on what headers can be used with `multipart` media types in general ([RFC2046](https://www.rfc-editor.org/rfc/rfc2046.html#section-5.1)) and `multi-part/form-data` in particular ([RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.8)). Note also that `Content-Transfer-Encoding` is deprecated for `multipart/form-data` ([RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.7)) where binary data is supported, as it is in HTTP. Using `format: "byte"` for a multipart field is equivalent to specifying an [Encoding Object](#encoding-object) with a `headers` field containing `Content-Transfer-Encoding` with a schema that requires the value `base64`. If `format: "byte"` is used for a multipart field that has an Encoding Object with a `headers` field containing `Content-Transfer-Encoding` with a schema that disallows `base64`, the result is undefined for serialization and parsing. Per the JSON Schema specification, `contentMediaType` without `contentEncoding` present is treated as if `contentEncoding: "identity"` were present. While useful for embedding text documents such as `text/html` into JSON strings, it is not useful for a `multipart/form-data` part, as it just causes the document to be treated as `text/plain` instead of its actual media type. Use the Encoding Object without `contentMediaType` if no `contentEncoding` is required. See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detailed examination of percent-encoding concerns for form media types. ###### Example: Basic Multipart Form When the `encoding` field is _not_ used, the encoding is determined by the Encoding Object's defaults: ```yaml requestBody: content: multipart/form-data: schema: type: object properties: id: # default for primitives without a special format is text/plain type: string format: uuid profileImage: # default for string with binary format is `application/octet-stream` type: string format: binary addresses: # default for arrays is based on the type in the `items` # subschema, which is an object, so `application/json` type: array items: $ref: '#/components/schemas/Address' ``` ###### Example: Multipart Form with Encoding Objects Using `encoding`, we can set more specific types for binary data, or non-JSON formats for complex values. We can also describe headers for each part: ```yaml requestBody: content: multipart/form-data: schema: type: object properties: id: # default is `text/plain` type: string format: uuid addresses: # default based on the `items` subschema would be # `application/json`, but we want these address objects # serialized as `application/xml` instead description: addresses in XML format type: array items: $ref: '#/components/schemas/Address' profileImage: # default is application/octet-stream, but we can declare # a more specific image type or types type: string format: binary encoding: addresses: # require XML Content-Type in utf-8 encoding # This is applied to each address part corresponding # to each address in he array contentType: application/xml; charset=utf-8 profileImage: # only accept png or jpeg contentType: image/png, image/jpeg headers: X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: integer ``` ###### Example: Multipart Form with Multiple Files In accordance with [RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.3), multiple files for a single form field are uploaded using the same name (`file` in this example) for each file's part: ```yaml requestBody: content: multipart/form-data: schema: properties: # The property name 'file' will be used for all files. file: type: array items: type: string format: binary ``` #### Responses Object A container for the expected responses of an operation. The container maps a HTTP response code to the expected response. The documentation is not necessarily expected to cover all possible HTTP response codes because they may not be known in advance. However, documentation is expected to cover a successful operation response and any known errors. The `default` MAY be used as a default Response Object for all HTTP codes that are not covered individually by the Responses Object. The Responses Object MUST contain at least one response code, and if only one response code is provided it SHOULD be the response for a successful operation call. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | default | [Response Object](#response-object) \| [Reference Object](#reference-object) | The documentation of responses other than the ones declared for specific HTTP response codes. Use this field to cover undeclared responses. A [Reference Object](#reference-object) can link to a response that the [OpenAPI Object's `components.responses`](#components-responses) section defines. | ##### Patterned Fields | Field Pattern | Type | Description | | ---- | :----: | ---- | | [HTTP Status Code](#http-status-codes) | [Response Object](#response-object) \| [Reference Object](#reference-object) | Any [HTTP status code](#http-status-codes) can be used as the property name, but only one property per code, to describe the expected response for that HTTP status code. A [Reference Object](#reference-object) can link to a response that is defined in the [OpenAPI Object's `components.responses`](#components-responses) section. This field MUST be enclosed in quotation marks (for example, "200") for compatibility between JSON and YAML. To define a range of response codes, this field MAY contain the uppercase wildcard character `X`. For example, `2XX` represents all response codes between `200` and `299`. Only the following range definitions are allowed: `1XX`, `2XX`, `3XX`, `4XX`, and `5XX`. If a response is defined using an explicit code, the explicit code definition takes precedence over the range definition for that code. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Responses Object Example A 200 response for a successful operation and a default response for others (implying an error): ```json { "200": { "description": "a pet to be returned", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Pet" } } } }, "default": { "description": "Unexpected error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorModel" } } } } } ``` ```yaml '200': description: a pet to be returned content: application/json: schema: $ref: '#/components/schemas/Pet' default: description: Unexpected error content: application/json: schema: $ref: '#/components/schemas/ErrorModel' ``` #### Response Object Describes a single response from an API operation, including design-time, static `links` to operations based on the response. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | description | `string` | **REQUIRED**. A description of the response. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. | | content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing descriptions of potential response payloads. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For responses that match multiple keys, only the most specific key is applicable. e.g. `"text/plain"` overrides `"text/*"` | | links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#components-object). | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Response Object Examples Response of an array of a complex type: ```json { "description": "A complex object array response", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/VeryComplexType" } } } } } ``` ```yaml description: A complex object array response content: application/json: schema: type: array items: $ref: '#/components/schemas/VeryComplexType' ``` Response with a string type: ```json { "description": "A simple string response", "content": { "text/plain": { "schema": { "type": "string" } } } } ``` ```yaml description: A simple string response content: text/plain: schema: type: string ``` Plain text response with headers: ```json { "description": "A simple string response", "content": { "text/plain": { "schema": { "type": "string" }, "example": "whoa!" } }, "headers": { "X-Rate-Limit-Limit": { "description": "The number of allowed requests in the current period", "schema": { "type": "integer" } }, "X-Rate-Limit-Remaining": { "description": "The number of remaining requests in the current period", "schema": { "type": "integer" } }, "X-Rate-Limit-Reset": { "description": "The number of seconds left in the current period", "schema": { "type": "integer" } } } } ``` ```yaml description: A simple string response content: text/plain: schema: type: string example: 'whoa!' headers: X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: integer X-Rate-Limit-Remaining: description: The number of remaining requests in the current period schema: type: integer X-Rate-Limit-Reset: description: The number of seconds left in the current period schema: type: integer ``` Response with no return value: ```json { "description": "object created" } ``` ```yaml description: object created ``` #### Callback Object A map of possible out-of band callbacks related to the parent operation. Each value in the map is a [Path Item Object](#path-item-object) that describes a set of requests that may be initiated by the API provider and the expected responses. The key value used to identify the Path Item Object is an expression, evaluated at runtime, that identifies a URL to use for the callback operation. ##### Patterned Fields | Field Pattern | Type | Description | | ---- | :----: | ---- | | {expression} | [Path Item Object](#path-item-object) | A Path Item Object used to define a callback request and expected responses. A [complete example](https://learn.openapis.org/examples/v3.0/callback-example.html) is available. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Key Expression The key that identifies the [Path Item Object](#path-item-object) is a [runtime expression](#runtime-expressions) that can be evaluated in the context of a runtime HTTP request/response to identify the URL to be used for the callback request. A simple example might be `$request.body#/url`. However, using a [runtime expression](#runtime-expressions) the complete HTTP message can be accessed. This includes accessing any part of a body that a JSON Pointer [RFC6901](https://tools.ietf.org/html/rfc6901) can reference. For example, given the following HTTP request: ```http POST /subscribe/myevent?queryUrl=https://clientdomain.com/stillrunning HTTP/1.1 Host: example.org Content-Type: application/json Content-Length: 188 { "failedUrl": "https://clientdomain.com/failed", "successUrls": [ "https://clientdomain.com/fast", "https://clientdomain.com/medium", "https://clientdomain.com/slow" ] } ``` resulting in: ```http 201 Created Location: https://example.org/subscription/1 ``` The following examples show how the various expressions evaluate, assuming the callback operation has a path parameter named `eventType` and a query parameter named `queryUrl`. | Expression | Value | | ---- | :---- | | $url | | | $method | POST | | $request.path.eventType | myevent | | $request.query.queryUrl | | | $request.header.content-type | application/json | | $request.body#/failedUrl | | | $request.body#/successUrls/1 | | | $response.header.Location | | ##### Callback Object Examples The following example uses the user provided `queryUrl` query string parameter to define the callback URL. This is an example of how to use a Callback Object to describe a WebHook callback that goes with the subscription operation to enable registering for the WebHook. ```yaml myCallback: '{$request.query.queryUrl}': post: requestBody: description: Callback payload content: application/json: schema: $ref: '#/components/schemas/SomePayload' responses: '200': description: callback successfully processed ``` The following example shows a callback where the server is hard-coded, but the query string parameters are populated from the `id` and `email` property in the request body. ```yaml transactionCallback: 'http://notificationServer.com?transactionId={$request.body#/id}&email={$request.body#/email}': post: requestBody: description: Callback payload content: application/json: schema: $ref: '#/components/schemas/SomePayload' responses: '200': description: callback successfully processed ``` #### Example Object An object grouping an internal or external example value with basic `summary` and `description` metadata. This object is typically used in fields named `examples` (plural), and is a [referenceable](#reference-object) alternative to older `example` (singular) fields that do not support referencing or metadata. Examples allow demonstration of the usage of properties, parameters and objects within OpenAPI. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | summary | `string` | Short description for the example. | | description | `string` | Long description for the example. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | value | Any | Embedded literal example. The `value` field and `externalValue` field are mutually exclusive. To represent examples of media types that cannot naturally represented in JSON or YAML, use a string value to contain the example, escaping where necessary. | | externalValue | `string` | A URL that points to the literal example. This provides the capability to reference examples that cannot easily be included in JSON or YAML documents. The `value` field and `externalValue` field are mutually exclusive. See the rules for resolving [Relative References](#relative-references-in-urls). | This object MAY be extended with [Specification Extensions](#specification-extensions). In all cases, the example value SHOULD be compatible with the schema of its associated value. Tooling implementations MAY choose to validate compatibility automatically, and reject the example value(s) if incompatible. ##### Working with Examples Example Objects can be used in both [Parameter Objects](#parameter-object) and [Media Type Objects](#media-type-object). In both objects, this is done through the `examples` (plural) field. However, there are two other ways to provide examples: The `example` (singular) field that is mutually exclusive with `examples` in both objects, and the `example` (singular) field in the [Schema Object](#schema-object) that appears in the `schema` field of both objects. Each of these fields has slightly different considerations. The Schema Object's `example` field is used to show example values without regard to how they might be formatted as parameters or within media type representations. The mutually exclusive fields in the Parameter or Media Type Objects are used to show example values which SHOULD both match the schema and be formatted as they would appear as a serialized parameter or within a media type representation. The exact serialization and encoding is determined by various fields in the Parameter Object, or in the Media Type Object's [Encoding Object](#encoding-object). Because examples using these fields represent the final serialized form of the data, they SHALL _override_ any `example` in the corresponding Schema Object. The singular `example` field in the Parameter or Media Type Object is concise and convenient for simple examples, but does not offer any other advantages over using Example Objects under `examples`. Some examples cannot be represented directly in JSON or YAML. For all three ways of providing examples, these can be shown as string values with any escaping necessary to make the string valid in the JSON or YAML format of documents that comprise the OpenAPI Description. With the Example Object, such values can alternatively be handled through the `externalValue` field. ##### Example Object Examples In a request body: ```yaml requestBody: content: 'application/json': schema: $ref: '#/components/schemas/Address' examples: foo: summary: A foo example value: foo: bar bar: summary: A bar example value: bar: baz application/xml: examples: xmlExample: summary: This is an example in XML externalValue: https://example.org/examples/address-example.xml text/plain: examples: textExample: summary: This is a text example externalValue: https://foo.bar/examples/address-example.txt ``` In a parameter: ```yaml parameters: - name: zipCode in: query schema: type: string format: zip-code examples: zip-example: $ref: '#/components/examples/zip-example' ``` In a response: ```yaml responses: '200': description: your car appointment has been booked content: application/json: schema: $ref: '#/components/schemas/SuccessResponse' examples: confirmation-success: $ref: '#/components/examples/confirmation-success' ``` Two different uses of JSON strings: First, a request or response body that is just a JSON string (not an object containing a string): ```json "application/json": { "schema": { "type": "string" }, "examples": { "jsonBody": { "description": "A body of just the JSON string \"json\"", "value": "json" } } } ``` ```yaml application/json: schema: type: string examples: jsonBody: description: 'A body of just the JSON string "json"' value: json ``` In the above example, we can just show the JSON string (or any JSON value) as-is, rather than stuffing a serialized JSON value into a JSON string, which would have looked like `"\"json\""`. In contrast, a JSON string encoded inside of a URL-style form body: ```json "application/x-www-form-urlencoded": { "schema": { "type": "object", "properties": { "jsonValue": { "type": "string" } } }, "encoding": { "jsonValue": { "contentType": "application/json" } }, "examples": { "jsonFormValue": { "description": "The JSON string \"json\" as a form value", "value": "jsonValue=%22json%22" } } } ``` ```yaml application/x-www-form-urlencoded: schema: type: object properties: jsonValue: type: string encoding: jsonValue: contentType: application/json examples: jsonFormValue: description: 'The JSON string "json" as a form value' value: jsonValue=%22json%22 ``` In this example, the JSON string had to be serialized before encoding it into the URL form value, so the example includes the quotation marks that are part of the JSON serialization, which are then URL percent-encoded. #### Link Object The Link Object represents a possible design-time link for a response. The presence of a link does not guarantee the caller's ability to successfully invoke it, rather it provides a known relationship and traversal mechanism between responses and other operations. Unlike _dynamic_ links (i.e. links provided **in** the response payload), the OAS linking mechanism does not require link information in the runtime response. For computing links and providing instructions to execute them, a [runtime expression](#runtime-expressions) is used for accessing values in an operation and using them as parameters while invoking the linked operation. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | operationRef | `string` | A URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operation-object). | | operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. | | parameters | Map[`string`, Any \| [{expression}](#runtime-expressions)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used (optionally qualified with the parameter location, e.g. `path.id` for an `id` parameter in the path), whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. | | requestBody | Any \| [{expression}](#runtime-expressions) | A literal value or [{expression}](#runtime-expressions) to use as a request body when calling the target operation. | | description | `string` | A description of the link. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | server | [Server Object](#server-object) | A server object to be used by the target operation. | This object MAY be extended with [Specification Extensions](#specification-extensions). A linked operation MUST be identified using either an `operationRef` or `operationId`. The identified or reference operation MUST be unique, and in the case of an `operationId`, it MUST be resolved within the scope of the OpenAPI Description (OAD). Because of the potential for name clashes, the `operationRef` syntax is preferred for multi-document OADs. However, because use of an operation depends on its URL path template in the [Paths Object](#paths-object), operations from any [Path Item Object](#path-item-object) that is referenced multiple times within the OAD cannot be resolved unambiguously. In such ambiguous cases, the resulting behavior is implementation-defined and MAY result in an error. Note that it is not possible to provide a constant value to `parameters` that matches the syntax of a runtime expression. It is possible to have ambiguous parameter names, e.g. `name: "id", in: "path"` and `name: "path.id", in: "query"`; this is NOT RECOMMENDED and the behavior is implementation-defined, however implementations SHOULD prefer the qualified interpretation (`path.id` as a path parameter), as the names can always be qualified to disambiguate them (e.g. using `query.path.id` for the query parameter). ##### Examples Computing a link from a request operation where the `$request.path.id` is used to pass a request parameter to the linked operation. ```yaml paths: /users/{id}: parameters: - name: id in: path required: true description: the user identifier, as userId schema: type: string get: responses: '200': description: the user being returned content: application/json: schema: type: object properties: uuid: # the unique user id type: string format: uuid links: address: # the target link operationId operationId: getUserAddress parameters: # get the `id` field from the request path parameter named `id` userid: $request.path.id # the path item of the linked operation /users/{userid}/address: parameters: - name: userid in: path required: true description: the user identifier, as userId schema: type: string # linked operation get: operationId: getUserAddress responses: '200': description: the user's address ``` When a runtime expression fails to evaluate, no parameter value is passed to the target operation. Values from the response body can be used to drive a linked operation. ```yaml links: address: operationId: getUserAddressByUUID parameters: # get the `uuid` field from the `uuid` field in the response body userUuid: $response.body#/uuid ``` Clients follow all links at their discretion. Neither permissions nor the capability to make a successful call to that link is guaranteed solely by the existence of a relationship. ##### `operationRef` Examples As references to `operationId` MAY NOT be possible (the `operationId` is an optional field in an [Operation Object](#operation-object)), references MAY also be made through a relative `operationRef`: ```yaml links: UserRepositories: # returns array of '#/components/schemas/repository' operationRef: '#/paths/~12.0~1repositories~1%7Busername%7D/get' parameters: username: $response.body#/username ``` or a URI `operationRef`: ```yaml links: UserRepositories: # returns array of '#/components/schemas/repository' operationRef: https://na2.gigantic-server.com/#/paths/~12.0~1repositories~1%7Busername%7D/get parameters: username: $response.body#/username ``` Note that in the use of `operationRef` the _escaped forward-slash_ is necessary when using JSON Pointer, and it is necessary to URL-encode `{` and `}` as `%7B` and `%7D`, respectively, when using JSON Pointer as URI fragments. ##### Runtime Expressions Runtime expressions allow defining values based on information that will only be available within the HTTP message in an actual API call. This mechanism is used by [Link Objects](#link-object) and [Callback Objects](#callback-object). The runtime expression is defined by the following [ABNF](https://tools.ietf.org/html/rfc5234) syntax ```abnf expression = "$url" / "$method" / "$statusCode" / "$request." source / "$response." source source = header-reference / query-reference / path-reference / body-reference header-reference = "header." token query-reference = "query." name path-reference = "path." name body-reference = "body" ["#" json-pointer ] json-pointer = *( "/" reference-token ) reference-token = *( unescaped / escaped ) unescaped = %x00-2E / %x30-7D / %x7F-10FFFF ; %x2F ('/') and %x7E ('~') are excluded from 'unescaped' escaped = "~" ( "0" / "1" ) ; representing '~' and '/', respectively name = *( CHAR ) token = 1*tchar tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA ``` Here, `json-pointer` is taken from [RFC6901](https://tools.ietf.org/html/rfc6901), `char` from [RFC7159](https://tools.ietf.org/html/rfc7159#section-7) and `token` from [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2.6). The `name` identifier is case-sensitive, whereas `token` is not. The table below provides examples of runtime expressions and examples of their use in a value: ##### Examples | Source Location | example expression | notes | | ---- | :---- | :---- | | HTTP Method | `$method` | The allowable values for the `$method` will be those for the HTTP operation. | | Requested media type | `$request.header.accept` | | | Request parameter | `$request.path.id` | Request parameters MUST be declared in the `parameters` section of the parent operation or they cannot be evaluated. This includes request headers. | | Request body property | `$request.body#/user/uuid` | In operations which accept payloads, references may be made to portions of the `requestBody` or the entire body. | | Request URL | `$url` | | | Response value | `$response.body#/status` | In operations which return payloads, references may be made to portions of the response body or the entire body. | | Response header | `$response.header.Server` | Single header values only are available | Runtime expressions preserve the type of the referenced value. Expressions can be embedded into string values by surrounding the expression with `{}` curly braces. #### Header Object Describes a single header for [HTTP responses](#response-headers) and for [individual parts in `multipart` representations](#encoding-headers); see the relevant [Response Object](#response-object) and [Encoding Object](#encoding-object) documentation for restrictions on which headers can be described. The Header Object follows the structure of the [Parameter Object](#parameter-object), including determining its serialization strategy based on whether `schema` or `content` is present, with the following changes: 1. `name` MUST NOT be specified, it is given in the corresponding `headers` map. 1. `in` MUST NOT be specified, it is implicitly in `header`. 1. All traits that are affected by the location MUST be applicable to a location of `header` (for example, [`style`](#parameter-style)). This means that `allowEmptyValue` and `allowReserved` MUST NOT be used, and `style`, if used, MUST be limited to `"simple"`. ##### Fixed Fields ###### Common Fixed Fields These fields MAY be used with either `content` or `schema`. | Field Name | Type | Description | | ---- | :----: | ---- | | description | `string` | A brief description of the header. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | required | `boolean` | Determines whether this header is mandatory. The default value is `false`. | | deprecated | `boolean` | Specifies that the header is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | This object MAY be extended with [Specification Extensions](#specification-extensions). ###### Fixed Fields for use with `schema` For simpler scenarios, a [`schema`](#header-schema) and [`style`](#header-style) can describe the structure and syntax of the header. When `example` or `examples` are provided in conjunction with the `schema` field, the example MUST follow the prescribed serialization strategy for the header. Serializing with `schema` is NOT RECOMMENDED for headers with parameters (name=value pairs following a `;`) in their values, or where values might have non-URL-safe characters; see [Appendix D](#appendix-d-serializing-headers-and-cookies) for details. When `example` or `examples` are provided in conjunction with the `schema` field, the example SHOULD match the specified schema and follow the prescribed serialization strategy for the header. The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. | Field Name | Type | Description | | ---- | :----: | ---- | | style | `string` | Describes how the header value will be serialized. The default (and only legal value for headers) is `"simple"`. | | explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](#style-examples). For other data types this field has no effect. The default value is `false`. | | schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the header. | | example | Any | Example of the header's potential value; see [Working With Examples](#working-with-examples). | | examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the header's potential value; see [Working With Examples](#working-with-examples). | See also [Appendix C: Using RFC6570-Based Serialization](#appendix-c-using-rfc6570-based-serialization) for additional guidance. ###### Fixed Fields for use with `content` For more complex scenarios, the [`content`](#header-content) field can define the media type and schema of the header, as well as give examples of its use. Using `content` with a `text/plain` media type is RECOMMENDED for headers where the `schema` strategy is not appropriate. | Field Name | Type | Description | | ---- | :----: | ---- | | content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing the representations for the header. The key is the media type and the value describes it. The map MUST only contain one entry. | ##### Header Object Example A simple header of type `integer`: ```json "X-Rate-Limit-Limit": { "description": "The number of allowed requests in the current period", "schema": { "type": "integer" } } ``` ```yaml X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: integer ``` Requiring that a strong `ETag` header (with a value starting with `"` rather than `W/`) is present. Note the use of `content`, because using `schema` and `style` would require the `"` to be percent-encoded as `%22`: ```json "ETag": { "required": true, "content": { "text/plain": { "schema": { "type": "string", "pattern": "^\"" } } } } ``` ```yaml ETag: required: true content: text/plain: schema: type: string pattern: ^" ``` #### Tag Object Adds metadata to a single tag that is used by the [Operation Object](#operation-object). It is not mandatory to have a Tag Object per tag defined in the Operation Object instances. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | name | `string` | **REQUIRED**. The name of the tag. | | description | `string` | A description for the tag. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this tag. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Tag Object Example ```json { "name": "pet", "description": "Pets operations" } ``` ```yaml name: pet description: Pets operations ``` #### Reference Object A simple object to allow referencing other components in the OpenAPI Description, internally and externally. The Reference Object is defined by [JSON Reference](https://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03) and follows the same structure, behavior and rules. For this specification, reference resolution is accomplished as defined by the JSON Reference specification and not by the JSON Schema specification. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | $ref | `string` | **REQUIRED**. The reference string. | This object cannot be extended with additional properties, and any properties added SHALL be ignored. ##### Reference Object Example ```json { "$ref": "#/components/schemas/Pet" } ``` ```yaml $ref: '#/components/schemas/Pet' ``` ##### Relative Schema Document Example ```json { "$ref": "Pet.json" } ``` ```yaml $ref: Pet.yaml ``` ##### Relative Documents with Embedded Schema Example ```json { "$ref": "definitions.json#/Pet" } ``` ```yaml $ref: definitions.yaml#/Pet ``` #### Schema Object The Schema Object allows the definition of input and output data types. These types can be objects, but also primitives and arrays. This object is an extended subset of the [[JSON-Schema-05|JSON Schema Specification Draft Wright-00]]. For more information about the keywords, see [JSON Schema Core](https://tools.ietf.org/html/draft-wright-json-schema-00) and [JSON Schema Validation](https://tools.ietf.org/html/draft-wright-json-schema-validation-00). Unless stated otherwise, the keyword definitions follow those of JSON Schema and do not add any additional semantics. ##### JSON Schema Keywords The following keywords are taken directly from the JSON Schema definition and follow the same specifications: * title * multipleOf * maximum * exclusiveMaximum * minimum * exclusiveMinimum * maxLength * minLength * pattern (This string SHOULD be a valid regular expression, according to the [Ecma-262 Edition 5.1 regular expression](https://www.ecma-international.org/ecma-262/5.1/#sec-15.10.1) dialect) * maxItems * minItems * uniqueItems * maxProperties * minProperties * required * enum The following keywords are taken from the JSON Schema definition but their definitions were adjusted to the OpenAPI Specification. * type - Value MUST be a string. Multiple types via an array are not supported. * allOf - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. * oneOf - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. * anyOf - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. * not - Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. * items - Value MUST be an object and not an array. Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. `items` MUST be present if `type` is `"array"`. * properties - Property definitions MUST be a [Schema Object](#schema-object) and not a standard JSON Schema (inline or referenced). * additionalProperties - Value can be boolean or object. Inline or referenced schema MUST be of a [Schema Object](#schema-object) and not a standard JSON Schema. Consistent with JSON Schema, `additionalProperties` defaults to `true`. * description - [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. * format - See [Data Type Formats](#data-type-format) for further details. While relying on JSON Schema's defined formats, the OAS offers a few additional predefined formats. * default - The default value represents what would be assumed by the consumer of the input as the value of the schema if one is not provided. Unlike JSON Schema, the value MUST conform to the defined `type` for the Schema Object defined at the same level. For example, if `type` is `"string"`, then `default` can be `"foo"` but cannot be `1`. Alternatively, any time a Schema Object can be used, a [Reference Object](#reference-object) can be used in its place. This allows referencing definitions instead of defining them inline. Additional keywords defined by the JSON Schema specification that are not mentioned here are strictly unsupported. Other than the JSON Schema subset fields, the following fields MAY be used for further schema documentation: ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | nullable | `boolean` | This keyword only takes effect if `type` is explicitly defined within the same Schema Object. A `true` value indicates that both `null` values and values of the type specified by `type` are allowed. Other Schema Object constraints retain their defined behavior, and therefore may disallow the use of `null` as a value. A `false` value leaves the specified or default `type` unmodified. The default value is `false`. | | discriminator | [Discriminator Object](#discriminator-object) | Adds support for polymorphism. The discriminator is used to determine which of a set of schemas a payload is expected to satisfy. See [Composition and Inheritance](#composition-and-inheritance-polymorphism) for more details. | | readOnly | `boolean` | Relevant only for Schema Object `properties` definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as `readOnly` being `true` and is in the `required` list, the `required` will take effect on the response only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | | writeOnly | `boolean` | Relevant only for Schema Object `properties` definitions. Declares the property as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT be sent as part of the response. If the property is marked as `writeOnly` being `true` and is in the `required` list, the `required` will take effect on the request only. A property MUST NOT be marked as both `readOnly` and `writeOnly` being `true`. Default value is `false`. | | xml | [XML Object](#xml-object) | This MAY be used only on property schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this schema. | | example | Any | A free-form field to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary. | | deprecated | `boolean` | Specifies that a schema is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | This object MAY be extended with [Specification Extensions](#specification-extensions). ###### Composition and Inheritance (Polymorphism) The OpenAPI Specification allows combining and extending model definitions using the `allOf` keyword of JSON Schema, in effect offering model composition. `allOf` takes an array of object definitions that are validated _independently_ but together compose a single object. While composition offers model extensibility, it does not imply a hierarchy between the models. To support polymorphism, the OpenAPI Specification adds the [`discriminator`](#schema-discriminator) field. When used, the `discriminator` indicates the name of the property that hints which schema definition is expected to validate the structure of the model. As such, the `discriminator` field MUST be a required field. There are two ways to define the value of a discriminator for an inheriting instance. * Use the schema name. * [Override the schema name](#discriminator-mapping) by overriding the property with a new value. If a new value exists, this takes precedence over the schema name. ###### XML Modeling The [xml](#schema-xml) field allows extra definitions when translating the JSON definition to XML. The [XML Object](#xml-object) contains additional information about the available options. ##### Schema Object Examples ###### Primitive Example ```json { "type": "string", "format": "email" } ``` ```yaml type: string format: email ``` ###### Simple Model ```json { "type": "object", "required": ["name"], "properties": { "name": { "type": "string" }, "address": { "$ref": "#/components/schemas/Address" }, "age": { "type": "integer", "format": "int32", "minimum": 0 } } } ``` ```yaml type: object required: - name properties: name: type: string address: $ref: '#/components/schemas/Address' age: type: integer format: int32 minimum: 0 ``` ###### Model with Map/Dictionary Properties For a simple string to string mapping: ```json { "type": "object", "additionalProperties": { "type": "string" } } ``` ```yaml type: object additionalProperties: type: string ``` For a string to model mapping: ```json { "type": "object", "additionalProperties": { "$ref": "#/components/schemas/ComplexModel" } } ``` ```yaml type: object additionalProperties: $ref: '#/components/schemas/ComplexModel' ``` ###### Model with Example ```json { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } }, "required": ["name"], "example": { "name": "Puma", "id": 1 } } ``` ```yaml type: object properties: id: type: integer format: int64 name: type: string required: - name example: name: Puma id: 1 ``` ###### Models with Composition ```json { "components": { "schemas": { "ErrorModel": { "type": "object", "required": ["message", "code"], "properties": { "message": { "type": "string" }, "code": { "type": "integer", "minimum": 100, "maximum": 600 } } }, "ExtendedErrorModel": { "allOf": [ { "$ref": "#/components/schemas/ErrorModel" }, { "type": "object", "required": ["rootCause"], "properties": { "rootCause": { "type": "string" } } } ] } } } } ``` ```yaml components: schemas: ErrorModel: type: object required: - message - code properties: message: type: string code: type: integer minimum: 100 maximum: 600 ExtendedErrorModel: allOf: - $ref: '#/components/schemas/ErrorModel' - type: object required: - rootCause properties: rootCause: type: string ``` ###### Models with Polymorphism Support ```json { "components": { "schemas": { "Pet": { "type": "object", "discriminator": { "propertyName": "petType" }, "properties": { "name": { "type": "string" }, "petType": { "type": "string" } }, "required": ["name", "petType"] }, "Cat": { "description": "A representation of a cat. Note that `Cat` will be used as the discriminating value.", "allOf": [ { "$ref": "#/components/schemas/Pet" }, { "type": "object", "properties": { "huntingSkill": { "type": "string", "description": "The measured skill for hunting", "default": "lazy", "enum": ["clueless", "lazy", "adventurous", "aggressive"] } }, "required": ["huntingSkill"] } ] }, "Dog": { "description": "A representation of a dog. Note that `Dog` will be used as the discriminating value.", "allOf": [ { "$ref": "#/components/schemas/Pet" }, { "type": "object", "properties": { "packSize": { "type": "integer", "format": "int32", "description": "the size of the pack the dog is from", "default": 0, "minimum": 0 } }, "required": ["packSize"] } ] } } } } ``` ```yaml components: schemas: Pet: type: object discriminator: propertyName: petType properties: name: type: string petType: type: string required: - name - petType Cat: # "Cat" will be used as the discriminating value description: A representation of a cat allOf: - $ref: '#/components/schemas/Pet' - type: object properties: huntingSkill: type: string description: The measured skill for hunting enum: - clueless - lazy - adventurous - aggressive required: - huntingSkill Dog: # "Dog" will be used as the discriminating value description: A representation of a dog allOf: - $ref: '#/components/schemas/Pet' - type: object properties: packSize: type: integer format: int32 description: the size of the pack the dog is from default: 0 minimum: 0 required: - packSize ``` #### Discriminator Object When request bodies or response payloads may be one of a number of different schemas, a Discriminator Object gives a hint about the expected schema of the document. This hint can be used to aid in serialization, deserialization, and validation. The Discriminator Object does this by implicitly or explicitly associating the possible values of a named property with alternative schemas. Note that `discriminator` MUST NOT change the validation outcome of the schema. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminating value. This property SHOULD be required in the payload schema, as the behavior when the property is absent is undefined. | | mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or URI references. | ##### Conditions for Using the Discriminator Object The Discriminator Object is legal only when using one of the composite keywords `oneOf`, `anyOf`, `allOf`. In both the `oneOf` and `anyOf` use cases, where those keywords are adjacent to `discriminator`, all possible schemas MUST be listed explicitly. To avoid redundancy, the discriminator MAY be added to a parent schema definition, and all schemas building on the parent schema via an `allOf` construct may be used as an alternate schema. It is implementation-defined as to whether all named [Schema Objects](#schema-object) under the [Components Object](#components-object), or only those that are otherwise directly referenced are searched for `allOf` references to the parent schema. However, it is RECOMMENDED to search all named schemas in the Components Object because it is common with the `allOf` usage for other parts of the API to only directly reference the parent schema. The `allOf` form of `discriminator` is _only_ useful for non-validation use cases; validation with the parent schema with this form of `discriminator` _does not_ perform a search for child schemas or use them in validation in any way. This is because `discriminator` cannot change the validation outcome, and no standard JSON Schema keyword connects the parent schema to the child schemas. The behavior of any configuration of `oneOf`, `anyOf`, `allOf` and `discriminator` that is not described above is undefined. ##### Options for Mapping Values to Schemas The value of the property named in `propertyName` is used as the name of the associated schema under the [Components Object](#components-object), _unless_ a `mapping` is present for that value. The `mapping` entry maps a specific property value to either a different schema component name, or to a schema identified by a URI. When using implicit or explicit schema component names, inline `oneOf` or `anyOf` subschemas are not considered. The behavior of a `mapping` value that is both a valid schema name and a valid relative URI reference is implementation-defined, but it is RECOMMENDED that it be treated as a schema name. To ensure that an ambiguous value (e.g. `"foo"`) is treated as a relative URI reference by all implementations, authors MUST prefix it with the `"."` path segment (e.g. `"./foo"`). Mapping keys MUST be string values, but tooling MAY convert response values to strings for comparison. However, the exact nature of such conversions are implementation-defined. ##### Examples For these examples, assume all schemas are in the [entry document](#openapi-description-structure) of the OAD; for handling of `discriminator` in referenced documents see [Resolving Implicit Connections](#resolving-implicit-connections). In OAS 3.0, a response payload MAY be described to be exactly one of any number of types: ```yaml MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' ``` which means the payload _MUST_, by validation, match exactly one of the schemas described by `Cat`, `Dog`, or `Lizard`. Deserialization of a `oneOf` can be a costly operation, as it requires determining which schema matches the payload and thus should be used in deserialization. This problem also exists for `anyOf` schemas. A `discriminator` MAY be used as a "hint" to improve the efficiency of selection of the matching schema. The `discriminator` field cannot change the validation result of the `oneOf`, it can only help make the deserialization more efficient and provide better error messaging. We can specify the exact field that tells us which schema is expected to match the instance: ```yaml MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' discriminator: propertyName: petType ``` The expectation now is that a property with name `petType` _MUST_ be present in the response payload, and the value will correspond to the name of a schema defined in the OpenAPI Description. Thus the response payload: ```json { "id": 12345, "petType": "Cat" } ``` will indicate that the `Cat` schema is expected to match this payload. In scenarios where the value of the `discriminator` field does not match the schema name or implicit mapping is not possible, an optional `mapping` definition MAY be used: ```yaml MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' - $ref: https://gigantic-server.com/schemas/Monster/schema.json discriminator: propertyName: petType mapping: dog: '#/components/schemas/Dog' monster: https://gigantic-server.com/schemas/Monster/schema.json ``` Here the discriminating value of `dog` will map to the schema `#/components/schemas/Dog`, rather than the default (implicit) value of `#/components/schemas/dog`. If the discriminating value does not match an implicit or explicit mapping, no schema can be determined and validation SHOULD fail. When used in conjunction with the `anyOf` construct, the use of the discriminator can avoid ambiguity for serializers/deserializers where multiple schemas may satisfy a single payload. This example shows the `allOf` usage, which avoids needing to reference all child schemas in the parent: ```yaml components: schemas: Pet: type: object required: - petType properties: petType: type: string discriminator: propertyName: petType mapping: dog: Dog Cat: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a `Cat` properties: name: type: string Dog: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a `Dog` properties: bark: type: string Lizard: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a `Lizard` properties: lovesRocks: type: boolean ``` Validated against the `Pet` schema, a payload like this: ```json { "petType": "Cat", "name": "Misty" } ``` will indicate that the `#/components/schemas/Cat` schema is expected to match. Likewise this payload: ```json { "petType": "dog", "bark": "soft" } ``` will map to `#/components/schemas/Dog` because the `dog` entry in the `mapping` element maps to `Dog` which is the schema name for `#/components/schemas/Dog`. #### XML Object A metadata object that allows for more fine-tuned XML model definitions. When using arrays, XML element names are _not_ inferred (for singular/plural forms) and the `name` field SHOULD be used to add that information. See examples for expected behavior. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | name | `string` | Replaces the name of the element/attribute used for the described schema property. When defined within `items`, it will affect the name of the individual XML elements within the list. When defined alongside `type` being `"array"` (outside the `items`), it will affect the wrapping element if and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. | | namespace | `string` | The URI of the namespace definition. Value MUST be in the form of a non-relative URI. | | prefix | `string` | The prefix to be used for the [name](#xml-name). | | attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. | | wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `"array"` (outside the `items`). | This object MAY be extended with [Specification Extensions](#specification-extensions). The `namespace` field is intended to match the syntax of [XML namespaces](https://www.w3.org/TR/xml-names11/), although there are a few caveats: * Version 3.0.3 and earlier of this specification erroneously used the term "absolute URI" instead of "non-relative URI", so authors using namespaces that include a fragment should check tooling support carefully. * XML allows but discourages relative URI-references, while this specification outright forbids them. * XML 1.1 allows IRIs ([RFC3987](https://datatracker.ietf.org/doc/html/rfc3987)) as namespaces, and specifies that namespaces are compared without any encoding or decoding, which means that IRIs encoded to meet this specification's URI syntax requirement cannot be compared to IRIs as-is. ##### XML Object Examples Each of the following examples represent the value of the `properties` keyword in a [Schema Object](#schema-object) that is omitted for brevity. The JSON and YAML representations of the `properties` value are followed by an example XML representation produced for the single property shown. ###### No XML Element Basic string property: ```json { "animals": { "type": "string" } } ``` ```yaml animals: type: string ``` ```xml ... ``` Basic string array property ([`wrapped`](#xml-wrapped) is `false` by default): ```json { "animals": { "type": "array", "items": { "type": "string" } } } ``` ```yaml animals: type: array items: type: string ``` ```xml ... ... ... ``` ###### XML Name Replacement ```json { "animals": { "type": "string", "xml": { "name": "animal" } } } ``` ```yaml animals: type: string xml: name: animal ``` ```xml ... ``` ###### XML Attribute, Prefix and Namespace In this example, a full model definition is shown. ```json { "Person": { "type": "object", "properties": { "id": { "type": "integer", "format": "int32", "xml": { "attribute": true } }, "name": { "type": "string", "xml": { "namespace": "https://example.com/schema/sample", "prefix": "sample" } } } } } ``` ```yaml Person: type: object properties: id: type: integer format: int32 xml: attribute: true name: type: string xml: namespace: https://example.com/schema/sample prefix: sample ``` ```xml example ``` ###### XML Arrays Changing the element names: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } } } } ``` ```yaml animals: type: array items: type: string xml: name: animal ``` ```xml value value ``` The external `name` field has no effect on the XML: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "name": "aliens" } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: name: aliens ``` ```xml value value ``` Even when the array is wrapped, if a name is not explicitly defined, the same name will be used both internally and externally: ```json { "animals": { "type": "array", "items": { "type": "string" }, "xml": { "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: wrapped: true ``` ```xml value value ``` To overcome the naming problem in the example above, the following definition can be used: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: wrapped: true ``` ```xml value value ``` Affecting both internal and external names: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "name": "aliens", "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: name: aliens wrapped: true ``` ```xml value value ``` If we change the external element but not the internal ones: ```json { "animals": { "type": "array", "items": { "type": "string" }, "xml": { "name": "aliens", "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: aliens wrapped: true ``` ```xml value value ``` #### Security Scheme Object Defines a security scheme that can be used by the operations. Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter, or as a query parameter), OAuth2's common flows (implicit, password, client credentials, and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [[OpenID-Connect-Core]]. Please note that as of 2020, the implicit flow is about to be deprecated by [OAuth 2.0 Security Best Current Practice](https://tools.ietf.org/html/draft-ietf-oauth-security-topics). Recommended for most use cases is Authorization Code Grant flow with PKCE. ##### Fixed Fields | Field Name | Type | Applies To | Description | | ---- | :----: | ---- | ---- | | type | `string` | Any | **REQUIRED**. The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"oauth2"`, `"openIdConnect"`. | | description | `string` | Any | A description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. | | in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"`, or `"cookie"`. | | scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). | | bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. | | flows | [OAuth Flows Object](#oauth-flows-object) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. | | openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [[OpenID-Connect-Discovery]] [provider metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Security Scheme Object Examples ###### Basic Authentication Example ```json { "type": "http", "scheme": "basic" } ``` ```yaml type: http scheme: basic ``` ###### API Key Example ```json { "type": "apiKey", "name": "api-key", "in": "header" } ``` ```yaml type: apiKey name: api-key in: header ``` ###### JWT Bearer Example ```json { "type": "http", "scheme": "bearer", "bearerFormat": "JWT" } ``` ```yaml type: http scheme: bearer bearerFormat: JWT ``` ###### Implicit OAuth2 Example ```json { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "https://example.com/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } } ``` ```yaml type: oauth2 flows: implicit: authorizationUrl: https://example.com/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### OAuth Flows Object Allows configuration of the supported OAuth Flows. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | implicit | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Implicit flow | | password | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Resource Owner Password flow | | clientCredentials | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Client Credentials flow. Previously called `application` in OpenAPI 2.0. | | authorizationCode | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Authorization Code flow. Previously called `accessCode` in OpenAPI 2.0. | This object MAY be extended with [Specification Extensions](#specification-extensions). #### OAuth Flow Object Configuration details for a supported OAuth Flow ##### Fixed Fields | Field Name | Type | Applies To | Description | | ---- | :----: | ---- | ---- | | authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | | tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | | refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | | scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### OAuth Flow Object Example ```JSON { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "https://example.com/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } }, "authorizationCode": { "authorizationUrl": "https://example.com/api/oauth/dialog", "tokenUrl": "https://example.com/api/oauth/token", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } } ``` ```yaml type: oauth2 flows: implicit: authorizationUrl: https://example.com/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets authorizationCode: authorizationUrl: https://example.com/api/oauth/dialog tokenUrl: https://example.com/api/oauth/token scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### Security Requirement Object Lists the required security schemes to execute this operation. The name used for each property MUST correspond to a security scheme declared in the [Security Schemes](#security-scheme-object) under the [Components Object](#components-object). A Security Requirement Object MAY refer to multiple security schemes in which case all schemes MUST be satisfied for a request to be authorized. This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information. When the `security` field is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object) and contains multiple Security Requirement Objects, only one of the entries in the list needs to be satisfied to authorize the request. This enables support for scenarios where the API allows multiple, independent security schemes. An empty Security Requirement Object (`{}`) indicates anonymous access is supported. ##### Patterned Fields | Field Pattern | Type | Description | | ---- | :----: | ---- | | {name} | [`string`] | Each name MUST correspond to a security scheme which is declared in the [Security Schemes](#security-scheme-object) under the [Components Object](#components-object). If the security scheme is of type `"oauth2"` or `"openIdConnect"`, then the value is a list of scope names required for the execution, and the list MAY be empty if authorization does not require a specified scope. For other security scheme types, the array MUST be empty. | ##### Security Requirement Object Examples See also [Appendix F: Resolving Security Requirements in a Referenced Document](#appendix-f-resolving-security-requirements-in-a-referenced-document) for an example using Security Requirement Objects in multi-document OpenAPI Descriptions. ###### Non-OAuth2 Security Requirement ```json { "api_key": [] } ``` ```yaml api_key: [] ``` ###### OAuth2 Security Requirement ```json { "petstore_auth": ["write:pets", "read:pets"] } ``` ```yaml petstore_auth: - write:pets - read:pets ``` ###### Optional OAuth2 Security Optional OAuth2 security as would be defined in an OpenAPI Object or an Operation Object: ```json { "security": [ {}, { "petstore_auth": ["write:pets", "read:pets"] } ] } ``` ```yaml security: - {} - petstore_auth: - write:pets - read:pets ``` ### Specification Extensions While the OpenAPI Specification tries to accommodate most use cases, additional data can be added to extend the specification at certain points. The extensions properties are implemented as patterned fields that are always prefixed by `x-`. | Field Pattern | Type | Description | | ---- | :--: | ---- | | ^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. The value can be any valid JSON value (`null`, a primitive, an array, or an object.) | The OpenAPI Initiative maintains several [[OpenAPI-Registry|extension registries]], including registries for [individual extension keywords](https://spec.openapis.org/registry/extension/) and [extension keyword namespaces](https://spec.openapis.org/registry/namespace/). Extensions are one of the best ways to prove the viability of proposed additions to the specification. It is therefore RECOMMENDED that implementations be designed for extensibility to support community experimentation. Support for any one extension is OPTIONAL, and support for one extension does not imply support for others. ### Security Filtering Some objects in the OpenAPI Specification MAY be declared and remain empty, or be completely removed, even though they are inherently the core of the API documentation. The reasoning is to allow an additional layer of access control over the documentation. While not part of the specification itself, certain libraries MAY choose to allow access to parts of the documentation based on some form of authentication/authorization. Two examples of this: 1. The [Paths Object](#paths-object) MAY be present but empty. It may be counterintuitive, but this may tell the viewer that they got to the right place, but can't access any documentation. They would still have access to at least the [Info Object](#info-object) which may contain additional information regarding authentication. 2. The [Path Item Object](#path-item-object) MAY be empty. In this case, the viewer will be aware that the path exists, but will not be able to see any of its operations or parameters. This is different from hiding the path itself from the [Paths Object](#paths-object), because the user will be aware of its existence. This allows the documentation provider to finely control what the viewer can see. ## Security Considerations ### OpenAPI Description Formats OpenAPI Descriptions use a combination of JSON, YAML, and JSON Schema, and therefore share their security considerations: * [JSON](https://www.iana.org/assignments/media-types/application/json) * [YAML](https://www.iana.org/assignments/media-types/application/yaml) * [JSON Schema Core](https://tools.ietf.org/html/draft-wright-json-schema-00#section-10) * [JSON Schema Validation](https://tools.ietf.org/html/draft-wright-json-schema-validation-00#section-8) ### Tooling and Usage Scenarios In addition, OpenAPI Descriptions are processed by a wide variety of tooling for numerous different purposes, such as client code generation, documentation generation, server side routing, and API testing. OpenAPI Description authors must consider the risks of the scenarios where the OpenAPI Description may be used. ### Security Schemes An OpenAPI Description describes the security schemes used to protect the resources it defines. The security schemes available offer varying degrees of protection. Factors such as the sensitivity of the data and the potential impact of a security breach should guide the selection of security schemes for the API resources. Some security schemes, such as basic auth and OAuth Implicit flow, are supported for compatibility with existing APIs. However, their inclusion in OpenAPI does not constitute an endorsement of their use, particularly for highly sensitive data or operations. ### Handling External Resources OpenAPI Descriptions may contain references to external resources that may be dereferenced automatically by consuming tools. External resources may be hosted on different domains that may be untrusted. ### Handling Reference Cycles References in an OpenAPI Description may cause a cycle. Tooling must detect and handle cycles to prevent resource exhaustion. ### Markdown and HTML Sanitization Certain fields allow the use of Markdown which can contain HTML including script. It is the responsibility of tooling to appropriately sanitize the Markdown. ## Appendix A: Revision History | Version | Date | Notes | | ---- | ---- | ---- | | 3.0.4 | 2024-10-24 | Patch release of the OpenAPI Specification 3.0.4 | | 3.0.3 | 2020-02-20 | Patch release of the OpenAPI Specification 3.0.3 | | 3.0.2 | 2018-10-08 | Patch release of the OpenAPI Specification 3.0.2 | | 3.0.1 | 2017-12-06 | Patch release of the OpenAPI Specification 3.0.1 | | 3.0.0 | 2017-07-26 | Release of the OpenAPI Specification 3.0.0 | | 3.0.0-rc2 | 2017-06-16 | rc2 of the 3.0 specification | | 3.0.0-rc1 | 2017-04-27 | rc1 of the 3.0 specification | | 3.0.0-rc0 | 2017-02-28 | Implementer's Draft of the 3.0 specification | | 2.0 | 2015-12-31 | Donation of Swagger 2.0 to the OpenAPI Initiative | | 2.0 | 2014-09-08 | Release of Swagger 2.0 | | 1.2 | 2014-03-14 | Initial release of the formal document. | | 1.1 | 2012-08-22 | Release of Swagger 1.1 | | 1.0 | 2011-08-10 | First release of the Swagger Specification | ## Appendix B: Data Type Conversion Serializing typed data to plain text, which can occur in `text/plain` message bodies or `multipart` parts, as well as in the `application/x-www-form-urlencoded` format in either URL query strings or message bodies, involves significant implementation- or application-defined behavior. [Schema Objects](#schema-object) validate data based on the [JSON Schema data model](https://tools.ietf.org/html/draft-wright-json-schema-00#section-4.2), which only recognizes four primitive data types: strings (which are [only broadly interoperable as UTF-8](https://datatracker.ietf.org/doc/html/rfc7159#section-8.1)), numbers, booleans, and `null`. Notably, integers are not a distinct type from other numbers, with `type: "integer"` being a convenience defined mathematically, rather than based on the presence or absence of a decimal point in any string representation. The [Parameter Object](#parameter-object), [Header Object](#header-object), and [Encoding Object](#encoding-object) offer features to control how to arrange values from array or object types. They can also be used to control how strings are further encoded to avoid reserved or illegal characters. However, there is no general-purpose specification for converting schema-validated non-UTF-8 primitive data types (or entire arrays or objects) to strings. Two cases do offer standards-based guidance: * [RFC3987](https://datatracker.ietf.org/doc/html/rfc3987#section-3.1) provides guidance for converting non-Unicode strings to UTF-8, particularly in the context of URIs (and by extension, the form media types which use the same encoding rules) * [RFC6570](https://www.rfc-editor.org/rfc/rfc6570#section-2.3) specifies which values, including but not limited to `null`, are considered _undefined_ and therefore treated specially in the expansion process when serializing based on that specification Implementations of RFC6570 often have their own conventions for converting non-string values, but these are implementation-specific and not defined by the RFC itself. This is one reason for the OpenAPI Specification to leave these conversions as implementation-defined: It allows using RFC6570 implementations regardless of how they choose to perform the conversions. To control the serialization of numbers, booleans, and `null` (or other values RFC6570 deems to be undefined) more precisely, schemas can be defined as `type: "string"` and constrained using `pattern`, `enum`, `format`, and other keywords to communicate how applications must pre-convert their data prior to schema validation. The resulting strings would not require any further type conversion. The `format` keyword can assist in serialization. Some formats (such as `date-time`) are unambiguous, while others (such as [`decimal`](https://spec.openapis.org/registry/format/decimal.html) in the [Format Registry](https://spec.openapis.org/registry/format/)) are less clear. However, care must be taken with `format` to ensure that the specific formats are supported by all relevant tools as unrecognized formats are ignored. Requiring input as pre-formatted, schema-validated strings also improves round-trip interoperability as not all programming languages and environments support the same data types. ## Appendix C: Using RFC6570-Based Serialization Serialization is defined in terms of [RFC6570](https://www.rfc-editor.org/rfc/rfc6570) URI Templates in three scenarios: | Object | Condition | | ---- | ---- | | [Parameter Object](#parameter-object) | When `schema` is present | | [Header Object](#header-object) | When `schema` is present | | [Encoding Object](#encoding-object) | When encoding for `application/x-www-form-urlencoded` and any of `style`, `explode`, or `allowReserved` are used | Implementations of this specification MAY use an implementation of RFC6570 to perform variable expansion, however, some caveats apply. Note that when using `style: "form"` RFC6570 expansion to produce an `application/x-www-form-urlencoded` HTTP message body, it is necessary to remove the `?` prefix that is produced to satisfy the URI query string syntax. Note also that not all RFC6570 implementations support all four levels of operators, all of which are needed to fully support the OpenAPI Specification's usage. Using an implementation with a lower level of support will require additional manual construction of URI Templates to work around the limitations. ### Equivalences Between Fields and RFC6570 Operators Certain field values translate to RFC6570 [operators](https://datatracker.ietf.org/doc/html/rfc6570#section-2.2) (or lack thereof): | field | value | equivalent | | ---- | ---- | ---- | | style | `"simple"` | _n/a_ | | style | `"matrix"` | `;` prefix operator | | style | `"label"` | `.` prefix operator | | style | `"form"` | `?` prefix operator | | allowReserved | `false` | _n/a_ | | allowReserved | `true` | `+` prefix operator | | explode | `false` | _n/a_ | | explode | `true` | `*` modifier suffix | Multiple `style: "form"` parameters are equivalent to a single RFC6570 [variable list](https://www.rfc-editor.org/rfc/rfc6570#section-2.2) using the `?` prefix operator: ```YAML parameters: - name: foo in: query schema: type: object explode: true - name: bar in: query schema: type: string ``` This example is equivalent to RFC6570's `{?foo*,bar}`, and **NOT** `{?foo*}{&bar}`. The latter is problematic because if `foo` is not defined, the result will be an invalid URI. The `&` prefix operator has no equivalent in the Parameter Object. Note that RFC6570 does not specify behavior for compound values beyond the single level addressed by `explode`. The result of using objects or arrays where no behavior is clearly specified for them is implementation-defined. ### Delimiters in Parameter Values Delimiters used by RFC6570 expansion, such as the `,` used to join arrays or object values with `style: "simple"`, are all automatically percent-encoded as long as `allowReserved` is `false`. Note that since RFC6570 does not define a way to parse variables based on a URI Template, users must take care to first split values by delimiter before percent-decoding values that might contain the delimiter character. When `allowReserved` is `true`, both percent-encoding (prior to joining values with a delimiter) and percent-decoding (after splitting on the delimiter) must be done manually at the correct time. See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for additional guidance on handling delimiters for `style` values with no RFC6570 equivalent that already need to be percent-encoded when used as delimiters. ### Non-RFC6570 Field Values and Combinations Configurations with no direct [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570) equivalent SHOULD also be handled according to RFC6570. Implementations MAY create a properly delimited URI Template with variables for individual names and values using RFC6570 regular or reserved expansion (based on `allowReserved`). This includes: * the styles `pipeDelimited`, `spaceDelimited`, and `deepObject`, which have no equivalents at all * the combination of the style `form` with `allowReserved: true`, which is not allowed because only one prefix operator can be used at a time * any parameter name that is not a legal RFC6570 variable name The Parameter Object's `name` field has a much more permissive syntax than RFC6570 [variable name syntax](https://www.rfc-editor.org/rfc/rfc6570#section-2.3). A parameter name that includes characters outside of the allowed RFC6570 variable character set MUST be percent-encoded before it can be used in a URI Template. ### Examples Let's say we want to use the following data in a form query string, where `formulas` is exploded, and `words` is not: ```YAML formulas: a: x+y b: x/y c: x^y words: - math - is - fun ``` #### RFC6570-Equivalent Expansion This array of Parameter Objects uses regular `style: "form"` expansion, fully supported by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570): ```YAML parameters: - name: formulas in: query schema: type: object additionalProperties: type: string explode: true - name: words in: query schema: type: array items: type: string ``` This translates to the following URI Template: ```uritemplate {?formulas*,words} ``` when expanded with the data given earlier, we get: ```uri ?a=x%2By&b=x%2Fy&c=x%5Ey&words=math,is,fun ``` #### Expansion with Non-RFC6570-Supported Options But now let's say that (for some reason), we really want that `/` in the `b` formula to show up as-is in the query string, and we want our words to be space-separated like in a written phrase. To do that, we'll add `allowReserved: true` to `formulas`, and change to `style: "spaceDelimited"` for `words`: ```YAML parameters: - name: formulas in: query schema: type: object additionalProperties: type: string explode: true allowReserved: true - name: words in: query style: spaceDelimited explode: false schema: type: array items: type: string ``` We can't combine the `?` and `+` RFC6570 [prefixes](https://datatracker.ietf.org/doc/html/rfc6570#section-2.4.1), and there's no way with RFC6570 to replace the `,` separator with a space character. So we need to restructure the data to fit a manually constructed URI Template that passes all of the pieces through the right sort of expansion. Here is one such template, using a made-up convention of `words.0` for the first entry in the words value, `words.1` for the second, and `words.2` for the third: ```uritemplate ?a={+a}&b={+b}&c={+c}&words={words.0} {words.1} {words.2} ``` RFC6570 [mentions](https://www.rfc-editor.org/rfc/rfc6570.html#section-2.4.2) the use of `.` "to indicate name hierarchy in substructures," but does not define any specific naming convention or behavior for it. Since the `.` usage is not automatic, we'll need to construct an appropriate input structure for this new template. We'll also need to pre-process the values for `formulas` because while `/` and most other reserved characters are allowed in the query string by RFC3986, `[`, `]`, and `#` [are not](https://datatracker.ietf.org/doc/html/rfc3986#appendix-A), and `&`, `=`, and `+` all have [special behavior](https://www.rfc-editor.org/rfc/rfc1866#section-8.2.1) in the `application/x-www-form-urlencoded` format, which is what we are using in the query string. Setting `allowReserved: true` does _not_ make reserved characters that are not allowed in URIs allowed, it just allows them to be _passed through expansion unchanged._ Therefore, any tooling still needs to percent-encode those characters because reserved expansion will not do it, but it _will_ leave the percent-encoded triples unchanged. See also [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for further guidance on percent-encoding and form media types, including guidance on handling the delimiter characters for `spaceDelimited`, `pipeDelimited`, and `deepObject` in parameter names and values. So here is our data structure that arranges the names and values to suit the template above, where values for `formulas` have `[]#&=+` pre-percent encoded (although only `+` appears in this example): ```YAML a: x%2By b: x/y c: x^y words.0: math words.1: is words.2: fun ``` Expanding our manually assembled template with our restructured data yields the following query string: ```uri ?a=x%2By&b=x/y&c=x%5Ey&words=math%20is%20fun ``` The `/` and the pre-percent-encoded `%2B` have been left alone, but the disallowed `^` character (inside a value) and space characters (in the template but outside of the expanded variables) were percent-encoded. #### Undefined Values and Manual URI Template Construction Care must be taken when manually constructing templates to handle the values that RFC6570 [considers to be _undefined_](https://datatracker.ietf.org/doc/html/rfc6570#section-2.3) correctly: ```YAML formulas: {} words: - hello - world ``` Using this data with our original RFC6570-friendly URI Template, `{?formulas*,words}`, produces the following: ```uri ?words=hello,world ``` This means that the manually constructed URI Template and restructured data need to leave out the `formulas` object entirely so that the `words` parameter is the first and only parameter in the query string. Restructured data: ```YAML words.0: hello words.1: world ``` Manually constructed URI Template: ```uritemplate ?words={words.0} {words.1} ``` Result: ```uri ?words=hello%20world ``` #### Illegal Variable Names as Parameter Names In this example, the heart emoji is not legal in URI Template names (or URIs): ```YAML parameters: - name: ❤️ in: query schema: type: string ``` We can't just pass `❤️: "love!"` to an RFC6570 implementation. Instead, we have to pre-percent-encode the name (which is a six-octet UTF-8 sequence) in both the data and the URI Template: ```YAML "%E2%9D%A4%EF%B8%8F": love! ``` ```uritemplate {?%E2%9D%A4%EF%B8%8F} ``` This will expand to the result: ```uri ?%E2%9D%A4%EF%B8%8F=love%21 ``` ## Appendix D: Serializing Headers and Cookies [RFC6570](https://www.rfc-editor.org/rfc/rfc6570)'s percent-encoding behavior is not always appropriate for `in: "header"` and `in: "cookie"` parameters. In many cases, it is more appropriate to use `content` with a media type such as `text/plain` and require the application to assemble the correct string. For both [RFC6265](https://www.rfc-editor.org/rfc/rfc6265) cookies and HTTP headers using the [RFC8941](https://www.rfc-editor.org/rfc/rfc8941) structured fields syntax, non-ASCII content is handled using base64 encoding (`format: "byte"`). Note that the standard base64-encoding alphabet includes non-URL-safe characters that are percent-encoded by RFC6570 expansion; serializing values through both encodings is NOT RECOMMENDED. Most HTTP headers predate the structured field syntax, and a comprehensive assessment of their syntax and encoding rules is well beyond the scope of this specification. While [RFC8187](https://www.rfc-editor.org/rfc/rfc8187) recommends percent-encoding HTTP (header or trailer) field parameters, these parameters appear after a `;` character. With `style: "simple"`, that delimiter would itself be percent-encoded, violating the general HTTP field syntax. Using `style: "form"` with `in: "cookie"` is ambiguous for a single value, and incorrect for multiple values. This is true whether the multiple values are the result of using `explode: true` or not. This style is specified to be equivalent to RFC6570 form expansion which includes the `?` character (see [Appendix C](#appendix-c-using-rfc6570-based-serialization) for more details), which is not part of the cookie syntax. However, examples of this style in past versions of this specification have not included the `?` prefix, suggesting that the comparison is not exact. Because implementations that rely on an RFC6570 implementation and those that perform custom serialization based on the style example will produce different results, it is implementation-defined as to which of the two results is correct. For multiple values, `style: "form"` is always incorrect as name=value pairs in cookies are delimited by `;` (a semicolon followed by a space character) rather than `&`. ## Appendix E: Percent-Encoding and Form Media Types _**NOTE:** In this section, the `application/x-www-form-urlencoded` and `multipart/form-data` media types are abbreviated as `form-urlencoded` and `form-data`, respectively, for readability._ Percent-encoding is used in URIs and media types that derive their syntax from URIs. This process is concerned with three sets of characters, the names of which vary among specifications but are defined as follows for the purposes of this section: * _unreserved_ characters do not need to be percent-encoded; while it is safe to percent-encode them, doing so produces a URI that is [not normalized](https://datatracker.ietf.org/doc/html/rfc3986#section-6.2.2.2) * _reserved_ characters either have special behavior in the URI syntax (such as delimiting components) or are reserved for other specifications that need to define special behavior (e.g. `form-urlencoded` defines special behavior for `=`, `&`, and `+`) * _unsafe_ characters are known to cause problems when parsing URIs in certain environments Unless otherwise specified, this section uses RFC3986's definition of [reserved](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2) and [unreserved](https://datatracker.ietf.org/doc/html/rfc3986#section-2.3), and defines the unsafe set as all characters not included in either of those sets. ### Percent-Encoding and `form-urlencoded` Each URI component (such as the query string) considers some of the reserved characters to be unsafe, either because they serve as delimiters between the components (e.g. `#`), or (in the case of `[` and `]`) were historically considered globally unsafe but were later given reserved status for limited purposes. Reserved characters with no special meaning defined within a component can be left un-percent encoded. However, other specifications can define special meanings, requiring percent-encoding for those characters outside of the additional special meanings. The `form-urlencoded` media type defines special meanings for `=` and `&` as delimiters, and `+` as the replacement for the space character (instead of its percent-encoded form of `%20`). This means that while these three characters are reserved-but-allowed in query strings by RFC3986, they must be percent-encoded in `form-urlencoded` query strings except when used for their `form-urlencoded` purposes; see [Appendix C](#appendix-c-using-rfc6570-based-serialization) for an example of handling `+` in form values. ### Percent-Encoding and `form-data` [RFC7578](https://datatracker.ietf.org/doc/html/rfc7578#section-2) suggests RFC3986-based percent-encoding as a mechanism to keep text-based per-part header data such as file names within the ASCII character set. This suggestion was not part of older (pre-2015) specifications for `form-data`, so care must be taken to ensure interoperability. The `form-data` media type allows arbitrary text or binary data in its parts, so percent-encoding is not needed and is likely to cause interoperability problems unless the `Content-Type` of the part is defined to require it. ### Generating and Validating URIs and `form-urlencoded` Strings URI percent encoding and the `form-urlencoded` media type have complex specification histories spanning multiple revisions and, in some cases, conflicting claims of ownership by different standards bodies. Unfortunately, these specifications each define slightly different percent-encoding rules, which need to be taken into account if the URIs or `form-urlencoded` message bodies will be subject to strict validation. (Note that many URI parsers do not perform validation by default.) This specification normatively cites the following relevant standards: | Specification | Date | OAS Usage | Percent-Encoding | Notes | | ---- | ---- | ---- | ---- | ---- | | [RFC3986](https://www.rfc-editor.org/rfc/rfc3986) | 01/2005 | URI/URL syntax | [[RFC3986]] | obsoletes [[RFC1738]], [[RFC2396]] | | [RFC6570](https://www.rfc-editor.org/rfc/rfc6570) | 03/2012 | style-based serialization | [[RFC3986]] | does not use `+` for form‑urlencoded | | [RFC1866](https://datatracker.ietf.org/doc/html/rfc1866#section-8.2.1) | 11/1995 | content-based serialization | [[RFC1738]] | obsoleted by [[HTML401]] [Section 17.13.4.1](https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1), [[URL]] [Section 5](https://url.spec.whatwg.org/#urlencoded-serializing) | Style-based serialization is used in the [Parameter Object](#parameter-object) when `schema` is present, and in the [Encoding Object](#encoding-object) when at least one of `style`, `explode`, or `allowReserved` is present. See [Appendix C](#appendix-c-using-rfc6570-based-serialization) for more details of RFC6570's two different approaches to percent-encoding, including an example involving `+`. Content-based serialization is defined by the [Media Type Object](#media-type-object), and used with the [Parameter Object](#parameter-object) when the `content` field is present, and with the [Encoding Object](#encoding-object) based on the `contentType` field when the fields `style`, `explode`, and `allowReserved` are absent. Each part is encoded based on the media type (e.g. `text/plain` or `application/json`), and must then be percent-encoded for use in a `form-urlencoded` string. Note that content-based serialization for `form-data` does not expect or require percent-encoding in the data, only in per-part header values. #### Interoperability with Historical Specifications In most cases, generating query strings in strict compliance with [[RFC3986]] is sufficient to pass validation (including JSON Schema's `format: "uri"` and `format: "uri-reference"`), but some `form-urlencoded` implementations still expect the slightly more restrictive [[RFC1738]] rules to be used. Since all RFC1738-compliant URIs are compliant with RFC3986, applications needing to ensure historical interoperability SHOULD use RFC1738's rules. #### Interoperability with Web Browser Environments WHATWG is a [web browser-oriented](https://whatwg.org/faq#what-is-the-whatwg-working-on) standards group that has defined a "URL Living Standard" for parsing and serializing URLs in a browser context, including parsing and serializing `form-urlencoded` data. WHATWG's percent-encoding rules for query strings are different depending on whether the query string is [being treated as `form-urlencoded`](https://url.spec.whatwg.org/#application-x-www-form-urlencoded-percent-encode-set) (where it requires more percent-encoding than [[RFC1738]]) or [as part of the generic syntax](https://url.spec.whatwg.org/#query-percent-encode-set), where it allows characters that [[RFC3986]] forbids. Implementations needing maximum compatibility with web browsers SHOULD use WHATWG's `form-urlencoded` percent-encoding rules. However, they SHOULD NOT rely on WHATWG's less stringent generic query string rules, as the resulting URLs would fail RFC3986 validation, including JSON Schema's `format: uri` and `format: uri-reference`. ### Decoding URIs and `form-urlencoded` Strings The percent-decoding algorithm does not care which characters were or were not percent-decoded, which means that URIs percent-encoded according to any specification will be decoded correctly. Similarly, all `form-urlencoded` decoding algorithms simply add `+`-for-space handling to the percent-decoding algorithm, and will work regardless of the encoding specification used. However, care must be taken to use `form-urlencoded` decoding if `+` represents a space, and to use regular percent-decoding if `+` represents itself as a literal value. ### Percent-Encoding and Illegal or Reserved Delimiters The `[`, `]`, `|`, and space characters, which are used as delimiters for the `deepObject`, `pipeDelimited`, and `spaceDelimited` styles, respectively, all MUST be percent-encoded to comply with [[RFC3986]]. This requires users to pre-encode the character(s) in some other way in parameter names and values to distinguish them from the delimiter usage when using one of these styles. The space character is always illegal and encoded in some way by all implementations of all versions of the relevant standards. While one could use the `form-urlencoded` convention of `+` to distinguish spaces in parameter names and values from `spaceDelimited` delimiters encoded as `%20`, the specifications define the decoding as a single pass, making it impossible to distinguish the different usages in the decoded result. Some environments use `[`, `]`, and possibly `|` unencoded in query strings without apparent difficulties, and WHATWG's generic query string rules do not require percent-encoding them. Code that relies on leaving these delimiters unencoded, while using regular percent-encoding for them within names and values, is not guaranteed to be interoperable across all implementations. For maximum interoperability, it is RECOMMENDED to either define and document an additional escape convention while percent-encoding the delimiters for these styles, or to avoid these styles entirely. The exact method of additional encoding/escaping is left to the API designer, and is expected to be performed before serialization and encoding described in this specification, and reversed after this specification's encoding and serialization steps are reversed. This keeps it outside of the processes governed by this specification. ## Appendix F: Resolving Security Requirements in a Referenced Document This appendix shows how to retrieve an HTTP-accessible multi-document OpenAPI Description (OAD) and resolve a [Security Requirement Object](#security-requirement-object) in the referenced (non-entry) document. See [Resolving Implicit Connections](#resolving-implicit-connections) for more information. First, the [entry document](#openapi-description-structure) is where parsing begins. It defines the `MySecurity` security scheme to be JWT-based, and it defines a Path Item as a reference to a component in another document: ```HTTP GET /api/description/openapi HTTP/1.1 Host: www.example.com Accept: application/openapi+json ``` ```json "components": { "securitySchemes": { "MySecurity": { "type": "http", "scheme": "bearer", "bearerFormat": "JWT" } } }, "paths": { "/foo": { "$ref": "other#/components/pathItems/Foo" } } ``` ```HTTP GET /api/description/openapi HTTP/1.1 Host: www.example.com Accept: application/openapi+yaml ``` ```yaml components: securitySchemes: MySecurity: type: http scheme: bearer bearerFormat: JWT paths: /foo: $ref: 'other#/components/pathItems/Foo' ``` This entry document references another document, `other`, without using a file extension. This gives the client the flexibility to choose an acceptable format on a resource-by-resource basis, assuming both representations are available: ```HTTP GET /api/description/other HTTP/1.1 Host: www.example.com Accept: application/openapi+json ``` ```json "components": { "securitySchemes": { "MySecurity": { "type": "http", "scheme": "basic" } }, "pathItems": { "Foo": { "get": { "security": [ "MySecurity": [] ] } } } } ``` ```HTTP GET /api/description/other HTTP/1.1 Host: www.example.com Accept: application/openapi+yaml ``` ```yaml components: securitySchemes: MySecurity: type: http scheme: basic pathItems: Foo: get: security: - MySecurity: [] ``` In the `other` document, the referenced path item has a Security Requirement for a Security Scheme, `MySecurity`. The same Security Scheme exists in the original entry document. As outlined in [Resolving Implicit Connections](#resolving-implicit-connections), `MySecurity` is resolved with an [implementation-defined behavior](#undefined-and-implementation-defined-behavior). However, documented in that section, it is RECOMMENDED that tools resolve component names from the [entry document](#openapi-description-structure). As with all implementation-defined behavior, it is important to check tool documentation to determine which behavior is supported. OpenAPI-Specification-3.2.0/versions/3.1.0-editors.md000066400000000000000000000007411506330113000220170ustar00rootroot00000000000000## Active * Darrel Miller [@darrelmiller](https://github.com/darrelmiller) * Jeremy Whitlock [@whitlockjc](https://github.com/whitlockjc) * Marsh Gardiner [@earth2marsh](https://github.com/earth2marsh) * Mike Ralphson [@MikeRalphson](https://github.com/MikeRalphson) * Ron Ratovsky [@webron](https://github.com/webron) * Uri Sarid [@usarid](https://github.com/usarid) ## Emeritus * Jason Harmon [@jharmn](https://github.com/jharmn) * Tony Tam [@fehguy](https://github.com/fehguy) OpenAPI-Specification-3.2.0/versions/3.1.0.md000066400000000000000000003763601506330113000203650ustar00rootroot00000000000000# OpenAPI Specification #### Version 3.1.0 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [BCP 14](https://tools.ietf.org/html/bcp14) [RFC2119](https://tools.ietf.org/html/rfc2119) [RFC8174](https://tools.ietf.org/html/rfc8174) when, and only when, they appear in all capitals, as shown here. This document is licensed under [The Apache License, Version 2.0](https://www.apache.org/licenses/LICENSE-2.0.html). ## Introduction The OpenAPI Specification (OAS) defines a standard, language-agnostic interface to HTTP APIs which allows both humans and computers to discover and understand the capabilities of the service without access to source code, documentation, or through network traffic inspection. When properly defined, a consumer can understand and interact with the remote service with a minimal amount of implementation logic. An OpenAPI definition can then be used by documentation generation tools to display the API, code generation tools to generate servers and clients in various programming languages, testing tools, and many other use cases. ## Table of Contents - [Definitions](#definitions) - [OpenAPI Document](#openapi-document) - [Path Templating](#path-templating) - [Media Types](#media-types) - [HTTP Status Codes](#http-status-codes) - [Specification](#specification) - [Versions](#versions) - [Format](#format) - [Document Structure](#document-structure) - [Data Types](#data-types) - [Rich Text Formatting](#rich-text-formatting) - [Relative References In URIs](#relative-references-in-uris) - [Relative References In URLs](#relative-references-in-urls) - [Schema](#schema) - [OpenAPI Object](#openapi-object) - [Info Object](#info-object) - [Contact Object](#contact-object) - [License Object](#license-object) - [Server Object](#server-object) - [Server Variable Object](#server-variable-object) - [Components Object](#components-object) - [Paths Object](#paths-object) - [Path Item Object](#path-item-object) - [Operation Object](#operation-object) - [External Documentation Object](#external-documentation-object) - [Parameter Object](#parameter-object) - [Request Body Object](#request-body-object) - [Media Type Object](#media-type-object) - [Encoding Object](#encoding-object) - [Responses Object](#responses-object) - [Response Object](#response-object) - [Callback Object](#callback-object) - [Example Object](#example-object) - [Link Object](#link-object) - [Header Object](#header-object) - [Tag Object](#tag-object) - [Reference Object](#reference-object) - [Schema Object](#schema-object) - [Discriminator Object](#discriminator-object) - [XML Object](#xml-object) - [Security Scheme Object](#security-scheme-object) - [OAuth Flows Object](#oauth-flows-object) - [OAuth Flow Object](#oauth-flow-object) - [Security Requirement Object](#security-requirement-object) - [Specification Extensions](#specification-extensions) - [Security Filtering](#security-filtering) - [Appendix A: Revision History](#appendix-a-revision-history) ## Definitions ##### OpenAPI Document A self-contained or composite resource which defines or describes an API or elements of an API. The OpenAPI document MUST contain at least one [paths](#paths-object) field, a [components](#oasComponents) field or a [webhooks](#oasWebhooks) field. An OpenAPI document uses and conforms to the OpenAPI Specification. ##### Path Templating Path templating refers to the usage of template expressions, delimited by curly braces ({}), to mark a section of a URL path as replaceable using path parameters. Each template expression in the path MUST correspond to a path parameter that is included in the [Path Item](#path-item-object) itself and/or in each of the Path Item's [Operations](#operation-object). An exception is if the path item is empty, for example due to ACL constraints, matching path parameters are not required. The value for these path parameters MUST NOT contain any unescaped "generic syntax" characters described by [RFC3986](https://tools.ietf.org/html/rfc3986#section-3): forward slashes (`/`), question marks (`?`), or hashes (`#`). ##### Media Types Media type definitions are spread across several resources. The media type definitions SHOULD be in compliance with [RFC6838](https://tools.ietf.org/html/rfc6838). Some examples of possible media type definitions: ``` text/plain; charset=utf-8 application/json application/vnd.github+json application/vnd.github.v3+json application/vnd.github.v3.raw+json application/vnd.github.v3.text+json application/vnd.github.v3.html+json application/vnd.github.v3.full+json application/vnd.github.v3.diff application/vnd.github.v3.patch ``` ##### HTTP Status Codes The HTTP Status Codes are used to indicate the status of the executed operation. The available status codes are defined by [RFC7231](https://tools.ietf.org/html/rfc7231#section-6) and registered status codes are listed in the [IANA Status Code Registry](https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml). ## Specification ### Versions The OpenAPI Specification is versioned using a `major`.`minor`.`patch` versioning scheme. The `major`.`minor` portion of the version string (for example `3.1`) SHALL designate the OAS feature set. *`.patch`* versions address errors in, or provide clarifications to, this document, not the feature set. Tooling which supports OAS 3.1 SHOULD be compatible with all OAS 3.1.\* versions. The patch version SHOULD NOT be considered by tooling, making no distinction between `3.1.0` and `3.1.1` for example. Occasionally, non-backwards compatible changes may be made in `minor` versions of the OAS where impact is believed to be low relative to the benefit provided. An OpenAPI document compatible with OAS 3.\*.\* contains a required [`openapi`](#oasVersion) field which designates the version of the OAS that it uses. ### Format An OpenAPI document that conforms to the OpenAPI Specification is itself a JSON object, which may be represented either in JSON or YAML format. For example, if a field has an array value, the JSON array representation will be used: ```json { "field": [ 1, 2, 3 ] } ``` All field names in the specification are **case sensitive**. This includes all fields that are used as keys in a map, except where explicitly noted that keys are **case insensitive**. The schema exposes two types of fields: Fixed fields, which have a declared name, and Patterned fields, which declare a regex pattern for the field name. Patterned fields MUST have unique names within the containing object. In order to preserve the ability to round-trip between YAML and JSON formats, YAML version [1.2](https://yaml.org/spec/1.2/spec.html) is RECOMMENDED along with some additional constraints: - Tags MUST be limited to those allowed by the [JSON Schema ruleset](https://yaml.org/spec/1.2/spec.html#id2803231). - Keys used in YAML maps MUST be limited to a scalar string, as defined by the [YAML Failsafe schema ruleset](https://yaml.org/spec/1.2/spec.html#id2802346). **Note:** While APIs may be defined by OpenAPI documents in either YAML or JSON format, the API request and response bodies and other content are not required to be JSON or YAML. ### Document Structure An OpenAPI document MAY be made up of a single document or be divided into multiple, connected parts at the discretion of the author. In the latter case, [`Reference Objects`](#reference-object) and [`Schema Object`](#schema-object) `$ref` keywords are used. It is RECOMMENDED that the root OpenAPI document be named: `openapi.json` or `openapi.yaml`. ### Data Types Data types in the OAS are based on the types supported by the [JSON Schema Specification Draft 2020-12](https://tools.ietf.org/html/draft-bhutton-json-schema-00#section-4.2.1). Note that `integer` as a type is also supported and is defined as a JSON number without a fraction or exponent part. Models are defined using the [Schema Object](#schema-object), which is a superset of JSON Schema Specification Draft 2020-12. As defined by the [JSON Schema Validation vocabulary](https://tools.ietf.org/html/draft-bhutton-json-schema-validation-00#section-7.3), data types can have an optional modifier property: `format`. OAS defines additional formats to provide fine detail for primitive data types. The formats defined by the OAS are: [`type`](#data-types) | [`format`](#dataTypeFormat) | Comments ------ | -------- | -------- `integer` | `int32` | signed 32 bits `integer` | `int64` | signed 64 bits (a.k.a long) `number` | `float` | | `number` | `double` | | `string` | `password` | A hint to UIs to obscure input. ### Rich Text Formatting Throughout the specification `description` fields are noted as supporting CommonMark markdown formatting. Where OpenAPI tooling renders rich text it MUST support, at a minimum, markdown syntax as described by [CommonMark 0.27](https://spec.commonmark.org/0.27/). Tooling MAY choose to ignore some CommonMark features to address security concerns. ### Relative References in URIs Unless specified otherwise, all properties that are URIs MAY be relative references as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-4.2). Relative references, including those in [`Reference Objects`](#reference-object), [`PathItem Object`](#path-item-object) `$ref` fields, [`Link Object`](#link-object) `operationRef` fields and [`Example Object`](#example-object) `externalValue` fields, are resolved using the referring document as the Base URI according to [RFC3986](https://tools.ietf.org/html/rfc3986#section-5.2). If a URI contains a fragment identifier, then the fragment should be resolved per the fragment resolution mechanism of the referenced document. If the representation of the referenced document is JSON or YAML, then the fragment identifier SHOULD be interpreted as a JSON-Pointer as per [RFC6901](https://tools.ietf.org/html/rfc6901). Relative references in [`Schema Objects`](#schema-object), including any that appear as `$id` values, use the nearest parent `$id` as a Base URI, as described by [JSON Schema Specification Draft 2020-12](https://tools.ietf.org/html/draft-bhutton-json-schema-00#section-8.2). If no parent schema contains an `$id`, then the Base URI MUST be determined according to [RFC3986](https://tools.ietf.org/html/rfc3986#section-5.1). ### Relative References in URLs Unless specified otherwise, all properties that are URLs MAY be relative references as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-4.2). Unless specified otherwise, relative references are resolved using the URLs defined in the [`Server Object`](#server-object) as a Base URL. Note that these themselves MAY be relative to the referring document. ### Schema In the following description, if a field is not explicitly **REQUIRED** or described with a MUST or SHALL, it can be considered OPTIONAL. #### OpenAPI Object This is the root object of the [OpenAPI document](#openapi-document). ##### Fixed Fields Field Name | Type | Description ---|:---:|--- openapi | `string` | **REQUIRED**. This string MUST be the [version number](#versions) of the OpenAPI Specification that the OpenAPI document uses. The `openapi` field SHOULD be used by tooling to interpret the OpenAPI document. This is *not* related to the API [`info.version`](#infoVersion) string. info | [Info Object](#info-object) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. jsonSchemaDialect | `string` | The default value for the `$schema` keyword within [Schema Objects](#schema-object) contained within this OAS document. This MUST be in the form of a URI. servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` property is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#serverUrl) value of `/`. paths | [Paths Object](#paths-object) | The available paths and operations for the API. webhooks | Map[`string`, [Path Item Object](#path-item-object) \| [Reference Object](#reference-object)] ] | The incoming webhooks that MAY be received as part of this API and that the API consumer MAY choose to implement. Closely related to the `callbacks` feature, this section describes requests initiated other than by an API call, for example by an out of band registration. The key name is a unique string to refer to each webhook, while the (optionally referenced) Path Item Object describes a request that may be initiated by the API provider and the expected responses. An [example](../examples/v3.1/webhook-example.yaml) is available. components | [Components Object](#components-object) | An element to hold various schemas for the document. security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. Individual operations can override this definition. To make security optional, an empty security requirement (`{}`) can be included in the array. tags | [[Tag Object](#tag-object)] | A list of tags used by the document with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation. This object MAY be extended with [Specification Extensions](#specification-extensions). #### Info Object The object provides metadata about the API. The metadata MAY be used by the clients if needed, and MAY be presented in editing or documentation generation tools for convenience. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- title | `string` | **REQUIRED**. The title of the API. summary | `string` | A short summary of the API. description | `string` | A description of the API. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. termsOfService | `string` | A URL to the Terms of Service for the API. This MUST be in the form of a URL. contact | [Contact Object](#contact-object) | The contact information for the exposed API. license | [License Object](#license-object) | The license information for the exposed API. version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oasVersion) or the API implementation version). This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Info Object Example ```json { "title": "Sample Pet Store App", "summary": "A pet store manager.", "description": "This is a sample server for a pet store.", "termsOfService": "https://example.com/terms/", "contact": { "name": "API Support", "url": "https://www.example.com/support", "email": "support@example.com" }, "license": { "name": "Apache 2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" }, "version": "1.0.1" } ``` ```yaml title: Sample Pet Store App summary: A pet store manager. description: This is a sample server for a pet store. termsOfService: https://example.com/terms/ contact: name: API Support url: https://www.example.com/support email: support@example.com license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html version: 1.0.1 ``` #### Contact Object Contact information for the exposed API. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | The identifying name of the contact person/organization. url | `string` | The URL pointing to the contact information. This MUST be in the form of a URL. email | `string` | The email address of the contact person/organization. This MUST be in the form of an email address. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Contact Object Example ```json { "name": "API Support", "url": "https://www.example.com/support", "email": "support@example.com" } ``` ```yaml name: API Support url: https://www.example.com/support email: support@example.com ``` #### License Object License information for the exposed API. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | **REQUIRED**. The license name used for the API. identifier | `string` | An [SPDX](https://spdx.org/licenses/) license expression for the API. The `identifier` field is mutually exclusive of the `url` field. url | `string` | A URL to the license used for the API. This MUST be in the form of a URL. The `url` field is mutually exclusive of the `identifier` field. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### License Object Example ```json { "name": "Apache 2.0", "identifier": "Apache-2.0" } ``` ```yaml name: Apache 2.0 identifier: Apache-2.0 ``` #### Server Object An object representing a Server. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the OpenAPI document is being served. Variable substitutions will be made when a variable is named in `{`brackets`}`. description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. variables | Map[`string`, [Server Variable Object](#server-variable-object)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Server Object Example A single server would be described as: ```json { "url": "https://development.gigantic-server.com/v1", "description": "Development server" } ``` ```yaml url: https://development.gigantic-server.com/v1 description: Development server ``` The following shows how multiple servers can be described, for example, at the OpenAPI Object's [`servers`](#oasServers): ```json { "servers": [ { "url": "https://development.gigantic-server.com/v1", "description": "Development server" }, { "url": "https://staging.gigantic-server.com/v1", "description": "Staging server" }, { "url": "https://api.gigantic-server.com/v1", "description": "Production server" } ] } ``` ```yaml servers: - url: https://development.gigantic-server.com/v1 description: Development server - url: https://staging.gigantic-server.com/v1 description: Staging server - url: https://api.gigantic-server.com/v1 description: Production server ``` The following shows how variables can be used for a server configuration: ```json { "servers": [ { "url": "https://{username}.gigantic-server.com:{port}/{basePath}", "description": "The production API server", "variables": { "username": { "default": "demo", "description": "this value is assigned by the service provider, in this example `gigantic-server.com`" }, "port": { "enum": [ "8443", "443" ], "default": "8443" }, "basePath": { "default": "v2" } } } ] } ``` ```yaml servers: - url: https://{username}.gigantic-server.com:{port}/{basePath} description: The production API server variables: username: # note! no enum here means it is an open value default: demo description: this value is assigned by the service provider, in this example `gigantic-server.com` port: enum: - '8443' - '443' default: '8443' basePath: # open meaning there is the opportunity to use special base paths as assigned by the provider, default is `v2` default: v2 ``` #### Server Variable Object An object representing a Server Variable for server URL template substitution. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- enum | [`string`] | An enumeration of string values to be used if the substitution options are from a limited set. The array MUST NOT be empty. default | `string` | **REQUIRED**. The default value to use for substitution, which SHALL be sent if an alternate value is _not_ supplied. Note this behavior is different than the [Schema Object's](#schema-object) treatment of default values, because in those cases parameter values are optional. If the [`enum`](#serverVariableEnum) is defined, the value MUST exist in the enum's values. description | `string` | An optional description for the server variable. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. This object MAY be extended with [Specification Extensions](#specification-extensions). #### Components Object Holds a set of reusable objects for different aspects of the OAS. All objects defined within the components object will have no effect on the API unless they are explicitly referenced from properties outside the components object. ##### Fixed Fields Field Name | Type | Description ---|:---|--- schemas | Map[`string`, [Schema Object](#schema-object)] | An object to hold reusable [Schema Objects](#schema-object). responses | Map[`string`, [Response Object](#response-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Response Objects](#response-object). parameters | Map[`string`, [Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Parameter Objects](#parameter-object). examples | Map[`string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Example Objects](#example-object). requestBodies | Map[`string`, [Request Body Object](#request-body-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Request Body Objects](#request-body-object). headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Header Objects](#header-object). securitySchemes| Map[`string`, [Security Scheme Object](#security-scheme-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Security Scheme Objects](#security-scheme-object). links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Link Objects](#link-object). callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Callback Objects](#callback-object). pathItems | Map[`string`, [Path Item Object](#path-item-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Path Item Object](#path-item-object). This object MAY be extended with [Specification Extensions](#specification-extensions). All the fixed fields declared above are objects that MUST use keys that match the regular expression: `^[a-zA-Z0-9\.\-_]+$`. Field Name Examples: ``` User User_1 User_Name user-name my.org.User ``` ##### Components Object Example ```json "components": { "schemas": { "GeneralError": { "type": "object", "properties": { "code": { "type": "integer", "format": "int32" }, "message": { "type": "string" } } }, "Category": { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } } }, "Tag": { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } } } }, "parameters": { "skipParam": { "name": "skip", "in": "query", "description": "number of items to skip", "required": true, "schema": { "type": "integer", "format": "int32" } }, "limitParam": { "name": "limit", "in": "query", "description": "max records to return", "required": true, "schema" : { "type": "integer", "format": "int32" } } }, "responses": { "NotFound": { "description": "Entity not found." }, "IllegalInput": { "description": "Illegal input for operation." }, "GeneralError": { "description": "General Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GeneralError" } } } } }, "securitySchemes": { "api_key": { "type": "apiKey", "name": "api_key", "in": "header" }, "petstore_auth": { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "https://example.org/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } } } } ``` ```yaml components: schemas: GeneralError: type: object properties: code: type: integer format: int32 message: type: string Category: type: object properties: id: type: integer format: int64 name: type: string Tag: type: object properties: id: type: integer format: int64 name: type: string parameters: skipParam: name: skip in: query description: number of items to skip required: true schema: type: integer format: int32 limitParam: name: limit in: query description: max records to return required: true schema: type: integer format: int32 responses: NotFound: description: Entity not found. IllegalInput: description: Illegal input for operation. GeneralError: description: General Error content: application/json: schema: $ref: '#/components/schemas/GeneralError' securitySchemes: api_key: type: apiKey name: api_key in: header petstore_auth: type: oauth2 flows: implicit: authorizationUrl: https://example.org/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### Paths Object Holds the relative paths to the individual endpoints and their operations. The path is appended to the URL from the [`Server Object`](#server-object) in order to construct the full URL. The Paths MAY be empty, due to [Access Control List (ACL) constraints](#security-filtering). ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- /{path} | [Path Item Object](#path-item-object) | A relative path to an individual endpoint. The field name MUST begin with a forward slash (`/`). The path is **appended** (no relative URL resolution) to the expanded URL from the [`Server Object`](#server-object)'s `url` field in order to construct the full URL. [Path templating](#path-templating) is allowed. When matching URLs, concrete (non-templated) paths would be matched before their templated counterparts. Templated paths with the same hierarchy but different templated names MUST NOT exist as they are identical. In case of ambiguous matching, it's up to the tooling to decide which one to use. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Path Templating Matching Assuming the following paths, the concrete definition, `/pets/mine`, will be matched first if used: ``` /pets/{petId} /pets/mine ``` The following paths are considered identical and invalid: ``` /pets/{petId} /pets/{name} ``` The following may lead to ambiguous resolution: ``` /{entity}/me /books/{id} ``` ##### Paths Object Example ```json { "/pets": { "get": { "description": "Returns all pets from the system that the user has access to", "responses": { "200": { "description": "A list of pets.", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/pet" } } } } } } } } } ``` ```yaml /pets: get: description: Returns all pets from the system that the user has access to responses: '200': description: A list of pets. content: application/json: schema: type: array items: $ref: '#/components/schemas/pet' ``` #### Path Item Object Describes the operations available on a single path. A Path Item MAY be empty, due to [ACL constraints](#security-filtering). The path itself is still exposed to the documentation viewer but they will not know which operations and parameters are available. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- $ref | `string` | Allows for a referenced definition of this path item. The referenced structure MUST be in the form of a [Path Item Object](#path-item-object). In case a Path Item Object field appears both in the defined object and the referenced object, the behavior is undefined. See the rules for resolving [Relative References](#relative-references-in-uris). summary| `string` | An optional, string summary, intended to apply to all operations in this path. description | `string` | An optional, string description, intended to apply to all operations in this path. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. get | [Operation Object](#operation-object) | A definition of a GET operation on this path. put | [Operation Object](#operation-object) | A definition of a PUT operation on this path. post | [Operation Object](#operation-object) | A definition of a POST operation on this path. delete | [Operation Object](#operation-object) | A definition of a DELETE operation on this path. options | [Operation Object](#operation-object) | A definition of a OPTIONS operation on this path. head | [Operation Object](#operation-object) | A definition of a HEAD operation on this path. patch | [Operation Object](#operation-object) | A definition of a PATCH operation on this path. trace | [Operation Object](#operation-object) | A definition of a TRACE operation on this path. servers | [[Server Object](#server-object)] | An alternative `server` array to service all operations in this path. parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). The list can use the [Reference Object](#reference-object) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#componentsParameters). This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Path Item Object Example ```json { "get": { "description": "Returns pets based on ID", "summary": "Find pets by ID", "operationId": "getPetsById", "responses": { "200": { "description": "pet response", "content": { "*/*": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/Pet" } } } } }, "default": { "description": "error payload", "content": { "text/html": { "schema": { "$ref": "#/components/schemas/ErrorModel" } } } } } }, "parameters": [ { "name": "id", "in": "path", "description": "ID of pet to use", "required": true, "schema": { "type": "array", "items": { "type": "string" } }, "style": "simple" } ] } ``` ```yaml get: description: Returns pets based on ID summary: Find pets by ID operationId: getPetsById responses: '200': description: pet response content: '*/*' : schema: type: array items: $ref: '#/components/schemas/Pet' default: description: error payload content: 'text/html': schema: $ref: '#/components/schemas/ErrorModel' parameters: - name: id in: path description: ID of pet to use required: true schema: type: array items: type: string style: simple ``` #### Operation Object Describes a single API operation on a path. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- tags | [`string`] | A list of tags for API documentation control. Tags can be used for logical grouping of operations by resources or any other qualifier. summary | `string` | A short summary of what the operation does. description | `string` | A verbose explanation of the operation behavior. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this operation. operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. The operationId value is **case-sensitive**. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is RECOMMENDED to follow common programming naming conventions. parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for this operation. If a parameter is already defined at the [Path Item](#pathItemParameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). The list can use the [Reference Object](#reference-object) to link to parameters that are defined at the [OpenAPI Object's components/parameters](#componentsParameters). requestBody | [Request Body Object](#request-body-object) \| [Reference Object](#reference-object) | The request body applicable for this operation. The `requestBody` is fully supported in HTTP methods where the HTTP 1.1 specification [RFC7231](https://tools.ietf.org/html/rfc7231#section-4.3.1) has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague (such as [GET](https://tools.ietf.org/html/rfc7231#section-4.3.1), [HEAD](https://tools.ietf.org/html/rfc7231#section-4.3.2) and [DELETE](https://tools.ietf.org/html/rfc7231#section-4.3.5)), `requestBody` is permitted but does not have well-defined semantics and SHOULD be avoided if possible. responses | [Responses Object](#responses-object) | The list of possible responses as they are returned from executing this operation. callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callback-object) that describes a request that may be initiated by the API provider and the expected responses. deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. To make security optional, an empty security requirement (`{}`) can be included in the array. This definition overrides any declared top-level [`security`](#oasSecurity). To remove a top-level security declaration, an empty array can be used. servers | [[Server Object](#server-object)] | An alternative `server` array to service this operation. If an alternative `server` object is specified at the Path Item Object or Root level, it will be overridden by this value. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Operation Object Example ```json { "tags": [ "pet" ], "summary": "Updates a pet in the store with form data", "operationId": "updatePetWithForm", "parameters": [ { "name": "petId", "in": "path", "description": "ID of pet that needs to be updated", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/x-www-form-urlencoded": { "schema": { "type": "object", "properties": { "name": { "description": "Updated name of the pet", "type": "string" }, "status": { "description": "Updated status of the pet", "type": "string" } }, "required": ["status"] } } } }, "responses": { "200": { "description": "Pet updated.", "content": { "application/json": {}, "application/xml": {} } }, "405": { "description": "Method Not Allowed", "content": { "application/json": {}, "application/xml": {} } } }, "security": [ { "petstore_auth": [ "write:pets", "read:pets" ] } ] } ``` ```yaml tags: - pet summary: Updates a pet in the store with form data operationId: updatePetWithForm parameters: - name: petId in: path description: ID of pet that needs to be updated required: true schema: type: string requestBody: content: 'application/x-www-form-urlencoded': schema: type: object properties: name: description: Updated name of the pet type: string status: description: Updated status of the pet type: string required: - status responses: '200': description: Pet updated. content: 'application/json': {} 'application/xml': {} '405': description: Method Not Allowed content: 'application/json': {} 'application/xml': {} security: - petstore_auth: - write:pets - read:pets ``` #### External Documentation Object Allows referencing an external resource for extended documentation. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- description | `string` | A description of the target documentation. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. url | `string` | **REQUIRED**. The URL for the target documentation. This MUST be in the form of a URL. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### External Documentation Object Example ```json { "description": "Find more info here", "url": "https://example.com" } ``` ```yaml description: Find more info here url: https://example.com ``` #### Parameter Object Describes a single operation parameter. A unique parameter is defined by a combination of a [name](#parameterName) and [location](#parameterIn). ##### Parameter Locations There are four possible parameter locations specified by the `in` field: * path - Used together with [Path Templating](#path-templating), where the parameter value is actually part of the operation's URL. This does not include the host or base path of the API. For example, in `/items/{itemId}`, the path parameter is `itemId`. * query - Parameters that are appended to the URL. For example, in `/items?id=###`, the query parameter is `id`. * header - Custom headers that are expected as part of the request. Note that [RFC7230](https://tools.ietf.org/html/rfc7230#page-22) states header names are case insensitive. * cookie - Used to pass a specific cookie value to the API. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | **REQUIRED**. The name of the parameter. Parameter names are *case sensitive*.
  • If [`in`](#parameterIn) is `"path"`, the `name` field MUST correspond to a template expression occurring within the [path](#pathsPath) field in the [Paths Object](#paths-object). See [Path Templating](#path-templating) for further information.
  • If [`in`](#parameterIn) is `"header"` and the `name` field is `"Accept"`, `"Content-Type"` or `"Authorization"`, the parameter definition SHALL be ignored.
  • For all other cases, the `name` corresponds to the parameter name used by the [`in`](#parameterIn) property.
in | `string` | **REQUIRED**. The location of the parameter. Possible values are `"query"`, `"header"`, `"path"` or `"cookie"`. description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameterIn) is `"path"`, this property is **REQUIRED** and its value MUST be `true`. Otherwise, the property MAY be included and its default value is `false`. deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. allowEmptyValue | `boolean` | Sets the ability to pass empty-valued parameters. This is valid only for `query` parameters and allows sending a parameter with an empty value. Default value is `false`. If [`style`](#parameterStyle) is used, and if behavior is `n/a` (cannot be serialized), the value of `allowEmptyValue` SHALL be ignored. Use of this property is NOT RECOMMENDED, as it is likely to be removed in a later revision. The rules for serialization of the parameter are specified in one of two ways. For simpler scenarios, a [`schema`](#parameterSchema) and [`style`](#parameterStyle) can describe the structure and syntax of the parameter. Field Name | Type | Description ---|:---:|--- style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `query` - `form`; for `path` - `simple`; for `header` - `simple`; for `cookie` - `form`. explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this property has no effect. When [`style`](#parameterStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. allowReserved | `boolean` | Determines whether the parameter value SHOULD allow reserved characters, as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-2.2) `:/?#[]@!$&'()*+,;=` to be included without percent-encoding. This property only applies to parameters with an `in` value of `query`. The default value is `false`. schema | [Schema Object](#schema-object) | The schema defining the type used for the parameter. example | Any | Example of the parameter's potential value. The example SHOULD match the specified schema and encoding properties if present. The `example` field is mutually exclusive of the `examples` field. Furthermore, if referencing a `schema` that contains an example, the `example` value SHALL _override_ the example provided by the schema. To represent examples of media types that cannot naturally be represented in JSON or YAML, a string value can contain the example with escaping where necessary. examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the parameter's potential value. Each example SHOULD contain a value in the correct format as specified in the parameter encoding. The `examples` field is mutually exclusive of the `example` field. Furthermore, if referencing a `schema` that contains an example, the `examples` value SHALL _override_ the example provided by the schema. For more complex scenarios, the [`content`](#parameterContent) property can define the media type and schema of the parameter. A parameter MUST contain either a `schema` property, or a `content` property, but not both. When `example` or `examples` are provided in conjunction with the `schema` object, the example MUST follow the prescribed serialization strategy for the parameter. Field Name | Type | Description ---|:---:|--- content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing the representations for the parameter. The key is the media type and the value describes it. The map MUST only contain one entry. ##### Style Values In order to support common ways of serializing simple parameters, a set of `style` values are defined. `style` | [`type`](#data-types) | `in` | Comments ----------- | ------ | -------- | -------- matrix | `primitive`, `array`, `object` | `path` | Path-style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.7) label | `primitive`, `array`, `object` | `path` | Label style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.5) form | `primitive`, `array`, `object` | `query`, `cookie` | Form style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.8). This option replaces `collectionFormat` with a `csv` (when `explode` is false) or `multi` (when `explode` is true) value from OpenAPI 2.0. simple | `array` | `path`, `header` | Simple style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.2). This option replaces `collectionFormat` with a `csv` value from OpenAPI 2.0. spaceDelimited | `array`, `object` | `query` | Space separated array or object values. This option replaces `collectionFormat` equal to `ssv` from OpenAPI 2.0. pipeDelimited | `array`, `object` | `query` | Pipe separated array or object values. This option replaces `collectionFormat` equal to `pipes` from OpenAPI 2.0. deepObject | `object` | `query` | Provides a simple way of rendering nested objects using form parameters. ##### Style Examples Assume a parameter named `color` has one of the following values: ``` string -> "blue" array -> ["blue","black","brown"] object -> { "R": 100, "G": 200, "B": 150 } ``` The following table shows examples of rendering differences for each value. [`style`](#style-values) | `explode` | `empty` | `string` | `array` | `object` ----------- | ------ | -------- | -------- | -------- | ------- matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 label | false | . | .blue | .blue.black.brown | .R.100.G.200.B.150 label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 form | false | color= | color=blue | color=blue,black,brown | color=R,100,G,200,B,150 form | true | color= | color=blue | color=blue&color=black&color=brown | R=100&G=200&B=150 simple | false | n/a | blue | blue,black,brown | R,100,G,200,B,150 simple | true | n/a | blue | blue,black,brown | R=100,G=200,B=150 spaceDelimited | false | n/a | n/a | blue%20black%20brown | R%20100%20G%20200%20B%20150 pipeDelimited | false | n/a | n/a | blue\|black\|brown | R\|100\|G\|200\|B\|150 deepObject | true | n/a | n/a | n/a | color[R]=100&color[G]=200&color[B]=150 This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Parameter Object Examples A header parameter with an array of 64 bit integer numbers: ```json { "name": "token", "in": "header", "description": "token to be passed as a header", "required": true, "schema": { "type": "array", "items": { "type": "integer", "format": "int64" } }, "style": "simple" } ``` ```yaml name: token in: header description: token to be passed as a header required: true schema: type: array items: type: integer format: int64 style: simple ``` A path parameter of a string value: ```json { "name": "username", "in": "path", "description": "username to fetch", "required": true, "schema": { "type": "string" } } ``` ```yaml name: username in: path description: username to fetch required: true schema: type: string ``` An optional query parameter of a string value, allowing multiple values by repeating the query parameter: ```json { "name": "id", "in": "query", "description": "ID of the object to fetch", "required": false, "schema": { "type": "array", "items": { "type": "string" } }, "style": "form", "explode": true } ``` ```yaml name: id in: query description: ID of the object to fetch required: false schema: type: array items: type: string style: form explode: true ``` A free-form query parameter, allowing undefined parameters of a specific type: ```json { "in": "query", "name": "freeForm", "schema": { "type": "object", "additionalProperties": { "type": "integer" }, }, "style": "form" } ``` ```yaml in: query name: freeForm schema: type: object additionalProperties: type: integer style: form ``` A complex parameter using `content` to define serialization: ```json { "in": "query", "name": "coordinates", "content": { "application/json": { "schema": { "type": "object", "required": [ "lat", "long" ], "properties": { "lat": { "type": "number" }, "long": { "type": "number" } } } } } } ``` ```yaml in: query name: coordinates content: application/json: schema: type: object required: - lat - long properties: lat: type: number long: type: number ``` #### Request Body Object Describes a single request body. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- description | `string` | A brief description of the request body. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. content | Map[`string`, [Media Type Object](#media-type-object)] | **REQUIRED**. The content of the request body. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For requests that match multiple keys, only the most specific key is applicable. e.g. text/plain overrides text/* required | `boolean` | Determines if the request body is required in the request. Defaults to `false`. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Request Body Examples A request body with a referenced model definition. ```json { "description": "user to add to the system", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/User" }, "examples": { "user" : { "summary": "User Example", "externalValue": "https://foo.bar/examples/user-example.json" } } }, "application/xml": { "schema": { "$ref": "#/components/schemas/User" }, "examples": { "user" : { "summary": "User example in XML", "externalValue": "https://foo.bar/examples/user-example.xml" } } }, "text/plain": { "examples": { "user" : { "summary": "User example in Plain text", "externalValue": "https://foo.bar/examples/user-example.txt" } } }, "*/*": { "examples": { "user" : { "summary": "User example in other format", "externalValue": "https://foo.bar/examples/user-example.whatever" } } } } } ``` ```yaml description: user to add to the system content: 'application/json': schema: $ref: '#/components/schemas/User' examples: user: summary: User Example externalValue: 'https://foo.bar/examples/user-example.json' 'application/xml': schema: $ref: '#/components/schemas/User' examples: user: summary: User example in XML externalValue: 'https://foo.bar/examples/user-example.xml' 'text/plain': examples: user: summary: User example in Plain text externalValue: 'https://foo.bar/examples/user-example.txt' '*/*': examples: user: summary: User example in other format externalValue: 'https://foo.bar/examples/user-example.whatever' ``` A body parameter that is an array of string values: ```json { "description": "user to add to the system", "required": true, "content": { "text/plain": { "schema": { "type": "array", "items": { "type": "string" } } } } } ``` ```yaml description: user to add to the system required: true content: text/plain: schema: type: array items: type: string ``` #### Media Type Object Each Media Type Object provides schema and examples for the media type identified by its key. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- schema | [Schema Object](#schema-object) | The schema defining the content of the request, response, or parameter. example | Any | Example of the media type. The example object SHOULD be in the correct format as specified by the media type. The `example` field is mutually exclusive of the `examples` field. Furthermore, if referencing a `schema` which contains an example, the `example` value SHALL _override_ the example provided by the schema. examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the media type. Each example object SHOULD match the media type and specified schema if present. The `examples` field is mutually exclusive of the `example` field. Furthermore, if referencing a `schema` which contains an example, the `examples` value SHALL _override_ the example provided by the schema. encoding | Map[`string`, [Encoding Object](#encoding-object)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The encoding object SHALL only apply to `requestBody` objects when the media type is `multipart` or `application/x-www-form-urlencoded`. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Media Type Examples ```json { "application/json": { "schema": { "$ref": "#/components/schemas/Pet" }, "examples": { "cat" : { "summary": "An example of a cat", "value": { "name": "Fluffy", "petType": "Cat", "color": "White", "gender": "male", "breed": "Persian" } }, "dog": { "summary": "An example of a dog with a cat's name", "value" : { "name": "Puma", "petType": "Dog", "color": "Black", "gender": "Female", "breed": "Mixed" }, "frog": { "$ref": "#/components/examples/frog-example" } } } } } ``` ```yaml application/json: schema: $ref: "#/components/schemas/Pet" examples: cat: summary: An example of a cat value: name: Fluffy petType: Cat color: White gender: male breed: Persian dog: summary: An example of a dog with a cat's name value: name: Puma petType: Dog color: Black gender: Female breed: Mixed frog: $ref: "#/components/examples/frog-example" ``` ##### Considerations for File Uploads In contrast with the 2.0 specification, `file` input/output content in OpenAPI is described with the same semantics as any other schema type. In contrast with the 3.0 specification, the `format` keyword has no effect on the content-encoding of the schema. JSON Schema offers a `contentEncoding` keyword, which may be used to specify the `Content-Encoding` for the schema. The `contentEncoding` keyword supports all encodings defined in [RFC4648](https://tools.ietf.org/html/rfc4648), including "base64" and "base64url", as well as "quoted-printable" from [RFC2045](https://tools.ietf.org/html/rfc2045#section-6.7). The encoding specified by the `contentEncoding` keyword is independent of an encoding specified by the `Content-Type` header in the request or response or metadata of a multipart body -- when both are present, the encoding specified in the `contentEncoding` is applied first and then the encoding specified in the `Content-Type` header. JSON Schema also offers a `contentMediaType` keyword. However, when the media type is already specified by the Media Type Object's key, or by the `contentType` field of an [Encoding Object](#encoding-object), the `contentMediaType` keyword SHALL be ignored if present. Examples: Content transferred in binary (octet-stream) MAY omit `schema`: ```yaml # a PNG image as a binary file: content: image/png: {} ``` ```yaml # an arbitrary binary file: content: application/octet-stream: {} ``` Binary content transferred with base64 encoding: ```yaml content: image/png: schema: type: string contentMediaType: image/png contentEncoding: base64 ``` Note that the `Content-Type` remains `image/png`, describing the semantics of the payload. The JSON Schema `type` and `contentEncoding` fields explain that the payload is transferred as text. The JSON Schema `contentMediaType` is technically redundant, but can be used by JSON Schema tools that may not be aware of the OpenAPI context. These examples apply to either input payloads of file uploads or response payloads. A `requestBody` for submitting a file in a `POST` operation may look like the following example: ```yaml requestBody: content: application/octet-stream: {} ``` In addition, specific media types MAY be specified: ```yaml # multiple, specific media types may be specified: requestBody: content: # a binary file of type png or jpeg image/jpeg: {} image/png: {} ``` To upload multiple files, a `multipart` media type MUST be used: ```yaml requestBody: content: multipart/form-data: schema: properties: # The property name 'file' will be used for all files. file: type: array items: {} ``` As seen in the section on `multipart/form-data` below, the empty schema for `items` indicates a media type of `application/octet-stream`. ##### Support for x-www-form-urlencoded Request Bodies To submit content using form url encoding via [RFC1866](https://tools.ietf.org/html/rfc1866), the following definition may be used: ```yaml requestBody: content: application/x-www-form-urlencoded: schema: type: object properties: id: type: string format: uuid address: # complex types are stringified to support RFC 1866 type: object properties: {} ``` In this example, the contents in the `requestBody` MUST be stringified per [RFC1866](https://tools.ietf.org/html/rfc1866/) when passed to the server. In addition, the `address` field complex object will be stringified. When passing complex objects in the `application/x-www-form-urlencoded` content type, the default serialization strategy of such properties is described in the [`Encoding Object`](#encoding-object)'s [`style`](#encodingStyle) property as `form`. ##### Special Considerations for `multipart` Content It is common to use `multipart/form-data` as a `Content-Type` when transferring request bodies to operations. In contrast to 2.0, a `schema` is REQUIRED to define the input parameters to the operation when using `multipart` content. This supports complex structures as well as supporting mechanisms for multiple file uploads. In a `multipart/form-data` request body, each schema property, or each element of a schema array property, takes a section in the payload with an internal header as defined by [RFC7578](https://tools.ietf.org/html/rfc7578). The serialization strategy for each property of a `multipart/form-data` request body can be specified in an associated [`Encoding Object`](#encoding-object). When passing in `multipart` types, boundaries MAY be used to separate sections of the content being transferred – thus, the following default `Content-Type`s are defined for `multipart`: * If the property is a primitive, or an array of primitive values, the default Content-Type is `text/plain` * If the property is complex, or an array of complex values, the default Content-Type is `application/json` * If the property is a `type: string` with a `contentEncoding`, the default Content-Type is `application/octet-stream` Per the JSON Schema specification, `contentMediaType` without `contentEncoding` present is treated as if `contentEncoding: identity` were present. While useful for embedding text documents such as `text/html` into JSON strings, it is not useful for a `multipart/form-data` part, as it just causes the document to be treated as `text/plain` instead of its actual media type. Use the Encoding Object without `contentMediaType` if no `contentEncoding` is required. Examples: ```yaml requestBody: content: multipart/form-data: schema: type: object properties: id: type: string format: uuid address: # default Content-Type for objects is `application/json` type: object properties: {} profileImage: # Content-Type for application-level encoded resource is `text/plain` type: string contentMediaType: image/png contentEncoding: base64 children: # default Content-Type for arrays is based on the _inner_ type (`text/plain` here) type: array items: type: string addresses: # default Content-Type for arrays is based on the _inner_ type (object shown, so `application/json` in this example) type: array items: type: object $ref: '#/components/schemas/Address' ``` An `encoding` attribute is introduced to give you control over the serialization of parts of `multipart` request bodies. This attribute is _only_ applicable to `multipart` and `application/x-www-form-urlencoded` request bodies. #### Encoding Object A single encoding definition applied to a single schema property. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- contentType | `string` | The Content-Type for encoding a specific property. Default value depends on the property type: for `object` - `application/json`; for `array` – the default is defined based on the inner type; for all other cases the default is `application/octet-stream`. The value can be a specific media type (e.g. `application/json`), a wildcard media type (e.g. `image/*`), or a comma-separated list of the two types. headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | A map allowing additional information to be provided as headers, for example `Content-Disposition`. `Content-Type` is described separately and SHALL be ignored in this section. This property SHALL be ignored if the request body media type is not a `multipart`. style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameter-object) for details on the [`style`](#parameterStyle) property. The behavior follows the same values as `query` parameters, including default values. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded` or `multipart/form-data`. If a value is explicitly defined, then the value of [`contentType`](#encodingContentType) (implicit or explicit) SHALL be ignored. explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this property has no effect. When [`style`](#encodingStyle) is `form`, the default value is `true`. For all other styles, the default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded` or `multipart/form-data`. If a value is explicitly defined, then the value of [`contentType`](#encodingContentType) (implicit or explicit) SHALL be ignored. allowReserved | `boolean` | Determines whether the parameter value SHOULD allow reserved characters, as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-2.2) `:/?#[]@!$&'()*+,;=` to be included without percent-encoding. The default value is `false`. This property SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded` or `multipart/form-data`. If a value is explicitly defined, then the value of [`contentType`](#encodingContentType) (implicit or explicit) SHALL be ignored. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Encoding Object Example ```yaml requestBody: content: multipart/form-data: schema: type: object properties: id: # default is text/plain type: string format: uuid address: # default is application/json type: object properties: {} historyMetadata: # need to declare XML format! description: metadata in XML format type: object properties: {} profileImage: {} encoding: historyMetadata: # require XML Content-Type in utf-8 encoding contentType: application/xml; charset=utf-8 profileImage: # only accept png/jpeg contentType: image/png, image/jpeg headers: X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: integer ``` #### Responses Object A container for the expected responses of an operation. The container maps a HTTP response code to the expected response. The documentation is not necessarily expected to cover all possible HTTP response codes because they may not be known in advance. However, documentation is expected to cover a successful operation response and any known errors. The `default` MAY be used as a default response object for all HTTP codes that are not covered individually by the `Responses Object`. The `Responses Object` MUST contain at least one response code, and if only one response code is provided it SHOULD be the response for a successful operation call. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- default | [Response Object](#response-object) \| [Reference Object](#reference-object) | The documentation of responses other than the ones declared for specific HTTP response codes. Use this field to cover undeclared responses. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- [HTTP Status Code](#http-status-codes) | [Response Object](#response-object) \| [Reference Object](#reference-object) | Any [HTTP status code](#http-status-codes) can be used as the property name, but only one property per code, to describe the expected response for that HTTP status code. This field MUST be enclosed in quotation marks (for example, "200") for compatibility between JSON and YAML. To define a range of response codes, this field MAY contain the uppercase wildcard character `X`. For example, `2XX` represents all response codes between `[200-299]`. Only the following range definitions are allowed: `1XX`, `2XX`, `3XX`, `4XX`, and `5XX`. If a response is defined using an explicit code, the explicit code definition takes precedence over the range definition for that code. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Responses Object Example A 200 response for a successful operation and a default response for others (implying an error): ```json { "200": { "description": "a pet to be returned", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Pet" } } } }, "default": { "description": "Unexpected error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorModel" } } } } } ``` ```yaml '200': description: a pet to be returned content: application/json: schema: $ref: '#/components/schemas/Pet' default: description: Unexpected error content: application/json: schema: $ref: '#/components/schemas/ErrorModel' ``` #### Response Object Describes a single response from an API Operation, including design-time, static `links` to operations based on the response. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- description | `string` | **REQUIRED**. A description of the response. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#page-22) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing descriptions of potential response payloads. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For responses that match multiple keys, only the most specific key is applicable. e.g. text/plain overrides text/* links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#components-object). This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Response Object Examples Response of an array of a complex type: ```json { "description": "A complex object array response", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/VeryComplexType" } } } } } ``` ```yaml description: A complex object array response content: application/json: schema: type: array items: $ref: '#/components/schemas/VeryComplexType' ``` Response with a string type: ```json { "description": "A simple string response", "content": { "text/plain": { "schema": { "type": "string" } } } } ``` ```yaml description: A simple string response content: text/plain: schema: type: string ``` Plain text response with headers: ```json { "description": "A simple string response", "content": { "text/plain": { "schema": { "type": "string", "example": "whoa!" } } }, "headers": { "X-Rate-Limit-Limit": { "description": "The number of allowed requests in the current period", "schema": { "type": "integer" } }, "X-Rate-Limit-Remaining": { "description": "The number of remaining requests in the current period", "schema": { "type": "integer" } }, "X-Rate-Limit-Reset": { "description": "The number of seconds left in the current period", "schema": { "type": "integer" } } } } ``` ```yaml description: A simple string response content: text/plain: schema: type: string example: 'whoa!' headers: X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: integer X-Rate-Limit-Remaining: description: The number of remaining requests in the current period schema: type: integer X-Rate-Limit-Reset: description: The number of seconds left in the current period schema: type: integer ``` Response with no return value: ```json { "description": "object created" } ``` ```yaml description: object created ``` #### Callback Object A map of possible out-of band callbacks related to the parent operation. Each value in the map is a [Path Item Object](#path-item-object) that describes a set of requests that may be initiated by the API provider and the expected responses. The key value used to identify the path item object is an expression, evaluated at runtime, that identifies a URL to use for the callback operation. To describe incoming requests from the API provider independent from another API call, use the [`webhooks`](#oasWebhooks) field. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- {expression} | [Path Item Object](#path-item-object) \| [Reference Object](#reference-object) | A Path Item Object, or a reference to one, used to define a callback request and expected responses. A [complete example](../examples/v3.0/callback-example.yaml) is available. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Key Expression The key that identifies the [Path Item Object](#path-item-object) is a [runtime expression](#runtime-expressions) that can be evaluated in the context of a runtime HTTP request/response to identify the URL to be used for the callback request. A simple example might be `$request.body#/url`. However, using a [runtime expression](#runtime-expressions) the complete HTTP message can be accessed. This includes accessing any part of a body that a JSON Pointer [RFC6901](https://tools.ietf.org/html/rfc6901) can reference. For example, given the following HTTP request: ```http POST /subscribe/myevent?queryUrl=https://clientdomain.com/stillrunning HTTP/1.1 Host: example.org Content-Type: application/json Content-Length: 187 { "failedUrl" : "https://clientdomain.com/failed", "successUrls" : [ "https://clientdomain.com/fast", "https://clientdomain.com/medium", "https://clientdomain.com/slow" ] } 201 Created Location: https://example.org/subscription/1 ``` The following examples show how the various expressions evaluate, assuming the callback operation has a path parameter named `eventType` and a query parameter named `queryUrl`. Expression | Value ---|:--- $url | https://example.org/subscribe/myevent?queryUrl=https://clientdomain.com/stillrunning $method | POST $request.path.eventType | myevent $request.query.queryUrl | https://clientdomain.com/stillrunning $request.header.content-Type | application/json $request.body#/failedUrl | https://clientdomain.com/failed $request.body#/successUrls/2 | https://clientdomain.com/medium $response.header.Location | https://example.org/subscription/1 ##### Callback Object Examples The following example uses the user provided `queryUrl` query string parameter to define the callback URL. This is an example of how to use a callback object to describe a WebHook callback that goes with the subscription operation to enable registering for the WebHook. ```yaml myCallback: '{$request.query.queryUrl}': post: requestBody: description: Callback payload content: 'application/json': schema: $ref: '#/components/schemas/SomePayload' responses: '200': description: callback successfully processed ``` The following example shows a callback where the server is hard-coded, but the query string parameters are populated from the `id` and `email` property in the request body. ```yaml transactionCallback: 'http://notificationServer.com?transactionId={$request.body#/id}&email={$request.body#/email}': post: requestBody: description: Callback payload content: 'application/json': schema: $ref: '#/components/schemas/SomePayload' responses: '200': description: callback successfully processed ``` #### Example Object ##### Fixed Fields Field Name | Type | Description ---|:---:|--- summary | `string` | Short description for the example. description | `string` | Long description for the example. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. value | Any | Embedded literal example. The `value` field and `externalValue` field are mutually exclusive. To represent examples of media types that cannot naturally represented in JSON or YAML, use a string value to contain the example, escaping where necessary. externalValue | `string` | A URI that points to the literal example. This provides the capability to reference examples that cannot easily be included in JSON or YAML documents. The `value` field and `externalValue` field are mutually exclusive. See the rules for resolving [Relative References](#relative-references-in-uris). This object MAY be extended with [Specification Extensions](#specification-extensions). In all cases, the example value is expected to be compatible with the type schema of its associated value. Tooling implementations MAY choose to validate compatibility automatically, and reject the example value(s) if incompatible. ##### Example Object Examples In a request body: ```yaml requestBody: content: 'application/json': schema: $ref: '#/components/schemas/Address' examples: foo: summary: A foo example value: {"foo": "bar"} bar: summary: A bar example value: {"bar": "baz"} 'application/xml': examples: xmlExample: summary: This is an example in XML externalValue: 'https://example.org/examples/address-example.xml' 'text/plain': examples: textExample: summary: This is a text example externalValue: 'https://foo.bar/examples/address-example.txt' ``` In a parameter: ```yaml parameters: - name: 'zipCode' in: 'query' schema: type: 'string' format: 'zip-code' examples: zip-example: $ref: '#/components/examples/zip-example' ``` In a response: ```yaml responses: '200': description: your car appointment has been booked content: application/json: schema: $ref: '#/components/schemas/SuccessResponse' examples: confirmation-success: $ref: '#/components/examples/confirmation-success' ``` #### Link Object The `Link object` represents a possible design-time link for a response. The presence of a link does not guarantee the caller's ability to successfully invoke it, rather it provides a known relationship and traversal mechanism between responses and other operations. Unlike _dynamic_ links (i.e. links provided **in** the response payload), the OAS linking mechanism does not require link information in the runtime response. For computing links, and providing instructions to execute them, a [runtime expression](#runtime-expressions) is used for accessing values in an operation and using them as parameters while invoking the linked operation. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- operationRef | `string` | A relative or absolute URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operation-object). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operation-object) in the OpenAPI definition. See the rules for resolving [Relative References](#relative-references-in-uris). operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. parameters | Map[`string`, Any \| [{expression}](#runtime-expressions)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used, whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. The parameter name can be qualified using the [parameter location](#parameterIn) `[{in}.]{name}` for operations that use the same parameter name in different locations (e.g. path.id). requestBody | Any \| [{expression}](#runtime-expressions) | A literal value or [{expression}](#runtime-expressions) to use as a request body when calling the target operation. description | `string` | A description of the link. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. server | [Server Object](#server-object) | A server object to be used by the target operation. This object MAY be extended with [Specification Extensions](#specification-extensions). A linked operation MUST be identified using either an `operationRef` or `operationId`. In the case of an `operationId`, it MUST be unique and resolved in the scope of the OAS document. Because of the potential for name clashes, the `operationRef` syntax is preferred for OpenAPI documents with external references. ##### Examples Computing a link from a request operation where the `$request.path.id` is used to pass a request parameter to the linked operation. ```yaml paths: /users/{id}: parameters: - name: id in: path required: true description: the user identifier, as userId schema: type: string get: responses: '200': description: the user being returned content: application/json: schema: type: object properties: uuid: # the unique user id type: string format: uuid links: address: # the target link operationId operationId: getUserAddress parameters: # get the `id` field from the request path parameter named `id` userId: $request.path.id # the path item of the linked operation /users/{userid}/address: parameters: - name: userid in: path required: true description: the user identifier, as userId schema: type: string # linked operation get: operationId: getUserAddress responses: '200': description: the user's address ``` When a runtime expression fails to evaluate, no parameter value is passed to the target operation. Values from the response body can be used to drive a linked operation. ```yaml links: address: operationId: getUserAddressByUUID parameters: # get the `uuid` field from the `uuid` field in the response body userUuid: $response.body#/uuid ``` Clients follow all links at their discretion. Neither permissions, nor the capability to make a successful call to that link, is guaranteed solely by the existence of a relationship. ##### OperationRef Examples As references to `operationId` MAY NOT be possible (the `operationId` is an optional field in an [Operation Object](#operation-object)), references MAY also be made through a relative `operationRef`: ```yaml links: UserRepositories: # returns array of '#/components/schemas/repository' operationRef: '#/paths/~12.0~1repositories~1{username}/get' parameters: username: $response.body#/username ``` or an absolute `operationRef`: ```yaml links: UserRepositories: # returns array of '#/components/schemas/repository' operationRef: 'https://na2.gigantic-server.com/#/paths/~12.0~1repositories~1{username}/get' parameters: username: $response.body#/username ``` Note that in the use of `operationRef`, the _escaped forward-slash_ is necessary when using JSON references. ##### Runtime Expressions Runtime expressions allow defining values based on information that will only be available within the HTTP message in an actual API call. This mechanism is used by [Link Objects](#link-object) and [Callback Objects](#callback-object). The runtime expression is defined by the following [ABNF](https://tools.ietf.org/html/rfc5234) syntax ```abnf expression = ( "$url" / "$method" / "$statusCode" / "$request." source / "$response." source ) source = ( header-reference / query-reference / path-reference / body-reference ) header-reference = "header." token query-reference = "query." name path-reference = "path." name body-reference = "body" ["#" json-pointer ] json-pointer = *( "/" reference-token ) reference-token = *( unescaped / escaped ) unescaped = %x00-2E / %x30-7D / %x7F-10FFFF ; %x2F ('/') and %x7E ('~') are excluded from 'unescaped' escaped = "~" ( "0" / "1" ) ; representing '~' and '/', respectively name = *( CHAR ) token = 1*tchar tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA ``` Here, `json-pointer` is taken from [RFC6901](https://tools.ietf.org/html/rfc6901), `char` from [RFC7159](https://tools.ietf.org/html/rfc7159#section-7) and `token` from [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2.6). The `name` identifier is case-sensitive, whereas `token` is not. The table below provides examples of runtime expressions and examples of their use in a value: ##### Examples Source Location | example expression | notes ---|:---|:---| HTTP Method | `$method` | The allowable values for the `$method` will be those for the HTTP operation. Requested media type | `$request.header.accept` | Request parameter | `$request.path.id` | Request parameters MUST be declared in the `parameters` section of the parent operation or they cannot be evaluated. This includes request headers. Request body property | `$request.body#/user/uuid` | In operations which accept payloads, references may be made to portions of the `requestBody` or the entire body. Request URL | `$url` | Response value | `$response.body#/status` | In operations which return payloads, references may be made to portions of the response body or the entire body. Response header | `$response.header.Server` | Single header values only are available Runtime expressions preserve the type of the referenced value. Expressions can be embedded into string values by surrounding the expression with `{}` curly braces. #### Header Object The Header Object follows the structure of the [Parameter Object](#parameter-object) with the following changes: 1. `name` MUST NOT be specified, it is given in the corresponding `headers` map. 1. `in` MUST NOT be specified, it is implicitly in `header`. 1. All traits that are affected by the location MUST be applicable to a location of `header` (for example, [`style`](#parameterStyle)). ##### Header Object Example A simple header of type `integer`: ```json { "description": "The number of allowed requests in the current period", "schema": { "type": "integer" } } ``` ```yaml description: The number of allowed requests in the current period schema: type: integer ``` #### Tag Object Adds metadata to a single tag that is used by the [Operation Object](#operation-object). It is not mandatory to have a Tag Object per tag defined in the Operation Object instances. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | **REQUIRED**. The name of the tag. description | `string` | A description for the tag. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this tag. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Tag Object Example ```json { "name": "pet", "description": "Pets operations" } ``` ```yaml name: pet description: Pets operations ``` #### Reference Object A simple object to allow referencing other components in the OpenAPI document, internally and externally. The `$ref` string value contains a URI [RFC3986](https://tools.ietf.org/html/rfc3986), which identifies the location of the value being referenced. See the rules for resolving [Relative References](#relative-references-in-uris). ##### Fixed Fields Field Name | Type | Description ---|:---:|--- $ref | `string` | **REQUIRED**. The reference identifier. This MUST be in the form of a URI. summary | `string` | A short summary which by default SHOULD override that of the referenced component. If the referenced object-type does not allow a `summary` field, then this field has no effect. description | `string` | A description which by default SHOULD override that of the referenced component. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. If the referenced object-type does not allow a `description` field, then this field has no effect. This object cannot be extended with additional properties and any properties added SHALL be ignored. Note that this restriction on additional properties is a difference between Reference Objects and [`Schema Objects`](#schema-object) that contain a `$ref` keyword. ##### Reference Object Example ```json { "$ref": "#/components/schemas/Pet" } ``` ```yaml $ref: '#/components/schemas/Pet' ``` ##### Relative Schema Document Example ```json { "$ref": "Pet.json" } ``` ```yaml $ref: Pet.yaml ``` ##### Relative Documents With Embedded Schema Example ```json { "$ref": "definitions.json#/Pet" } ``` ```yaml $ref: definitions.yaml#/Pet ``` #### Schema Object The Schema Object allows the definition of input and output data types. These types can be objects, but also primitives and arrays. This object is a superset of the [JSON Schema Specification Draft 2020-12](https://tools.ietf.org/html/draft-bhutton-json-schema-00). For more information about the properties, see [JSON Schema Core](https://tools.ietf.org/html/draft-bhutton-json-schema-00) and [JSON Schema Validation](https://tools.ietf.org/html/draft-bhutton-json-schema-validation-00). Unless stated otherwise, the property definitions follow those of JSON Schema and do not add any additional semantics. Where JSON Schema indicates that behavior is defined by the application (e.g. for annotations), OAS also defers the definition of semantics to the application consuming the OpenAPI document. ##### Properties The OpenAPI Schema Object [dialect](https://tools.ietf.org/html/draft-bhutton-json-schema-00#section-4.3.3) is defined as requiring the [OAS base vocabulary](#fixed-fields-20), in addition to the vocabularies as specified in the JSON Schema draft 2020-12 [general purpose meta-schema](https://tools.ietf.org/html/draft-bhutton-json-schema-00#section-8). The OpenAPI Schema Object dialect for this version of the specification is identified by the URI `https://spec.openapis.org/oas/3.1/dialect/base` (the "OAS dialect schema id"). The following properties are taken from the JSON Schema specification but their definitions have been extended by the OAS: - description - [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. - format - See [Data Type Formats](#dataTypeFormat) for further details. While relying on JSON Schema's defined formats, the OAS offers a few additional predefined formats. In addition to the JSON Schema properties comprising the OAS dialect, the Schema Object supports keywords from any other vocabularies, or entirely arbitrary properties. The OpenAPI Specification's base vocabulary is comprised of the following keywords: ##### Fixed Fields Field Name | Type | Description ---|:---:|--- discriminator | [Discriminator Object](#discriminator-object) | Adds support for polymorphism. The discriminator is an object name that is used to differentiate between other schemas which may satisfy the payload description. See [Composition and Inheritance](#composition-and-inheritance-polymorphism) for more details. xml | [XML Object](#xml-object) | This MAY be used only on properties schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this schema. example | Any | A free-form property to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary.

**Deprecated:** The `example` property has been deprecated in favor of the JSON Schema `examples` keyword. Use of `example` is discouraged, and later versions of this specification may remove it. This object MAY be extended with [Specification Extensions](#specification-extensions), though as noted, additional properties MAY omit the `x-` prefix within this object. ###### Composition and Inheritance (Polymorphism) The OpenAPI Specification allows combining and extending model definitions using the `allOf` property of JSON Schema, in effect offering model composition. `allOf` takes an array of object definitions that are validated *independently* but together compose a single object. While composition offers model extensibility, it does not imply a hierarchy between the models. To support polymorphism, the OpenAPI Specification adds the `discriminator` field. When used, the `discriminator` will be the name of the property that decides which schema definition validates the structure of the model. As such, the `discriminator` field MUST be a required field. There are two ways to define the value of a discriminator for an inheriting instance. - Use the schema name. - Override the schema name by overriding the property with a new value. If a new value exists, this takes precedence over the schema name. As such, inline schema definitions, which do not have a given id, *cannot* be used in polymorphism. ###### XML Modeling The [xml](#schemaXml) property allows extra definitions when translating the JSON definition to XML. The [XML Object](#xml-object) contains additional information about the available options. ###### Specifying Schema Dialects It is important for tooling to be able to determine which dialect or meta-schema any given resource wishes to be processed with: JSON Schema Core, JSON Schema Validation, OpenAPI Schema dialect, or some custom meta-schema. The `$schema` keyword MAY be present in any root Schema Object, and if present MUST be used to determine which dialect should be used when processing the schema. This allows use of Schema Objects which comply with other drafts of JSON Schema than the default Draft 2020-12 support. Tooling MUST support the OAS dialect schema id, and MAY support additional values of `$schema`. To allow use of a different default `$schema` value for all Schema Objects contained within an OAS document, a `jsonSchemaDialect` value may be set within the OpenAPI Object. If this default is not set, then the OAS dialect schema id MUST be used for these Schema Objects. The value of `$schema` within a Schema Object always overrides any default. When a Schema Object is referenced from an external resource which is not an OAS document (e.g. a bare JSON Schema resource), then the value of the `$schema` keyword for schemas within that resource MUST follow [JSON Schema rules](https://tools.ietf.org/html/draft-bhutton-json-schema-00#section-8.1.1). ##### Schema Object Examples ###### Primitive Sample ```json { "type": "string", "format": "email" } ``` ```yaml type: string format: email ``` ###### Simple Model ```json { "type": "object", "required": [ "name" ], "properties": { "name": { "type": "string" }, "address": { "$ref": "#/components/schemas/Address" }, "age": { "type": "integer", "format": "int32", "minimum": 0 } } } ``` ```yaml type: object required: - name properties: name: type: string address: $ref: '#/components/schemas/Address' age: type: integer format: int32 minimum: 0 ``` ###### Model with Map/Dictionary Properties For a simple string to string mapping: ```json { "type": "object", "additionalProperties": { "type": "string" } } ``` ```yaml type: object additionalProperties: type: string ``` For a string to model mapping: ```json { "type": "object", "additionalProperties": { "$ref": "#/components/schemas/ComplexModel" } } ``` ```yaml type: object additionalProperties: $ref: '#/components/schemas/ComplexModel' ``` ###### Model with Example ```json { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } }, "required": [ "name" ], "example": { "name": "Puma", "id": 1 } } ``` ```yaml type: object properties: id: type: integer format: int64 name: type: string required: - name example: name: Puma id: 1 ``` ###### Models with Composition ```json { "components": { "schemas": { "ErrorModel": { "type": "object", "required": [ "message", "code" ], "properties": { "message": { "type": "string" }, "code": { "type": "integer", "minimum": 100, "maximum": 600 } } }, "ExtendedErrorModel": { "allOf": [ { "$ref": "#/components/schemas/ErrorModel" }, { "type": "object", "required": [ "rootCause" ], "properties": { "rootCause": { "type": "string" } } } ] } } } } ``` ```yaml components: schemas: ErrorModel: type: object required: - message - code properties: message: type: string code: type: integer minimum: 100 maximum: 600 ExtendedErrorModel: allOf: - $ref: '#/components/schemas/ErrorModel' - type: object required: - rootCause properties: rootCause: type: string ``` ###### Models with Polymorphism Support ```json { "components": { "schemas": { "Pet": { "type": "object", "discriminator": { "propertyName": "petType" }, "properties": { "name": { "type": "string" }, "petType": { "type": "string" } }, "required": [ "name", "petType" ] }, "Cat": { "description": "A representation of a cat. Note that `Cat` will be used as the discriminator value.", "allOf": [ { "$ref": "#/components/schemas/Pet" }, { "type": "object", "properties": { "huntingSkill": { "type": "string", "description": "The measured skill for hunting", "default": "lazy", "enum": [ "clueless", "lazy", "adventurous", "aggressive" ] } }, "required": [ "huntingSkill" ] } ] }, "Dog": { "description": "A representation of a dog. Note that `Dog` will be used as the discriminator value.", "allOf": [ { "$ref": "#/components/schemas/Pet" }, { "type": "object", "properties": { "packSize": { "type": "integer", "format": "int32", "description": "the size of the pack the dog is from", "default": 0, "minimum": 0 } }, "required": [ "packSize" ] } ] } } } } ``` ```yaml components: schemas: Pet: type: object discriminator: propertyName: petType properties: name: type: string petType: type: string required: - name - petType Cat: ## "Cat" will be used as the discriminator value description: A representation of a cat allOf: - $ref: '#/components/schemas/Pet' - type: object properties: huntingSkill: type: string description: The measured skill for hunting enum: - clueless - lazy - adventurous - aggressive required: - huntingSkill Dog: ## "Dog" will be used as the discriminator value description: A representation of a dog allOf: - $ref: '#/components/schemas/Pet' - type: object properties: packSize: type: integer format: int32 description: the size of the pack the dog is from default: 0 minimum: 0 required: - packSize ``` #### Discriminator Object When request bodies or response payloads may be one of a number of different schemas, a `discriminator` object can be used to aid in serialization, deserialization, and validation. The discriminator is a specific object in a schema which is used to inform the consumer of the document of an alternative schema based on the value associated with it. When using the discriminator, _inline_ schemas will not be considered. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminator value. mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or references. This object MAY be extended with [Specification Extensions](#specification-extensions). The discriminator object is legal only when using one of the composite keywords `oneOf`, `anyOf`, `allOf`. In OAS 3.0, a response payload MAY be described to be exactly one of any number of types: ```yaml MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' ``` which means the payload _MUST_, by validation, match exactly one of the schemas described by `Cat`, `Dog`, or `Lizard`. In this case, a discriminator MAY act as a "hint" to shortcut validation and selection of the matching schema which may be a costly operation, depending on the complexity of the schema. We can then describe exactly which field tells us which schema to use: ```yaml MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' discriminator: propertyName: petType ``` The expectation now is that a property with name `petType` _MUST_ be present in the response payload, and the value will correspond to the name of a schema defined in the OAS document. Thus the response payload: ```json { "id": 12345, "petType": "Cat" } ``` Will indicate that the `Cat` schema be used in conjunction with this payload. In scenarios where the value of the discriminator field does not match the schema name or implicit mapping is not possible, an optional `mapping` definition MAY be used: ```yaml MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' - $ref: 'https://gigantic-server.com/schemas/Monster/schema.json' discriminator: propertyName: petType mapping: dog: '#/components/schemas/Dog' monster: 'https://gigantic-server.com/schemas/Monster/schema.json' ``` Here the discriminator _value_ of `dog` will map to the schema `#/components/schemas/Dog`, rather than the default (implicit) value of `Dog`. If the discriminator _value_ does not match an implicit or explicit mapping, no schema can be determined and validation SHOULD fail. Mapping keys MUST be string values, but tooling MAY convert response values to strings for comparison. When used in conjunction with the `anyOf` construct, the use of the discriminator can avoid ambiguity where multiple schemas may satisfy a single payload. In both the `oneOf` and `anyOf` use cases, all possible schemas MUST be listed explicitly. To avoid redundancy, the discriminator MAY be added to a parent schema definition, and all schemas comprising the parent schema in an `allOf` construct may be used as an alternate schema. For example: ```yaml components: schemas: Pet: type: object required: - petType properties: petType: type: string discriminator: propertyName: petType mapping: dog: Dog Cat: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a `Cat` properties: name: type: string Dog: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a `Dog` properties: bark: type: string Lizard: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a `Lizard` properties: lovesRocks: type: boolean ``` a payload like this: ```json { "petType": "Cat", "name": "misty" } ``` will indicate that the `Cat` schema be used. Likewise this schema: ```json { "petType": "dog", "bark": "soft" } ``` will map to `Dog` because of the definition in the `mapping` element. #### XML Object A metadata object that allows for more fine-tuned XML model definitions. When using arrays, XML element names are *not* inferred (for singular/plural forms) and the `name` property SHOULD be used to add that information. See examples for expected behavior. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- name | `string` | Replaces the name of the element/attribute used for the described schema property. When defined within `items`, it will affect the name of the individual XML elements within the list. When defined alongside `type` being `array` (outside the `items`), it will affect the wrapping element and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. namespace | `string` | The URI of the namespace definition. This MUST be in the form of an absolute URI. prefix | `string` | The prefix to be used for the [name](#xmlName). attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `array` (outside the `items`). This object MAY be extended with [Specification Extensions](#specification-extensions). ##### XML Object Examples The examples of the XML object definitions are included inside a property definition of a [Schema Object](#schema-object) with a sample of the XML representation of it. ###### No XML Element Basic string property: ```json { "animals": { "type": "string" } } ``` ```yaml animals: type: string ``` ```xml ... ``` Basic string array property ([`wrapped`](#xmlWrapped) is `false` by default): ```json { "animals": { "type": "array", "items": { "type": "string" } } } ``` ```yaml animals: type: array items: type: string ``` ```xml ... ... ... ``` ###### XML Name Replacement ```json { "animals": { "type": "string", "xml": { "name": "animal" } } } ``` ```yaml animals: type: string xml: name: animal ``` ```xml ... ``` ###### XML Attribute, Prefix and Namespace In this example, a full model definition is shown. ```json { "Person": { "type": "object", "properties": { "id": { "type": "integer", "format": "int32", "xml": { "attribute": true } }, "name": { "type": "string", "xml": { "namespace": "https://example.com/schema/sample", "prefix": "sample" } } } } } ``` ```yaml Person: type: object properties: id: type: integer format: int32 xml: attribute: true name: type: string xml: namespace: https://example.com/schema/sample prefix: sample ``` ```xml example ``` ###### XML Arrays Changing the element names: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } } } } ``` ```yaml animals: type: array items: type: string xml: name: animal ``` ```xml value value ``` The external `name` property has no effect on the XML: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "name": "aliens" } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: name: aliens ``` ```xml value value ``` Even when the array is wrapped, if a name is not explicitly defined, the same name will be used both internally and externally: ```json { "animals": { "type": "array", "items": { "type": "string" }, "xml": { "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: wrapped: true ``` ```xml value value ``` To overcome the naming problem in the example above, the following definition can be used: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: wrapped: true ``` ```xml value value ``` Affecting both internal and external names: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "name": "aliens", "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: name: aliens wrapped: true ``` ```xml value value ``` If we change the external element but not the internal ones: ```json { "animals": { "type": "array", "items": { "type": "string" }, "xml": { "name": "aliens", "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: aliens wrapped: true ``` ```xml value value ``` #### Security Scheme Object Defines a security scheme that can be used by the operations. Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), mutual TLS (use of a client certificate), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [OpenID Connect Discovery](https://tools.ietf.org/html/draft-ietf-oauth-discovery-06). Please note that as of 2020, the implicit flow is about to be deprecated by [OAuth 2.0 Security Best Current Practice](https://tools.ietf.org/html/draft-ietf-oauth-security-topics). Recommended for most use case is Authorization Code Grant flow with PKCE. ##### Fixed Fields Field Name | Type | Applies To | Description ---|:---:|---|--- type | `string` | Any | **REQUIRED**. The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"mutualTLS"`, `"oauth2"`, `"openIdConnect"`. description | `string` | Any | A description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"` or `"cookie"`. scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authorization scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. flows | [OAuth Flows Object](#oauth-flows-object) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. OpenId Connect URL to discover OAuth2 configuration values. This MUST be in the form of a URL. The OpenID Connect standard requires the use of TLS. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Security Scheme Object Example ###### Basic Authentication Sample ```json { "type": "http", "scheme": "basic" } ``` ```yaml type: http scheme: basic ``` ###### API Key Sample ```json { "type": "apiKey", "name": "api_key", "in": "header" } ``` ```yaml type: apiKey name: api_key in: header ``` ###### JWT Bearer Sample ```json { "type": "http", "scheme": "bearer", "bearerFormat": "JWT", } ``` ```yaml type: http scheme: bearer bearerFormat: JWT ``` ###### Implicit OAuth2 Sample ```json { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "https://example.com/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } } ``` ```yaml type: oauth2 flows: implicit: authorizationUrl: https://example.com/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### OAuth Flows Object Allows configuration of the supported OAuth Flows. ##### Fixed Fields Field Name | Type | Description ---|:---:|--- implicit| [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Implicit flow password| [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Resource Owner Password flow clientCredentials| [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Client Credentials flow. Previously called `application` in OpenAPI 2.0. authorizationCode| [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Authorization Code flow. Previously called `accessCode` in OpenAPI 2.0. This object MAY be extended with [Specification Extensions](#specification-extensions). #### OAuth Flow Object Configuration details for a supported OAuth Flow ##### Fixed Fields Field Name | Type | Applies To | Description ---|:---:|---|--- authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty. This object MAY be extended with [Specification Extensions](#specification-extensions). ##### OAuth Flow Object Examples ```JSON { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "https://example.com/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } }, "authorizationCode": { "authorizationUrl": "https://example.com/api/oauth/dialog", "tokenUrl": "https://example.com/api/oauth/token", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } } ``` ```yaml type: oauth2 flows: implicit: authorizationUrl: https://example.com/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets authorizationCode: authorizationUrl: https://example.com/api/oauth/dialog tokenUrl: https://example.com/api/oauth/token scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### Security Requirement Object Lists the required security schemes to execute this operation. The name used for each property MUST correspond to a security scheme declared in the [Security Schemes](#componentsSecuritySchemes) under the [Components Object](#components-object). Security Requirement Objects that contain multiple schemes require that all schemes MUST be satisfied for a request to be authorized. This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information. When a list of Security Requirement Objects is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object), only one of the Security Requirement Objects in the list needs to be satisfied to authorize the request. ##### Patterned Fields Field Pattern | Type | Description ---|:---:|--- {name} | [`string`] | Each name MUST correspond to a security scheme which is declared in the [Security Schemes](#componentsSecuritySchemes) under the [Components Object](#components-object). If the security scheme is of type `"oauth2"` or `"openIdConnect"`, then the value is a list of scope names required for the execution, and the list MAY be empty if authorization does not require a specified scope. For other security scheme types, the array MAY contain a list of role names which are required for the execution, but are not otherwise defined or exchanged in-band. ##### Security Requirement Object Examples ###### Non-OAuth2 Security Requirement ```json { "api_key": [] } ``` ```yaml api_key: [] ``` ###### OAuth2 Security Requirement ```json { "petstore_auth": [ "write:pets", "read:pets" ] } ``` ```yaml petstore_auth: - write:pets - read:pets ``` ###### Optional OAuth2 Security Optional OAuth2 security as would be defined in an OpenAPI Object or an Operation Object: ```json { "security": [ {}, { "petstore_auth": [ "write:pets", "read:pets" ] } ] } ``` ```yaml security: - {} - petstore_auth: - write:pets - read:pets ``` ### Specification Extensions While the OpenAPI Specification tries to accommodate most use cases, additional data can be added to extend the specification at certain points. The extensions properties are implemented as patterned fields that are always prefixed by `"x-"`. Field Pattern | Type | Description ---|:---:|--- ^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. Field names beginning `x-oai-` and `x-oas-` are reserved for uses defined by the [OpenAPI Initiative](https://www.openapis.org/). The value can be `null`, a primitive, an array or an object. The extensions may or may not be supported by the available tooling, but those may be extended as well to add requested support (if tools are internal or open-sourced). ### Security Filtering Some objects in the OpenAPI Specification MAY be declared and remain empty, or be completely removed, even though they are inherently the core of the API documentation. The reasoning is to allow an additional layer of access control over the documentation. While not part of the specification itself, certain libraries MAY choose to allow access to parts of the documentation based on some form of authentication/authorization. Two examples of this: 1. The [Paths Object](#paths-object) MAY be present but empty. It may be counterintuitive, but this may tell the viewer that they got to the right place, but can't access any documentation. They would still have access to at least the [Info Object](#info-object) which may contain additional information regarding authentication. 2. The [Path Item Object](#path-item-object) MAY be empty. In this case, the viewer will be aware that the path exists, but will not be able to see any of its operations or parameters. This is different from hiding the path itself from the [Paths Object](#paths-object), because the user will be aware of its existence. This allows the documentation provider to finely control what the viewer can see. ## Appendix A: Revision History Version | Date | Notes --- | --- | --- 3.1.0 | 2021-02-15 | Release of the OpenAPI Specification 3.1.0 3.1.0-rc1 | 2020-10-08 | rc1 of the 3.1 specification 3.1.0-rc0 | 2020-06-18 | rc0 of the 3.1 specification 3.0.3 | 2020-02-20 | Patch release of the OpenAPI Specification 3.0.3 3.0.2 | 2018-10-08 | Patch release of the OpenAPI Specification 3.0.2 3.0.1 | 2017-12-06 | Patch release of the OpenAPI Specification 3.0.1 3.0.0 | 2017-07-26 | Release of the OpenAPI Specification 3.0.0 3.0.0-rc2 | 2017-06-16 | rc2 of the 3.0 specification 3.0.0-rc1 | 2017-04-27 | rc1 of the 3.0 specification 3.0.0-rc0 | 2017-02-28 | Implementer's Draft of the 3.0 specification 2.0 | 2015-12-31 | Donation of Swagger 2.0 to the OpenAPI Initiative 2.0 | 2014-09-08 | Release of Swagger 2.0 1.2 | 2014-03-14 | Initial release of the formal document. 1.1 | 2012-08-22 | Release of Swagger 1.1 1.0 | 2011-08-10 | First release of the Swagger Specification OpenAPI-Specification-3.2.0/versions/3.1.1-editors.md000066400000000000000000000014421506330113000220170ustar00rootroot00000000000000# OpenAPI Specification Editors ## Active * Darrel Miller [@darrelmiller](https://github.com/darrelmiller) * Henry Andrews [@handrews](https://github.com/handrews) * Jeremy Whitlock [@whitlockjc](https://github.com/whitlockjc) * Lorna Mitchell [@lornajane](https://github.com/lornajane) * Marsh Gardiner [@earth2marsh](https://github.com/earth2marsh) * Miguel Quintero [@miqui](https://github.com/miqui) * Mike Kistler [@mikekistler](https://github.com/mikekistler) * Ralf Handl [@ralfhandl](https://github.com/ralfhandl) * Ron Ratovsky [@webron](https://github.com/webron) ## Emeritus * Mike Ralphson [@MikeRalphson](https://github.com/MikeRalphson) * Uri Sarid [@usarid](https://github.com/usarid) * Jason Harmon [@jharmn](https://github.com/jharmn) * Tony Tam [@fehguy](https://github.com/fehguy) OpenAPI-Specification-3.2.0/versions/3.1.1.md000066400000000000000000006370741506330113000203700ustar00rootroot00000000000000# OpenAPI Specification ## Version 3.1.1 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [BCP 14](https://tools.ietf.org/html/bcp14) [RFC2119](https://tools.ietf.org/html/rfc2119) [RFC8174](https://tools.ietf.org/html/rfc8174) when, and only when, they appear in all capitals, as shown here. This document is licensed under [The Apache License, Version 2.0](https://www.apache.org/licenses/LICENSE-2.0.html). ## Introduction The OpenAPI Specification (OAS) defines a standard, language-agnostic interface to HTTP APIs which allows both humans and computers to discover and understand the capabilities of the service without access to source code, documentation, or through network traffic inspection. When properly defined, a consumer can understand and interact with the remote service with a minimal amount of implementation logic. An OpenAPI Description can then be used by documentation generation tools to display the API, code generation tools to generate servers and clients in various programming languages, testing tools, and many other use cases. For examples of OpenAPI usage and additional documentation, please visit [[?OpenAPI-Learn]]. For extension registries and other specifications published by the OpenAPI Initiative, as well as the authoritative rendering of this specification, please visit [spec.openapis.org](https://spec.openapis.org/). ## Definitions ### OpenAPI Description An OpenAPI Description (OAD) formally describes the surface of an API and its semantics. It is composed of an [entry document](#openapi-description-structure), which must be an OpenAPI Document, and any/all of its referenced documents. An OAD uses and conforms to the OpenAPI Specification, and MUST contain at least one [paths](#paths-object) field, [components](#oas-components) field, or [webhooks](#oas-webhooks) field. ### OpenAPI Document An OpenAPI Document is a single JSON or YAML document that conforms to the OpenAPI Specification. An OpenAPI Document compatible with OAS 3.\*.\* contains a required [`openapi`](#oas-version) field which designates the version of the OAS that it uses. ### Schema A "schema" is a formal description of syntax and structure. This document serves as the [schema](#schema) for the OpenAPI Specification format; a non-authoritative JSON Schema based on this document is also provided on [spec.openapis.org](https://spec.openapis.org) for informational purposes. This specification also _uses_ schemas in the form of the [Schema Object](#schema-object). ### Object When capitalized, the word "Object" refers to any of the Objects that are named by section headings in this document. ### Path Templating Path templating refers to the usage of template expressions, delimited by curly braces (`{}`), to mark a section of a URL path as replaceable using path parameters. Each template expression in the path MUST correspond to a path parameter that is included in the [Path Item](#path-item-object) itself and/or in each of the Path Item's [Operations](#operation-object). An exception is if the path item is empty, for example due to ACL constraints, matching path parameters are not required. The value for these path parameters MUST NOT contain any unescaped "generic syntax" characters described by [RFC3986](https://tools.ietf.org/html/rfc3986#section-3): forward slashes (`/`), question marks (`?`), or hashes (`#`). ### Media Types Media type definitions are spread across several resources. The media type definitions SHOULD be in compliance with [RFC6838](https://tools.ietf.org/html/rfc6838). Some examples of possible media type definitions: ```text text/plain; charset=utf-8 application/json application/vnd.github+json application/vnd.github.v3+json application/vnd.github.v3.raw+json application/vnd.github.v3.text+json application/vnd.github.v3.html+json application/vnd.github.v3.full+json application/vnd.github.v3.diff application/vnd.github.v3.patch ``` ### HTTP Status Codes The HTTP Status Codes are used to indicate the status of the executed operation. Status codes SHOULD be selected from the available status codes registered in the [IANA Status Code Registry](https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml). ### Case Sensitivity As most field names and values in the OpenAPI Specification are case-sensitive, this document endeavors to call out any case-insensitive names and values. However, the case sensitivity of field names and values that map directly to HTTP concepts follow the case sensitivity rules of HTTP, even if this document does not make a note of every concept. ### Undefined and Implementation-Defined Behavior This specification deems certain situations to have either _undefined_ or _implementation-defined_ behavior. Behavior described as _undefined_ is likely, at least in some circumstances, to result in outcomes that contradict the specification. This description is used when detecting the contradiction is impossible or impractical. Implementations MAY support undefined scenarios for historical reasons, including ambiguous text in prior versions of the specification. This support might produce correct outcomes in many cases, but relying on it is NOT RECOMMENDED as there is no guarantee that it will work across all tools or with future specification versions, even if those versions are otherwise strictly compatible with this one. Behavior described as _implementation-defined_ allows implementations to choose which of several different-but-compliant approaches to a requirement to implement. This documents ambiguous requirements that API description authors are RECOMMENDED to avoid in order to maximize interoperability. Unlike undefined behavior, it is safe to rely on implementation-defined behavior if _and only if_ it can be guaranteed that all relevant tools support the same behavior. ## Specification ### Versions The OpenAPI Specification is versioned using a `major`.`minor`.`patch` versioning scheme. The `major`.`minor` portion of the version string (for example `3.1`) SHALL designate the OAS feature set. _`.patch`_ versions address errors in, or provide clarifications to, this document, not the feature set. Tooling which supports OAS 3.1 SHOULD be compatible with all OAS 3.1.\* versions. The patch version SHOULD NOT be considered by tooling, making no distinction between `3.1.0` and `3.1.1` for example. Occasionally, non-backwards compatible changes may be made in `minor` versions of the OAS where impact is believed to be low relative to the benefit provided. ### Format An OpenAPI Document that conforms to the OpenAPI Specification is itself a JSON object, which may be represented either in JSON or YAML format. For example, if a field has an array value, the JSON array representation will be used: ```json { "field": [1, 2, 3] } ``` All field names in the specification are **case sensitive**. This includes all fields that are used as keys in a map, except where explicitly noted that keys are **case insensitive**. The [schema](#schema) exposes two types of fields: _fixed fields_, which have a declared name, and _patterned fields_, which have a declared pattern for the field name. Patterned fields MUST have unique names within the containing object. In order to preserve the ability to round-trip between YAML and JSON formats, YAML version [1.2](https://yaml.org/spec/1.2/spec.html) is RECOMMENDED along with some additional constraints: * Tags MUST be limited to those allowed by [YAML's JSON schema ruleset](https://yaml.org/spec/1.2/spec.html#id2803231), which defines a subset of the YAML syntax and is unrelated to [[JSON-Schema-2020-12|JSON Schema]]. * Keys used in YAML maps MUST be limited to a scalar string, as defined by the [YAML Failsafe schema ruleset](https://yaml.org/spec/1.2/spec.html#id2802346). **Note:** While APIs may be described by OpenAPI Descriptions in either YAML or JSON format, the API request and response bodies and other content are not required to be JSON or YAML. ### OpenAPI Description Structure An OpenAPI Description (OAD) MAY be made up of a single JSON or YAML document or be divided into multiple, connected parts at the discretion of the author. In the latter case, [Reference Object](#reference-object), [Path Item Object](#path-item-object) and [Schema Object](#schema-object) `$ref` fields, as well as the [Link Object](#link-object) `operationRef` field, and the URI form of the [Discriminator Object](#discriminator-object) `mapping` field, are used to identify the referenced elements. In a multi-document OAD, the document containing the OpenAPI Object where parsing begins is known as that OAD's **entry document**. It is RECOMMENDED that the entry document of an OAD be named: `openapi.json` or `openapi.yaml`. #### Parsing Documents In order to properly handle [Schema Objects](#schema-object), OAS 3.1 inherits the parsing requirements of [JSON Schema Specification Draft 2020-12](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-9), with appropriate modifications regarding base URIs as specified in [Relative References In URIs](#relative-references-in-api-description-uris). This includes a requirement to parse complete documents before deeming a Schema Object reference to be unresolvable, in order to detect keywords that might provide the reference target or impact the determination of the appropriate base URI. Implementations MAY support complete-document parsing in any of the following ways: * Detecting OpenAPI or JSON Schema documents using media types * Detecting OpenAPI documents through the root `openapi` field * Detecting JSON Schema documents through detecting keywords or otherwise successfully parsing the document in accordance with the JSON Schema specification * Detecting a document containing a referenceable Object at its root based on the expected type of the reference * Allowing users to configure the type of documents that might be loaded due to a reference to a non-root Object Implementations that parse referenced fragments of OpenAPI content without regard for the content of the rest of the containing document will miss keywords that change the meaning and behavior of the reference target. In particular, failing to take into account keywords that change the base URI introduces security risks by causing references to resolve to unintended URIs, with unpredictable results. While some implementations support this sort of parsing due to the requirements of past versions of this specification, in version 3.1, the result of parsing fragments in isolation is _undefined_ and likely to contradict the requirements of this specification. While it is possible to structure certain OpenAPI Descriptions to ensure that they will behave correctly when references are parsed as isolated fragments, depending on this is NOT RECOMMENDED. This specification does not explicitly enumerate the conditions under which such behavior is safe and provides no guarantee for continued safety in any future versions of the OAS. A special case of parsing fragments of OAS content would be if such fragments are embedded in another format, referred to as an _embedding format_ with respect to the OAS. Note that the OAS itself is an embedding format with respect to JSON Schema, which is embedded as Schema Objects. It is the responsibility of an embedding format to define how to parse embedded content, and OAS implementations that do not document support for an embedding format cannot be expected to parse embedded OAS content correctly. #### Structural Interoperability JSON or YAML objects within an OAD are interpreted as specific Objects (such as [Operation Objects](#operation-object), [Response Objects](#response-object), [Reference Objects](#reference-object), etc.) based on their context. Depending on how references are arranged, a given JSON or YAML object can be interpreted in multiple different contexts: * As the root object of the [entry document](#openapi-description-structure), which is always interpreted as an OpenAPI Object * As the Object type implied by its parent Object within the document * As a reference target, with the Object type matching the reference source's context If the same JSON/YAML object is parsed multiple times and the respective contexts require it to be parsed as _different_ Object types, the resulting behavior is _implementation defined_, and MAY be treated as an error if detected. An example would be referencing an empty Schema Object under `#/components/schemas` where a Path Item Object is expected, as an empty object is valid for both types. For maximum interoperability, it is RECOMMENDED that OpenAPI Description authors avoid such scenarios. #### Resolving Implicit Connections Several features of this specification require resolution of non-URI-based connections to some other part of the OpenAPI Description (OAD). These connections are unambiguously resolved in single-document OADs, but the resolution process in multi-document OADs is _implementation-defined_, within the constraints described in this section. In some cases, an unambiguous URI-based alternative is available, and OAD authors are RECOMMENDED to always use the alternative: | Source | Target | Alternative | | ---- | ---- | ---- | | [Security Requirement Object](#security-requirement-object) `{name}` | [Security Scheme Object](#security-scheme-object) name under the [Components Object](#components-object) | _n/a_ | | [Discriminator Object](#discriminator-object) `mapping` _(implicit, or explicit name syntax)_ | [Schema Object](#schema-object) name under the Components Object | `mapping` _(explicit URI syntax)_ | | [Operation Object](#operation-object) `tags` | [Tag Object](#tag-object) `name` (in the [OpenAPI Object](#openapi-object)'s `tags` array) | _n/a_ | | [Link Object](#link-object) `operationId` | [Path Item Object](#path-item-object) `operationId` | `operationRef` | A fifth implicit connection involves appending the templated URL paths of the [Paths Object](#paths-object) to the appropriate [Server Object](#server-object)'s `url` field. This is unambiguous because only the entry document's Paths Object contributes URLs to the described API. It is RECOMMENDED to consider all Operation Objects from all parsed documents when resolving any Link Object `operationId`. This requires parsing all referenced documents prior to determining an `operationId` to be unresolvable. The implicit connections in the Security Requirement Object and Discriminator Object rely on the _component name_, which is the name of the property holding the component in the appropriately typed sub-object of the Components Object. For example, the component name of the Schema Object at `#/components/schemas/Foo` is `Foo`. The implicit connection of `tags` in the Operation Object uses the `name` field of Tag Objects, which (like the Components Object) are found under the root OpenAPI Object. This means resolving component names and tag names both depend on starting from the correct OpenAPI Object. For resolving component and tag name connections from a referenced (non-entry) document, it is RECOMMENDED that tools resolve from the entry document, rather than the current document. This allows Security Scheme Objects and Tag Objects to be defined next to the API's deployment information (the top-level array of Server Objects), and treated as an interface for referenced documents to access. The interface approach can also work for Discriminator Objects and Schema Objects, but it is also possible to keep the Discriminator Object's behavior within a single document using the relative URI-reference syntax of `mapping`. There are no URI-based alternatives for the Security Requirement Object or for the Operation Object's `tags` field. These limitations are expected to be addressed in a future release. See [Appendix F: Resolving Security Requirements in a Referenced Document](#appendix-f-resolving-security-requirements-in-a-referenced-document) for an example of the possible resolutions, including which one is recommended by this section. The behavior for Discrimator Object non-URI mappings and for the Operation Object's `tags` field operate on the same principles. Note that no aspect of implicit connection resolution changes how [URIs are resolved](#relative-references-in-api-description-uris), or restricts their possible targets. ### Data Types Data types in the OAS are based on the types defined by the [JSON Schema Validation Specification Draft 2020-12](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-validation-00#section-6.1.1): "null", "boolean", "object", "array", "number", "string", or "integer". Models are defined using the [Schema Object](#schema-object), which is a superset of the JSON Schema Specification Draft 2020-12. JSON Schema keywords and `format` values operate on JSON "instances" which may be one of the six JSON data types, "null", "boolean", "object", "array", "number", or "string", with certain keywords and formats only applying to a specific type. For example, the `pattern` keyword and the `date-time` format only apply to strings, and treat any instance of the other five types as _automatically valid._ This means JSON Schema keywords and formats do **NOT** implicitly require the expected type. Use the `type` keyword to explicitly constrain the type. Note that the `type` keyword allows `"integer"` as a value for convenience, but keyword and format applicability does not recognize integers as being of a distinct JSON type from other numbers because [[RFC7159|JSON]] itself does not make that distinction. Since there is no distinct JSON integer type, JSON Schema defines integers mathematically. This means that both `1` and `1.0` are [equivalent](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-4.2.2), and are both considered to be integers. #### Data Type Format As defined by the [JSON Schema Validation specification](https://tools.ietf.org/html/draft-bhutton-json-schema-validation-00#section-7.3), data types can have an optional modifier keyword: `format`. As described in that specification, `format` is treated as a non-validating annotation by default; the ability to validate `format` varies across implementations. The OpenAPI Initiative also hosts a [Format Registry](https://spec.openapis.org/registry/format/) for formats defined by OAS users and other specifications. Support for any registered format is strictly OPTIONAL, and support for one registered format does not imply support for any others. Types that are not accompanied by a `format` keyword follow the type definition in the JSON Schema. Tools that do not recognize a specific `format` MAY default back to the `type` alone, as if the `format` is not specified. For the purpose of [JSON Schema validation](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-validation-00#section-7.1), each format should specify the set of JSON data types for which it applies. In this registry, these types are shown in the "JSON Data Type" column. The formats defined by the OAS are: | `format` | JSON Data Type | Comments | | ---- | ---- | ---- | | `int32` | number | signed 32 bits | | `int64` | number | signed 64 bits (a.k.a long) | | `float` | number | | | `double` | number | | | `password` | string | A hint to obscure the value. | As noted under [Data Type](#data-types), both `type: number` and `type: integer` are considered to be numbers in the data model. #### Working with Binary Data The OAS can describe either _raw_ or _encoded_ binary data. * **raw binary** is used where unencoded binary data is allowed, such as when sending a binary payload as the entire HTTP message body, or as part of a `multipart/*` payload that allows binary parts * **encoded binary** is used where binary data is embedded in a text-only format such as `application/json` or `application/x-www-form-urlencoded` (either as a message body or in the URL query string). In the following table showing how to use Schema Object keywords for binary data, we use `image/png` as an example binary media type. Any binary media type, including `application/octet-stream`, is sufficient to indicate binary content. | Keyword | Raw | Encoded | Comments | | ---- | ---- | ---- | ---- | | `type` | _omit_ | `string` | raw binary is [outside of `type`](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-4.2.3) | | `contentMediaType` | `image/png` | `image/png` | can sometimes be omitted if redundant (see below) | | `contentEncoding` | _omit_ | `base64` or `base64url` | other encodings are [allowed](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-validation-00#section-8.3) | Note that the encoding indicated by `contentEncoding`, which inflates the size of data in order to represent it as 7-bit ASCII text, is unrelated to HTTP's `Content-Encoding` header, which indicates whether and how a message body has been compressed and is applied after all content serialization described in this section has occurred. Since HTTP allows unencoded binary message bodies, there is no standardized HTTP header for indicating base64 or similar encoding of an entire message body. Using a `contentEncoding` of `base64url` ensures that URL encoding (as required in the query string and in message bodies of type `application/x-www-form-urlencoded`) does not need to further encode any part of the already-encoded binary data. The `contentMediaType` keyword is redundant if the media type is already set: * as the key for a [MediaType Object](#media-type-object) * in the `contentType` field of an [Encoding Object](#encoding-object) If the [Schema Object](#schema-object) will be processed by a non-OAS-aware JSON Schema implementation, it may be useful to include `contentMediaType` even if it is redundant. However, if `contentMediaType` contradicts a relevant Media Type Object or Encoding Object, then `contentMediaType` SHALL be ignored. The `maxLength` keyword MAY be used to set an expected upper bound on the length of a streaming payload. The keyword can be applied to either string data, including encoded binary data, or to unencoded binary data. For unencoded binary, the length is the number of octets. ##### Migrating binary descriptions from OAS 3.0 The following table shows how to migrate from OAS 3.0 binary data descriptions, continuing to use `image/png` as the example binary media type: | OAS < 3.1 | OAS 3.1 | Comments | | ---- | ---- | ---- | | type: string
format: binary | contentMediaType: image/png | if redundant, can be omitted, often resulting in an empty [Schema Object](#schema-object) | | type: string
format: byte | type: string
contentMediaType: image/png
contentEncoding: base64 | note that `base64url` can be used to avoid re-encoding the base64 string to be URL-safe | ### Rich Text Formatting Throughout the specification `description` fields are noted as supporting CommonMark markdown formatting. Where OpenAPI tooling renders rich text it MUST support, at a minimum, markdown syntax as described by [CommonMark 0.27](https://spec.commonmark.org/0.27/). Tooling MAY choose to ignore some CommonMark or extension features to address security concerns. While the framing of CommonMark 0.27 as a minimum requirement means that tooling MAY choose to implement extensions on top of it, note that any such extensions are by definition implementation-defined and will not be interoperable. OpenAPI Description authors SHOULD consider how text using such extensions will be rendered by tools that offer only the minimum support. ### Relative References in API Description URIs URIs used as references within an OpenAPI Description, or to external documentation or other supplementary information such as a license, are resolved as _identifiers_, and described by this specification as **_URIs_**. As noted under [Parsing Documents](#parsing-documents), this specification inherits JSON Schema Specification Draft 2020-12's requirements for [loading documents](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-9) and associating them with their expected URIs, which might not match their current location. This feature is used both for working in development or test environments without having to change the URIs, and for working within restrictive network configurations or security policies. Note that some URI fields are named `url` for historical reasons, but the descriptive text for those fields uses the correct "URI" terminology. Unless specified otherwise, all fields that are URIs MAY be relative references as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-4.2). Relative references in [Schema Objects](#schema-object), including any that appear as `$id` values, use the nearest parent `$id` as a Base URI, as described by [JSON Schema Specification Draft 2020-12](https://tools.ietf.org/html/draft-bhutton-json-schema-00#section-8.2). Relative URI references in other Objects, and in Schema Objects where no parent schema contains an `$id`, MUST be resolved using the referring document's base URI, which is determined in accordance with [[RFC3986]] [Section 5.1.2 – 5.1.4](https://tools.ietf.org/html/rfc3986#section-5.1.2). In practice, this is usually the retrieval URI of the document, which MAY be determined based on either its current actual location or a user-supplied expected location. If a URI contains a fragment identifier, then the fragment should be resolved per the fragment resolution mechanism of the referenced document. If the representation of the referenced document is JSON or YAML, then the fragment identifier SHOULD be interpreted as a JSON-Pointer as per [RFC6901](https://tools.ietf.org/html/rfc6901). Relative references in CommonMark hyperlinks are resolved in their rendered context, which might differ from the context of the API description. ### Relative References in API URLs API endpoints are by definition accessed as locations, and are described by this specification as **_URLs_**. Unless specified otherwise, all fields that are URLs MAY be relative references as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-4.2). Unless specified otherwise, relative references are resolved using the URLs defined in the [Server Object](#server-object) as a Base URL. Note that these themselves MAY be relative to the referring document. ### Schema This section describes the structure of the OpenAPI Description format. This text is the only normative description of the format. A JSON Schema is hosted on [spec.openapis.org](https://spec.openapis.org) for informational purposes. If the JSON Schema differs from this section, then this section MUST be considered authoritative. In the following description, if a field is not explicitly **REQUIRED** or described with a MUST or SHALL, it can be considered OPTIONAL. #### OpenAPI Object This is the root object of the [OpenAPI Description](#openapi-description). ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | openapi | `string` | **REQUIRED**. This string MUST be the [version number](#versions) of the OpenAPI Specification that the OpenAPI Document uses. The `openapi` field SHOULD be used by tooling to interpret the OpenAPI Document. This is _not_ related to the API [`info.version`](#info-version) string. | | info | [Info Object](#info-object) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. | | jsonSchemaDialect | `string` | The default value for the `$schema` keyword within [Schema Objects](#schema-object) contained within this OAS document. This MUST be in the form of a URI. | | servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` field is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#server-url) value of `/`. | | paths | [Paths Object](#paths-object) | The available paths and operations for the API. | | webhooks | Map[`string`, [Path Item Object](#path-item-object)] | The incoming webhooks that MAY be received as part of this API and that the API consumer MAY choose to implement. Closely related to the `callbacks` feature, this section describes requests initiated other than by an API call, for example by an out of band registration. The key name is a unique string to refer to each webhook, while the (optionally referenced) Path Item Object describes a request that may be initiated by the API provider and the expected responses. An [example](https://learn.openapis.org/examples/v3.1/webhook-example.html) is available. | | components | [Components Object](#components-object) | An element to hold various Objects for the OpenAPI Description. | | security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. Individual operations can override this definition. The list can be incomplete, up to being empty or absent. To make security explicitly optional, an empty security requirement (`{}`) can be included in the array. | | tags | [[Tag Object](#tag-object)] | A list of tags used by the OpenAPI Description with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation. | This object MAY be extended with [Specification Extensions](#specification-extensions). #### Info Object The object provides metadata about the API. The metadata MAY be used by the clients if needed, and MAY be presented in editing or documentation generation tools for convenience. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | title | `string` | **REQUIRED**. The title of the API. | | summary | `string` | A short summary of the API. | | description | `string` | A description of the API. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | termsOfService | `string` | A URI for the Terms of Service for the API. This MUST be in the form of a URI. | | contact | [Contact Object](#contact-object) | The contact information for the exposed API. | | license | [License Object](#license-object) | The license information for the exposed API. | | version | `string` | **REQUIRED**. The version of the OpenAPI Document (which is distinct from the [OpenAPI Specification version](#oas-version) or the version of the API being described or the version of the OpenAPI Description). | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Info Object Example ```json { "title": "Example Pet Store App", "summary": "A pet store manager.", "description": "This is an example server for a pet store.", "termsOfService": "https://example.com/terms/", "contact": { "name": "API Support", "url": "https://www.example.com/support", "email": "support@example.com" }, "license": { "name": "Apache 2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" }, "version": "1.0.1" } ``` ```yaml title: Example Pet Store App summary: A pet store manager. description: This is an example server for a pet store. termsOfService: https://example.com/terms/ contact: name: API Support url: https://www.example.com/support email: support@example.com license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html version: 1.0.1 ``` #### Contact Object Contact information for the exposed API. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | name | `string` | The identifying name of the contact person/organization. | | url | `string` | The URI for the contact information. This MUST be in the form of a URI. | | email | `string` | The email address of the contact person/organization. This MUST be in the form of an email address. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Contact Object Example ```json { "name": "API Support", "url": "https://www.example.com/support", "email": "support@example.com" } ``` ```yaml name: API Support url: https://www.example.com/support email: support@example.com ``` #### License Object License information for the exposed API. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | name | `string` | **REQUIRED**. The license name used for the API. | | identifier | `string` | An [SPDX](https://spdx.org/licenses/) license expression for the API. The `identifier` field is mutually exclusive of the `url` field. | | url | `string` | A URI for the license used for the API. This MUST be in the form of a URI. The `url` field is mutually exclusive of the `identifier` field. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### License Object Example ```json { "name": "Apache 2.0", "identifier": "Apache-2.0" } ``` ```yaml name: Apache 2.0 identifier: Apache-2.0 ``` #### Server Object An object representing a Server. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the document containing the Server Object is being served. Variable substitutions will be made when a variable is named in `{`braces`}`. | | description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | variables | Map[`string`, [Server Variable Object](#server-variable-object)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Server Object Example A single server would be described as: ```json { "url": "https://development.gigantic-server.com/v1", "description": "Development server" } ``` ```yaml url: https://development.gigantic-server.com/v1 description: Development server ``` The following shows how multiple servers can be described, for example, at the OpenAPI Object's [`servers`](#oas-servers): ```json { "servers": [ { "url": "https://development.gigantic-server.com/v1", "description": "Development server" }, { "url": "https://staging.gigantic-server.com/v1", "description": "Staging server" }, { "url": "https://api.gigantic-server.com/v1", "description": "Production server" } ] } ``` ```yaml servers: - url: https://development.gigantic-server.com/v1 description: Development server - url: https://staging.gigantic-server.com/v1 description: Staging server - url: https://api.gigantic-server.com/v1 description: Production server ``` The following shows how variables can be used for a server configuration: ```json { "servers": [ { "url": "https://{username}.gigantic-server.com:{port}/{basePath}", "description": "The production API server", "variables": { "username": { "default": "demo", "description": "A user-specific subdomain. Use `demo` for a free sandbox environment." }, "port": { "enum": ["8443", "443"], "default": "8443" }, "basePath": { "default": "v2" } } } ] } ``` ```yaml servers: - url: https://{username}.gigantic-server.com:{port}/{basePath} description: The production API server variables: username: # note! no enum here means it is an open value default: demo description: A user-specific subdomain. Use `demo` for a free sandbox environment. port: enum: - '8443' - '443' default: '8443' basePath: # open meaning there is the opportunity to use special base paths as assigned by the provider, default is `v2` default: v2 ``` #### Server Variable Object An object representing a Server Variable for server URL template substitution. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | enum | [`string`] | An enumeration of string values to be used if the substitution options are from a limited set. The array MUST NOT be empty. | | default | `string` | **REQUIRED**. The default value to use for substitution, which SHALL be sent if an alternate value is _not_ supplied. If the [`enum`](#server-variable-enum) is defined, the value MUST exist in the enum's values. Note that this behavior is different from the [Schema Object](#schema-object)'s `default` keyword, which documents the receiver's behavior rather than inserting the value into the data. | | description | `string` | An optional description for the server variable. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | This object MAY be extended with [Specification Extensions](#specification-extensions). #### Components Object Holds a set of reusable objects for different aspects of the OAS. All objects defined within the Components Object will have no effect on the API unless they are explicitly referenced from outside the Components Object. ##### Fixed Fields | Field Name | Type | Description | | ---- | :---- | ---- | | schemas | Map[`string`, [Schema Object](#schema-object)] | An object to hold reusable [Schema Objects](#schema-object). | | responses | Map[`string`, [Response Object](#response-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Response Objects](#response-object). | | parameters | Map[`string`, [Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Parameter Objects](#parameter-object). | | examples | Map[`string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Example Objects](#example-object). | | requestBodies | Map[`string`, [Request Body Object](#request-body-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Request Body Objects](#request-body-object). | | headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Header Objects](#header-object). | | securitySchemes | Map[`string`, [Security Scheme Object](#security-scheme-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Security Scheme Objects](#security-scheme-object). | | links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Link Objects](#link-object). | | callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Callback Objects](#callback-object). | | pathItems | Map[`string`, [Path Item Object](#path-item-object)] | An object to hold reusable [Path Item Objects](#path-item-object). | This object MAY be extended with [Specification Extensions](#specification-extensions). All the fixed fields declared above are objects that MUST use keys that match the regular expression: `^[a-zA-Z0-9\.\-_]+$`. Field Name Examples: ```text User User_1 User_Name user-name my.org.User ``` ##### Components Object Example ```json "components": { "schemas": { "GeneralError": { "type": "object", "properties": { "code": { "type": "integer", "format": "int32" }, "message": { "type": "string" } } }, "Category": { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } } }, "Tag": { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } } } }, "parameters": { "skipParam": { "name": "skip", "in": "query", "description": "number of items to skip", "required": true, "schema": { "type": "integer", "format": "int32" } }, "limitParam": { "name": "limit", "in": "query", "description": "max records to return", "required": true, "schema" : { "type": "integer", "format": "int32" } } }, "responses": { "NotFound": { "description": "Entity not found." }, "IllegalInput": { "description": "Illegal input for operation." }, "GeneralError": { "description": "General Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GeneralError" } } } } }, "securitySchemes": { "api_key": { "type": "apiKey", "name": "api-key", "in": "header" }, "petstore_auth": { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "https://example.org/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } } } } ``` ```yaml components: schemas: GeneralError: type: object properties: code: type: integer format: int32 message: type: string Category: type: object properties: id: type: integer format: int64 name: type: string Tag: type: object properties: id: type: integer format: int64 name: type: string parameters: skipParam: name: skip in: query description: number of items to skip required: true schema: type: integer format: int32 limitParam: name: limit in: query description: max records to return required: true schema: type: integer format: int32 responses: NotFound: description: Entity not found. IllegalInput: description: Illegal input for operation. GeneralError: description: General Error content: application/json: schema: $ref: '#/components/schemas/GeneralError' securitySchemes: api_key: type: apiKey name: api-key in: header petstore_auth: type: oauth2 flows: implicit: authorizationUrl: https://example.org/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### Paths Object Holds the relative paths to the individual endpoints and their operations. The path is appended to the URL from the [Server Object](#server-object) in order to construct the full URL. The Paths Object MAY be empty, due to [Access Control List (ACL) constraints](#security-filtering). ##### Patterned Fields | Field Pattern | Type | Description | | ---- | :----: | ---- | | /{path} | [Path Item Object](#path-item-object) | A relative path to an individual endpoint. The field name MUST begin with a forward slash (`/`). The path is **appended** (no relative URL resolution) to the expanded URL from the [Server Object](#server-object)'s `url` field in order to construct the full URL. [Path templating](#path-templating) is allowed. When matching URLs, concrete (non-templated) paths would be matched before their templated counterparts. Templated paths with the same hierarchy but different templated names MUST NOT exist as they are identical. In case of ambiguous matching, it's up to the tooling to decide which one to use. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Path Templating Matching Assuming the following paths, the concrete definition, `/pets/mine`, will be matched first if used: ```text /pets/{petId} /pets/mine ``` The following paths are considered identical and invalid: ```text /pets/{petId} /pets/{name} ``` The following may lead to ambiguous resolution: ```text /{entity}/me /books/{id} ``` ##### Paths Object Example ```json { "/pets": { "get": { "description": "Returns all pets from the system that the user has access to", "responses": { "200": { "description": "A list of pets.", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/pet" } } } } } } } } } ``` ```yaml /pets: get: description: Returns all pets from the system that the user has access to responses: '200': description: A list of pets. content: application/json: schema: type: array items: $ref: '#/components/schemas/pet' ``` #### Path Item Object Describes the operations available on a single path. A Path Item MAY be empty, due to [ACL constraints](#security-filtering). The path itself is still exposed to the documentation viewer but they will not know which operations and parameters are available. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | $ref | `string` | Allows for a referenced definition of this path item. The value MUST be in the form of a URI, and the referenced structure MUST be in the form of a [Path Item Object](#path-item-object). In case a Path Item Object field appears both in the defined object and the referenced object, the behavior is undefined. See the rules for resolving [Relative References](#relative-references-in-api-description-uris).

_**Note:** The behavior of `$ref` with adjacent properties is likely to change in future versions of this specification to bring it into closer alignment with the behavior of the [Reference Object](#reference-object)._ | | summary | `string` | An optional string summary, intended to apply to all operations in this path. | | description | `string` | An optional string description, intended to apply to all operations in this path. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | get | [Operation Object](#operation-object) | A definition of a GET operation on this path. | | put | [Operation Object](#operation-object) | A definition of a PUT operation on this path. | | post | [Operation Object](#operation-object) | A definition of a POST operation on this path. | | delete | [Operation Object](#operation-object) | A definition of a DELETE operation on this path. | | options | [Operation Object](#operation-object) | A definition of a OPTIONS operation on this path. | | head | [Operation Object](#operation-object) | A definition of a HEAD operation on this path. | | patch | [Operation Object](#operation-object) | A definition of a PATCH operation on this path. | | trace | [Operation Object](#operation-object) | A definition of a TRACE operation on this path. | | servers | [[Server Object](#server-object)] | An alternative `servers` array to service all operations in this path. If a `servers` array is specified at the [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | | parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined in the [OpenAPI Object's `components.parameters`](#components-parameters). | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Path Item Object Example ```json { "get": { "description": "Returns pets based on ID", "summary": "Find pets by ID", "operationId": "getPetsById", "responses": { "200": { "description": "pet response", "content": { "*/*": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/Pet" } } } } }, "default": { "description": "error payload", "content": { "text/html": { "schema": { "$ref": "#/components/schemas/ErrorModel" } } } } } }, "parameters": [ { "name": "id", "in": "path", "description": "ID of pet to use", "required": true, "schema": { "type": "array", "items": { "type": "string" } }, "style": "simple" } ] } ``` ```yaml get: description: Returns pets based on ID summary: Find pets by ID operationId: getPetsById responses: '200': description: pet response content: '*/*': schema: type: array items: $ref: '#/components/schemas/Pet' default: description: error payload content: text/html: schema: $ref: '#/components/schemas/ErrorModel' parameters: - name: id in: path description: ID of pet to use required: true schema: type: array items: type: string style: simple ``` #### Operation Object Describes a single API operation on a path. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | tags | [`string`] | A list of tags for API documentation control. Tags can be used for logical grouping of operations by resources or any other qualifier. | | summary | `string` | A short summary of what the operation does. | | description | `string` | A verbose explanation of the operation behavior. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this operation. | | operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. The operationId value is **case-sensitive**. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is RECOMMENDED to follow common programming naming conventions. | | parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for this operation. If a parameter is already defined at the [Path Item](#path-item-parameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined in the [OpenAPI Object's `components.parameters`](#components-parameters). | | requestBody | [Request Body Object](#request-body-object) \| [Reference Object](#reference-object) | The request body applicable for this operation. The `requestBody` is fully supported in HTTP methods where the HTTP 1.1 specification [RFC7231](https://tools.ietf.org/html/rfc7231#section-4.3.1) has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague (such as [GET](https://tools.ietf.org/html/rfc7231#section-4.3.1), [HEAD](https://tools.ietf.org/html/rfc7231#section-4.3.2) and [DELETE](https://tools.ietf.org/html/rfc7231#section-4.3.5)), `requestBody` is permitted but does not have well-defined semantics and SHOULD be avoided if possible. | | responses | [Responses Object](#responses-object) | The list of possible responses as they are returned from executing this operation. | | callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callback-object) that describes a request that may be initiated by the API provider and the expected responses. | | deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. | | security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. To make security optional, an empty security requirement (`{}`) can be included in the array. This definition overrides any declared top-level [`security`](#oas-security). To remove a top-level security declaration, an empty array can be used. | | servers | [[Server Object](#server-object)] | An alternative `servers` array to service this operation. If a `servers` array is specified at the [Path Item Object](#path-item-servers) or [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Operation Object Example ```json { "tags": ["pet"], "summary": "Updates a pet in the store with form data", "operationId": "updatePetWithForm", "parameters": [ { "name": "petId", "in": "path", "description": "ID of pet that needs to be updated", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/x-www-form-urlencoded": { "schema": { "type": "object", "properties": { "name": { "description": "Updated name of the pet", "type": "string" }, "status": { "description": "Updated status of the pet", "type": "string" } }, "required": ["status"] } } } }, "responses": { "200": { "description": "Pet updated.", "content": { "application/json": {}, "application/xml": {} } }, "405": { "description": "Method Not Allowed", "content": { "application/json": {}, "application/xml": {} } } }, "security": [ { "petstore_auth": ["write:pets", "read:pets"] } ] } ``` ```yaml tags: - pet summary: Updates a pet in the store with form data operationId: updatePetWithForm parameters: - name: petId in: path description: ID of pet that needs to be updated required: true schema: type: string requestBody: content: application/x-www-form-urlencoded: schema: type: object properties: name: description: Updated name of the pet type: string status: description: Updated status of the pet type: string required: - status responses: '200': description: Pet updated. content: application/json: {} application/xml: {} '405': description: Method Not Allowed content: application/json: {} application/xml: {} security: - petstore_auth: - write:pets - read:pets ``` #### External Documentation Object Allows referencing an external resource for extended documentation. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | description | `string` | A description of the target documentation. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | url | `string` | **REQUIRED**. The URI for the target documentation. This MUST be in the form of a URI. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### External Documentation Object Example ```json { "description": "Find more info here", "url": "https://example.com" } ``` ```yaml description: Find more info here url: https://example.com ``` #### Parameter Object Describes a single operation parameter. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detailed examination of percent-encoding concerns, including interactions with the `application/x-www-form-urlencoded` query string format. ##### Parameter Locations There are four possible parameter locations specified by the `in` field: * path - Used together with [Path Templating](#path-templating), where the parameter value is actually part of the operation's URL. This does not include the host or base path of the API. For example, in `/items/{itemId}`, the path parameter is `itemId`. * query - Parameters that are appended to the URL. For example, in `/items?id=###`, the query parameter is `id`. * header - Custom headers that are expected as part of the request. Note that [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. * cookie - Used to pass a specific cookie value to the API. ##### Fixed Fields The rules for serialization of the parameter are specified in one of two ways. Parameter Objects MUST include either a `content` field or a `schema` field, but not both. See [Appendix B](#appendix-b-data-type-conversion) for a discussion of converting values of various types to string representations. ###### Common Fixed Fields These fields MAY be used with either `content` or `schema`. | Field Name | Type | Description | | ---- | :----: | ---- | | name | `string` | **REQUIRED**. The name of the parameter. Parameter names are _case sensitive_.
  • If [`in`](#parameter-in) is `"path"`, the `name` field MUST correspond to a template expression occurring within the [path](#paths-path) field in the [Paths Object](#paths-object). See [Path Templating](#path-templating) for further information.
  • If [`in`](#parameter-in) is `"header"` and the `name` field is `"Accept"`, `"Content-Type"` or `"Authorization"`, the parameter definition SHALL be ignored.
  • For all other cases, the `name` corresponds to the parameter name used by the [`in`](#parameter-in) field.
| | in | `string` | **REQUIRED**. The location of the parameter. Possible values are `"query"`, `"header"`, `"path"` or `"cookie"`. | | description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameter-in) is `"path"`, this field is **REQUIRED** and its value MUST be `true`. Otherwise, the field MAY be included and its default value is `false`. | | deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | | allowEmptyValue | `boolean` | If `true`, clients MAY pass a zero-length string value in place of parameters that would otherwise be omitted entirely, which the server SHOULD interpret as the parameter being unused. Default value is `false`. If [`style`](#parameter-style) is used, and if [behavior is _n/a_ (cannot be serialized)](#style-examples), the value of `allowEmptyValue` SHALL be ignored. Interactions between this field and the parameter's [Schema Object](#schema-object) are implementation-defined. This field is valid only for `query` parameters. Use of this field is NOT RECOMMENDED, and it is likely to be removed in a later revision. | This object MAY be extended with [Specification Extensions](#specification-extensions). Note that while `"Cookie"` as a `name` is not forbidden if `in` is `"header"`, the effect of defining a cookie parameter that way is undefined; use `in: "cookie"` instead. ###### Fixed Fields for use with `schema` For simpler scenarios, a [`schema`](#parameter-schema) and [`style`](#parameter-style) can describe the structure and syntax of the parameter. When `example` or `examples` are provided in conjunction with the `schema` field, the example SHOULD match the specified schema and follow the prescribed serialization strategy for the parameter. The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. Serializing with `schema` is NOT RECOMMENDED for `in: "cookie"` parameters, `in: "header"` parameters that use HTTP header parameters (name=value pairs following a `;`) in their values, or `in: "header"` parameters where values might have non-URL-safe characters; see [Appendix D](#appendix-d-serializing-headers-and-cookies) for details. | Field Name | Type | Description | | ---- | :----: | ---- | | style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `"query"` - `"form"`; for `"path"` - `"simple"`; for `"header"` - `"simple"`; for `"cookie"` - `"form"`. | | explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this field has no effect. When [`style`](#parameter-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. | | allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-based-serialization) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. This field only applies to parameters with an `in` value of `query`. The default value is `false`. | | schema | [Schema Object](#schema-object) | The schema defining the type used for the parameter. | | example | Any | Example of the parameter's potential value; see [Working With Examples](#working-with-examples). | | examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the parameter's potential value; see [Working With Examples](#working-with-examples). | See also [Appendix C: Using RFC6570-Based Serialization](#appendix-c-using-rfc6570-based-serialization) for additional guidance. ###### Fixed Fields for use with `content` For more complex scenarios, the [`content`](#parameter-content) field can define the media type and schema of the parameter, as well as give examples of its use. Using `content` with a `text/plain` media type is RECOMMENDED for `in: "header"` and `in: "cookie"` parameters where the `schema` strategy is not appropriate. | Field Name | Type | Description | | ---- | :----: | ---- | | content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing the representations for the parameter. The key is the media type and the value describes it. The map MUST only contain one entry. | ##### Style Values In order to support common ways of serializing simple parameters, a set of `style` values are defined. | `style` | [`type`](#data-types) | `in` | Comments | | ---- | ---- | ---- | ---- | | matrix | `primitive`, `array`, `object` | `path` | Path-style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.7) | | label | `primitive`, `array`, `object` | `path` | Label style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.5) | | simple | `primitive`, `array`, `object` | `path`, `header` | Simple style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.2). This option replaces `collectionFormat` with a `csv` value from OpenAPI 2.0. | | form | `primitive`, `array`, `object` | `query`, `cookie` | Form style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.8). This option replaces `collectionFormat` with a `csv` (when `explode` is false) or `multi` (when `explode` is true) value from OpenAPI 2.0. | | spaceDelimited | `array`, `object` | `query` | Space separated array values or object properties and values. This option replaces `collectionFormat` equal to `ssv` from OpenAPI 2.0. | | pipeDelimited | `array`, `object` | `query` | Pipe separated array values or object properties and values. This option replaces `collectionFormat` equal to `pipes` from OpenAPI 2.0. | | deepObject | `object` | `query` | Allows objects with scalar properties to be represented using form parameters. The representation of array or object properties is not defined. | See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a discussion of percent-encoding, including when delimiters need to be percent-encoded and options for handling collisions with percent-encoded data. ##### Style Examples Assume a parameter named `color` has one of the following values: ```js string -> "blue" array -> ["blue", "black", "brown"] object -> { "R": 100, "G": 200, "B": 150 } ``` The following table shows examples, as would be shown with the `example` or `examples` keywords, of the different serializations for each value. * The value _empty_ denotes the empty string, and is unrelated to the `allowEmptyValue` field * The behavior of combinations marked _n/a_ is undefined * The `undefined` column replaces the `empty` column in previous versions of this specification in order to better align with [RFC6570](https://www.rfc-editor.org/rfc/rfc6570.html#section-2.3) terminology, which describes certain values including but not limited to `null` as "undefined" values with special handling; notably, the empty string is _not_ undefined * For `form` and the non-RFC6570 query string styles `spaceDelimited`, `pipeDelimited`, and `deepObject`, each example is shown prefixed with `?` as if it were the only query parameter; see [Appendix C](#appendix-c-using-rfc6570-based-serialization) for more information on constructing query strings from multiple parameters, and [Appendix D](#appendix-d-serializing-headers-and-cookies) for warnings regarding `form` and cookie parameters * Note that the `?` prefix is not appropriate for serializing `application/x-www-form-urlencoded` HTTP message bodies, and MUST be stripped or (if constructing the string manually) not added when used in that context; see the [Encoding Object](#encoding-object) for more information * The examples are percent-encoded as required by RFC6570 and RFC3986; see [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a thorough discussion of percent-encoding concerns, including why unencoded `|` (`%7C`), `[` (`%5B`), and `]` (`%5D`) seem to work in some environments despite not being compliant. | [`style`](#style-values) | `explode` | `undefined` | `string` | `array` | `object` | | ---- | ---- | ---- | ---- | ---- | ---- | | matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 | | matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 | | label | false | . | .blue | .blue,black,brown | .R,100,G,200,B,150 | | label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 | | simple | false | _empty_ | blue | blue,black,brown | R,100,G,200,B,150 | | simple | true | _empty_ | blue | blue,black,brown | R=100,G=200,B=150 | | form | false | ?color= | ?color=blue | ?color=blue,black,brown | ?color=R,100,G,200,B,150 | | form | true | ?color= | ?color=blue | ?color=blue&color=black&color=brown | ?R=100&G=200&B=150 | | spaceDelimited | false | _n/a_ | _n/a_ | ?color=blue%20black%20brown | ?color=R%20100%20G%20200%20B%20150 | | spaceDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | | pipeDelimited | false | _n/a_ | _n/a_ | ?color=blue%7Cblack%7Cbrown | ?color=R%7C100%7CG%7C200%7CB%7C150 | | pipeDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | | deepObject | false | _n/a_ | _n/a_ | _n/a_ | _n/a_ | | deepObject | true | _n/a_ | _n/a_ | _n/a_ | ?color%5BR%5D=100&color%5BG%5D=200&color%5BB%5D=150 | ##### Parameter Object Examples A header parameter with an array of 64-bit integer numbers: ```json { "name": "token", "in": "header", "description": "token to be passed as a header", "required": true, "schema": { "type": "array", "items": { "type": "integer", "format": "int64" } }, "style": "simple" } ``` ```yaml name: token in: header description: token to be passed as a header required: true schema: type: array items: type: integer format: int64 style: simple ``` A path parameter of a string value: ```json { "name": "username", "in": "path", "description": "username to fetch", "required": true, "schema": { "type": "string" } } ``` ```yaml name: username in: path description: username to fetch required: true schema: type: string ``` An optional query parameter of a string value, allowing multiple values by repeating the query parameter: ```json { "name": "id", "in": "query", "description": "ID of the object to fetch", "required": false, "schema": { "type": "array", "items": { "type": "string" } }, "style": "form", "explode": true } ``` ```yaml name: id in: query description: ID of the object to fetch required: false schema: type: array items: type: string style: form explode: true ``` A free-form query parameter, allowing undefined parameters of a specific type: ```json { "in": "query", "name": "freeForm", "schema": { "type": "object", "additionalProperties": { "type": "integer" } }, "style": "form" } ``` ```yaml in: query name: freeForm schema: type: object additionalProperties: type: integer style: form ``` A complex parameter using `content` to define serialization: ```json { "in": "query", "name": "coordinates", "content": { "application/json": { "schema": { "type": "object", "required": ["lat", "long"], "properties": { "lat": { "type": "number" }, "long": { "type": "number" } } } } } } ``` ```yaml in: query name: coordinates content: application/json: schema: type: object required: - lat - long properties: lat: type: number long: type: number ``` #### Request Body Object Describes a single request body. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | description | `string` | A brief description of the request body. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | content | Map[`string`, [Media Type Object](#media-type-object)] | **REQUIRED**. The content of the request body. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For requests that match multiple keys, only the most specific key is applicable. e.g. `"text/plain"` overrides `"text/*"` | | required | `boolean` | Determines if the request body is required in the request. Defaults to `false`. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Request Body Examples A request body with a referenced schema definition. ```json { "description": "user to add to the system", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/User" }, "examples": { "user": { "summary": "User Example", "externalValue": "https://foo.bar/examples/user-example.json" } } }, "application/xml": { "schema": { "$ref": "#/components/schemas/User" }, "examples": { "user": { "summary": "User example in XML", "externalValue": "https://foo.bar/examples/user-example.xml" } } }, "text/plain": { "examples": { "user": { "summary": "User example in Plain text", "externalValue": "https://foo.bar/examples/user-example.txt" } } }, "*/*": { "examples": { "user": { "summary": "User example in other format", "externalValue": "https://foo.bar/examples/user-example.whatever" } } } } } ``` ```yaml description: user to add to the system content: application/json: schema: $ref: '#/components/schemas/User' examples: user: summary: User example externalValue: https://foo.bar/examples/user-example.json application/xml: schema: $ref: '#/components/schemas/User' examples: user: summary: User example in XML externalValue: https://foo.bar/examples/user-example.xml text/plain: examples: user: summary: User example in plain text externalValue: https://foo.bar/examples/user-example.txt '*/*': examples: user: summary: User example in other format externalValue: https://foo.bar/examples/user-example.whatever ``` #### Media Type Object Each Media Type Object provides schema and examples for the media type identified by its key. When `example` or `examples` are provided, the example SHOULD match the specified schema and be in the correct format as specified by the media type and its encoding. The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. See [Working With Examples](#working-with-examples) for further guidance regarding the different ways of specifying examples, including non-JSON/YAML values. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | schema | [Schema Object](#schema-object) | The schema defining the content of the request, response, parameter, or header. | | example | Any | Example of the media type; see [Working With Examples](#working-with-examples). | | examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the media type; see [Working With Examples](#working-with-examples). | | encoding | Map[`string`, [Encoding Object](#encoding-object)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The `encoding` field SHALL only apply to [Request Body Objects](#request-body-object), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Media Type Examples ```json { "application/json": { "schema": { "$ref": "#/components/schemas/Pet" }, "examples": { "cat": { "summary": "An example of a cat", "value": { "name": "Fluffy", "petType": "Cat", "color": "White", "gender": "male", "breed": "Persian" } }, "dog": { "summary": "An example of a dog with a cat's name", "value": { "name": "Puma", "petType": "Dog", "color": "Black", "gender": "Female", "breed": "Mixed" } }, "frog": { "$ref": "#/components/examples/frog-example" } } } } ``` ```yaml application/json: schema: $ref: '#/components/schemas/Pet' examples: cat: summary: An example of a cat value: name: Fluffy petType: Cat color: White gender: male breed: Persian dog: summary: An example of a dog with a cat's name value: name: Puma petType: Dog color: Black gender: Female breed: Mixed frog: $ref: '#/components/examples/frog-example' ``` ##### Considerations for File Uploads In contrast to OpenAPI 2.0, `file` input/output content in OAS 3.x is described with the same semantics as any other schema type. In contrast to OAS 3.0, the `format` keyword has no effect on the content-encoding of the schema in OAS 3.1. Instead, JSON Schema's `contentEncoding` and `contentMediaType` keywords are used. See [Working With Binary Data](#working-with-binary-data) for how to model various scenarios with these keywords, and how to migrate from the previous `format` usage. Examples: Content transferred in binary (octet-stream) MAY omit `schema`: ```yaml # a PNG image as a binary file: content: image/png: {} ``` ```yaml # an arbitrary binary file: content: application/octet-stream: {} ``` ```yaml # arbitrary JSON without constraints beyond being syntactically valid: content: application/json: {} ``` These examples apply to either input payloads of file uploads or response payloads. A `requestBody` for submitting a file in a `POST` operation may look like the following example: ```yaml requestBody: content: application/octet-stream: {} ``` In addition, specific media types MAY be specified: ```yaml # multiple, specific media types may be specified: requestBody: content: # a binary file of type png or jpeg image/jpeg: {} image/png: {} ``` To upload multiple files, a `multipart` media type MUST be used as shown under [Example: Multipart Form with Multiple Files](#example-multipart-form-with-multiple-files). ##### Support for x-www-form-urlencoded Request Bodies See [Encoding the `x-www-form-urlencoded` Media Type](#encoding-the-x-www-form-urlencoded-media-type) for guidance and examples, both with and without the `encoding` field. ##### Special Considerations for `multipart` Content See [Encoding `multipart` Media Types](#encoding-multipart-media-types) for further guidance and examples, both with and without the `encoding` field. #### Encoding Object A single encoding definition applied to a single schema property. See [Appendix B](#appendix-b-data-type-conversion) for a discussion of converting values of various types to string representations. Properties are correlated with `multipart` parts using the [`name` parameter](https://www.rfc-editor.org/rfc/rfc7578#section-4.2) of `Content-Disposition: form-data`, and with `application/x-www-form-urlencoded` using the query string parameter names. In both cases, their order is implementation-defined. See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detailed examination of percent-encoding concerns for form media types. ##### Fixed Fields ###### Common Fixed Fields These fields MAY be used either with or without the RFC6570-style serialization fields defined in the next section below. | Field Name | Type | Description | | ---- | :----: | ---- | | contentType | `string` | The `Content-Type` for encoding a specific property. The value is a comma-separated list, each element of which is either a specific media type (e.g. `image/png`) or a wildcard media type (e.g. `image/*`). Default value depends on the property type as shown in the table below. | | headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | A map allowing additional information to be provided as headers. `Content-Type` is described separately and SHALL be ignored in this section. This field SHALL be ignored if the request body media type is not a `multipart`. | This object MAY be extended with [Specification Extensions](#specification-extensions). The default values for `contentType` are as follows, where an _n/a_ in the `contentEncoding` column means that the presence or value of `contentEncoding` is irrelevant: | `type` | `contentEncoding` | Default `contentType` | | ---- | ---- | ---- | | [_absent_](#working-with-binary-data) | _n/a_ | `application/octet-stream` | | `string` | _present_ | `application/octet-stream` | | `string` | _absent_ | `text/plain` | | `number`, `integer`, or `boolean` | _n/a_ | `text/plain` | | `object` | _n/a_ | `application/json` | | `array` | _n/a_ | according to the `type` of the `items` schema | Determining how to handle a `type` value of `null` depends on how `null` values are being serialized. If `null` values are entirely omitted, then the `contentType` is irrelevant. See [Appendix B](#appendix-b-data-type-conversion) for a discussion of data type conversion options. ###### Fixed Fields for RFC6570-style Serialization | Field Name | Type | Description | | ---- | :----: | ---- | | style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameter-object) for details on the [`style`](#parameter-style) field. The behavior follows the same values as `query` parameters, including default values. Note that the initial `?` used in query strings is not used in `application/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded` or `multipart/form-data`. If a value is explicitly defined, then the value of [`contentType`](#encoding-content-type) (implicit or explicit) SHALL be ignored. | | explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this field has no effect. When [`style`](#encoding-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded` or `multipart/form-data`. If a value is explicitly defined, then the value of [`contentType`](#encoding-content-type) (implicit or explicit) SHALL be ignored. | | allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see Appendices [C](#appendix-c-using-rfc6570-based-serialization) and [E](#appendix-e-percent-encoding-and-form-media-types) for details. The default value is `false`. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded` or `multipart/form-data`. If a value is explicitly defined, then the value of [`contentType`](#encoding-content-type) (implicit or explicit) SHALL be ignored. | See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-based-serialization) for additional guidance, including on difficulties caused by the interaction between RFC6570's percent-encoding rules and the `multipart/form-data` media type. Note that the presence of at least one of `style`, `explode`, or `allowReserved` with an explicit value is equivalent to using `schema` with `in: "query"` Parameter Objects. The absence of all three of those fields is the equivalent of using `content`, but with the media type specified in `contentType` rather than through a Media Type Object. ##### Encoding the `x-www-form-urlencoded` Media Type To submit content using form url encoding via [RFC1866](https://tools.ietf.org/html/rfc1866), use the `application/x-www-form-urlencoded` media type in the [Media Type Object](#media-type-object) under the [Request Body Object](#request-body-object). This configuration means that the request body MUST be encoded per [RFC1866](https://tools.ietf.org/html/rfc1866) when passed to the server, after any complex objects have been serialized to a string representation. See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detailed examination of percent-encoding concerns for form media types. ###### Example: URL Encoded Form with JSON Values When there is no [`encoding`](#media-type-encoding) field, the serialization strategy is based on the Encoding Object's default values: ```yaml requestBody: content: application/x-www-form-urlencoded: schema: type: object properties: id: type: string format: uuid address: # complex types are stringified to support RFC 1866 type: object properties: {} ``` With this example, consider an `id` of `f81d4fae-7dec-11d0-a765-00a0c91e6bf6` and a US-style address (with ZIP+4) as follows: ```json { "streetAddress": "123 Example Dr.", "city": "Somewhere", "state": "CA", "zip": "99999+1234" } ``` Assuming the most compact representation of the JSON value (with unnecessary whitespace removed), we would expect to see the following request body, where space characters have been replaced with `+` and `+`, `"`, `{`, and `}` have been percent-encoded to `%2B`, `%22`, `%7B`, and `%7D`, respectively: ```uri id=f81d4fae-7dec-11d0-a765-00a0c91e6bf6&address=%7B%22streetAddress%22:%22123+Example+Dr.%22,%22city%22:%22Somewhere%22,%22state%22:%22CA%22,%22zip%22:%2299999%2B1234%22%7D ``` Note that the `id` keyword is treated as `text/plain` per the [Encoding Object](#encoding-object)'s default behavior, and is serialized as-is. If it were treated as `application/json`, then the serialized value would be a JSON string including quotation marks, which would be percent-encoded as `%22`. Here is the `id` parameter (without `address`) serialized as `application/json` instead of `text/plain`, and then encoded per RFC1866: ```uri id=%22f81d4fae-7dec-11d0-a765-00a0c91e6bf6%22 ``` ###### Example: URL Encoded Form with Binary Values Note that `application/x-www-form-urlencoded` is a text format, which requires base64-encoding any binary data: ```YAML requestBody: content: application/x-www-form-urlencoded: schema: type: object properties: name: type: string icon: # The default with "contentEncoding" is application/octet-stream, # so we need to set image media type(s) in the Encoding Object. type: string contentEncoding: base64url encoding: icon: contentType: image/png, image/jpeg ``` Given a name of `example` and a solid red 2x2-pixel PNG for `icon`, this would produce a request body of: ```uri name=example&icon=iVBORw0KGgoAAAANSUhEUgAAAAIAAAACCAIAAAD91JpzAAAABGdBTUEAALGPC_xhBQAAADhlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAAqACAAQAAAABAAAAAqADAAQAAAABAAAAAgAAAADO0J6QAAAAEElEQVQIHWP8zwACTGCSAQANHQEDqtPptQAAAABJRU5ErkJggg%3D%3D ``` Note that the `=` padding characters at the end need to be percent-encoded, even with the "URL safe" `contentEncoding: base64url`. Some base64-decoding implementations may be able to use the string without the padding per [RFC4648](https://datatracker.ietf.org/doc/html/rfc4648#section-3.2). However, this is not guaranteed, so it may be more interoperable to keep the padding and rely on percent-decoding. ##### Encoding `multipart` Media Types It is common to use `multipart/form-data` as a `Content-Type` when transferring forms as request bodies. In contrast to OpenAPI 2.0, a `schema` is REQUIRED to define the input parameters to the operation when using `multipart` content. This supports complex structures as well as supporting mechanisms for multiple file uploads. The `form-data` disposition and its `name` parameter are mandatory for `multipart/form-data` ([RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.2)). Array properties are handled by applying the same `name` to multiple parts, as is recommended by [RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.3) for supplying multiple values per form field. See [RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-5) for guidance regarding non-ASCII part names. Various other `multipart` types, most notable `multipart/mixed` ([RFC2046](https://www.rfc-editor.org/rfc/rfc2046.html#section-5.1.3)) neither require nor forbid specific `Content-Disposition` values, which means care must be taken to ensure that any values used are supported by all relevant software. It is not currently possible to correlate schema properties with unnamed, ordered parts in media types such as `multipart/mixed`, but implementations MAY choose to support such types when `Content-Disposition: form-data` is used with a `name` parameter. Note that there are significant restrictions on what headers can be used with `multipart` media types in general ([RFC2046](https://www.rfc-editor.org/rfc/rfc2046.html#section-5.1)) and `multi-part/form-data` in particular ([RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.8)). Note also that `Content-Transfer-Encoding` is deprecated for `multipart/form-data` ([RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.7)) where binary data is supported, as it is in HTTP. +Using `contentEncoding` for a multipart field is equivalent to specifying an [Encoding Object](#encoding-object) with a `headers` field containing `Content-Transfer-Encoding` with a schema that requires the value used in `contentEncoding`. +If `contentEncoding` is used for a multipart field that has an Encoding Object with a `headers` field containing `Content-Transfer-Encoding` with a schema that disallows the value from `contentEncoding`, the result is undefined for serialization and parsing. Note that as stated in [Working with Binary Data](#working-with-binary-data), if the Encoding Object's `contentType`, whether set explicitly or implicitly through its default value rules, disagrees with the `contentMediaType` in a Schema Object, the `contentMediaType` SHALL be ignored. Because of this, and because the Encoding Object's `contentType` defaulting rules do not take the Schema Object's`contentMediaType` into account, the use of `contentMediaType` with an Encoding Object is NOT RECOMMENDED. See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detailed examination of percent-encoding concerns for form media types. ###### Example: Basic Multipart Form When the `encoding` field is _not_ used, the encoding is determined by the Encoding Object's defaults: ```yaml requestBody: content: multipart/form-data: schema: type: object properties: id: # default for primitives without a special format is text/plain type: string format: uuid profileImage: # default for string with binary format is `application/octet-stream` type: string format: binary addresses: # default for arrays is based on the type in the `items` # subschema, which is an object, so `application/json` type: array items: $ref: '#/components/schemas/Address' ``` ###### Example: Multipart Form with Encoding Objects Using `encoding`, we can set more specific types for binary data, or non-JSON formats for complex values. We can also describe headers for each part: ```yaml requestBody: content: multipart/form-data: schema: type: object properties: id: # default is `text/plain` type: string format: uuid addresses: # default based on the `items` subschema would be # `application/json`, but we want these address objects # serialized as `application/xml` instead description: addresses in XML format type: array items: $ref: '#/components/schemas/Address' profileImage: # default is application/octet-stream, but we can declare # a more specific image type or types type: string format: binary encoding: addresses: # require XML Content-Type in utf-8 encoding # This is applied to each address part corresponding # to each address in he array contentType: application/xml; charset=utf-8 profileImage: # only accept png or jpeg contentType: image/png, image/jpeg headers: X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: integer ``` ###### Example: Multipart Form with Multiple Files In accordance with [RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.3), multiple files for a single form field are uploaded using the same name (`file` in this example) for each file's part: ```yaml requestBody: content: multipart/form-data: schema: properties: # The property name 'file' will be used for all files. file: type: array items: {} ``` As seen in the [Encoding Object's `contentType` field documentation](#encoding-content-type), the empty schema for `items` indicates a media type of `application/octet-stream`. #### Responses Object A container for the expected responses of an operation. The container maps a HTTP response code to the expected response. The documentation is not necessarily expected to cover all possible HTTP response codes because they may not be known in advance. However, documentation is expected to cover a successful operation response and any known errors. The `default` MAY be used as a default Response Object for all HTTP codes that are not covered individually by the Responses Object. The Responses Object MUST contain at least one response code, and if only one response code is provided it SHOULD be the response for a successful operation call. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | default | [Response Object](#response-object) \| [Reference Object](#reference-object) | The documentation of responses other than the ones declared for specific HTTP response codes. Use this field to cover undeclared responses. | ##### Patterned Fields | Field Pattern | Type | Description | | ---- | :----: | ---- | | [HTTP Status Code](#http-status-codes) | [Response Object](#response-object) \| [Reference Object](#reference-object) | Any [HTTP status code](#http-status-codes) can be used as the property name, but only one property per code, to describe the expected response for that HTTP status code. This field MUST be enclosed in quotation marks (for example, "200") for compatibility between JSON and YAML. To define a range of response codes, this field MAY contain the uppercase wildcard character `X`. For example, `2XX` represents all response codes between `200` and `299`. Only the following range definitions are allowed: `1XX`, `2XX`, `3XX`, `4XX`, and `5XX`. If a response is defined using an explicit code, the explicit code definition takes precedence over the range definition for that code. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Responses Object Example A 200 response for a successful operation and a default response for others (implying an error): ```json { "200": { "description": "a pet to be returned", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Pet" } } } }, "default": { "description": "Unexpected error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorModel" } } } } } ``` ```yaml '200': description: a pet to be returned content: application/json: schema: $ref: '#/components/schemas/Pet' default: description: Unexpected error content: application/json: schema: $ref: '#/components/schemas/ErrorModel' ``` #### Response Object Describes a single response from an API operation, including design-time, static `links` to operations based on the response. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | description | `string` | **REQUIRED**. A description of the response. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. | | content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing descriptions of potential response payloads. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For responses that match multiple keys, only the most specific key is applicable. e.g. `"text/plain"` overrides `"text/*"` | | links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#components-object). | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Response Object Examples Response of an array of a complex type: ```json { "description": "A complex object array response", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/VeryComplexType" } } } } } ``` ```yaml description: A complex object array response content: application/json: schema: type: array items: $ref: '#/components/schemas/VeryComplexType' ``` Response with a string type: ```json { "description": "A simple string response", "content": { "text/plain": { "schema": { "type": "string" } } } } ``` ```yaml description: A simple string response content: text/plain: schema: type: string ``` Plain text response with headers: ```json { "description": "A simple string response", "content": { "text/plain": { "schema": { "type": "string" }, "example": "whoa!" } }, "headers": { "X-Rate-Limit-Limit": { "description": "The number of allowed requests in the current period", "schema": { "type": "integer" } }, "X-Rate-Limit-Remaining": { "description": "The number of remaining requests in the current period", "schema": { "type": "integer" } }, "X-Rate-Limit-Reset": { "description": "The number of seconds left in the current period", "schema": { "type": "integer" } } } } ``` ```yaml description: A simple string response content: text/plain: schema: type: string example: 'whoa!' headers: X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: integer X-Rate-Limit-Remaining: description: The number of remaining requests in the current period schema: type: integer X-Rate-Limit-Reset: description: The number of seconds left in the current period schema: type: integer ``` Response with no return value: ```json { "description": "object created" } ``` ```yaml description: object created ``` #### Callback Object A map of possible out-of band callbacks related to the parent operation. Each value in the map is a [Path Item Object](#path-item-object) that describes a set of requests that may be initiated by the API provider and the expected responses. The key value used to identify the Path Item Object is an expression, evaluated at runtime, that identifies a URL to use for the callback operation. To describe incoming requests from the API provider independent from another API call, use the [`webhooks`](#oas-webhooks) field. ##### Patterned Fields | Field Pattern | Type | Description | | ---- | :----: | ---- | | {expression} | [Path Item Object](#path-item-object) | A Path Item Object used to define a callback request and expected responses. A [complete example](https://learn.openapis.org/examples/v3.0/callback-example.html) is available. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Key Expression The key that identifies the [Path Item Object](#path-item-object) is a [runtime expression](#runtime-expressions) that can be evaluated in the context of a runtime HTTP request/response to identify the URL to be used for the callback request. A simple example might be `$request.body#/url`. However, using a [runtime expression](#runtime-expressions) the complete HTTP message can be accessed. This includes accessing any part of a body that a JSON Pointer [RFC6901](https://tools.ietf.org/html/rfc6901) can reference. For example, given the following HTTP request: ```http POST /subscribe/myevent?queryUrl=https://clientdomain.com/stillrunning HTTP/1.1 Host: example.org Content-Type: application/json Content-Length: 188 { "failedUrl": "https://clientdomain.com/failed", "successUrls": [ "https://clientdomain.com/fast", "https://clientdomain.com/medium", "https://clientdomain.com/slow" ] } ``` resulting in: ```http 201 Created Location: https://example.org/subscription/1 ``` The following examples show how the various expressions evaluate, assuming the callback operation has a path parameter named `eventType` and a query parameter named `queryUrl`. | Expression | Value | | ---- | :---- | | $url | | | $method | POST | | $request.path.eventType | myevent | | $request.query.queryUrl | | | $request.header.content-type | application/json | | $request.body#/failedUrl | | | $request.body#/successUrls/1 | | | $response.header.Location | | ##### Callback Object Examples The following example uses the user provided `queryUrl` query string parameter to define the callback URL. This is similar to a [webhook](#oas-webhooks), but differs in that the callback only occurs because of the initial request that sent the `queryUrl`. ```yaml myCallback: '{$request.query.queryUrl}': post: requestBody: description: Callback payload content: application/json: schema: $ref: '#/components/schemas/SomePayload' responses: '200': description: callback successfully processed ``` The following example shows a callback where the server is hard-coded, but the query string parameters are populated from the `id` and `email` property in the request body. ```yaml transactionCallback: 'http://notificationServer.com?transactionId={$request.body#/id}&email={$request.body#/email}': post: requestBody: description: Callback payload content: application/json: schema: $ref: '#/components/schemas/SomePayload' responses: '200': description: callback successfully processed ``` #### Example Object An object grouping an internal or external example value with basic `summary` and `description` metadata. This object is typically used in fields named `examples` (plural), and is a [referenceable](#reference-object) alternative to older `example` (singular) fields that do not support referencing or metadata. Examples allow demonstration of the usage of properties, parameters and objects within OpenAPI. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | summary | `string` | Short description for the example. | | description | `string` | Long description for the example. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | value | Any | Embedded literal example. The `value` field and `externalValue` field are mutually exclusive. To represent examples of media types that cannot naturally represented in JSON or YAML, use a string value to contain the example, escaping where necessary. | | externalValue | `string` | A URI that identifies the literal example. This provides the capability to reference examples that cannot easily be included in JSON or YAML documents. The `value` field and `externalValue` field are mutually exclusive. See the rules for resolving [Relative References](#relative-references-in-api-description-uris). | This object MAY be extended with [Specification Extensions](#specification-extensions). In all cases, the example value SHOULD be compatible with the schema of its associated value. Tooling implementations MAY choose to validate compatibility automatically, and reject the example value(s) if incompatible. ##### Working with Examples Example Objects can be used in both [Parameter Objects](#parameter-object) and [Media Type Objects](#media-type-object). In both Objects, this is done through the `examples` (plural) field. However, there are several other ways to provide examples: The `example` (singular) field that is mutually exclusive with `examples` in both Objects, and two keywords (the deprecated singular `example` and the current plural `examples`, which takes an array of examples) in the [Schema Object](#schema-object) that appears in the `schema` field of both Objects. Each of these fields has slightly different considerations. The Schema Object's fields are used to show example values without regard to how they might be formatted as parameters or within media type representations. The `examples` array is part of JSON Schema and is the preferred way to include examples in the Schema Object, while `example` is retained purely for compatibility with older versions of the OpenAPI Specification. The mutually exclusive fields in the Parameter or Media Type Objects are used to show example values which SHOULD both match the schema and be formatted as they would appear as a serialized parameter or within a media type representation. The exact serialization and encoding is determined by various fields in the Parameter Object, or in the Media Type Object's [Encoding Object](#encoding-object). Because examples using these fields represent the final serialized form of the data, they SHALL _override_ any `example` in the corresponding Schema Object. The singular `example` field in the Parameter or Media Type Object is concise and convenient for simple examples, but does not offer any other advantages over using Example Objects under `examples`. Some examples cannot be represented directly in JSON or YAML. For all three ways of providing examples, these can be shown as string values with any escaping necessary to make the string valid in the JSON or YAML format of documents that comprise the OpenAPI Description. With the Example Object, such values can alternatively be handled through the `externalValue` field. ##### Example Object Examples In a request body: ```yaml requestBody: content: 'application/json': schema: $ref: '#/components/schemas/Address' examples: foo: summary: A foo example value: foo: bar bar: summary: A bar example value: bar: baz application/xml: examples: xmlExample: summary: This is an example in XML externalValue: https://example.org/examples/address-example.xml text/plain: examples: textExample: summary: This is a text example externalValue: https://foo.bar/examples/address-example.txt ``` In a parameter: ```yaml parameters: - name: zipCode in: query schema: type: string format: zip-code examples: zip-example: $ref: '#/components/examples/zip-example' ``` In a response: ```yaml responses: '200': description: your car appointment has been booked content: application/json: schema: $ref: '#/components/schemas/SuccessResponse' examples: confirmation-success: $ref: '#/components/examples/confirmation-success' ``` Two different uses of JSON strings: First, a request or response body that is just a JSON string (not an object containing a string): ```json "application/json": { "schema": { "type": "string" }, "examples": { "jsonBody": { "description": "A body of just the JSON string \"json\"", "value": "json" } } } ``` ```yaml application/json: schema: type: string examples: jsonBody: description: 'A body of just the JSON string "json"' value: json ``` In the above example, we can just show the JSON string (or any JSON value) as-is, rather than stuffing a serialized JSON value into a JSON string, which would have looked like `"\"json\""`. In contrast, a JSON string encoded inside of a URL-style form body: ```json "application/x-www-form-urlencoded": { "schema": { "type": "object", "properties": { "jsonValue": { "type": "string" } } }, "encoding": { "jsonValue": { "contentType": "application/json" } }, "examples": { "jsonFormValue": { "description": "The JSON string \"json\" as a form value", "value": "jsonValue=%22json%22" } } } ``` ```yaml application/x-www-form-urlencoded: schema: type: object properties: jsonValue: type: string encoding: jsonValue: contentType: application/json examples: jsonFormValue: description: 'The JSON string "json" as a form value' value: jsonValue=%22json%22 ``` In this example, the JSON string had to be serialized before encoding it into the URL form value, so the example includes the quotation marks that are part of the JSON serialization, which are then URL percent-encoded. #### Link Object The Link Object represents a possible design-time link for a response. The presence of a link does not guarantee the caller's ability to successfully invoke it, rather it provides a known relationship and traversal mechanism between responses and other operations. Unlike _dynamic_ links (i.e. links provided **in** the response payload), the OAS linking mechanism does not require link information in the runtime response. For computing links and providing instructions to execute them, a [runtime expression](#runtime-expressions) is used for accessing values in an operation and using them as parameters while invoking the linked operation. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | operationRef | `string` | A URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operation-object). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operation-object) in the OpenAPI Description. | | operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. | | parameters | Map[`string`, Any \| [{expression}](#runtime-expressions)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used (optionally qualified with the parameter location, e.g. `path.id` for an `id` parameter in the path), whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. | | requestBody | Any \| [{expression}](#runtime-expressions) | A literal value or [{expression}](#runtime-expressions) to use as a request body when calling the target operation. | | description | `string` | A description of the link. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | server | [Server Object](#server-object) | A server object to be used by the target operation. | This object MAY be extended with [Specification Extensions](#specification-extensions). A linked operation MUST be identified using either an `operationRef` or `operationId`. The identified or reference operation MUST be unique, and in the case of an `operationId`, it MUST be resolved within the scope of the OpenAPI Description (OAD). Because of the potential for name clashes, the `operationRef` syntax is preferred for multi-document OADs. However, because use of an operation depends on its URL path template in the [Paths Object](#paths-object), operations from any [Path Item Object](#path-item-object) that is referenced multiple times within the OAD cannot be resolved unambiguously. In such ambiguous cases, the resulting behavior is implementation-defined and MAY result in an error. Note that it is not possible to provide a constant value to `parameters` that matches the syntax of a runtime expression. It is possible to have ambiguous parameter names, e.g. `name: "id", in: "path"` and `name: "path.id", in: "query"`; this is NOT RECOMMENDED and the behavior is implementation-defined, however implementations SHOULD prefer the qualified interpretation (`path.id` as a path parameter), as the names can always be qualified to disambiguate them (e.g. using `query.path.id` for the query parameter). ##### Examples Computing a link from a request operation where the `$request.path.id` is used to pass a request parameter to the linked operation. ```yaml paths: /users/{id}: parameters: - name: id in: path required: true description: the user identifier, as userId schema: type: string get: responses: '200': description: the user being returned content: application/json: schema: type: object properties: uuid: # the unique user id type: string format: uuid links: address: # the target link operationId operationId: getUserAddress parameters: # get the `id` field from the request path parameter named `id` userid: $request.path.id # the path item of the linked operation /users/{userid}/address: parameters: - name: userid in: path required: true description: the user identifier, as userId schema: type: string # linked operation get: operationId: getUserAddress responses: '200': description: the user's address ``` When a runtime expression fails to evaluate, no parameter value is passed to the target operation. Values from the response body can be used to drive a linked operation. ```yaml links: address: operationId: getUserAddressByUUID parameters: # get the `uuid` field from the `uuid` field in the response body userUuid: $response.body#/uuid ``` Clients follow all links at their discretion. Neither permissions nor the capability to make a successful call to that link is guaranteed solely by the existence of a relationship. ##### `operationRef` Examples As references to `operationId` MAY NOT be possible (the `operationId` is an optional field in an [Operation Object](#operation-object)), references MAY also be made through a relative `operationRef`: ```yaml links: UserRepositories: # returns array of '#/components/schemas/repository' operationRef: '#/paths/~12.0~1repositories~1%7Busername%7D/get' parameters: username: $response.body#/username ``` or a URI `operationRef`: ```yaml links: UserRepositories: # returns array of '#/components/schemas/repository' operationRef: https://na2.gigantic-server.com/#/paths/~12.0~1repositories~1%7Busername%7D/get parameters: username: $response.body#/username ``` Note that in the use of `operationRef` the _escaped forward-slash_ is necessary when using JSON Pointer, and it is necessary to URL-encode `{` and `}` as `%7B` and `%7D`, respectively, when using JSON Pointer as URI fragments. ##### Runtime Expressions Runtime expressions allow defining values based on information that will only be available within the HTTP message in an actual API call. This mechanism is used by [Link Objects](#link-object) and [Callback Objects](#callback-object). The runtime expression is defined by the following [ABNF](https://tools.ietf.org/html/rfc5234) syntax ```abnf expression = "$url" / "$method" / "$statusCode" / "$request." source / "$response." source source = header-reference / query-reference / path-reference / body-reference header-reference = "header." token query-reference = "query." name path-reference = "path." name body-reference = "body" ["#" json-pointer ] json-pointer = *( "/" reference-token ) reference-token = *( unescaped / escaped ) unescaped = %x00-2E / %x30-7D / %x7F-10FFFF ; %x2F ('/') and %x7E ('~') are excluded from 'unescaped' escaped = "~" ( "0" / "1" ) ; representing '~' and '/', respectively name = *( CHAR ) token = 1*tchar tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA ``` Here, `json-pointer` is taken from [RFC6901](https://tools.ietf.org/html/rfc6901), `char` from [RFC7159](https://tools.ietf.org/html/rfc7159#section-7) and `token` from [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2.6). The `name` identifier is case-sensitive, whereas `token` is not. The table below provides examples of runtime expressions and examples of their use in a value: ##### Examples | Source Location | example expression | notes | | ---- | :---- | :---- | | HTTP Method | `$method` | The allowable values for the `$method` will be those for the HTTP operation. | | Requested media type | `$request.header.accept` | | | Request parameter | `$request.path.id` | Request parameters MUST be declared in the `parameters` section of the parent operation or they cannot be evaluated. This includes request headers. | | Request body property | `$request.body#/user/uuid` | In operations which accept payloads, references may be made to portions of the `requestBody` or the entire body. | | Request URL | `$url` | | | Response value | `$response.body#/status` | In operations which return payloads, references may be made to portions of the response body or the entire body. | | Response header | `$response.header.Server` | Single header values only are available | Runtime expressions preserve the type of the referenced value. Expressions can be embedded into string values by surrounding the expression with `{}` curly braces. #### Header Object Describes a single header for [HTTP responses](#response-headers) and for [individual parts in `multipart` representations](#encoding-headers); see the relevant [Response Object](#response-object) and [Encoding Object](#encoding-object) documentation for restrictions on which headers can be described. The Header Object follows the structure of the [Parameter Object](#parameter-object), including determining its serialization strategy based on whether `schema` or `content` is present, with the following changes: 1. `name` MUST NOT be specified, it is given in the corresponding `headers` map. 1. `in` MUST NOT be specified, it is implicitly in `header`. 1. All traits that are affected by the location MUST be applicable to a location of `header` (for example, [`style`](#parameter-style)). This means that `allowEmptyValue` and `allowReserved` MUST NOT be used, and `style`, if used, MUST be limited to `"simple"`. ##### Fixed Fields ###### Common Fixed Fields These fields MAY be used with either `content` or `schema`. | Field Name | Type | Description | | ---- | :----: | ---- | | description | `string` | A brief description of the header. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | required | `boolean` | Determines whether this header is mandatory. The default value is `false`. | | deprecated | `boolean` | Specifies that the header is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | This object MAY be extended with [Specification Extensions](#specification-extensions). ###### Fixed Fields for use with `schema` For simpler scenarios, a [`schema`](#header-schema) and [`style`](#header-style) can describe the structure and syntax of the header. When `example` or `examples` are provided in conjunction with the `schema` field, the example MUST follow the prescribed serialization strategy for the header. Serializing with `schema` is NOT RECOMMENDED for headers with parameters (name=value pairs following a `;`) in their values, or where values might have non-URL-safe characters; see [Appendix D](#appendix-d-serializing-headers-and-cookies) for details. When `example` or `examples` are provided in conjunction with the `schema` field, the example SHOULD match the specified schema and follow the prescribed serialization strategy for the header. The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. | Field Name | Type | Description | | ---- | :----: | ---- | | style | `string` | Describes how the header value will be serialized. The default (and only legal value for headers) is `"simple"`. | | explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](#style-examples). For other data types this field has no effect. The default value is `false`. | | schema | [Schema Object](#schema-object) \| [Reference Object](#reference-object) | The schema defining the type used for the header. | | example | Any | Example of the header's potential value; see [Working With Examples](#working-with-examples). | | examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the header's potential value; see [Working With Examples](#working-with-examples). | See also [Appendix C: Using RFC6570-Based Serialization](#appendix-c-using-rfc6570-based-serialization) for additional guidance. ###### Fixed Fields for use with `content` For more complex scenarios, the [`content`](#header-content) field can define the media type and schema of the header, as well as give examples of its use. Using `content` with a `text/plain` media type is RECOMMENDED for headers where the `schema` strategy is not appropriate. | Field Name | Type | Description | | ---- | :----: | ---- | | content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing the representations for the header. The key is the media type and the value describes it. The map MUST only contain one entry. | ##### Header Object Example A simple header of type `integer`: ```json "X-Rate-Limit-Limit": { "description": "The number of allowed requests in the current period", "schema": { "type": "integer" } } ``` ```yaml X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: integer ``` Requiring that a strong `ETag` header (with a value starting with `"` rather than `W/`) is present. Note the use of `content`, because using `schema` and `style` would require the `"` to be percent-encoded as `%22`: ```json "ETag": { "required": true, "content": { "text/plain": { "schema": { "type": "string", "pattern": "^\"" } } } } ``` ```yaml ETag: required: true content: text/plain: schema: type: string pattern: ^" ``` #### Tag Object Adds metadata to a single tag that is used by the [Operation Object](#operation-object). It is not mandatory to have a Tag Object per tag defined in the Operation Object instances. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | name | `string` | **REQUIRED**. The name of the tag. | | description | `string` | A description for the tag. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this tag. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Tag Object Example ```json { "name": "pet", "description": "Pets operations" } ``` ```yaml name: pet description: Pets operations ``` #### Reference Object A simple object to allow referencing other components in the OpenAPI Description, internally and externally. The `$ref` string value contains a URI [RFC3986](https://tools.ietf.org/html/rfc3986), which identifies the value being referenced. See the rules for resolving [Relative References](#relative-references-in-api-description-uris). ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | $ref | `string` | **REQUIRED**. The reference identifier. This MUST be in the form of a URI. | | summary | `string` | A short summary which by default SHOULD override that of the referenced component. If the referenced object-type does not allow a `summary` field, then this field has no effect. | | description | `string` | A description which by default SHOULD override that of the referenced component. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. If the referenced object-type does not allow a `description` field, then this field has no effect. | This object cannot be extended with additional properties, and any properties added SHALL be ignored. Note that this restriction on additional properties is a difference between Reference Objects and [Schema Objects](#schema-object) that contain a `$ref` keyword. ##### Reference Object Example ```json { "$ref": "#/components/schemas/Pet" } ``` ```yaml $ref: '#/components/schemas/Pet' ``` ##### Relative Schema Document Example ```json { "$ref": "Pet.json" } ``` ```yaml $ref: Pet.yaml ``` ##### Relative Documents with Embedded Schema Example ```json { "$ref": "definitions.json#/Pet" } ``` ```yaml $ref: definitions.yaml#/Pet ``` #### Schema Object The Schema Object allows the definition of input and output data types. These types can be objects, but also primitives and arrays. This object is a superset of the [JSON Schema Specification Draft 2020-12](https://tools.ietf.org/html/draft-bhutton-json-schema-00). The empty schema (which allows any instance to validate) MAY be represented by the boolean value `true` and a schema which allows no instance to validate MAY be represented by the boolean value `false`. For more information about the keywords, see [JSON Schema Core](https://tools.ietf.org/html/draft-bhutton-json-schema-00) and [JSON Schema Validation](https://tools.ietf.org/html/draft-bhutton-json-schema-validation-00). Unless stated otherwise, the keyword definitions follow those of JSON Schema and do not add any additional semantics; this includes keywords such as `$schema`, `$id`, `$ref`, and `$dynamicRef` being URIs rather than URLs. Where JSON Schema indicates that behavior is defined by the application (e.g. for annotations), OAS also defers the definition of semantics to the application consuming the OpenAPI document. ##### JSON Schema Keywords The OpenAPI Schema Object [dialect](https://tools.ietf.org/html/draft-bhutton-json-schema-00#section-4.3.3) is defined as requiring the [OAS base vocabulary](#base-vocabulary), in addition to the vocabularies as specified in the JSON Schema Specification Draft 2020-12 [general purpose meta-schema](https://tools.ietf.org/html/draft-bhutton-json-schema-00#section-8). The OpenAPI Schema Object dialect for this version of the specification is identified by the URI `https://spec.openapis.org/oas/3.1/dialect/base` (the "OAS dialect schema id"). The following keywords are taken from the JSON Schema specification but their definitions have been extended by the OAS: * description - [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. * format - See [Data Type Formats](#data-type-format) for further details. While relying on JSON Schema's defined formats, the OAS offers a few additional predefined formats. In addition to the JSON Schema keywords comprising the OAS dialect, the Schema Object supports keywords from any other vocabularies, or entirely arbitrary properties. JSON Schema implementations MAY choose to treat keywords defined by the OpenAPI Specification's base vocabulary as [unknown keywords](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-4.3.1), due to its inclusion in the OAS dialect with a [`$vocabulary`](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-8.1.2) value of `false`. The OAS base vocabulary is comprised of the following keywords: ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | discriminator | [Discriminator Object](#discriminator-object) | Adds support for polymorphism. The discriminator is used to determine which of a set of schemas a payload is expected to satisfy. See [Composition and Inheritance](#composition-and-inheritance-polymorphism) for more details. | | xml | [XML Object](#xml-object) | This MAY be used only on property schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this schema. | | example | Any | A free-form field to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary.

**Deprecated:** The `example` field has been deprecated in favor of the JSON Schema `examples` keyword. Use of `example` is discouraged, and later versions of this specification may remove it. | This object MAY be extended with [Specification Extensions](#specification-extensions), though as noted, additional properties MAY omit the `x-` prefix within this object. ##### Extended Validation with Annotations JSON Schema Draft 2020-12 supports [collecting annotations](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-7.7.1), including [treating unrecognized keywords as annotations](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-6.5). OAS implementations MAY use such annotations, including [extensions](https://spec.openapis.org/registry/extension/) not recognized as part of a declared JSON Schema vocabulary, as the basis for further validation. Note that JSON Schema Draft 2020-12 does not require an `x-` prefix for extensions. ###### Non-validating constraint keywords The [`format` keyword (when using default format-annotation vocabulary)](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-validation-00#section-7.2.1) and the [`contentMediaType`, `contentEncoding`, and `contentSchema` keywords](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-validation-00#section-8.2) define constraints on the data, but are treated as annotations instead of being validated directly. Extended validation is one way that these constraints MAY be enforced. ###### Validating `readOnly` and `writeOnly` The `readOnly` and `writeOnly` keywords are annotations, as JSON Schema is not aware of how the data it is validating is being used. Validation of these keywords MAY be done by checking the annotation, the read or write direction, and (if relevant) the current value of the field. [JSON Schema Validation Draft 2020-12 §9.4](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-validation-00#section-9.4) defines the expectations of these keywords, including that a resource (described as the "owning authority") MAY either ignore a `readOnly` field or treat it as an error. Fields that are both required and read-only are an example of when it is beneficial to ignore a `readOnly: true` constraint in a PUT, particularly if the value has not been changed. This allows correctly requiring the field on a GET and still using the same representation and schema with PUT. Even when read-only fields are not required, stripping them is burdensome for clients, particularly when the JSON data is complex or deeply nested. Note that the behavior of `readOnly` in particular differs from that specified by version 3.0 of this specification. ##### Data Modeling Techniques ###### Composition and Inheritance (Polymorphism) The OpenAPI Specification allows combining and extending model definitions using the `allOf` keyword of JSON Schema, in effect offering model composition. `allOf` takes an array of object definitions that are validated _independently_ but together compose a single object. While composition offers model extensibility, it does not imply a hierarchy between the models. To support polymorphism, the OpenAPI Specification adds the [`discriminator`](#schema-discriminator) field. When used, the `discriminator` indicates the name of the property that hints which schema definition is expected to validate the structure of the model. As such, the `discriminator` field MUST be a required field. There are two ways to define the value of a discriminator for an inheriting instance. * Use the schema name. * [Override the schema name](#discriminator-mapping) by overriding the property with a new value. If a new value exists, this takes precedence over the schema name. ###### Generic (Template) Data Structures Implementations MAY support defining generic or template data structures using JSON Schema's dynamic referencing feature: * `$dynamicAnchor` identifies a set of possible schemas (including a default placeholder schema) to which a `$dynamicRef` can resolve * `$dynamicRef` resolves to the first matching `$dynamicAnchor` encountered on its path from the schema entry point to the reference, as described in the JSON Schema specification An example is included in the "Schema Object Examples" section below, and further information can be found on the Learn OpenAPI site's ["Dynamic References"](https://learn.openapis.org/referencing/dynamic.html) page. ###### Annotated Enumerations The Schema Object's `enum` keyword does not allow associating descriptions or other information with individual values. Implementations MAY support recognizing a `oneOf` or `anyOf` where each subschema in the keyword's array consists of a `const` keyword and annotations such as `title` or `description` as an enumerated type with additional information. The exact behavior of this pattern beyond what is required by JSON Schema is implementation-defined. ###### XML Modeling The [xml](#schema-xml) field allows extra definitions when translating the JSON definition to XML. The [XML Object](#xml-object) contains additional information about the available options. ##### Specifying Schema Dialects It is important for tooling to be able to determine which dialect or meta-schema any given resource wishes to be processed with: JSON Schema Core, JSON Schema Validation, OpenAPI Schema dialect, or some custom meta-schema. The `$schema` keyword MAY be present in any Schema Object that is a [schema resource root](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-4.3.5), and if present MUST be used to determine which dialect should be used when processing the schema. This allows use of Schema Objects which comply with other drafts of JSON Schema than the default Draft 2020-12 support. Tooling MUST support the OAS dialect schema id, and MAY support additional values of `$schema`. To allow use of a different default `$schema` value for all Schema Objects contained within an OAS document, a `jsonSchemaDialect` value may be set within the OpenAPI Object. If this default is not set, then the OAS dialect schema id MUST be used for these Schema Objects. The value of `$schema` within a resource root Schema Object always overrides any default. For standalone JSON Schema documents that do not set `$schema`, or for Schema Objects in OpenAPI description documents that are _not_ [complete documents](#openapi-description-structure), the dialect SHOULD be assumed to be the OAS dialect. However, for maximum interoperability, it is RECOMMENDED that OpenAPI description authors explicitly set the dialect through `$schema` in such documents. ##### Schema Object Examples ###### Primitive Example ```json { "type": "string", "format": "email" } ``` ```yaml type: string format: email ``` ###### Simple Model ```json { "type": "object", "required": ["name"], "properties": { "name": { "type": "string" }, "address": { "$ref": "#/components/schemas/Address" }, "age": { "type": "integer", "format": "int32", "minimum": 0 } } } ``` ```yaml type: object required: - name properties: name: type: string address: $ref: '#/components/schemas/Address' age: type: integer format: int32 minimum: 0 ``` ###### Model with Map/Dictionary Properties For a simple string to string mapping: ```json { "type": "object", "additionalProperties": { "type": "string" } } ``` ```yaml type: object additionalProperties: type: string ``` For a string to model mapping: ```json { "type": "object", "additionalProperties": { "$ref": "#/components/schemas/ComplexModel" } } ``` ```yaml type: object additionalProperties: $ref: '#/components/schemas/ComplexModel' ``` ###### Model with Annotated Enumeration ```json { "oneOf": [ { "const": "RGB", "title": "Red, Green, Blue", "description": "Specify colors with the red, green, and blue additive color model" }, { "const": "CMYK", "title": "Cyan, Magenta, Yellow, Black", "description": "Specify colors with the cyan, magenta, yellow, and black subtractive color model" } ] } ``` ```yaml oneOf: - const: RGB title: Red, Green, Blue description: Specify colors with the red, green, and blue additive color model - const: CMYK title: Cyan, Magenta, Yellow, Black description: Specify colors with the cyan, magenta, yellow, and black subtractive color model ``` ###### Model with Example ```json { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } }, "required": ["name"], "examples": [ { "name": "Puma", "id": 1 } ] } ``` ```yaml type: object properties: id: type: integer format: int64 name: type: string required: - name examples: - name: Puma id: 1 ``` ###### Models with Composition ```json { "components": { "schemas": { "ErrorModel": { "type": "object", "required": ["message", "code"], "properties": { "message": { "type": "string" }, "code": { "type": "integer", "minimum": 100, "maximum": 600 } } }, "ExtendedErrorModel": { "allOf": [ { "$ref": "#/components/schemas/ErrorModel" }, { "type": "object", "required": ["rootCause"], "properties": { "rootCause": { "type": "string" } } } ] } } } } ``` ```yaml components: schemas: ErrorModel: type: object required: - message - code properties: message: type: string code: type: integer minimum: 100 maximum: 600 ExtendedErrorModel: allOf: - $ref: '#/components/schemas/ErrorModel' - type: object required: - rootCause properties: rootCause: type: string ``` ###### Models with Polymorphism Support ```json { "components": { "schemas": { "Pet": { "type": "object", "discriminator": { "propertyName": "petType" }, "properties": { "name": { "type": "string" }, "petType": { "type": "string" } }, "required": ["name", "petType"] }, "Cat": { "description": "A representation of a cat. Note that `Cat` will be used as the discriminating value.", "allOf": [ { "$ref": "#/components/schemas/Pet" }, { "type": "object", "properties": { "huntingSkill": { "type": "string", "description": "The measured skill for hunting", "default": "lazy", "enum": ["clueless", "lazy", "adventurous", "aggressive"] } }, "required": ["huntingSkill"] } ] }, "Dog": { "description": "A representation of a dog. Note that `Dog` will be used as the discriminating value.", "allOf": [ { "$ref": "#/components/schemas/Pet" }, { "type": "object", "properties": { "packSize": { "type": "integer", "format": "int32", "description": "the size of the pack the dog is from", "default": 0, "minimum": 0 } }, "required": ["packSize"] } ] } } } } ``` ```yaml components: schemas: Pet: type: object discriminator: propertyName: petType properties: name: type: string petType: type: string required: - name - petType Cat: # "Cat" will be used as the discriminating value description: A representation of a cat allOf: - $ref: '#/components/schemas/Pet' - type: object properties: huntingSkill: type: string description: The measured skill for hunting enum: - clueless - lazy - adventurous - aggressive required: - huntingSkill Dog: # "Dog" will be used as the discriminating value description: A representation of a dog allOf: - $ref: '#/components/schemas/Pet' - type: object properties: packSize: type: integer format: int32 description: the size of the pack the dog is from default: 0 minimum: 0 required: - packSize ``` ###### Generic Data Structure Model ```JSON { "components": { "schemas": { "genericArrayComponent": { "$id": "fully_generic_array", "type": "array", "items": { "$dynamicRef": "#generic-array" }, "$defs": { "allowAll": { "$dynamicAnchor": "generic-array" } } }, "numberArray": { "$id": "array_of_numbers", "$ref": "fully_generic_array", "$defs": { "numbersOnly": { "$dynamicAnchor": "generic-array", "type": "number" } } }, "stringArray": { "$id": "array_of_strings", "$ref": "fully_generic_array", "$defs": { "stringsOnly": { "$dynamicAnchor": "generic-array", "type": "string" } } }, "objWithTypedArray": { "$id": "obj_with_typed_array", "type": "object", "required": ["dataType", "data"], "properties": { "dataType": { "enum": ["string", "number"] } }, "oneOf": [{ "properties": { "dataType": {"const": "string"}, "data": {"$ref": "array_of_strings"} } }, { "properties": { "dataType": {"const": "number"}, "data": {"$ref": "array_of_numbers"} } }] } } } } ``` ```YAML components: schemas: genericArrayComponent: $id: fully_generic_array type: array items: $dynamicRef: '#generic-array' $defs: allowAll: $dynamicAnchor: generic-array numberArray: $id: array_of_numbers $ref: fully_generic_array $defs: numbersOnly: $dynamicAnchor: generic-array type: number stringArray: $id: array_of_strings $ref: fully_generic_array $defs: stringsOnly: $dynamicAnchor: generic-array type: string objWithTypedArray: $id: obj_with_typed_array type: object required: - dataType - data properties: dataType: enum: - string - number oneOf: - properties: dataType: const: string data: $ref: array_of_strings - properties: dataType: const: number data: $ref: array_of_numbers ``` #### Discriminator Object When request bodies or response payloads may be one of a number of different schemas, a Discriminator Object gives a hint about the expected schema of the document. This hint can be used to aid in serialization, deserialization, and validation. The Discriminator Object does this by implicitly or explicitly associating the possible values of a named property with alternative schemas. Note that `discriminator` MUST NOT change the validation outcome of the schema. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminating value. This property SHOULD be required in the payload schema, as the behavior when the property is absent is undefined. | | mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or URI references. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Conditions for Using the Discriminator Object The Discriminator Object is legal only when using one of the composite keywords `oneOf`, `anyOf`, `allOf`. In both the `oneOf` and `anyOf` use cases, where those keywords are adjacent to `discriminator`, all possible schemas MUST be listed explicitly. To avoid redundancy, the discriminator MAY be added to a parent schema definition, and all schemas building on the parent schema via an `allOf` construct may be used as an alternate schema. The `allOf` form of `discriminator` is _only_ useful for non-validation use cases; validation with the parent schema with this form of `discriminator` _does not_ perform a search for child schemas or use them in validation in any way. This is because `discriminator` cannot change the validation outcome, and no standard JSON Schema keyword connects the parent schema to the child schemas. The behavior of any configuration of `oneOf`, `anyOf`, `allOf` and `discriminator` that is not described above is undefined. ##### Options for Mapping Values to Schemas The value of the property named in `propertyName` is used as the name of the associated schema under the [Components Object](#components-object), _unless_ a `mapping` is present for that value. The `mapping` entry maps a specific property value to either a different schema component name, or to a schema identified by a URI. When using implicit or explicit schema component names, inline `oneOf` or `anyOf` subschemas are not considered. The behavior of a `mapping` value that is both a valid schema name and a valid relative URI reference is implementation-defined, but it is RECOMMENDED that it be treated as a schema name. To ensure that an ambiguous value (e.g. `"foo"`) is treated as a relative URI reference by all implementations, authors MUST prefix it with the `"."` path segment (e.g. `"./foo"`). Mapping keys MUST be string values, but tooling MAY convert response values to strings for comparison. However, the exact nature of such conversions are implementation-defined. ##### Examples For these examples, assume all schemas are in the [entry document](#openapi-description-structure) of the OAD; for handling of `discriminator` in referenced documents see [Resolving Implicit Connections](#resolving-implicit-connections). In OAS 3.x, a response payload MAY be described to be exactly one of any number of types: ```yaml MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' ``` which means the payload _MUST_, by validation, match exactly one of the schemas described by `Cat`, `Dog`, or `Lizard`. Deserialization of a `oneOf` can be a costly operation, as it requires determining which schema matches the payload and thus should be used in deserialization. This problem also exists for `anyOf` schemas. A `discriminator` MAY be used as a "hint" to improve the efficiency of selection of the matching schema. The `discriminator` field cannot change the validation result of the `oneOf`, it can only help make the deserialization more efficient and provide better error messaging. We can specify the exact field that tells us which schema is expected to match the instance: ```yaml MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' discriminator: propertyName: petType ``` The expectation now is that a property with name `petType` _MUST_ be present in the response payload, and the value will correspond to the name of a schema defined in the OpenAPI Description. Thus the response payload: ```json { "id": 12345, "petType": "Cat" } ``` will indicate that the `Cat` schema is expected to match this payload. In scenarios where the value of the `discriminator` field does not match the schema name or implicit mapping is not possible, an optional `mapping` definition MAY be used: ```yaml MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' - $ref: https://gigantic-server.com/schemas/Monster/schema.json discriminator: propertyName: petType mapping: dog: '#/components/schemas/Dog' monster: https://gigantic-server.com/schemas/Monster/schema.json ``` Here the discriminating value of `dog` will map to the schema `#/components/schemas/Dog`, rather than the default (implicit) value of `#/components/schemas/dog`. If the discriminating value does not match an implicit or explicit mapping, no schema can be determined and validation SHOULD fail. When used in conjunction with the `anyOf` construct, the use of the discriminator can avoid ambiguity for serializers/deserializers where multiple schemas may satisfy a single payload. This example shows the `allOf` usage, which avoids needing to reference all child schemas in the parent: ```yaml components: schemas: Pet: type: object required: - petType properties: petType: type: string discriminator: propertyName: petType mapping: dog: Dog Cat: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a `Cat` properties: name: type: string Dog: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a `Dog` properties: bark: type: string Lizard: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a `Lizard` properties: lovesRocks: type: boolean ``` Validated against the `Pet` schema, a payload like this: ```json { "petType": "Cat", "name": "Misty" } ``` will indicate that the `#/components/schemas/Cat` schema is expected to match. Likewise this payload: ```json { "petType": "dog", "bark": "soft" } ``` will map to `#/components/schemas/Dog` because the `dog` entry in the `mapping` element maps to `Dog` which is the schema name for `#/components/schemas/Dog`. #### XML Object A metadata object that allows for more fine-tuned XML model definitions. When using arrays, XML element names are _not_ inferred (for singular/plural forms) and the `name` field SHOULD be used to add that information. See examples for expected behavior. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | name | `string` | Replaces the name of the element/attribute used for the described schema property. When defined within `items`, it will affect the name of the individual XML elements within the list. When defined alongside `type` being `"array"` (outside the `items`), it will affect the wrapping element if and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. | | namespace | `string` | The URI of the namespace definition. Value MUST be in the form of a non-relative URI. | | prefix | `string` | The prefix to be used for the [name](#xml-name). | | attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. | | wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `"array"` (outside the `items`). | This object MAY be extended with [Specification Extensions](#specification-extensions). The `namespace` field is intended to match the syntax of [XML namespaces](https://www.w3.org/TR/xml-names11/), although there are a few caveats: * Versions 3.1.0, 3.0.3, and earlier of this specification erroneously used the term "absolute URI" instead of "non-relative URI", so authors using namespaces that include a fragment should check tooling support carefully. * XML allows but discourages relative URI-references, while this specification outright forbids them. * XML 1.1 allows IRIs ([RFC3987](https://datatracker.ietf.org/doc/html/rfc3987)) as namespaces, and specifies that namespaces are compared without any encoding or decoding, which means that IRIs encoded to meet this specification's URI syntax requirement cannot be compared to IRIs as-is. ##### XML Object Examples Each of the following examples represent the value of the `properties` keyword in a [Schema Object](#schema-object) that is omitted for brevity. The JSON and YAML representations of the `properties` value are followed by an example XML representation produced for the single property shown. ###### No XML Element Basic string property: ```json { "animals": { "type": "string" } } ``` ```yaml animals: type: string ``` ```xml ... ``` Basic string array property ([`wrapped`](#xml-wrapped) is `false` by default): ```json { "animals": { "type": "array", "items": { "type": "string" } } } ``` ```yaml animals: type: array items: type: string ``` ```xml ... ... ... ``` ###### XML Name Replacement ```json { "animals": { "type": "string", "xml": { "name": "animal" } } } ``` ```yaml animals: type: string xml: name: animal ``` ```xml ... ``` ###### XML Attribute, Prefix and Namespace In this example, a full model definition is shown. ```json { "Person": { "type": "object", "properties": { "id": { "type": "integer", "format": "int32", "xml": { "attribute": true } }, "name": { "type": "string", "xml": { "namespace": "https://example.com/schema/sample", "prefix": "sample" } } } } } ``` ```yaml Person: type: object properties: id: type: integer format: int32 xml: attribute: true name: type: string xml: namespace: https://example.com/schema/sample prefix: sample ``` ```xml example ``` ###### XML Arrays Changing the element names: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } } } } ``` ```yaml animals: type: array items: type: string xml: name: animal ``` ```xml value value ``` The external `name` field has no effect on the XML: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "name": "aliens" } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: name: aliens ``` ```xml value value ``` Even when the array is wrapped, if a name is not explicitly defined, the same name will be used both internally and externally: ```json { "animals": { "type": "array", "items": { "type": "string" }, "xml": { "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: wrapped: true ``` ```xml value value ``` To overcome the naming problem in the example above, the following definition can be used: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: wrapped: true ``` ```xml value value ``` Affecting both internal and external names: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "name": "aliens", "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: name: aliens wrapped: true ``` ```xml value value ``` If we change the external element but not the internal ones: ```json { "animals": { "type": "array", "items": { "type": "string" }, "xml": { "name": "aliens", "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: aliens wrapped: true ``` ```xml value value ``` #### Security Scheme Object Defines a security scheme that can be used by the operations. Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), mutual TLS (use of a client certificate), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [[OpenID-Connect-Core]]. Please note that as of 2020, the implicit flow is about to be deprecated by [OAuth 2.0 Security Best Current Practice](https://tools.ietf.org/html/draft-ietf-oauth-security-topics). Recommended for most use cases is Authorization Code Grant flow with PKCE. ##### Fixed Fields | Field Name | Type | Applies To | Description | | ---- | :----: | ---- | ---- | | type | `string` | Any | **REQUIRED**. The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"mutualTLS"`, `"oauth2"`, `"openIdConnect"`. | | description | `string` | Any | A description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. | | in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"`, or `"cookie"`. | | scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). | | bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. | | flows | [OAuth Flows Object](#oauth-flows-object) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. | | openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [[OpenID-Connect-Discovery]] [provider metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Security Scheme Object Examples ###### Basic Authentication Example ```json { "type": "http", "scheme": "basic" } ``` ```yaml type: http scheme: basic ``` ###### API Key Example ```json { "type": "apiKey", "name": "api-key", "in": "header" } ``` ```yaml type: apiKey name: api-key in: header ``` ###### JWT Bearer Example ```json { "type": "http", "scheme": "bearer", "bearerFormat": "JWT" } ``` ```yaml type: http scheme: bearer bearerFormat: JWT ``` ###### MutualTLS Example ```json { "type": "mutualTLS", "description": "Cert must be signed by example.com CA" } ``` ```yaml type: mutualTLS description: Cert must be signed by example.com CA ``` ###### Implicit OAuth2 Example ```json { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "https://example.com/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } } ``` ```yaml type: oauth2 flows: implicit: authorizationUrl: https://example.com/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### OAuth Flows Object Allows configuration of the supported OAuth Flows. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | implicit | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Implicit flow | | password | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Resource Owner Password flow | | clientCredentials | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Client Credentials flow. Previously called `application` in OpenAPI 2.0. | | authorizationCode | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Authorization Code flow. Previously called `accessCode` in OpenAPI 2.0. | This object MAY be extended with [Specification Extensions](#specification-extensions). #### OAuth Flow Object Configuration details for a supported OAuth Flow ##### Fixed Fields | Field Name | Type | Applies To | Description | | ---- | :----: | ---- | ---- | | authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | | tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | | refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | | scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### OAuth Flow Object Example ```JSON { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "https://example.com/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } }, "authorizationCode": { "authorizationUrl": "https://example.com/api/oauth/dialog", "tokenUrl": "https://example.com/api/oauth/token", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } } ``` ```yaml type: oauth2 flows: implicit: authorizationUrl: https://example.com/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets authorizationCode: authorizationUrl: https://example.com/api/oauth/dialog tokenUrl: https://example.com/api/oauth/token scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### Security Requirement Object Lists the required security schemes to execute this operation. The name used for each property MUST correspond to a security scheme declared in the [Security Schemes](#security-scheme-object) under the [Components Object](#components-object). A Security Requirement Object MAY refer to multiple security schemes in which case all schemes MUST be satisfied for a request to be authorized. This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information. When the `security` field is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object) and contains multiple Security Requirement Objects, only one of the entries in the list needs to be satisfied to authorize the request. This enables support for scenarios where the API allows multiple, independent security schemes. An empty Security Requirement Object (`{}`) indicates anonymous access is supported. ##### Patterned Fields | Field Pattern | Type | Description | | ---- | :----: | ---- | | {name} | [`string`] | Each name MUST correspond to a security scheme which is declared in the [Security Schemes](#security-scheme-object) under the [Components Object](#components-object). If the security scheme is of type `"oauth2"` or `"openIdConnect"`, then the value is a list of scope names required for the execution, and the list MAY be empty if authorization does not require a specified scope. For other security scheme types, the array MAY contain a list of role names which are required for the execution, but are not otherwise defined or exchanged in-band. | ##### Security Requirement Object Examples See also [Appendix F: Resolving Security Requirements in a Referenced Document](#appendix-f-resolving-security-requirements-in-a-referenced-document) for an example using Security Requirement Objects in multi-document OpenAPI Descriptions. ###### Non-OAuth2 Security Requirement ```json { "api_key": [] } ``` ```yaml api_key: [] ``` ###### OAuth2 Security Requirement ```json { "petstore_auth": ["write:pets", "read:pets"] } ``` ```yaml petstore_auth: - write:pets - read:pets ``` ###### Optional OAuth2 Security Optional OAuth2 security as would be defined in an OpenAPI Object or an Operation Object: ```json { "security": [ {}, { "petstore_auth": ["write:pets", "read:pets"] } ] } ``` ```yaml security: - {} - petstore_auth: - write:pets - read:pets ``` ### Specification Extensions While the OpenAPI Specification tries to accommodate most use cases, additional data can be added to extend the specification at certain points. The extensions properties are implemented as patterned fields that are always prefixed by `x-`. | Field Pattern | Type | Description | | ---- | :--: | ---- | | ^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. Field names beginning `x-oai-` and `x-oas-` are reserved for uses defined by the [OpenAPI Initiative](https://www.openapis.org/). The value can be any valid JSON value (`null`, a primitive, an array, or an object.) | The OpenAPI Initiative maintains several [[OpenAPI-Registry|extension registries]], including registries for [individual extension keywords](https://spec.openapis.org/registry/extension/) and [extension keyword namespaces](https://spec.openapis.org/registry/namespace/). Extensions are one of the best ways to prove the viability of proposed additions to the specification. It is therefore RECOMMENDED that implementations be designed for extensibility to support community experimentation. Support for any one extension is OPTIONAL, and support for one extension does not imply support for others. ### Security Filtering Some objects in the OpenAPI Specification MAY be declared and remain empty, or be completely removed, even though they are inherently the core of the API documentation. The reasoning is to allow an additional layer of access control over the documentation. While not part of the specification itself, certain libraries MAY choose to allow access to parts of the documentation based on some form of authentication/authorization. Two examples of this: 1. The [Paths Object](#paths-object) MAY be present but empty. It may be counterintuitive, but this may tell the viewer that they got to the right place, but can't access any documentation. They would still have access to at least the [Info Object](#info-object) which may contain additional information regarding authentication. 2. The [Path Item Object](#path-item-object) MAY be empty. In this case, the viewer will be aware that the path exists, but will not be able to see any of its operations or parameters. This is different from hiding the path itself from the [Paths Object](#paths-object), because the user will be aware of its existence. This allows the documentation provider to finely control what the viewer can see. ## Security Considerations ### OpenAPI Description Formats OpenAPI Descriptions use a combination of JSON, YAML, and JSON Schema, and therefore share their security considerations: * [JSON](https://www.iana.org/assignments/media-types/application/json) * [YAML](https://www.iana.org/assignments/media-types/application/yaml) * [JSON Schema Core](https://tools.ietf.org/html/draft-bhutton-json-schema-00#section-13) * [JSON Schema Validation](https://tools.ietf.org/html/draft-bhutton-json-schema-validation-00#section-10) ### Tooling and Usage Scenarios In addition, OpenAPI Descriptions are processed by a wide variety of tooling for numerous different purposes, such as client code generation, documentation generation, server side routing, and API testing. OpenAPI Description authors must consider the risks of the scenarios where the OpenAPI Description may be used. ### Security Schemes An OpenAPI Description describes the security schemes used to protect the resources it defines. The security schemes available offer varying degrees of protection. Factors such as the sensitivity of the data and the potential impact of a security breach should guide the selection of security schemes for the API resources. Some security schemes, such as basic auth and OAuth Implicit flow, are supported for compatibility with existing APIs. However, their inclusion in OpenAPI does not constitute an endorsement of their use, particularly for highly sensitive data or operations. ### Handling External Resources OpenAPI Descriptions may contain references to external resources that may be dereferenced automatically by consuming tools. External resources may be hosted on different domains that may be untrusted. ### Handling Reference Cycles References in an OpenAPI Description may cause a cycle. Tooling must detect and handle cycles to prevent resource exhaustion. ### Markdown and HTML Sanitization Certain fields allow the use of Markdown which can contain HTML including script. It is the responsibility of tooling to appropriately sanitize the Markdown. ## Appendix A: Revision History | Version | Date | Notes | | ---- | ---- | ---- | | 3.1.1 | 2024-10-24 | Patch release of the OpenAPI Specification 3.1.1 | | 3.1.0 | 2021-02-15 | Release of the OpenAPI Specification 3.1.0 | | 3.1.0-rc1 | 2020-10-08 | rc1 of the 3.1 specification | | 3.1.0-rc0 | 2020-06-18 | rc0 of the 3.1 specification | | 3.0.4 | 2024-10-24 | Patch release of the OpenAPI Specification 3.0.4 | | 3.0.3 | 2020-02-20 | Patch release of the OpenAPI Specification 3.0.3 | | 3.0.2 | 2018-10-08 | Patch release of the OpenAPI Specification 3.0.2 | | 3.0.1 | 2017-12-06 | Patch release of the OpenAPI Specification 3.0.1 | | 3.0.0 | 2017-07-26 | Release of the OpenAPI Specification 3.0.0 | | 3.0.0-rc2 | 2017-06-16 | rc2 of the 3.0 specification | | 3.0.0-rc1 | 2017-04-27 | rc1 of the 3.0 specification | | 3.0.0-rc0 | 2017-02-28 | Implementer's Draft of the 3.0 specification | | 2.0 | 2015-12-31 | Donation of Swagger 2.0 to the OpenAPI Initiative | | 2.0 | 2014-09-08 | Release of Swagger 2.0 | | 1.2 | 2014-03-14 | Initial release of the formal document. | | 1.1 | 2012-08-22 | Release of Swagger 1.1 | | 1.0 | 2011-08-10 | First release of the Swagger Specification | ## Appendix B: Data Type Conversion Serializing typed data to plain text, which can occur in `text/plain` message bodies or `multipart` parts, as well as in the `application/x-www-form-urlencoded` format in either URL query strings or message bodies, involves significant implementation- or application-defined behavior. [Schema Objects](#schema-object) validate data based on the [JSON Schema data model](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-4.2.1), which only recognizes four primitive data types: strings (which are [only broadly interoperable as UTF-8](https://datatracker.ietf.org/doc/html/rfc7159#section-8.1)), numbers, booleans, and `null`. Notably, integers are not a distinct type from other numbers, with `type: "integer"` being a convenience defined mathematically, rather than based on the presence or absence of a decimal point in any string representation. The [Parameter Object](#parameter-object), [Header Object](#header-object), and [Encoding Object](#encoding-object) offer features to control how to arrange values from array or object types. They can also be used to control how strings are further encoded to avoid reserved or illegal characters. However, there is no general-purpose specification for converting schema-validated non-UTF-8 primitive data types (or entire arrays or objects) to strings. Two cases do offer standards-based guidance: * [RFC3987](https://datatracker.ietf.org/doc/html/rfc3987#section-3.1) provides guidance for converting non-Unicode strings to UTF-8, particularly in the context of URIs (and by extension, the form media types which use the same encoding rules) * [RFC6570](https://www.rfc-editor.org/rfc/rfc6570#section-2.3) specifies which values, including but not limited to `null`, are considered _undefined_ and therefore treated specially in the expansion process when serializing based on that specification Implementations of RFC6570 often have their own conventions for converting non-string values, but these are implementation-specific and not defined by the RFC itself. This is one reason for the OpenAPI Specification to leave these conversions as implementation-defined: It allows using RFC6570 implementations regardless of how they choose to perform the conversions. To control the serialization of numbers, booleans, and `null` (or other values RFC6570 deems to be undefined) more precisely, schemas can be defined as `type: "string"` and constrained using `pattern`, `enum`, `format`, and other keywords to communicate how applications must pre-convert their data prior to schema validation. The resulting strings would not require any further type conversion. The `format` keyword can assist in serialization. Some formats (such as `date-time`) are unambiguous, while others (such as [`decimal`](https://spec.openapis.org/registry/format/decimal.html) in the [Format Registry](https://spec.openapis.org/registry/format/)) are less clear. However, care must be taken with `format` to ensure that the specific formats are supported by all relevant tools as unrecognized formats are ignored. Requiring input as pre-formatted, schema-validated strings also improves round-trip interoperability as not all programming languages and environments support the same data types. ## Appendix C: Using RFC6570-Based Serialization Serialization is defined in terms of [RFC6570](https://www.rfc-editor.org/rfc/rfc6570) URI Templates in three scenarios: | Object | Condition | | ---- | ---- | | [Parameter Object](#parameter-object) | When `schema` is present | | [Header Object](#header-object) | When `schema` is present | | [Encoding Object](#encoding-object) | When encoding for `application/x-www-form-urlencoded` and any of `style`, `explode`, or `allowReserved` are used | Implementations of this specification MAY use an implementation of RFC6570 to perform variable expansion, however, some caveats apply. Note that when using `style: "form"` RFC6570 expansion to produce an `application/x-www-form-urlencoded` HTTP message body, it is necessary to remove the `?` prefix that is produced to satisfy the URI query string syntax. When using `style` and similar keywords to produce a `multipart/form-data` body, the query string names are placed in the `name` parameter of the `Content-Disposition` part header, and the values are placed in the corresponding part body; the `?`, `=`, and `&` characters are not used. Note that while [RFC7578](https://datatracker.ietf.org/doc/html/rfc7578) allows using [[RFC3986]] percent-encoding in "file names", it does not otherwise address the use of percent-encoding within the format. RFC7578 discusses character set and encoding issues for `multipart/form-data` in detail, and it is RECOMMENDED that OpenAPI Description authors read this guidance carefully before deciding to use RFC6570-based serialization with this media type. Note also that not all RFC6570 implementations support all four levels of operators, all of which are needed to fully support the OpenAPI Specification's usage. Using an implementation with a lower level of support will require additional manual construction of URI Templates to work around the limitations. ### Equivalences Between Fields and RFC6570 Operators Certain field values translate to RFC6570 [operators](https://datatracker.ietf.org/doc/html/rfc6570#section-2.2) (or lack thereof): | field | value | equivalent | | ---- | ---- | ---- | | style | `"simple"` | _n/a_ | | style | `"matrix"` | `;` prefix operator | | style | `"label"` | `.` prefix operator | | style | `"form"` | `?` prefix operator | | allowReserved | `false` | _n/a_ | | allowReserved | `true` | `+` prefix operator | | explode | `false` | _n/a_ | | explode | `true` | `*` modifier suffix | Multiple `style: "form"` parameters are equivalent to a single RFC6570 [variable list](https://www.rfc-editor.org/rfc/rfc6570#section-2.2) using the `?` prefix operator: ```YAML parameters: - name: foo in: query schema: type: object explode: true - name: bar in: query schema: type: string ``` This example is equivalent to RFC6570's `{?foo*,bar}`, and **NOT** `{?foo*}{&bar}`. The latter is problematic because if `foo` is not defined, the result will be an invalid URI. The `&` prefix operator has no equivalent in the Parameter Object. Note that RFC6570 does not specify behavior for compound values beyond the single level addressed by `explode`. The result of using objects or arrays where no behavior is clearly specified for them is implementation-defined. ### Delimiters in Parameter Values Delimiters used by RFC6570 expansion, such as the `,` used to join arrays or object values with `style: "simple"`, are all automatically percent-encoded as long as `allowReserved` is `false`. Note that since RFC6570 does not define a way to parse variables based on a URI Template, users must take care to first split values by delimiter before percent-decoding values that might contain the delimiter character. When `allowReserved` is `true`, both percent-encoding (prior to joining values with a delimiter) and percent-decoding (after splitting on the delimiter) must be done manually at the correct time. See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for additional guidance on handling delimiters for `style` values with no RFC6570 equivalent that already need to be percent-encoded when used as delimiters. ### Non-RFC6570 Field Values and Combinations Configurations with no direct [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570) equivalent SHOULD also be handled according to RFC6570. Implementations MAY create a properly delimited URI Template with variables for individual names and values using RFC6570 regular or reserved expansion (based on `allowReserved`). This includes: * the styles `pipeDelimited`, `spaceDelimited`, and `deepObject`, which have no equivalents at all * the combination of the style `form` with `allowReserved: true`, which is not allowed because only one prefix operator can be used at a time * any parameter name that is not a legal RFC6570 variable name The Parameter Object's `name` field has a much more permissive syntax than RFC6570 [variable name syntax](https://www.rfc-editor.org/rfc/rfc6570#section-2.3). A parameter name that includes characters outside of the allowed RFC6570 variable character set MUST be percent-encoded before it can be used in a URI Template. ### Examples Let's say we want to use the following data in a form query string, where `formulas` is exploded, and `words` is not: ```YAML formulas: a: x+y b: x/y c: x^y words: - math - is - fun ``` #### RFC6570-Equivalent Expansion This array of Parameter Objects uses regular `style: "form"` expansion, fully supported by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570): ```YAML parameters: - name: formulas in: query schema: type: object additionalProperties: type: string explode: true - name: words in: query schema: type: array items: type: string ``` This translates to the following URI Template: ```uritemplate {?formulas*,words} ``` when expanded with the data given earlier, we get: ```uri ?a=x%2By&b=x%2Fy&c=x%5Ey&words=math,is,fun ``` #### Expansion with Non-RFC6570-Supported Options But now let's say that (for some reason), we really want that `/` in the `b` formula to show up as-is in the query string, and we want our words to be space-separated like in a written phrase. To do that, we'll add `allowReserved: true` to `formulas`, and change to `style: "spaceDelimited"` for `words`: ```YAML parameters: - name: formulas in: query schema: type: object additionalProperties: type: string explode: true allowReserved: true - name: words in: query style: spaceDelimited explode: false schema: type: array items: type: string ``` We can't combine the `?` and `+` RFC6570 [prefixes](https://datatracker.ietf.org/doc/html/rfc6570#section-2.4.1), and there's no way with RFC6570 to replace the `,` separator with a space character. So we need to restructure the data to fit a manually constructed URI Template that passes all of the pieces through the right sort of expansion. Here is one such template, using a made-up convention of `words.0` for the first entry in the words value, `words.1` for the second, and `words.2` for the third: ```uritemplate ?a={+a}&b={+b}&c={+c}&words={words.0} {words.1} {words.2} ``` RFC6570 [mentions](https://www.rfc-editor.org/rfc/rfc6570.html#section-2.4.2) the use of `.` "to indicate name hierarchy in substructures," but does not define any specific naming convention or behavior for it. Since the `.` usage is not automatic, we'll need to construct an appropriate input structure for this new template. We'll also need to pre-process the values for `formulas` because while `/` and most other reserved characters are allowed in the query string by RFC3986, `[`, `]`, and `#` [are not](https://datatracker.ietf.org/doc/html/rfc3986#appendix-A), and `&`, `=`, and `+` all have [special behavior](https://www.rfc-editor.org/rfc/rfc1866#section-8.2.1) in the `application/x-www-form-urlencoded` format, which is what we are using in the query string. Setting `allowReserved: true` does _not_ make reserved characters that are not allowed in URIs allowed, it just allows them to be _passed through expansion unchanged._ Therefore, any tooling still needs to percent-encode those characters because reserved expansion will not do it, but it _will_ leave the percent-encoded triples unchanged. See also [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for further guidance on percent-encoding and form media types, including guidance on handling the delimiter characters for `spaceDelimited`, `pipeDelimited`, and `deepObject` in parameter names and values. So here is our data structure that arranges the names and values to suit the template above, where values for `formulas` have `[]#&=+` pre-percent encoded (although only `+` appears in this example): ```YAML a: x%2By b: x/y c: x^y words.0: math words.1: is words.2: fun ``` Expanding our manually assembled template with our restructured data yields the following query string: ```uri ?a=x%2By&b=x/y&c=x%5Ey&words=math%20is%20fun ``` The `/` and the pre-percent-encoded `%2B` have been left alone, but the disallowed `^` character (inside a value) and space characters (in the template but outside of the expanded variables) were percent-encoded. #### Undefined Values and Manual URI Template Construction Care must be taken when manually constructing templates to handle the values that RFC6570 [considers to be _undefined_](https://datatracker.ietf.org/doc/html/rfc6570#section-2.3) correctly: ```YAML formulas: {} words: - hello - world ``` Using this data with our original RFC6570-friendly URI Template, `{?formulas*,words}`, produces the following: ```uri ?words=hello,world ``` This means that the manually constructed URI Template and restructured data need to leave out the `formulas` object entirely so that the `words` parameter is the first and only parameter in the query string. Restructured data: ```YAML words.0: hello words.1: world ``` Manually constructed URI Template: ```uritemplate ?words={words.0} {words.1} ``` Result: ```uri ?words=hello%20world ``` #### Illegal Variable Names as Parameter Names In this example, the heart emoji is not legal in URI Template names (or URIs): ```YAML parameters: - name: ❤️ in: query schema: type: string ``` We can't just pass `❤️: "love!"` to an RFC6570 implementation. Instead, we have to pre-percent-encode the name (which is a six-octet UTF-8 sequence) in both the data and the URI Template: ```YAML "%E2%9D%A4%EF%B8%8F": love! ``` ```uritemplate {?%E2%9D%A4%EF%B8%8F} ``` This will expand to the result: ```uri ?%E2%9D%A4%EF%B8%8F=love%21 ``` ## Appendix D: Serializing Headers and Cookies [RFC6570](https://www.rfc-editor.org/rfc/rfc6570)'s percent-encoding behavior is not always appropriate for `in: "header"` and `in: "cookie"` parameters. In many cases, it is more appropriate to use `content` with a media type such as `text/plain` and require the application to assemble the correct string. For both [RFC6265](https://www.rfc-editor.org/rfc/rfc6265) cookies and HTTP headers using the [RFC8941](https://www.rfc-editor.org/rfc/rfc8941) structured fields syntax, non-ASCII content is handled using base64 encoding (`contentEncoding: "base64"`). Note that the standard base64-encoding alphabet includes non-URL-safe characters that are percent-encoded by RFC6570 expansion; serializing values through both encodings is NOT RECOMMENDED. While `contentEncoding` also supports the `base64url` encoding, which is URL-safe, the header and cookie RFCs do not mention this encoding. Most HTTP headers predate the structured field syntax, and a comprehensive assessment of their syntax and encoding rules is well beyond the scope of this specification. While [RFC8187](https://www.rfc-editor.org/rfc/rfc8187) recommends percent-encoding HTTP (header or trailer) field parameters, these parameters appear after a `;` character. With `style: "simple"`, that delimiter would itself be percent-encoded, violating the general HTTP field syntax. Using `style: "form"` with `in: "cookie"` is ambiguous for a single value, and incorrect for multiple values. This is true whether the multiple values are the result of using `explode: true` or not. This style is specified to be equivalent to RFC6570 form expansion which includes the `?` character (see [Appendix C](#appendix-c-using-rfc6570-based-serialization) for more details), which is not part of the cookie syntax. However, examples of this style in past versions of this specification have not included the `?` prefix, suggesting that the comparison is not exact. Because implementations that rely on an RFC6570 implementation and those that perform custom serialization based on the style example will produce different results, it is implementation-defined as to which of the two results is correct. For multiple values, `style: "form"` is always incorrect as name=value pairs in cookies are delimited by `;` (a semicolon followed by a space character) rather than `&`. ## Appendix E: Percent-Encoding and Form Media Types _**NOTE:** In this section, the `application/x-www-form-urlencoded` and `multipart/form-data` media types are abbreviated as `form-urlencoded` and `form-data`, respectively, for readability._ Percent-encoding is used in URIs and media types that derive their syntax from URIs. This process is concerned with three sets of characters, the names of which vary among specifications but are defined as follows for the purposes of this section: * _unreserved_ characters do not need to be percent-encoded; while it is safe to percent-encode them, doing so produces a URI that is [not normalized](https://datatracker.ietf.org/doc/html/rfc3986#section-6.2.2.2) * _reserved_ characters either have special behavior in the URI syntax (such as delimiting components) or are reserved for other specifications that need to define special behavior (e.g. `form-urlencoded` defines special behavior for `=`, `&`, and `+`) * _unsafe_ characters are known to cause problems when parsing URIs in certain environments Unless otherwise specified, this section uses RFC3986's definition of [reserved](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2) and [unreserved](https://datatracker.ietf.org/doc/html/rfc3986#section-2.3), and defines the unsafe set as all characters not included in either of those sets. ### Percent-Encoding and `form-urlencoded` Each URI component (such as the query string) considers some of the reserved characters to be unsafe, either because they serve as delimiters between the components (e.g. `#`), or (in the case of `[` and `]`) were historically considered globally unsafe but were later given reserved status for limited purposes. Reserved characters with no special meaning defined within a component can be left un-percent encoded. However, other specifications can define special meanings, requiring percent-encoding for those characters outside of the additional special meanings. The `form-urlencoded` media type defines special meanings for `=` and `&` as delimiters, and `+` as the replacement for the space character (instead of its percent-encoded form of `%20`). This means that while these three characters are reserved-but-allowed in query strings by RFC3986, they must be percent-encoded in `form-urlencoded` query strings except when used for their `form-urlencoded` purposes; see [Appendix C](#appendix-c-using-rfc6570-based-serialization) for an example of handling `+` in form values. ### Percent-Encoding and `form-data` [RFC7578](https://datatracker.ietf.org/doc/html/rfc7578#section-2) suggests RFC3986-based percent-encoding as a mechanism to keep text-based per-part header data such as file names within the ASCII character set. This suggestion was not part of older (pre-2015) specifications for `form-data`, so care must be taken to ensure interoperability. The `form-data` media type allows arbitrary text or binary data in its parts, so percent-encoding is not needed and is likely to cause interoperability problems unless the `Content-Type` of the part is defined to require it. ### Generating and Validating URIs and `form-urlencoded` Strings URI percent encoding and the `form-urlencoded` media type have complex specification histories spanning multiple revisions and, in some cases, conflicting claims of ownership by different standards bodies. Unfortunately, these specifications each define slightly different percent-encoding rules, which need to be taken into account if the URIs or `form-urlencoded` message bodies will be subject to strict validation. (Note that many URI parsers do not perform validation by default.) This specification normatively cites the following relevant standards: | Specification | Date | OAS Usage | Percent-Encoding | Notes | | ---- | ---- | ---- | ---- | ---- | | [RFC3986](https://www.rfc-editor.org/rfc/rfc3986) | 01/2005 | URI/URL syntax | [[RFC3986]] | obsoletes [[RFC1738]], [[RFC2396]] | | [RFC6570](https://www.rfc-editor.org/rfc/rfc6570) | 03/2012 | style-based serialization | [[RFC3986]] | does not use `+` for form‑urlencoded | | [RFC1866](https://datatracker.ietf.org/doc/html/rfc1866#section-8.2.1) | 11/1995 | content-based serialization | [[RFC1738]] | obsoleted by [[HTML401]] [Section 17.13.4.1](https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1), [[URL]] [Section 5](https://url.spec.whatwg.org/#urlencoded-serializing) | Style-based serialization is used in the [Parameter Object](#parameter-object) when `schema` is present, and in the [Encoding Object](#encoding-object) when at least one of `style`, `explode`, or `allowReserved` is present. See [Appendix C](#appendix-c-using-rfc6570-based-serialization) for more details of RFC6570's two different approaches to percent-encoding, including an example involving `+`. Content-based serialization is defined by the [Media Type Object](#media-type-object), and used with the [Parameter Object](#parameter-object) when the `content` field is present, and with the [Encoding Object](#encoding-object) based on the `contentType` field when the fields `style`, `explode`, and `allowReserved` are absent. Each part is encoded based on the media type (e.g. `text/plain` or `application/json`), and must then be percent-encoded for use in a `form-urlencoded` string. Note that content-based serialization for `form-data` does not expect or require percent-encoding in the data, only in per-part header values. #### Interoperability with Historical Specifications In most cases, generating query strings in strict compliance with [[RFC3986]] is sufficient to pass validation (including JSON Schema's `format: "uri"` and `format: "uri-reference"`), but some `form-urlencoded` implementations still expect the slightly more restrictive [[RFC1738]] rules to be used. Since all RFC1738-compliant URIs are compliant with RFC3986, applications needing to ensure historical interoperability SHOULD use RFC1738's rules. #### Interoperability with Web Browser Environments WHATWG is a [web browser-oriented](https://whatwg.org/faq#what-is-the-whatwg-working-on) standards group that has defined a "URL Living Standard" for parsing and serializing URLs in a browser context, including parsing and serializing `form-urlencoded` data. WHATWG's percent-encoding rules for query strings are different depending on whether the query string is [being treated as `form-urlencoded`](https://url.spec.whatwg.org/#application-x-www-form-urlencoded-percent-encode-set) (where it requires more percent-encoding than [[RFC1738]]) or [as part of the generic syntax](https://url.spec.whatwg.org/#query-percent-encode-set), where it allows characters that [[RFC3986]] forbids. Implementations needing maximum compatibility with web browsers SHOULD use WHATWG's `form-urlencoded` percent-encoding rules. However, they SHOULD NOT rely on WHATWG's less stringent generic query string rules, as the resulting URLs would fail RFC3986 validation, including JSON Schema's `format: uri` and `format: uri-reference`. ### Decoding URIs and `form-urlencoded` Strings The percent-decoding algorithm does not care which characters were or were not percent-decoded, which means that URIs percent-encoded according to any specification will be decoded correctly. Similarly, all `form-urlencoded` decoding algorithms simply add `+`-for-space handling to the percent-decoding algorithm, and will work regardless of the encoding specification used. However, care must be taken to use `form-urlencoded` decoding if `+` represents a space, and to use regular percent-decoding if `+` represents itself as a literal value. ### Percent-Encoding and Illegal or Reserved Delimiters The `[`, `]`, `|`, and space characters, which are used as delimiters for the `deepObject`, `pipeDelimited`, and `spaceDelimited` styles, respectively, all MUST be percent-encoded to comply with [[RFC3986]]. This requires users to pre-encode the character(s) in some other way in parameter names and values to distinguish them from the delimiter usage when using one of these styles. The space character is always illegal and encoded in some way by all implementations of all versions of the relevant standards. While one could use the `form-urlencoded` convention of `+` to distinguish spaces in parameter names and values from `spaceDelimited` delimiters encoded as `%20`, the specifications define the decoding as a single pass, making it impossible to distinguish the different usages in the decoded result. Some environments use `[`, `]`, and possibly `|` unencoded in query strings without apparent difficulties, and WHATWG's generic query string rules do not require percent-encoding them. Code that relies on leaving these delimiters unencoded, while using regular percent-encoding for them within names and values, is not guaranteed to be interoperable across all implementations. For maximum interoperability, it is RECOMMENDED to either define and document an additional escape convention while percent-encoding the delimiters for these styles, or to avoid these styles entirely. The exact method of additional encoding/escaping is left to the API designer, and is expected to be performed before serialization and encoding described in this specification, and reversed after this specification's encoding and serialization steps are reversed. This keeps it outside of the processes governed by this specification. ## Appendix F: Resolving Security Requirements in a Referenced Document This appendix shows how to retrieve an HTTP-accessible multi-document OpenAPI Description (OAD) and resolve a [Security Requirement Object](#security-requirement-object) in the referenced (non-entry) document. See [Resolving Implicit Connections](#resolving-implicit-connections) for more information. First, the [entry document](#openapi-description-structure) is where parsing begins. It defines the `MySecurity` security scheme to be JWT-based, and it defines a Path Item as a reference to a component in another document: ```HTTP GET /api/description/openapi HTTP/1.1 Host: www.example.com Accept: application/openapi+json ``` ```json "components": { "securitySchemes": { "MySecurity": { "type": "http", "scheme": "bearer", "bearerFormat": "JWT" } } }, "paths": { "/foo": { "$ref": "other#/components/pathItems/Foo" } } ``` ```HTTP GET /api/description/openapi HTTP/1.1 Host: www.example.com Accept: application/openapi+yaml ``` ```yaml components: securitySchemes: MySecurity: type: http scheme: bearer bearerFormat: JWT paths: /foo: $ref: 'other#/components/pathItems/Foo' ``` This entry document references another document, `other`, without using a file extension. This gives the client the flexibility to choose an acceptable format on a resource-by-resource basis, assuming both representations are available: ```HTTP GET /api/description/other HTTP/1.1 Host: www.example.com Accept: application/openapi+json ``` ```json "components": { "securitySchemes": { "MySecurity": { "type": "http", "scheme": "basic" } }, "pathItems": { "Foo": { "get": { "security": [ "MySecurity": [] ] } } } } ``` ```HTTP GET /api/description/other HTTP/1.1 Host: www.example.com Accept: application/openapi+yaml ``` ```yaml components: securitySchemes: MySecurity: type: http scheme: basic pathItems: Foo: get: security: - MySecurity: [] ``` In the `other` document, the referenced path item has a Security Requirement for a Security Scheme, `MySecurity`. The same Security Scheme exists in the original entry document. As outlined in [Resolving Implicit Connections](#resolving-implicit-connections), `MySecurity` is resolved with an [implementation-defined behavior](#undefined-and-implementation-defined-behavior). However, documented in that section, it is RECOMMENDED that tools resolve component names from the [entry document](#openapi-description-structure). As with all implementation-defined behavior, it is important to check tool documentation to determine which behavior is supported. OpenAPI-Specification-3.2.0/versions/3.1.2-editors.md000066400000000000000000000016401506330113000220200ustar00rootroot00000000000000# OpenAPI Specification Editors ## Active * Henry Andrews [@handrews](https://github.com/handrews) * Jeremy Whitlock [@whitlockjc](https://github.com/whitlockjc) * Karen Etheridge [@karenetheridge](https://github.com/karenetheridge) * Lorna Mitchell [@lornajane](https://github.com/lornajane) * Marsh Gardiner [@earth2marsh](https://github.com/earth2marsh) * Miguel Quintero [@miqui](https://github.com/miqui) * Mike Kistler [@mikekistler](https://github.com/mikekistler) * Ralf Handl [@ralfhandl](https://github.com/ralfhandl) * Vincent Biret [@baywet](https://github.com/baywet) ## Emeritus * Ron Ratovsky [@webron](https://github.com/webron) * Darrel Miller [@darrelmiller](https://github.com/darrelmiller) * Mike Ralphson [@MikeRalphson](https://github.com/MikeRalphson) * Uri Sarid [@usarid](https://github.com/usarid) * Jason Harmon [@jharmn](https://github.com/jharmn) * Tony Tam [@fehguy](https://github.com/fehguy) OpenAPI-Specification-3.2.0/versions/3.1.2.md000066400000000000000000006613011506330113000203570ustar00rootroot00000000000000# OpenAPI Specification ## Version 3.1.2 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [BCP 14](https://tools.ietf.org/html/bcp14) [RFC2119](https://tools.ietf.org/html/rfc2119) [RFC8174](https://tools.ietf.org/html/rfc8174) when, and only when, they appear in all capitals, as shown here. This document is licensed under [The Apache License, Version 2.0](https://www.apache.org/licenses/LICENSE-2.0.html). ## Introduction The OpenAPI Specification (OAS) defines a standard, language-agnostic interface to HTTP APIs which allows both humans and computers to discover and understand the capabilities of the service without access to source code, documentation, or through network traffic inspection. When properly defined, a consumer can understand and interact with the remote service with a minimal amount of implementation logic. An OpenAPI Description can then be used by documentation generation tools to display the API, code generation tools to generate servers and clients in various programming languages, testing tools, and many other use cases. For examples of OpenAPI usage and additional documentation, please visit [[?OpenAPI-Learn]]. For extension registries and other specifications published by the OpenAPI Initiative, as well as the authoritative rendering of this specification, please visit [spec.openapis.org](https://spec.openapis.org/). ## Definitions ### OpenAPI Description An OpenAPI Description (OAD) formally describes the surface of an API and its semantics. It is composed of an [entry document](#openapi-description-structure), which must be an OpenAPI Document, and any/all of its referenced documents. An OAD uses and conforms to the OpenAPI Specification, and MUST contain at least one [paths](#paths-object) field, [components](#oas-components) field, or [webhooks](#oas-webhooks) field. ### OpenAPI Document An OpenAPI Document is a single JSON or YAML document that conforms to the OpenAPI Specification. An OpenAPI Document compatible with OAS 3.\*.\* contains a required [`openapi`](#oas-version) field which designates the version of the OAS that it uses. ### Schema A "schema" is a formal description of syntax and structure. This document serves as the [schema](#schema) for the OpenAPI Specification format; a non-authoritative JSON Schema based on this document is also provided on [spec.openapis.org](https://spec.openapis.org) for informational purposes. This specification also _uses_ schemas in the form of the [Schema Object](#schema-object). ### Object When capitalized, the word "Object" refers to any of the Objects that are named by section headings in this document. ### Path Templating Path templating refers to the usage of template expressions, delimited by curly braces (`{}`), to mark a section of a URL path as replaceable using path parameters. Each template expression in the path MUST correspond to a path parameter that is included in the [Path Item](#path-item-object) itself and/or in each of the Path Item's [Operations](#operation-object). An exception is if the path item is empty, for example due to ACL constraints, matching path parameters are not required. The value for these path parameters MUST NOT contain any unescaped "generic syntax" characters described by [RFC3986](https://tools.ietf.org/html/rfc3986#section-3): forward slashes (`/`), question marks (`?`), or hashes (`#`). See [URL Percent-Encoding](#url-percent-encoding) for additional guidance on escaping characters. ### Media Types Media type definitions are spread across several resources. The media type definitions SHOULD be in compliance with [RFC6838](https://tools.ietf.org/html/rfc6838). Some examples of possible media type definitions: ```text text/plain; charset=utf-8 application/json application/vnd.github+json application/vnd.github.v3+json application/vnd.github.v3.raw+json application/vnd.github.v3.text+json application/vnd.github.v3.html+json application/vnd.github.v3.full+json application/vnd.github.v3.diff application/vnd.github.v3.patch ``` ### HTTP Status Codes The HTTP Status Codes are used to indicate the status of the executed operation. Status codes SHOULD be selected from the available status codes registered in the [IANA Status Code Registry](https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml). ### Case Sensitivity As most field names and values in the OpenAPI Specification are case-sensitive, this document endeavors to call out any case-insensitive names and values. However, the case sensitivity of field names and values that map directly to HTTP concepts follow the case sensitivity rules of HTTP, even if this document does not make a note of every concept. ### Undefined and Implementation-Defined Behavior This specification deems certain situations to have either _undefined_ or _implementation-defined_ behavior. Behavior described as _undefined_ is likely, at least in some circumstances, to result in outcomes that contradict the specification. This description is used when detecting the contradiction is impossible or impractical. Implementations MAY support undefined scenarios for historical reasons, including ambiguous text in prior versions of the specification. This support might produce correct outcomes in many cases, but relying on it is NOT RECOMMENDED as there is no guarantee that it will work across all tools or with future specification versions, even if those versions are otherwise strictly compatible with this one. Behavior described as _implementation-defined_ allows implementations to choose which of several different-but-compliant approaches to a requirement to implement. This documents ambiguous requirements that API description authors are RECOMMENDED to avoid in order to maximize interoperability. Unlike undefined behavior, it is safe to rely on implementation-defined behavior if _and only if_ it can be guaranteed that all relevant tools support the same behavior. ## Specification ### Versions The OpenAPI Specification is versioned using a `major`.`minor`.`patch` versioning scheme. The `major`.`minor` portion of the version string (for example `3.1`) SHALL designate the OAS feature set. _`.patch`_ versions address errors in, or provide clarifications to, this document, not the feature set. Tooling which supports OAS 3.1 SHOULD be compatible with all OAS 3.1.\* versions. The patch version SHOULD NOT be considered by tooling, making no distinction between `3.1.0` and `3.1.1` for example. Occasionally, non-backwards compatible changes may be made in `minor` versions of the OAS where impact is believed to be low relative to the benefit provided. ### Format An OpenAPI Document that conforms to the OpenAPI Specification is itself a JSON object, which may be represented either in JSON or YAML format. For example, if a field has an array value, the JSON array representation will be used: ```json { "field": [1, 2, 3] } ``` All field names in the specification are **case sensitive**. This includes all fields that are used as keys in a map, except where explicitly noted that keys are **case insensitive**. The [schema](#schema) exposes two types of fields: _fixed fields_, which have a declared name, and _patterned fields_, which have a declared pattern for the field name. Patterned fields MUST have unique names within the containing object. In order to preserve the ability to round-trip between YAML and JSON formats, YAML version [1.2](https://yaml.org/spec/1.2/spec.html) is RECOMMENDED along with some additional constraints: * Tags MUST be limited to those allowed by [YAML's JSON schema ruleset](https://yaml.org/spec/1.2/spec.html#id2803231), which defines a subset of the YAML syntax and is unrelated to [[JSON-Schema-2020-12|JSON Schema]]. * Keys used in YAML maps MUST be limited to a scalar string, as defined by the [YAML Failsafe schema ruleset](https://yaml.org/spec/1.2/spec.html#id2802346). **Note:** While APIs may be described by OpenAPI Descriptions in either YAML or JSON format, the API request and response bodies and other content are not required to be JSON or YAML. ### OpenAPI Description Structure An OpenAPI Description (OAD) MAY be made up of a single JSON or YAML document or be divided into multiple, connected parts at the discretion of the author. In the latter case, [Reference Object](#reference-object), [Path Item Object](#path-item-object) and [Schema Object](#schema-object) `$ref` fields, as well as the [Link Object](#link-object) `operationRef` field, and the URI form of the [Discriminator Object](#discriminator-object) `mapping` field, are used to identify the referenced elements. In a multi-document OAD, the document containing the OpenAPI Object where parsing begins is known as that OAD's **entry document**. It is RECOMMENDED that the entry document of an OAD be named: `openapi.json` or `openapi.yaml`. #### Parsing Documents In order to properly handle [Schema Objects](#schema-object), OAS 3.1 inherits the parsing requirements of [JSON Schema Specification Draft 2020-12](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-9), with appropriate modifications regarding base URIs as specified in [Relative References In URIs](#relative-references-in-api-description-uris). This includes a requirement to parse complete documents before deeming a Schema Object reference to be unresolvable, in order to detect keywords that might provide the reference target or impact the determination of the appropriate base URI. Implementations MAY support complete-document parsing in any of the following ways: * Detecting OpenAPI or JSON Schema documents using media types * Detecting OpenAPI documents through the root `openapi` field * Detecting JSON Schema documents through detecting keywords or otherwise successfully parsing the document in accordance with the JSON Schema specification * Detecting a document containing a referenceable Object at its root based on the expected type of the reference * Allowing users to configure the type of documents that might be loaded due to a reference to a non-root Object Implementations that parse referenced fragments of OpenAPI content without regard for the content of the rest of the containing document will miss keywords that change the meaning and behavior of the reference target. In particular, failing to take into account keywords that change the base URI introduces security risks by causing references to resolve to unintended URIs, with unpredictable results. While some implementations support this sort of parsing due to the requirements of past versions of this specification, in version 3.1, the result of parsing fragments in isolation is _undefined_ and likely to contradict the requirements of this specification. While it is possible to structure certain OpenAPI Descriptions to ensure that they will behave correctly when references are parsed as isolated fragments, depending on this is NOT RECOMMENDED. This specification does not explicitly enumerate the conditions under which such behavior is safe and provides no guarantee for continued safety in any future versions of the OAS. A special case of parsing fragments of OAS content would be if such fragments are embedded in another format, referred to as an _embedding format_ with respect to the OAS. Note that the OAS itself is an embedding format with respect to JSON Schema, which is embedded as Schema Objects. It is the responsibility of an embedding format to define how to parse embedded content, and OAS implementations that do not document support for an embedding format cannot be expected to parse embedded OAS content correctly. #### Structural Interoperability JSON or YAML objects within an OAD are interpreted as specific Objects (such as [Operation Objects](#operation-object), [Response Objects](#response-object), [Reference Objects](#reference-object), etc.) based on their context. Depending on how references are arranged, a given JSON or YAML object can be interpreted in multiple different contexts: * As the root object of the [entry document](#openapi-description-structure), which is always interpreted as an OpenAPI Object * As the Object type implied by its parent Object within the document * As a reference target, with the Object type matching the reference source's context If the same JSON/YAML object is parsed multiple times and the respective contexts require it to be parsed as _different_ Object types, the resulting behavior is _implementation defined_, and MAY be treated as an error if detected. An example would be referencing an empty Schema Object under `#/components/schemas` where a Path Item Object is expected, as an empty object is valid for both types. For maximum interoperability, it is RECOMMENDED that OpenAPI Description authors avoid such scenarios. #### Resolving Implicit Connections Several features of this specification require resolution of non-URI-based connections to some other part of the OpenAPI Description (OAD). These connections are unambiguously resolved in single-document OADs, but the resolution process in multi-document OADs is _implementation-defined_, within the constraints described in this section. In some cases, an unambiguous URI-based alternative is available, and OAD authors are RECOMMENDED to always use the alternative: | Source | Target | Alternative | | ---- | ---- | ---- | | [Security Requirement Object](#security-requirement-object) `{name}` | [Security Scheme Object](#security-scheme-object) name under the [Components Object](#components-object) | _n/a_ | | [Discriminator Object](#discriminator-object) `mapping` _(implicit, or explicit name syntax)_ | [Schema Object](#schema-object) name under the Components Object | `mapping` _(explicit URI syntax)_ | | [Operation Object](#operation-object) `tags` | [Tag Object](#tag-object) `name` (in the [OpenAPI Object](#openapi-object)'s `tags` array) | _n/a_ | | [Link Object](#link-object) `operationId` | [Operation Object](#operation-object) `operationId` | `operationRef` | A fifth implicit connection involves appending the templated URL paths of the [Paths Object](#paths-object) to the appropriate [Server Object](#server-object)'s `url` field. This is unambiguous because only the entry document's Paths Object contributes URLs to the described API. It is RECOMMENDED to consider all Operation Objects from all parsed documents when resolving any Link Object `operationId`. This requires parsing all referenced documents prior to determining an `operationId` to be unresolvable. The implicit connections in the Security Requirement Object and Discriminator Object rely on the _component name_, which is the name of the property holding the component in the appropriately typed sub-object of the Components Object. For example, the component name of the Schema Object at `#/components/schemas/Foo` is `Foo`. The implicit connection of `tags` in the Operation Object uses the `name` field of Tag Objects, which (like the Components Object) are found under the root OpenAPI Object. This means resolving component names and tag names both depend on starting from the correct OpenAPI Object. For resolving component and tag name connections from a referenced (non-entry) document, it is RECOMMENDED that tools resolve from the entry document, rather than the current document. This allows Security Scheme Objects and Tag Objects to be defined next to the API's deployment information (the top-level array of Server Objects), and treated as an interface for referenced documents to access. The interface approach can also work for Discriminator Objects and Schema Objects, but it is also possible to keep the Discriminator Object's behavior within a single document using the relative URI-reference syntax of `mapping`. There are no URI-based alternatives for the Security Requirement Object or for the Operation Object's `tags` field. These limitations are expected to be addressed in a future release. See [Appendix F: Resolving Security Requirements in a Referenced Document](#appendix-f-resolving-security-requirements-in-a-referenced-document) for an example of the possible resolutions, including which one is recommended by this section. The behavior for Discriminator Object non-URI mappings and for the Operation Object's `tags` field operate on the same principles. Note that no aspect of implicit connection resolution changes how [URIs are resolved](#relative-references-in-api-description-uris), or restricts their possible targets. ### Data Types Data types in the OAS are based on the types defined by the [JSON Schema Validation Specification Draft 2020-12](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-validation-00#section-6.1.1): "null", "boolean", "object", "array", "number", "string", or "integer". Models are defined using the [Schema Object](#schema-object), which is a superset of the JSON Schema Specification Draft 2020-12. JSON Schema keywords and `format` values operate on JSON "instances" which may be one of the six JSON data types, "null", "boolean", "object", "array", "number", or "string", with certain keywords and formats only applying to a specific type. For example, the `pattern` keyword and the `date-time` format only apply to strings, and treat any instance of the other five types as _automatically valid._ This means JSON Schema keywords and formats do **NOT** implicitly require the expected type. Use the `type` keyword to explicitly constrain the type. Note that the `type` keyword allows `"integer"` as a value for convenience, but keyword and format applicability does not recognize integers as being of a distinct JSON type from other numbers because [[RFC7159|JSON]] itself does not make that distinction. Since there is no distinct JSON integer type, JSON Schema defines integers mathematically. This means that both `1` and `1.0` are [equivalent](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-4.2.2), and are both considered to be integers. #### Data Type Format As defined by the [JSON Schema Validation specification](https://tools.ietf.org/html/draft-bhutton-json-schema-validation-00#section-7.3), data types can have an optional modifier keyword: `format`. As described in that specification, `format` is treated as a non-validating annotation by default; the ability to validate `format` varies across implementations. The OpenAPI Initiative also hosts a [Format Registry](https://spec.openapis.org/registry/format/) for formats defined by OAS users and other specifications. Support for any registered format is strictly OPTIONAL, and support for one registered format does not imply support for any others. Types that are not accompanied by a `format` keyword follow the type definition in the JSON Schema. Tools that do not recognize a specific `format` MAY default back to the `type` alone, as if the `format` is not specified. For the purpose of [JSON Schema validation](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-validation-00#section-7.1), each format should specify the set of JSON data types for which it applies. In this registry, these types are shown in the "JSON Data Type" column. The formats defined by the OAS are: | `format` | JSON Data Type | Comments | | ---- | ---- | ---- | | `int32` | number | signed 32 bits | | `int64` | number | signed 64 bits (a.k.a long) | | `float` | number | | | `double` | number | | | `password` | string | A hint to obscure the value. | As noted under [Data Type](#data-types), both `type: number` and `type: integer` are considered to be numbers in the data model. #### Working with Binary Data The OAS can describe either _raw_ or _encoded_ binary data. * **raw binary** is used where unencoded binary data is allowed, such as when sending a binary payload as the entire HTTP message body, or as part of a `multipart/*` payload that allows binary parts * **encoded binary** is used where binary data is embedded in a text-only format such as `application/json` or `application/x-www-form-urlencoded` (either as a message body or in the URL query string). In the following table showing how to use Schema Object keywords for binary data, we use `image/png` as an example binary media type. Any binary media type, including `application/octet-stream`, is sufficient to indicate binary content. | Keyword | Raw | Encoded | Comments | | ---- | ---- | ---- | ---- | | `type` | _omit_ | `string` | raw binary is [outside of `type`](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-4.2.3) | | `contentMediaType` | `image/png` | `image/png` | can sometimes be omitted if redundant (see below) | | `contentEncoding` | _omit_ | `base64` or `base64url` | other encodings are [allowed](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-validation-00#section-8.3) | Note that the encoding indicated by `contentEncoding`, which inflates the size of data in order to represent it as 7-bit ASCII text, is unrelated to HTTP's `Content-Encoding` header, which indicates whether and how a message body has been compressed and is applied after all content serialization described in this section has occurred. Since HTTP allows unencoded binary message bodies, there is no standardized HTTP header for indicating base64 or similar encoding of an entire message body. Using a `contentEncoding` of `base64url` ensures that URL encoding (as required in the query string and in message bodies of type `application/x-www-form-urlencoded`) does not need to further encode any part of the already-encoded binary data. The `contentMediaType` keyword is redundant if the media type is already set: * as the key for a [MediaType Object](#media-type-object) * in the `contentType` field of an [Encoding Object](#encoding-object) If the [Schema Object](#schema-object) will be processed by a non-OAS-aware JSON Schema implementation, it may be useful to include `contentMediaType` even if it is redundant. However, if `contentMediaType` contradicts a relevant Media Type Object or Encoding Object, then `contentMediaType` SHALL be ignored. The `maxLength` keyword MAY be used to set an expected upper bound on the length of a streaming payload. The keyword can be applied to either string data, including encoded binary data, or to unencoded binary data. For unencoded binary, the length is the number of octets. ##### Migrating binary descriptions from OAS 3.0 The following table shows how to migrate from OAS 3.0 binary data descriptions, continuing to use `image/png` as the example binary media type: | OAS < 3.1 | OAS 3.1 | Comments | | ---- | ---- | ---- | | type: string
format: binary | contentMediaType: image/png | if redundant, can be omitted, often resulting in an empty [Schema Object](#schema-object) | | type: string
format: byte | type: string
contentMediaType: image/png
contentEncoding: base64 | note that `base64url` can be used to avoid re-encoding the base64 string to be URL-safe | ### Rich Text Formatting Throughout the specification `description` fields are noted as supporting CommonMark markdown formatting. Where OpenAPI tooling renders rich text it MUST support, at a minimum, markdown syntax as described by [CommonMark 0.27](https://spec.commonmark.org/0.27/). Tooling MAY choose to ignore some CommonMark or extension features to address security concerns. While the framing of CommonMark 0.27 as a minimum requirement means that tooling MAY choose to implement extensions on top of it, note that any such extensions are by definition implementation-defined and will not be interoperable. OpenAPI Description authors SHOULD consider how text using such extensions will be rendered by tools that offer only the minimum support. ### Relative References in API Description URIs URIs used as references within an OpenAPI Description, or to external documentation or other supplementary information such as a license, are resolved as _identifiers_, and described by this specification as **_URIs_**. As noted under [Parsing Documents](#parsing-documents), this specification inherits JSON Schema Specification Draft 2020-12's requirements for [loading documents](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-9) and associating them with their expected URIs, which might not match their current location. This feature is used both for working in development or test environments without having to change the URIs, and for working within restrictive network configurations or security policies. Note that some URI fields are named `url` for historical reasons, but the descriptive text for those fields uses the correct "URI" terminology. Unless specified otherwise, all fields that are URIs MAY be relative references as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-4.2). Relative references in [Schema Objects](#schema-object), including any that appear as `$id` values, use the nearest parent `$id` as a Base URI, as described by [JSON Schema Specification Draft 2020-12](https://tools.ietf.org/html/draft-bhutton-json-schema-00#section-8.2). Relative URI references in other Objects, and in Schema Objects where no parent schema contains an `$id`, MUST be resolved using the referring document's base URI, which is determined in accordance with [[RFC3986]] [Section 5.1.2 – 5.1.4](https://tools.ietf.org/html/rfc3986#section-5.1.2). In practice, this is usually the retrieval URI of the document, which MAY be determined based on either its current actual location or a user-supplied expected location. If a URI contains a fragment identifier, then the fragment should be resolved per the fragment resolution mechanism of the referenced document. If the representation of the referenced document is JSON or YAML, then the fragment identifier SHOULD be interpreted as a JSON-Pointer as per [RFC6901](https://tools.ietf.org/html/rfc6901). Relative references in CommonMark hyperlinks are resolved in their rendered context, which might differ from the context of the API description. ### Relative References in API URLs API endpoints are by definition accessed as locations, and are described by this specification as **_URLs_**. Unless specified otherwise, all fields that are URLs MAY be relative references as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-4.2). Unless specified otherwise, relative references are resolved using the URLs defined in the [Server Object](#server-object) as a Base URL. Note that these themselves MAY be relative to the referring document. ### Schema This section describes the structure of the OpenAPI Description format. This text is the only normative description of the format. A JSON Schema is hosted on [spec.openapis.org](https://spec.openapis.org) for informational purposes. If the JSON Schema differs from this section, then this section MUST be considered authoritative. In the following description, if a field is not explicitly **REQUIRED** or described with a MUST or SHALL, it can be considered OPTIONAL. #### OpenAPI Object This is the root object of the [OpenAPI Description](#openapi-description). ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | openapi | `string` | **REQUIRED**. This string MUST be the [version number](#versions) of the OpenAPI Specification that the OpenAPI Document uses. The `openapi` field SHOULD be used by tooling to interpret the OpenAPI Document. This is _not_ related to the [`info.version`](#info-version) string, which is the version of the OpenAPI Document. | | info | [Info Object](#info-object) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. | | jsonSchemaDialect | `string` | The default value for the `$schema` keyword within [Schema Objects](#schema-object) contained within this OAS document. This MUST be in the form of a URI. | | servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` field is not provided, or is an empty array, the default value would be a [Server Object](#server-object) with a [url](#server-url) value of `/`. | | paths | [Paths Object](#paths-object) | The available paths and operations for the API. | | webhooks | Map[`string`, [Path Item Object](#path-item-object)] | The incoming webhooks that MAY be received as part of this API and that the API consumer MAY choose to implement. Closely related to the `callbacks` feature, this section describes requests initiated other than by an API call, for example by an out of band registration. The key name is a unique string to refer to each webhook, while the (optionally referenced) Path Item Object describes a request that may be initiated by the API provider and the expected responses. An [example](https://learn.openapis.org/examples/v3.1/webhook-example.html) is available. | | components | [Components Object](#components-object) | An element to hold various Objects for the OpenAPI Description. | | security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. Individual operations can override this definition. The list can be incomplete, up to being empty or absent. To make security explicitly optional, an empty security requirement (`{}`) can be included in the array. | | tags | [[Tag Object](#tag-object)] | A list of tags used by the OpenAPI Description with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation. | This object MAY be extended with [Specification Extensions](#specification-extensions). #### Info Object The object provides metadata about the API. The metadata MAY be used by the clients if needed, and MAY be presented in editing or documentation generation tools for convenience. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | title | `string` | **REQUIRED**. The title of the API. | | summary | `string` | A short summary of the API. | | description | `string` | A description of the API. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | termsOfService | `string` | A URI for the Terms of Service for the API. This MUST be in the form of a URI. | | contact | [Contact Object](#contact-object) | The contact information for the exposed API. | | license | [License Object](#license-object) | The license information for the exposed API. | | version | `string` | **REQUIRED**. The version of the OpenAPI Document (which is distinct from the [OpenAPI Specification version](#oas-version) or the version of the API being described or the version of the OpenAPI Description). | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Info Object Example ```json { "title": "Example Pet Store App", "summary": "A pet store manager.", "description": "This is an example server for a pet store.", "termsOfService": "https://example.com/terms/", "contact": { "name": "API Support", "url": "https://www.example.com/support", "email": "support@example.com" }, "license": { "name": "Apache 2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" }, "version": "1.0.1" } ``` ```yaml title: Example Pet Store App summary: A pet store manager. description: This is an example server for a pet store. termsOfService: https://example.com/terms/ contact: name: API Support url: https://www.example.com/support email: support@example.com license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html version: 1.0.1 ``` #### Contact Object Contact information for the exposed API. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | name | `string` | The identifying name of the contact person/organization. | | url | `string` | The URI for the contact information. This MUST be in the form of a URI. | | email | `string` | The email address of the contact person/organization. This MUST be in the form of an email address. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Contact Object Example ```json { "name": "API Support", "url": "https://www.example.com/support", "email": "support@example.com" } ``` ```yaml name: API Support url: https://www.example.com/support email: support@example.com ``` #### License Object License information for the exposed API. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | name | `string` | **REQUIRED**. The license name used for the API. | | identifier | `string` | An [SPDX](https://spdx.org/licenses/) license expression for the API. The `identifier` field is mutually exclusive of the `url` field. | | url | `string` | A URI for the license used for the API. This MUST be in the form of a URI. The `url` field is mutually exclusive of the `identifier` field. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### License Object Example ```json { "name": "Apache 2.0", "identifier": "Apache-2.0" } ``` ```yaml name: Apache 2.0 identifier: Apache-2.0 ``` #### Server Object An object representing a Server. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the document containing the Server Object is being served. Query and fragment MUST NOT be part of this URL. Variable substitutions will be made when a variable is named in `{`braces`}`. | | description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | variables | Map[`string`, [Server Variable Object](#server-variable-object)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Server Object Example A single server would be described as: ```json { "url": "https://development.gigantic-server.com/v1", "description": "Development server" } ``` ```yaml url: https://development.gigantic-server.com/v1 description: Development server ``` The following shows how multiple servers can be described, for example, at the OpenAPI Object's [`servers`](#oas-servers): ```json { "servers": [ { "url": "https://development.gigantic-server.com/v1", "description": "Development server" }, { "url": "https://staging.gigantic-server.com/v1", "description": "Staging server" }, { "url": "https://api.gigantic-server.com/v1", "description": "Production server" } ] } ``` ```yaml servers: - url: https://development.gigantic-server.com/v1 description: Development server - url: https://staging.gigantic-server.com/v1 description: Staging server - url: https://api.gigantic-server.com/v1 description: Production server ``` The following shows how variables can be used for a server configuration: ```json { "servers": [ { "url": "https://{username}.gigantic-server.com:{port}/{basePath}", "description": "The production API server", "variables": { "username": { "default": "demo", "description": "A user-specific subdomain. Use `demo` for a free sandbox environment." }, "port": { "enum": ["8443", "443"], "default": "8443" }, "basePath": { "default": "v2" } } } ] } ``` ```yaml servers: - url: https://{username}.gigantic-server.com:{port}/{basePath} description: The production API server variables: username: # note! no enum here means it is an open value default: demo description: A user-specific subdomain. Use `demo` for a free sandbox environment. port: enum: - '8443' - '443' default: '8443' basePath: # open meaning there is the opportunity to use special base paths as assigned by the provider, default is "v2" default: v2 ``` #### Server Variable Object An object representing a Server Variable for server URL template substitution. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | enum | [`string`] | An enumeration of string values to be used if the substitution options are from a limited set. The array MUST NOT be empty. | | default | `string` | **REQUIRED**. The default value to use for substitution, which SHALL be sent if an alternate value is _not_ supplied. If the [`enum`](#server-variable-enum) is defined, the value MUST exist in the enum's values. Note that this behavior is different from the [Schema Object](#schema-object)'s `default` keyword, which documents the receiver's behavior rather than inserting the value into the data. | | description | `string` | An optional description for the server variable. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | This object MAY be extended with [Specification Extensions](#specification-extensions). #### Components Object Holds a set of reusable objects for different aspects of the OAS. All objects defined within the Components Object will have no effect on the API unless they are explicitly referenced from outside the Components Object. ##### Fixed Fields | Field Name | Type | Description | | ---- | :---- | ---- | | schemas | Map[`string`, [Schema Object](#schema-object)] | An object to hold reusable [Schema Objects](#schema-object). | | responses | Map[`string`, [Response Object](#response-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Response Objects](#response-object). | | parameters | Map[`string`, [Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Parameter Objects](#parameter-object). | | examples | Map[`string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Example Objects](#example-object). | | requestBodies | Map[`string`, [Request Body Object](#request-body-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Request Body Objects](#request-body-object). | | headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Header Objects](#header-object). | | securitySchemes | Map[`string`, [Security Scheme Object](#security-scheme-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Security Scheme Objects](#security-scheme-object). | | links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Link Objects](#link-object). | | callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Callback Objects](#callback-object). | | pathItems | Map[`string`, [Path Item Object](#path-item-object)] | An object to hold reusable [Path Item Objects](#path-item-object). | This object MAY be extended with [Specification Extensions](#specification-extensions). All the fixed fields declared above are objects that MUST use keys that match the regular expression: `^[a-zA-Z0-9\.\-_]+$`. Field Name Examples: ```text User User_1 User_Name user-name my.org.User ``` ##### Components Object Example ```json "components": { "schemas": { "GeneralError": { "type": "object", "properties": { "code": { "type": "integer", "format": "int32" }, "message": { "type": "string" } } }, "Category": { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } } }, "Tag": { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } } } }, "parameters": { "skipParam": { "name": "skip", "in": "query", "description": "number of items to skip", "required": true, "schema": { "type": "integer", "format": "int32" } }, "limitParam": { "name": "limit", "in": "query", "description": "max records to return", "required": true, "schema" : { "type": "integer", "format": "int32" } } }, "responses": { "NotFound": { "description": "Entity not found." }, "IllegalInput": { "description": "Illegal input for operation." }, "GeneralError": { "description": "General Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GeneralError" } } } } }, "securitySchemes": { "api_key": { "type": "apiKey", "name": "api-key", "in": "header" }, "petstore_auth": { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "https://example.org/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } } } } ``` ```yaml components: schemas: GeneralError: type: object properties: code: type: integer format: int32 message: type: string Category: type: object properties: id: type: integer format: int64 name: type: string Tag: type: object properties: id: type: integer format: int64 name: type: string parameters: skipParam: name: skip in: query description: number of items to skip required: true schema: type: integer format: int32 limitParam: name: limit in: query description: max records to return required: true schema: type: integer format: int32 responses: NotFound: description: Entity not found. IllegalInput: description: Illegal input for operation. GeneralError: description: General Error content: application/json: schema: $ref: '#/components/schemas/GeneralError' securitySchemes: api_key: type: apiKey name: api-key in: header petstore_auth: type: oauth2 flows: implicit: authorizationUrl: https://example.org/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### Paths Object Holds the relative paths to the individual endpoints and their operations. The path is appended to the URL from the [Server Object](#server-object) in order to construct the full URL. The Paths Object MAY be empty, due to [Access Control List (ACL) constraints](#security-filtering). ##### Patterned Fields | Field Pattern | Type | Description | | ---- | :----: | ---- | | /{path} | [Path Item Object](#path-item-object) | A relative path to an individual endpoint. The field name MUST begin with a forward slash (`/`). The path is **appended** (no relative URL resolution) to the expanded URL from the [Server Object](#server-object)'s `url` field in order to construct the full URL. [Path templating](#path-templating) is allowed. When matching URLs, concrete (non-templated) paths would be matched before their templated counterparts. Templated paths with the same hierarchy but different templated names MUST NOT exist as they are identical. In case of ambiguous matching, it's up to the tooling to decide which one to use. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Path Templating Matching Assuming the following paths, the concrete definition, `/pets/mine`, will be matched first if used: ```text /pets/{petId} /pets/mine ``` The following paths are considered identical and invalid: ```text /pets/{petId} /pets/{name} ``` The following may lead to ambiguous resolution: ```text /{entity}/me /books/{id} ``` ##### Paths Object Example ```json { "/pets": { "get": { "description": "Returns all pets from the system that the user has access to", "responses": { "200": { "description": "A list of pets.", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/pet" } } } } } } } } } ``` ```yaml /pets: get: description: Returns all pets from the system that the user has access to responses: '200': description: A list of pets. content: application/json: schema: type: array items: $ref: '#/components/schemas/pet' ``` #### Path Item Object Describes the operations available on a single path. A Path Item MAY be empty, due to [ACL constraints](#security-filtering). The path itself is still exposed to the documentation viewer but they will not know which operations and parameters are available. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | $ref | `string` | Allows for a referenced definition of this path item. The value MUST be in the form of a URI, and the referenced structure MUST be in the form of a [Path Item Object](#path-item-object). In case a Path Item Object field appears both in the defined object and the referenced object, the behavior is undefined. See the rules for resolving [Relative References](#relative-references-in-api-description-uris).

_**Note:** The behavior of `$ref` with adjacent properties is likely to change in future versions of this specification to bring it into closer alignment with the behavior of the [Reference Object](#reference-object)._ | | summary | `string` | An optional string summary, intended to apply to all operations in this path. | | description | `string` | An optional string description, intended to apply to all operations in this path. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | get | [Operation Object](#operation-object) | A definition of a GET operation on this path. | | put | [Operation Object](#operation-object) | A definition of a PUT operation on this path. | | post | [Operation Object](#operation-object) | A definition of a POST operation on this path. | | delete | [Operation Object](#operation-object) | A definition of a DELETE operation on this path. | | options | [Operation Object](#operation-object) | A definition of a OPTIONS operation on this path. | | head | [Operation Object](#operation-object) | A definition of a HEAD operation on this path. | | patch | [Operation Object](#operation-object) | A definition of a PATCH operation on this path. | | trace | [Operation Object](#operation-object) | A definition of a TRACE operation on this path. | | servers | [[Server Object](#server-object)] | An alternative `servers` array to service all operations in this path. If a `servers` array is specified at the [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | | parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined in the [OpenAPI Object's `components.parameters`](#components-parameters). | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Path Item Object Example ```json { "get": { "description": "Returns pets based on ID", "summary": "Find pets by ID", "operationId": "getPetsById", "responses": { "200": { "description": "pet response", "content": { "*/*": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/Pet" } } } } }, "default": { "description": "error payload", "content": { "text/html": { "schema": { "$ref": "#/components/schemas/ErrorModel" } } } } } }, "parameters": [ { "name": "id", "in": "path", "description": "ID of pet to use", "required": true, "schema": { "type": "array", "items": { "type": "string" } }, "style": "simple" } ] } ``` ```yaml get: description: Returns pets based on ID summary: Find pets by ID operationId: getPetsById responses: '200': description: pet response content: '*/*': schema: type: array items: $ref: '#/components/schemas/Pet' default: description: error payload content: text/html: schema: $ref: '#/components/schemas/ErrorModel' parameters: - name: id in: path description: ID of pet to use required: true schema: type: array items: type: string style: simple ``` #### Operation Object Describes a single API operation on a path. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | tags | [`string`] | A list of tags for API documentation control. Tags can be used for logical grouping of operations by resources or any other qualifier. | | summary | `string` | A short summary of what the operation does. | | description | `string` | A verbose explanation of the operation behavior. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this operation. | | operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. The operationId value is **case-sensitive**. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is RECOMMENDED to follow common programming naming conventions. | | parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for this operation. If a parameter is already defined at the [Path Item](#path-item-parameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined in the [OpenAPI Object's `components.parameters`](#components-parameters). | | requestBody | [Request Body Object](#request-body-object) \| [Reference Object](#reference-object) | The request body applicable for this operation. The `requestBody` is fully supported in HTTP methods where the HTTP 1.1 specification [RFC7231](https://tools.ietf.org/html/rfc7231#section-4.3.1) has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague (such as [GET](https://tools.ietf.org/html/rfc7231#section-4.3.1), [HEAD](https://tools.ietf.org/html/rfc7231#section-4.3.2) and [DELETE](https://tools.ietf.org/html/rfc7231#section-4.3.5)), `requestBody` is permitted but does not have well-defined semantics and SHOULD be avoided if possible. | | responses | [Responses Object](#responses-object) | The list of possible responses as they are returned from executing this operation. | | callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callback-object) that describes a request that may be initiated by the API provider and the expected responses. | | deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. | | security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. To make security optional, an empty security requirement (`{}`) can be included in the array. This definition overrides any declared top-level [`security`](#oas-security). To remove a top-level security declaration, an empty array can be used. | | servers | [[Server Object](#server-object)] | An alternative `servers` array to service this operation. If a `servers` array is specified at the [Path Item Object](#path-item-servers) or [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Operation Object Example ```json { "tags": ["pet"], "summary": "Updates a pet in the store with form data", "operationId": "updatePetWithForm", "parameters": [ { "name": "petId", "in": "path", "description": "ID of pet that needs to be updated", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/x-www-form-urlencoded": { "schema": { "type": "object", "properties": { "name": { "description": "Updated name of the pet", "type": "string" }, "status": { "description": "Updated status of the pet", "type": "string" } }, "required": ["status"] } } } }, "responses": { "200": { "description": "Pet updated.", "content": { "application/json": {}, "application/xml": {} } }, "405": { "description": "Method Not Allowed", "content": { "application/json": {}, "application/xml": {} } } }, "security": [ { "petstore_auth": ["write:pets", "read:pets"] } ] } ``` ```yaml tags: - pet summary: Updates a pet in the store with form data operationId: updatePetWithForm parameters: - name: petId in: path description: ID of pet that needs to be updated required: true schema: type: string requestBody: content: application/x-www-form-urlencoded: schema: type: object properties: name: description: Updated name of the pet type: string status: description: Updated status of the pet type: string required: - status responses: '200': description: Pet updated. content: application/json: {} application/xml: {} '405': description: Method Not Allowed content: application/json: {} application/xml: {} security: - petstore_auth: - write:pets - read:pets ``` #### External Documentation Object Allows referencing an external resource for extended documentation. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | description | `string` | A description of the target documentation. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | url | `string` | **REQUIRED**. The URI for the target documentation. This MUST be in the form of a URI. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### External Documentation Object Example ```json { "description": "Find more info here", "url": "https://example.com" } ``` ```yaml description: Find more info here url: https://example.com ``` #### Parameter Object Describes a single operation parameter. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detailed examination of percent-encoding concerns, including interactions with the `application/x-www-form-urlencoded` query string format. ##### Parameter Locations There are four possible parameter locations specified by the `in` field: * path - Used together with [Path Templating](#path-templating), where the parameter value is actually part of the operation's URL. This does not include the host or base path of the API. For example, in `/items/{itemId}`, the path parameter is `itemId`. * query - Parameters that are appended to the URL. For example, in `/items?id=###`, the query parameter is `id`. * header - Custom headers that are expected as part of the request. Note that [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. * cookie - Used to pass a specific cookie value to the API. ##### Fixed Fields The rules for serialization of the parameter are specified in one of two ways. Parameter Objects MUST include either a `content` field or a `schema` field, but not both. See [Appendix B](#appendix-b-data-type-conversion) for a discussion of converting values of various types to string representations. ###### Common Fixed Fields These fields MAY be used with either `content` or `schema`. | Field Name | Type | Description | | ---- | :----: | ---- | | name | `string` | **REQUIRED**. The name of the parameter. Parameter names are _case sensitive_.
  • If [`in`](#parameter-in) is `"path"`, the `name` field MUST correspond to a template expression occurring within the [path](#paths-path) field in the [Paths Object](#paths-object). See [Path Templating](#path-templating) for further information.
  • If [`in`](#parameter-in) is `"header"` and the `name` field is `"Accept"`, `"Content-Type"` or `"Authorization"`, the parameter definition SHALL be ignored.
  • For all other cases, the `name` corresponds to the parameter name used by the [`in`](#parameter-in) field.
| | in | `string` | **REQUIRED**. The location of the parameter. Possible values are `"query"`, `"header"`, `"path"` or `"cookie"`. | | description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameter-in) is `"path"`, this field is **REQUIRED** and its value MUST be `true`. Otherwise, the field MAY be included and its default value is `false`. | | deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | | allowEmptyValue | `boolean` | If `true`, clients MAY pass a zero-length string value in place of parameters that would otherwise be omitted entirely, which the server SHOULD interpret as the parameter being unused. Default value is `false`. If [`style`](#parameter-style) is used, and if [behavior is _n/a_ (cannot be serialized)](#style-examples), the value of `allowEmptyValue` SHALL be ignored. Interactions between this field and the parameter's [Schema Object](#schema-object) are implementation-defined. This field is valid only for `query` parameters. Use of this field is NOT RECOMMENDED, and it is likely to be removed in a later revision. | This object MAY be extended with [Specification Extensions](#specification-extensions). Note that while `"Cookie"` as a `name` is not forbidden if `in` is `"header"`, the effect of defining a cookie parameter that way is undefined; use `in: "cookie"` instead. ###### Fixed Fields for use with `schema` For simpler scenarios, a [`schema`](#parameter-schema) and [`style`](#parameter-style) can describe the structure and syntax of the parameter. When `example` or `examples` are provided in conjunction with the `schema` field, the example SHOULD match the specified schema and follow the prescribed serialization strategy for the parameter. The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. When serializing `in: "header"` parameters with `schema`, URI percent-encoding MUST NOT be applied; if using an RFC6570 implementation that automatically applies it, it MUST be removed before use. Implementations MUST pass header values through unchanged rather than attempting to automatically quote header values, as the quoting rules vary too widely among different headers; see [Appendix D](#appendix-d-serializing-headers-and-cookies) for guidance on quoting and escaping. Serializing with `schema` is NOT RECOMMENDED for `in: "cookie"` parameters; see [Appendix D](#appendix-d-serializing-headers-and-cookies) for details. | Field Name | Type | Description | | ---- | :----: | ---- | | style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `"query"` - `"form"`; for `"path"` - `"simple"`; for `"header"` - `"simple"`; for `"cookie"` - `"form"`. | | explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters this field has no effect. When [`style`](#parameter-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. | | allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see [URL Percent-Encoding](#url-percent-encoding) for details. This field only applies to parameters with an `in` value of `query`. The default value is `false`. | | schema | [Schema Object](#schema-object) | The schema defining the type used for the parameter. | | example | Any | Example of the parameter's potential value; see [Working With Examples](#working-with-examples). | | examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the parameter's potential value; see [Working With Examples](#working-with-examples). | See also [Appendix C: Using RFC6570-Based Serialization](#appendix-c-using-rfc6570-based-serialization) for additional guidance. ###### Fixed Fields for use with `content` For more complex scenarios, the [`content`](#parameter-content) field can define the media type and schema of the parameter, as well as give examples of its use. Using `content` with a `text/plain` media type is RECOMMENDED for `in: "cookie"` parameters where the `schema` strategy's percent-encoding and/or delimiter rules are not appropriate. | Field Name | Type | Description | | ---- | :----: | ---- | | content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing the representations for the parameter. The key is the media type and the value describes it. The map MUST only contain one entry. | ##### Style Values In order to support common ways of serializing simple parameters, a set of `style` values are defined. | `style` | [`type`](#data-types) | `in` | Comments | | ---- | ---- | ---- | ---- | | matrix | `primitive`, `array`, `object` | `path` | Path-style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.7) | | label | `primitive`, `array`, `object` | `path` | Label style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.5) | | simple | `primitive`, `array`, `object` | `path`, `header` | Simple style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.2). This option replaces `collectionFormat` with a `csv` value from OpenAPI 2.0. | | form | `primitive`, `array`, `object` | `query`, `cookie` | Form style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.8). This option replaces `collectionFormat` with a `csv` (when `explode` is false) or `multi` (when `explode` is true) value from OpenAPI 2.0. | | spaceDelimited | `array`, `object` | `query` | Space separated array values or object properties and values. This option replaces `collectionFormat` equal to `ssv` from OpenAPI 2.0. | | pipeDelimited | `array`, `object` | `query` | Pipe separated array values or object properties and values. This option replaces `collectionFormat` equal to `pipes` from OpenAPI 2.0. | | deepObject | `object` | `query` | Allows objects with scalar properties to be represented using form parameters. The representation of array or object properties is not defined. | ##### URL Percent-Encoding All API URLs MUST successfully parse and percent-decode using [[RFC3986]] rules. Content in the `application/x-www-form-urlencoded` format, including query strings produced by [Parameter Objects](#parameter-object) with `in: "query"`, MUST also successfully parse and percent-decode using [[RFC1866]] rules, including treating non-percent-encoded `+` as an escaped space character. These requirements are specified in terms of percent-_decoding_ rules, which are consistently tolerant across different versions of the various standards that apply to URIs. Percent-_encoding_ is performed in several places: * By [[RFC6570]] implementations (or simulations thereof; see [Appendix C](#appendix-c-using-rfc6570-based-serialization)) * By the Parameter or [Encoding](#encoding-object) Objects when incorporating a value serialized with a [Media Type Object](#media-type-object) for a media type that does not already incorporate URI percent-encoding * By the user, prior to passing data through RFC6570's reserved expansion process When percent-encoding, the safest approach is to percent-encode all characters not in RFC3986's "unreserved" set, and for `form-urlencoded` to also percent-encode the tilde character (`~`) to align with the historical requirements of [[RFC1738]], which is cited by RFC1866. This approach is used in examples in this specification. For `form-urlencoded`, while the encoding algorithm given by RFC1866 requires escaping the space character as `+`, percent-encoding it as `%20` also meets the above requirements. Examples in this specification will prefer `%20` when using RFC6570's default (non-reserved) form-style expansion, and `+` otherwise. Reserved characters MUST NOT be percent-encoded when being used for reserved purposes such as `&=+` for `form-urlencoded` or `,` for delimiting non-exploded array and object values in RFC6570 expansions. The result of inserting non-percent-encoded delimiters into data using manual percent-encoding, including via RFC6570's reserved expansion rules, is undefined and will likely prevent implementations from parsing the results back into the correct data structures. In some cases, such as inserting `/` into path parameter values, doing so is [explicitly forbidden](#path-templating) by this specification. See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a thorough discussion of percent-encoding options, compatibility, and OAS-defined delimiters that are not allowed by RFC3986, and [Appendix C](#appendix-c-using-rfc6570-based-serialization) for guidance on using RFC6570 implementations. ##### Serialization and Examples The rules in this section apply to both the Parameter and [Header](#header-object) Objects, both of which use the same mechanisms. When showing serialized examples using the `example` field or [Example Objects](#example-object), in most cases the value to show is just the value, with all relevant percent-encoding or other encoding/escaping applied, and also including any delimiters produced by the `style` and `explode` configuration. In cases where the name is an inherent part of constructing the serialization, such as the `name=value` pairs produced by `style: "form"` or the combination of `style: "simple", explode: true`, the name and any delimiter between the name and value MUST be included. The `matrix` and `label` styles produce a leading delimiter which is always a valid part of the serialization and MUST be included. The RFC6570 operators corresponding to `style: "form"` produce a leading delimiter of either `?` or `&` depending on the exact syntax used. As the suitability of either delimiter depends on where in the query string the parameter occurs, as well as whether it is in a URI or in `application/x-www-form-urlencoded` content, this leading delimiter MUST NOT be included in examples of individual parameters or media type documents. For `in: "cookie", style: "form"`, neither the `&` nor `?` delimiters are ever correct; see [Appendix D: Serializing Headers and Cookies](#appendix-d-serializing-headers-and-cookies) for more details. For headers, the header name MUST NOT be included as part of the serialization, as it is never part of the RFC6570-derived result. However, names produced by `style: "simple", explode: "true"` are included as they appear within the header value, not as separate headers. The following section illustrates these rules. ##### Style Examples Assume a parameter named `color` has one of the following values: ```js string -> "blue" array -> ["blue", "black", "brown"] object -> { "R": 100, "G": 200, "B": 150 } ``` The following table shows serialized examples, as would be shown with the `example` or `examples` keywords, of the different serializations for each value. * The value _empty_ denotes the empty string, and is unrelated to the `allowEmptyValue` field. * The behavior of combinations marked _n/a_ is undefined. * The `undefined` column replaces the `empty` column in previous versions of this specification in order to better align with [RFC6570](https://www.rfc-editor.org/rfc/rfc6570.html#section-2.3) terminology, which describes certain values including but not limited to `null` as "undefined" values with special handling; notably, the empty string is _not_ undefined. * For `form` and the non-RFC6570 query string styles `spaceDelimited`, `pipeDelimited`, and `deepObject`, see [Appendix C](#appendix-c-using-rfc6570-based-serialization) for more information on constructing query strings from multiple parameters, and [Appendix D](#appendix-d-serializing-headers-and-cookies) for warnings regarding `form` and cookie parameters. * The examples are percent-encoded as explained in the [URL Percent-Encoding](#url-percent-encoding) section above; see [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a thorough discussion of percent-encoding concerns, including why unencoded `|` (`%7C`), `[` (`%5B`), and `]` (`%5D`) seem to work in some environments despite not being compliant. | [`style`](#style-values) | `explode` | `undefined` | `string` | `array` | `object` | | ---- | ---- | ---- | ---- | ---- | ---- | | matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 | | matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 | | label | false | . | .blue | .blue,black,brown | .R,100,G,200,B,150 | | label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 | | simple | false | _empty_ | blue | blue,black,brown | R,100,G,200,B,150 | | simple | true | _empty_ | blue | blue,black,brown | R=100,G=200,B=150 | | form | false | color= | color=blue | color=blue,black,brown | color=R,100,G,200,B,150 | | form | true | color= | color=blue | color=blue&color=black&color=brown | R=100&G=200&B=150 | | spaceDelimited | false | _n/a_ | _n/a_ | color=blue%20black%20brown | color=R%20100%20G%20200%20B%20150 | | spaceDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | | pipeDelimited | false | _n/a_ | _n/a_ | color=blue%7Cblack%7Cbrown | color=R%7C100%7CG%7C200%7CB%7C150 | | pipeDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | | deepObject | false | _n/a_ | _n/a_ | _n/a_ | _n/a_ | | deepObject | true | _n/a_ | _n/a_ | _n/a_ | color%5BR%5D=100&color%5BG%5D=200&color%5BB%5D=150 | ##### Parameter Object Examples A header parameter with an array of 64-bit integer numbers: ```json { "name": "token", "in": "header", "description": "token to be passed as a header", "required": true, "schema": { "type": "array", "items": { "type": "integer", "format": "int64" } }, "style": "simple" } ``` ```yaml name: token in: header description: token to be passed as a header required: true schema: type: array items: type: integer format: int64 style: simple ``` A path parameter of a string value: ```json { "name": "username", "in": "path", "description": "username to fetch", "required": true, "schema": { "type": "string" } } ``` ```yaml name: username in: path description: username to fetch required: true schema: type: string ``` An optional query parameter of a string value, allowing multiple values by repeating the query parameter: ```json { "name": "id", "in": "query", "description": "ID of the object to fetch", "required": false, "schema": { "type": "array", "items": { "type": "string" } }, "style": "form", "explode": true } ``` ```yaml name: id in: query description: ID of the object to fetch required: false schema: type: array items: type: string style: form explode: true ``` A free-form query parameter, allowing undefined parameters of a specific type: ```json { "in": "query", "name": "freeForm", "schema": { "type": "object", "additionalProperties": { "type": "integer" } }, "style": "form" } ``` ```yaml in: query name: freeForm schema: type: object additionalProperties: type: integer style: form ``` A complex parameter using `content` to define serialization: ```json { "in": "query", "name": "coordinates", "content": { "application/json": { "schema": { "type": "object", "required": ["lat", "long"], "properties": { "lat": { "type": "number" }, "long": { "type": "number" } } } } } } ``` ```yaml in: query name: coordinates content: application/json: schema: type: object required: - lat - long properties: lat: type: number long: type: number ``` #### Request Body Object Describes a single request body. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | description | `string` | A brief description of the request body. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | content | Map[`string`, [Media Type Object](#media-type-object)] | **REQUIRED**. The content of the request body. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. The map SHOULD have at least one entry; if it does not, the behavior is implementation-defined. For requests that match multiple keys, only the most specific key is applicable. e.g. `"text/plain"` overrides `"text/*"` | | required | `boolean` | Determines if the request body is required in the request. Defaults to `false`. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Request Body Examples A request body with a referenced schema definition. ```json { "description": "user to add to the system", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/User" }, "examples": { "user": { "summary": "User Example", "externalValue": "https://foo.bar/examples/user-example.json" } } }, "application/xml": { "schema": { "$ref": "#/components/schemas/User" }, "examples": { "user": { "summary": "User example in XML", "externalValue": "https://foo.bar/examples/user-example.xml" } } }, "text/plain": { "examples": { "user": { "summary": "User example in Plain text", "externalValue": "https://foo.bar/examples/user-example.txt" } } }, "*/*": { "examples": { "user": { "summary": "User example in other format", "externalValue": "https://foo.bar/examples/user-example.whatever" } } } } } ``` ```yaml description: user to add to the system content: application/json: schema: $ref: '#/components/schemas/User' examples: user: summary: User example externalValue: https://foo.bar/examples/user-example.json application/xml: schema: $ref: '#/components/schemas/User' examples: user: summary: User example in XML externalValue: https://foo.bar/examples/user-example.xml text/plain: examples: user: summary: User example in plain text externalValue: https://foo.bar/examples/user-example.txt '*/*': examples: user: summary: User example in other format externalValue: https://foo.bar/examples/user-example.whatever ``` #### Media Type Object Each Media Type Object provides schema and examples for the media type identified by its key. When `example` or `examples` are provided, the example SHOULD match the specified schema and be in the correct format as specified by the media type and its encoding. The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. See [Working With Examples](#working-with-examples) for further guidance regarding the different ways of specifying examples, including non-JSON/YAML values. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | schema | [Schema Object](#schema-object) | The schema defining the content of the request, response, parameter, or header. | | example | Any | Example of the media type; see [Working With Examples](#working-with-examples). | | examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the media type; see [Working With Examples](#working-with-examples). | | encoding | Map[`string`, [Encoding Object](#encoding-object)] | A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The `encoding` field SHALL only apply to [Request Body Objects](#request-body-object), and only when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Media Type Examples ```json { "application/json": { "schema": { "$ref": "#/components/schemas/Pet" }, "examples": { "cat": { "summary": "An example of a cat", "value": { "name": "Fluffy", "petType": "Cat", "color": "White", "gender": "male", "breed": "Persian" } }, "dog": { "summary": "An example of a dog with a cat's name", "value": { "name": "Puma", "petType": "Dog", "color": "Black", "gender": "Female", "breed": "Mixed" } }, "frog": { "$ref": "#/components/examples/frog-example" } } } } ``` ```yaml application/json: schema: $ref: '#/components/schemas/Pet' examples: cat: summary: An example of a cat value: name: Fluffy petType: Cat color: White gender: male breed: Persian dog: summary: An example of a dog with a cat's name value: name: Puma petType: Dog color: Black gender: Female breed: Mixed frog: $ref: '#/components/examples/frog-example' ``` ##### Considerations for File Uploads In contrast to OpenAPI 2.0, `file` input/output content in OAS 3.x is described with the same semantics as any other schema type. In contrast to OAS 3.0, the `format` keyword has no effect on the content-encoding of the schema in OAS 3.1. Instead, JSON Schema's `contentEncoding` and `contentMediaType` keywords are used. See [Working With Binary Data](#working-with-binary-data) for how to model various scenarios with these keywords, and how to migrate from the previous `format` usage. Examples: Content transferred in binary (octet-stream) MAY omit `schema`: ```yaml # a PNG image as a binary file: content: image/png: {} ``` ```yaml # an arbitrary binary file: content: application/octet-stream: {} ``` ```yaml # arbitrary JSON without constraints beyond being syntactically valid: content: application/json: {} ``` These examples apply to either input payloads of file uploads or response payloads. A `requestBody` for submitting a file in a `POST` operation may look like the following example: ```yaml requestBody: content: application/octet-stream: {} ``` In addition, specific media types MAY be specified: ```yaml # multiple, specific media types may be specified: requestBody: content: # a binary file of type png or jpeg image/jpeg: {} image/png: {} ``` To upload multiple files, a `multipart` media type MUST be used as shown under [Example: Multipart Form with Multiple Files](#example-multipart-form-with-multiple-files). ##### Support for x-www-form-urlencoded Request Bodies See [Encoding the `x-www-form-urlencoded` Media Type](#encoding-the-x-www-form-urlencoded-media-type) for guidance and examples, both with and without the `encoding` field. ##### Special Considerations for `multipart` Content See [Encoding `multipart` Media Types](#encoding-multipart-media-types) for further guidance and examples, both with and without the `encoding` field. #### Encoding Object A single encoding definition applied to a single schema property. See [Appendix B](#appendix-b-data-type-conversion) for a discussion of converting values of various types to string representations. Properties are correlated with `multipart` parts using the [`name` parameter](https://www.rfc-editor.org/rfc/rfc7578#section-4.2) of `Content-Disposition: form-data`, and with `application/x-www-form-urlencoded` using the query string parameter names. In both cases, their order is implementation-defined. See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detailed examination of percent-encoding concerns for form media types. ##### Fixed Fields ###### Common Fixed Fields These fields MAY be used either with or without the RFC6570-style serialization fields defined in the next section below. | Field Name | Type | Description | | ---- | :----: | ---- | | contentType | `string` | The `Content-Type` for encoding a specific property. The value is a comma-separated list, each element of which is either a specific media type (e.g. `image/png`) or a wildcard media type (e.g. `image/*`). Default value depends on the property type as shown in the table below. | | headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | A map allowing additional information to be provided as headers. `Content-Type` is described separately and SHALL be ignored in this section. This field SHALL be ignored if the request body media type is not a `multipart`. | This object MAY be extended with [Specification Extensions](#specification-extensions). The default values for `contentType` are as follows, where an _n/a_ in the `contentEncoding` column means that the presence or value of `contentEncoding` is irrelevant: | `type` | `contentEncoding` | Default `contentType` | | ---- | ---- | ---- | | [_absent_](#working-with-binary-data) | _n/a_ | `application/octet-stream` | | `string` | _present_ | `application/octet-stream` | | `string` | _absent_ | `text/plain` | | `number`, `integer`, or `boolean` | _n/a_ | `text/plain` | | `object` | _n/a_ | `application/json` | | `array` | _n/a_ | according to the `type` of the `items` schema | Determining how to handle a `type` value of `null` depends on how `null` values are being serialized. If `null` values are entirely omitted, then the `contentType` is irrelevant. See [Appendix B](#appendix-b-data-type-conversion) for a discussion of data type conversion options. ###### Fixed Fields for RFC6570-style Serialization | Field Name | Type | Description | | ---- | :----: | ---- | | style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameter-object) for details on the [`style`](#parameter-style) field. The behavior follows the same values as `query` parameters, including the default value of `"form"` which applies only when `contentType` is _not_ being used due to one or both of `explode` or `allowReserved` being explicitly specified. Note that the initial `?` used in query strings is not used in `application/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded` or `multipart/form-data`. If a value is explicitly defined, then the value of [`contentType`](#encoding-content-type) (implicit or explicit) SHALL be ignored. | | explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties this field has no effect. When [`style`](#encoding-style) is `"form"`, the default value is `true`. For all other styles, the default value is `false`. Note that despite `false` being the default for `deepObject`, the combination of `false` with `deepObject` is undefined. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded` or `multipart/form-data`. If a value is explicitly defined, then the value of [`contentType`](#encoding-content-type) (implicit or explicit) SHALL be ignored. | | allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are [not allowed in the query string](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4) (`[`, `]`, `#`), or have a special meaning in `application/x-www-form-urlencoded` (`-`, `&`, `+`); see [URL Percent-Encoding](#url-percent-encoding) for details. The default value is `false`. This field SHALL be ignored if the request body media type is not `application/x-www-form-urlencoded` or `multipart/form-data`. If a value is explicitly defined, then the value of [`contentType`](#encoding-content-type) (implicit or explicit) SHALL be ignored. | When using RFC6570-style serialization for `multipart/form-data`, URI percent-encoding MUST NOT be applied, and the value of `allowReserved` has no effect. See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-based-serialization) for additional guidance. Note that the presence of at least one of `style`, `explode`, or `allowReserved` with an explicit value is equivalent to using `schema` with `in: "query"` Parameter Objects. The absence of all three of those fields is the equivalent of using `content`, but with the media type specified in `contentType` rather than through a Media Type Object. ##### Encoding the `x-www-form-urlencoded` Media Type To submit content using form url encoding via [RFC1866](https://tools.ietf.org/html/rfc1866), use the `application/x-www-form-urlencoded` media type in the [Media Type Object](#media-type-object) under the [Request Body Object](#request-body-object). This configuration means that the request body MUST be encoded per [RFC1866](https://tools.ietf.org/html/rfc1866) when passed to the server, after any complex objects have been serialized to a string representation. See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detailed examination of percent-encoding concerns for form media types. ###### Example: URL Encoded Form with JSON Values When there is no [`encoding`](#media-type-encoding) field, the serialization strategy is based on the Encoding Object's default values: ```yaml requestBody: content: application/x-www-form-urlencoded: schema: type: object properties: id: type: string format: uuid address: # complex types are stringified to support RFC 1866 type: object properties: {} ``` With this example, consider an `id` of `f81d4fae-7dec-11d0-a765-00a0c91e6bf6` and a US-style address (with ZIP+4) as follows: ```json { "streetAddress": "123 Example Dr.", "city": "Somewhere", "state": "CA", "zip": "99999+1234" } ``` Assuming the most compact representation of the JSON value (with unnecessary whitespace removed), we would expect to see the following request body, where space characters have been replaced with `+` and `+`, `"`, `:`, `,`, `{`, and `}` have been percent-encoded to `%2B`, `%22`, `%3A`, `%2C`, `%7B`, and `%7D`, respectively: ```uri id=f81d4fae-7dec-11d0-a765-00a0c91e6bf6&address=%7B%22streetAddress%22%3A%22123+Example+Dr.%22%2C%22city%22%3A%22Somewhere%22%2C%22state%22%3A%22CA%22%2C%22zip%22%3A%2299999%2B1234%22%7D ``` Note that the `id` keyword is treated as `text/plain` per the [Encoding Object](#encoding-object)'s default behavior, and is serialized as-is. If it were treated as `application/json`, then the serialized value would be a JSON string including quotation marks, which would be percent-encoded as `%22`. Here is the `id` parameter (without `address`) serialized as `application/json` instead of `text/plain`, and then encoded per RFC1866: ```uri id=%22f81d4fae-7dec-11d0-a765-00a0c91e6bf6%22 ``` ###### Example: URL Encoded Form with Binary Values Note that `application/x-www-form-urlencoded` is a text format, which requires base64-encoding any binary data: ```YAML requestBody: content: application/x-www-form-urlencoded: schema: type: object properties: name: type: string icon: # The default content type with `contentEncoding` present # is "application/octet-stream", so we need to set the correct # image media type(s) in the Encoding Object. type: string contentEncoding: base64url encoding: icon: contentType: image/png, image/jpeg ``` Given a name of `example` and a solid red 2x2-pixel PNG for `icon`, this would produce a request body of: ```uri name=example&icon=iVBORw0KGgoAAAANSUhEUgAAAAIAAAACCAIAAAD91JpzAAAABGdBTUEAALGPC_xhBQAAADhlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAAqACAAQAAAABAAAAAqADAAQAAAABAAAAAgAAAADO0J6QAAAAEElEQVQIHWP8zwACTGCSAQANHQEDqtPptQAAAABJRU5ErkJggg%3D%3D ``` Note that the `=` padding characters at the end need to be percent-encoded, even with the "URL safe" `contentEncoding: base64url`. Some base64-decoding implementations may be able to use the string without the padding per [RFC4648](https://datatracker.ietf.org/doc/html/rfc4648#section-3.2). However, this is not guaranteed, so it may be more interoperable to keep the padding and rely on percent-decoding. ##### Encoding `multipart` Media Types It is common to use `multipart/form-data` as a `Content-Type` when transferring forms as request bodies. In contrast to OpenAPI 2.0, a `schema` is REQUIRED to define the input parameters to the operation when using `multipart` content. This supports complex structures as well as supporting mechanisms for multiple file uploads. The `form-data` disposition and its `name` parameter are mandatory for `multipart/form-data` ([RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.2)). Array properties are handled by applying the same `name` to multiple parts, as is recommended by [RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.3) for supplying multiple values per form field. See [RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-5) for guidance regarding non-ASCII part names. Various other `multipart` types, most notable `multipart/mixed` ([RFC2046](https://www.rfc-editor.org/rfc/rfc2046.html#section-5.1.3)) neither require nor forbid specific `Content-Disposition` values, which means care must be taken to ensure that any values used are supported by all relevant software. It is not currently possible to correlate schema properties with unnamed, ordered parts in media types such as `multipart/mixed`, but implementations MAY choose to support such types when `Content-Disposition: form-data` is used with a `name` parameter. Note that there are significant restrictions on what headers can be used with `multipart` media types in general ([RFC2046](https://www.rfc-editor.org/rfc/rfc2046.html#section-5.1)) and `multi-part/form-data` in particular ([RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.8)). Note also that `Content-Transfer-Encoding` is deprecated for `multipart/form-data` ([RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.7)) where binary data is supported, as it is in HTTP. Using `contentEncoding` for a multipart field is equivalent to specifying an [Encoding Object](#encoding-object) with a `headers` field containing `Content-Transfer-Encoding` with a schema that requires the value used in `contentEncoding`. If `contentEncoding` is used for a multipart field that has an Encoding Object with a `headers` field containing `Content-Transfer-Encoding` with a schema that disallows the value from `contentEncoding`, the result is undefined for serialization and parsing. Note that as stated in [Working with Binary Data](#working-with-binary-data), if the Encoding Object's `contentType`, whether set explicitly or implicitly through its default value rules, disagrees with the `contentMediaType` in a Schema Object, the `contentMediaType` SHALL be ignored. Because of this, and because the Encoding Object's `contentType` defaulting rules do not take the Schema Object's`contentMediaType` into account, the use of `contentMediaType` with an Encoding Object is NOT RECOMMENDED. See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detailed examination of percent-encoding concerns for form media types. ###### Example: Basic Multipart Form When the `encoding` field is _not_ used, the encoding is determined by the Encoding Object's defaults: ```yaml requestBody: content: multipart/form-data: schema: type: object properties: # default content type for a string without `contentEncoding` # is "text/plain" id: type: string format: uuid # default content type for a schema without `type` # is "application/octet-stream" profileImage: {} # default content type for arrays is based on the type # in the `items` subschema, which is an object here, # so the default content type for each item is "application/json" addresses: type: array items: $ref: '#/components/schemas/Address' ``` ###### Example: Multipart Form with Encoding Objects Using `encoding`, we can set more specific types for binary data, or non-JSON formats for complex values. We can also describe headers for each part: ```yaml requestBody: content: multipart/form-data: schema: type: object properties: # No Encoding Object, so use default "text/plain" id: type: string format: uuid # Encoding Object overrides the default "application/json" content type # for each item in the array with "application/xml; charset=utf-8" addresses: description: addresses in XML format type: array items: $ref: '#/components/schemas/Address' # Encoding Object accepts only PNG or JPEG, and also describes # a custom header for just this part in the multipart format profileImage: {} encoding: addresses: contentType: application/xml; charset=utf-8 profileImage: contentType: image/png, image/jpeg headers: X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: integer ``` ###### Example: Multipart Form with Multiple Files In accordance with [RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.3), multiple files for a single form field are uploaded using the same name (`file` in this example) for each file's part: ```yaml requestBody: content: multipart/form-data: schema: properties: # The property name `file` will be used for all files. file: type: array items: {} ``` As seen in the [Encoding Object's `contentType` field documentation](#encoding-content-type), the empty schema for `items` indicates a media type of `application/octet-stream`. #### Responses Object A container for the expected responses of an operation. The container maps a HTTP response code to the expected response. The documentation is not necessarily expected to cover all possible HTTP response codes because they may not be known in advance. However, documentation is expected to cover a successful operation response and any known errors. The `default` MAY be used as a default Response Object for all HTTP codes that are not covered individually by the Responses Object. The Responses Object MUST contain at least one response code, and if only one response code is provided it SHOULD be the response for a successful operation call. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | default | [Response Object](#response-object) \| [Reference Object](#reference-object) | The documentation of responses other than the ones declared for specific HTTP response codes. Use this field to cover undeclared responses. | ##### Patterned Fields | Field Pattern | Type | Description | | ---- | :----: | ---- | | [HTTP Status Code](#http-status-codes) | [Response Object](#response-object) \| [Reference Object](#reference-object) | Any [HTTP status code](#http-status-codes) can be used as the property name, but only one property per code, to describe the expected response for that HTTP status code. This field MUST be enclosed in quotation marks (for example, "200") for compatibility between JSON and YAML. To define a range of response codes, this field MAY contain the uppercase wildcard character `X`. For example, `2XX` represents all response codes between `200` and `299`. Only the following range definitions are allowed: `1XX`, `2XX`, `3XX`, `4XX`, and `5XX`. If a response is defined using an explicit code, the explicit code definition takes precedence over the range definition for that code. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Responses Object Example A 200 response for a successful operation and a default response for others (implying an error): ```json { "200": { "description": "a pet to be returned", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Pet" } } } }, "default": { "description": "Unexpected error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorModel" } } } } } ``` ```yaml '200': description: a pet to be returned content: application/json: schema: $ref: '#/components/schemas/Pet' default: description: Unexpected error content: application/json: schema: $ref: '#/components/schemas/ErrorModel' ``` #### Response Object Describes a single response from an API operation, including design-time, static `links` to operations based on the response. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | description | `string` | **REQUIRED**. A description of the response. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | Maps a header name to its definition. [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2) states header names are case insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. | | content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing descriptions of potential response payloads. The key is a media type or [media type range](https://tools.ietf.org/html/rfc7231#appendix-D) and the value describes it. For responses that match multiple keys, only the most specific key is applicable. e.g. `"text/plain"` overrides `"text/*"` | | links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#components-object). | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Response Object Examples Response of an array of a complex type: ```json { "description": "A complex object array response", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/VeryComplexType" } } } } } ``` ```yaml description: A complex object array response content: application/json: schema: type: array items: $ref: '#/components/schemas/VeryComplexType' ``` Response with a string type: ```json { "description": "A simple string response", "content": { "text/plain": { "schema": { "type": "string" } } } } ``` ```yaml description: A simple string response content: text/plain: schema: type: string ``` Plain text response with headers: ```json { "description": "A simple string response", "content": { "text/plain": { "schema": { "type": "string" }, "example": "whoa!" } }, "headers": { "X-Rate-Limit-Limit": { "description": "The number of allowed requests in the current period", "schema": { "type": "integer" } }, "X-Rate-Limit-Remaining": { "description": "The number of remaining requests in the current period", "schema": { "type": "integer" } }, "X-Rate-Limit-Reset": { "description": "The number of seconds left in the current period", "schema": { "type": "integer" } } } } ``` ```yaml description: A simple string response content: text/plain: schema: type: string example: 'whoa!' headers: X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: integer X-Rate-Limit-Remaining: description: The number of remaining requests in the current period schema: type: integer X-Rate-Limit-Reset: description: The number of seconds left in the current period schema: type: integer ``` Response with no return value: ```json { "description": "object created" } ``` ```yaml description: object created ``` #### Callback Object A map of possible out-of band callbacks related to the parent operation. Each value in the map is a [Path Item Object](#path-item-object) that describes a set of requests that may be initiated by the API provider and the expected responses. The key value used to identify the Path Item Object is an expression, evaluated at runtime, that identifies a URL to use for the callback operation. To describe incoming requests from the API provider independent from another API call, use the [`webhooks`](#oas-webhooks) field. ##### Patterned Fields | Field Pattern | Type | Description | | ---- | :----: | ---- | | {expression} | [Path Item Object](#path-item-object) | A Path Item Object used to define a callback request and expected responses. A [complete example](https://learn.openapis.org/examples/v3.0/callback-example.html) is available. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Key Expression The key that identifies the [Path Item Object](#path-item-object) is a [runtime expression](#runtime-expressions) that can be evaluated in the context of a runtime HTTP request/response to identify the URL to be used for the callback request. A simple example might be `$request.body#/url`. However, using a [runtime expression](#runtime-expressions) the complete HTTP message can be accessed. This includes accessing any part of a body that a JSON Pointer [RFC6901](https://tools.ietf.org/html/rfc6901) can reference. For example, given the following HTTP request: ```http POST /subscribe/myevent?queryUrl=https://clientdomain.com/stillrunning HTTP/1.1 Host: example.org Content-Type: application/json Content-Length: 188 { "failedUrl": "https://clientdomain.com/failed", "successUrls": [ "https://clientdomain.com/fast", "https://clientdomain.com/medium", "https://clientdomain.com/slow" ] } ``` resulting in: ```http 201 Created Location: https://example.org/subscription/1 ``` The following examples show how the various expressions evaluate, assuming the callback operation has a path parameter named `eventType` and a query parameter named `queryUrl`. | Expression | Value | | ---- | :---- | | $url | | | $method | POST | | $request.path.eventType | myevent | | $request.query.queryUrl | | | $request.header.content-type | application/json | | $request.body#/failedUrl | | | $request.body#/successUrls/1 | | | $response.header.Location | | ##### Callback Object Examples The following example uses the user provided `queryUrl` query string parameter to define the callback URL. This is similar to a [webhook](#oas-webhooks), but differs in that the callback only occurs because of the initial request that sent the `queryUrl`. ```yaml myCallback: '{$request.query.queryUrl}': post: requestBody: description: Callback payload content: application/json: schema: $ref: '#/components/schemas/SomePayload' responses: '200': description: callback successfully processed ``` The following example shows a callback where the server is hard-coded, but the query string parameters are populated from the `id` and `email` property in the request body. ```yaml transactionCallback: 'http://notificationServer.com?transactionId={$request.body#/id}&email={$request.body#/email}': post: requestBody: description: Callback payload content: application/json: schema: $ref: '#/components/schemas/SomePayload' responses: '200': description: callback successfully processed ``` #### Example Object An object grouping an internal or external example value with basic `summary` and `description` metadata. This object is typically used in fields named `examples` (plural), and is a [referenceable](#reference-object) alternative to older `example` (singular) fields that do not support referencing or metadata. Examples allow demonstration of the usage of properties, parameters and objects within OpenAPI. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | summary | `string` | Short description for the example. | | description | `string` | Long description for the example. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | value | Any | Embedded literal example. The `value` field and `externalValue` field are mutually exclusive. To represent examples of media types that cannot naturally represented in JSON or YAML, use a string value to contain the example, escaping where necessary. | | externalValue | `string` | A URI that identifies the literal example. This provides the capability to reference examples that cannot easily be included in JSON or YAML documents. The `value` field and `externalValue` field are mutually exclusive. See the rules for resolving [Relative References](#relative-references-in-api-description-uris). | This object MAY be extended with [Specification Extensions](#specification-extensions). In all cases, the example value SHOULD be compatible with the schema of its associated value. Tooling implementations MAY choose to validate compatibility automatically, and reject the example value(s) if incompatible. ##### Working with Examples Example Objects can be used in [Parameter Objects](#parameter-object), [Header Objects](#header-object), and [Media Type Objects](#media-type-object). In all three Objects, this is done through the `examples` (plural) field. However, there are several other ways to provide examples: The `example` (singular) field that is mutually exclusive with `examples` in all three Objects, and two keywords (the deprecated singular `example` and the current plural `examples`, which takes an array of examples) in the [Schema Object](#schema-object) that appears in the `schema` field of all three Objects. Each of these fields has slightly different considerations. The Schema Object's fields are used to show example values without regard to how they might be formatted as parameters or within media type representations. The `examples` array is part of JSON Schema and is the preferred way to include examples in the Schema Object, while `example` is retained purely for compatibility with older versions of the OpenAPI Specification. The mutually exclusive fields in the Parameter, Header, or Media Type Objects are used to show example values which SHOULD both match the schema and be formatted as they would appear as a serialized parameter, serialized header, or within a media type representation. The exact serialization and encoding is determined by various fields in the Parameter Object, Header Object, or in the Media Type Object's [Encoding Object](#encoding-object). Because examples using these fields represent the final serialized form of the data, they SHALL _override_ any `example` in the corresponding Schema Object. The singular `example` field in the Parameter, Header, or Media Type Object is concise and convenient for simple examples, but does not offer any other advantages over using Example Objects under `examples`. Some examples cannot be represented directly in JSON or YAML. For all three ways of providing examples, these can be shown as string values with any escaping necessary to make the string valid in the JSON or YAML format of documents that comprise the OpenAPI Description. With the Example Object, such values can alternatively be handled through the `externalValue` field. ##### Example Object Examples In a request body: ```yaml requestBody: content: 'application/json': schema: $ref: '#/components/schemas/Address' examples: foo: summary: A foo example value: foo: bar bar: summary: A bar example value: bar: baz application/xml: examples: xmlExample: summary: This is an example in XML externalValue: https://example.org/examples/address-example.xml text/plain: examples: textExample: summary: This is a text example externalValue: https://foo.bar/examples/address-example.txt ``` In a parameter: ```yaml parameters: - name: zipCode in: query schema: type: string format: zip-code examples: zip-example: $ref: '#/components/examples/zip-example' ``` In a response: ```yaml responses: '200': description: your car appointment has been booked content: application/json: schema: $ref: '#/components/schemas/SuccessResponse' examples: confirmation-success: $ref: '#/components/examples/confirmation-success' ``` Two different uses of JSON strings: First, a request or response body that is just a JSON string (not an object containing a string): ```json "application/json": { "schema": { "type": "string" }, "examples": { "jsonBody": { "description": "A body of just the JSON string \"json\"", "value": "json" } } } ``` ```yaml application/json: schema: type: string examples: jsonBody: description: 'A body of just the JSON string "json"' value: json ``` In the above example, we can just show the JSON string (or any JSON value) as-is, rather than stuffing a serialized JSON value into a JSON string, which would have looked like `"\"json\""`. In contrast, a JSON string encoded inside of a URL-style form body: ```json "application/x-www-form-urlencoded": { "schema": { "type": "object", "properties": { "jsonValue": { "type": "string" } } }, "encoding": { "jsonValue": { "contentType": "application/json" } }, "examples": { "jsonFormValue": { "description": "The JSON string \"json\" as a form value", "value": "jsonValue=%22json%22" } } } ``` ```yaml application/x-www-form-urlencoded: schema: type: object properties: jsonValue: type: string encoding: jsonValue: contentType: application/json examples: jsonFormValue: description: 'The JSON string "json" as a form value' value: jsonValue=%22json%22 ``` In this example, the JSON string had to be serialized before encoding it into the URL form value, so the example includes the quotation marks that are part of the JSON serialization, which are then URL percent-encoded. #### Link Object The Link Object represents a possible design-time link for a response. The presence of a link does not guarantee the caller's ability to successfully invoke it, rather it provides a known relationship and traversal mechanism between responses and other operations. Unlike _dynamic_ links (i.e. links provided **in** the response payload), the OAS linking mechanism does not require link information in the runtime response. For computing links and providing instructions to execute them, a [runtime expression](#runtime-expressions) is used for accessing values in an operation and using them as parameters while invoking the linked operation. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | operationRef | `string` | A URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operation-object). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operation-object) in the OpenAPI Description. | | operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. | | parameters | Map[`string`, Any \| [{expression}](#runtime-expressions)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used (optionally qualified with the parameter location, e.g. `path.id` for an `id` parameter in the path), whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. | | requestBody | Any \| [{expression}](#runtime-expressions) | A literal value or [{expression}](#runtime-expressions) to use as a request body when calling the target operation. | | description | `string` | A description of the link. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | server | [Server Object](#server-object) | A server object to be used by the target operation. | This object MAY be extended with [Specification Extensions](#specification-extensions). A linked operation MUST be identified using either an `operationRef` or `operationId`. The identified or referenced operation MUST be unique, and in the case of an `operationId`, it MUST be resolved within the scope of the OpenAPI Description (OAD). Because of the potential for name clashes, the `operationRef` syntax is preferred for multi-document OADs. However, because use of an operation depends on its URL path template in the [Paths Object](#paths-object), operations from any [Path Item Object](#path-item-object) that is referenced multiple times within the OAD cannot be resolved unambiguously. In such ambiguous cases, the resulting behavior is implementation-defined and MAY result in an error. Note that it is not possible to provide a constant value to `parameters` that matches the syntax of a runtime expression. It is possible to have ambiguous parameter names, e.g. `name: "id", in: "path"` and `name: "path.id", in: "query"`; this is NOT RECOMMENDED and the behavior is implementation-defined, however implementations SHOULD prefer the qualified interpretation (`path.id` as a path parameter), as the names can always be qualified to disambiguate them (e.g. using `query.path.id` for the query parameter). ##### Examples Computing a link from a request operation where the `$request.path.id` is used to pass a request parameter to the linked operation. ```yaml paths: /users/{id}: parameters: - name: id in: path required: true description: the user identifier, as userId schema: type: string get: responses: '200': description: the user being returned content: application/json: schema: type: object properties: uuid: # the unique user id type: string format: uuid links: address: # the target link operationId operationId: getUserAddress parameters: # use the value of the request path parameter named "id" userid: $request.path.id # the path item of the linked operation /users/{userid}/address: parameters: - name: userid in: path required: true description: the user identifier, as userId schema: type: string # linked operation get: operationId: getUserAddress responses: '200': description: the user's address ``` When a runtime expression fails to evaluate, no parameter value is passed to the target operation. Values from the response body can be used to drive a linked operation. ```yaml links: address: operationId: getUserAddressByUUID parameters: # use the value of the `uuid` field in the response body userUuid: $response.body#/uuid ``` Clients follow all links at their discretion. Neither permissions nor the capability to make a successful call to that link is guaranteed solely by the existence of a relationship. ###### `operationRef` Examples As the `operationId` is an optional field in an [Operation Object](#operation-object), references MAY instead be made through a URI-reference with `operationRef`. Note that both of these examples reference operations that can be identified via the [Paths Object](#paths-object) to ensure that the operation's path template is unambiguous. A relative URI-reference `operationRef`: ```yaml links: UserRepositories: operationRef: '#/paths/~12.0~1repositories~1%7Busername%7D/get' parameters: username: $response.body#/username ``` A non-relative URI `operationRef`: ```yaml links: UserRepositories: operationRef: https://na2.gigantic-server.com/#/paths/~12.0~1repositories~1%7Busername%7D/get parameters: username: $response.body#/username ``` Note that in the use of `operationRef` the _escaped forward-slash_ (`~1`) is necessary when using JSON Pointer in URI fragments, and it is necessary to URL-encode `{` and `}` as `%7B` and `%7D`, respectively. The unescaped, percent-decoded path template in the above examples would be `/2.0/repositories/{username}`. ##### Runtime Expressions Runtime expressions allow defining values based on information that will only be available within the HTTP message in an actual API call. This mechanism is used by [Link Objects](#link-object) and [Callback Objects](#callback-object). The runtime expression is defined by the following [ABNF](https://tools.ietf.org/html/rfc5234) syntax ```abnf expression = "$url" / "$method" / "$statusCode" / "$request." source / "$response." source source = header-reference / query-reference / path-reference / body-reference header-reference = "header." token query-reference = "query." name path-reference = "path." name body-reference = "body" ["#" json-pointer ] json-pointer = *( "/" reference-token ) reference-token = *( unescaped / escaped ) unescaped = %x00-2E / %x30-7D / %x7F-10FFFF ; %x2F ('/') and %x7E ('~') are excluded from 'unescaped' escaped = "~" ( "0" / "1" ) ; representing '~' and '/', respectively name = *char token = 1*tchar tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA ``` Here, `json-pointer` is taken from [RFC6901](https://tools.ietf.org/html/rfc6901), `char` from [RFC7159](https://tools.ietf.org/html/rfc7159#section-7) and `token` from [RFC7230](https://tools.ietf.org/html/rfc7230#section-3.2.6). The `name` identifier is case-sensitive, whereas `token` is not. The table below provides examples of runtime expressions and examples of their use in a value: ###### Example Expressions | Source Location | example expression | notes | | ---- | :---- | :---- | | HTTP Method | `$method` | The allowable values for the `$method` will be those for the HTTP operation. | | Requested media type | `$request.header.accept` | | | Request parameter | `$request.path.id` | Request parameters MUST be declared in the `parameters` section of the parent operation or they cannot be evaluated. This includes request headers. | | Request body property | `$request.body#/user/uuid` | In operations which accept payloads, references may be made to portions of the `requestBody` or the entire body. | | Request URL | `$url` | | | Response value | `$response.body#/status` | In operations which return payloads, references may be made to portions of the response body or the entire body. | | Response header | `$response.header.Server` | Single header values only are available | Runtime expressions preserve the type of the referenced value. Expressions can be embedded into string values by surrounding the expression with `{}` curly braces. #### Header Object Describes a single header for [HTTP responses](#response-headers) and for [individual parts in `multipart` representations](#encoding-headers); see the relevant [Response Object](#response-object) and [Encoding Object](#encoding-object) documentation for restrictions on which headers can be described. The Header Object follows the structure of the [Parameter Object](#parameter-object), including determining its serialization strategy based on whether `schema` or `content` is present, with the following changes: 1. `name` MUST NOT be specified, it is given in the corresponding `headers` map. 1. `in` MUST NOT be specified, it is implicitly in `header`. 1. All traits that are affected by the location MUST be applicable to a location of `header` (for example, [`style`](#parameter-style)). This means that `allowEmptyValue` and `allowReserved` MUST NOT be used, and `style`, if used, MUST be limited to `"simple"`. ##### Fixed Fields ###### Common Fixed Fields These fields MAY be used with either `content` or `schema`. | Field Name | Type | Description | | ---- | :----: | ---- | | description | `string` | A brief description of the header. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | required | `boolean` | Determines whether this header is mandatory. The default value is `false`. | | deprecated | `boolean` | Specifies that the header is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | This object MAY be extended with [Specification Extensions](#specification-extensions). ###### Fixed Fields for use with `schema` For simpler scenarios, a [`schema`](#header-schema) and [`style`](#header-style) can describe the structure and syntax of the header. When `example` or `examples` are provided in conjunction with the `schema` field, the example MUST follow the prescribed serialization strategy for the header. When serializing headers with `schema`, URI percent-encoding MUST NOT be applied; if using an RFC6570 implementation that automatically applies it, it MUST be removed before use. Implementations MUST pass header values through unchanged rather than attempting to automatically quote header values, as the quoting rules vary too widely among different headers; see [Appendix D](#appendix-d-serializing-headers-and-cookies) for guidance on quoting and escaping. When `example` or `examples` are provided in conjunction with the `schema` field, the example SHOULD match the specified schema and follow the prescribed serialization strategy for the header. The `example` and `examples` fields are mutually exclusive, and if either is present it SHALL _override_ any `example` in the schema. | Field Name | Type | Description | | ---- | :----: | ---- | | style | `string` | Describes how the header value will be serialized. The default (and only legal value for headers) is `"simple"`. | | explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](#style-examples). For other data types this field has no effect. The default value is `false`. | | schema | [Schema Object](#schema-object) | The schema defining the type used for the header. | | example | Any | Example of the header's potential value; see [Working With Examples](#working-with-examples). | | examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the header's potential value; see [Working With Examples](#working-with-examples). | See also [Appendix C: Using RFC6570-Based Serialization](#appendix-c-using-rfc6570-based-serialization) for additional guidance. ###### Fixed Fields for use with `content` For more complex scenarios, the [`content`](#header-content) field can define the media type and schema of the header, as well as give examples of its use. | Field Name | Type | Description | | ---- | :----: | ---- | | content | Map[`string`, [Media Type Object](#media-type-object)] | A map containing the representations for the header. The key is the media type and the value describes it. The map MUST only contain one entry. | ##### Header Object Example A simple header of type `integer`: ```json "X-Rate-Limit-Limit": { "description": "The number of allowed requests in the current period", "schema": { "type": "integer" } } ``` ```yaml X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: integer ``` Requiring that a strong `ETag` header (with a value starting with `"` rather than `W/`) is present. ```json "ETag": { "required": true, "schema": { "type": "string", "pattern": "^\"" } } ``` ```yaml ETag: required: true schema: type: string pattern: ^" ``` #### Tag Object Adds metadata to a single tag that is used by the [Operation Object](#operation-object). It is not mandatory to have a Tag Object per tag defined in the Operation Object instances. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | name | `string` | **REQUIRED**. The name of the tag. | | description | `string` | A description for the tag. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this tag. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Tag Object Example ```json { "name": "pet", "description": "Pets operations" } ``` ```yaml name: pet description: Pets operations ``` #### Reference Object A simple object to allow referencing other components in the OpenAPI Description, internally and externally. The `$ref` string value contains a URI [RFC3986](https://tools.ietf.org/html/rfc3986), which identifies the value being referenced. See the rules for resolving [Relative References](#relative-references-in-api-description-uris). ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | $ref | `string` | **REQUIRED**. The reference identifier. This MUST be in the form of a URI. | | summary | `string` | A short summary which by default SHOULD override that of the referenced component. If the referenced object-type does not allow a `summary` field, then this field has no effect. | | description | `string` | A description which by default SHOULD override that of the referenced component. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. If the referenced object-type does not allow a `description` field, then this field has no effect. | This object cannot be extended with additional properties, and any properties added SHALL be ignored. Note that this restriction on additional properties is a difference between Reference Objects and [Schema Objects](#schema-object) that contain a `$ref` keyword. ##### Reference Object Example ```json { "$ref": "#/components/schemas/Pet" } ``` ```yaml $ref: '#/components/schemas/Pet' ``` ##### Relative Schema Document Example ```json { "$ref": "Pet.json" } ``` ```yaml $ref: Pet.yaml ``` ##### Relative Documents with Embedded Schema Example ```json { "$ref": "definitions.json#/Pet" } ``` ```yaml $ref: definitions.yaml#/Pet ``` #### Schema Object The Schema Object allows the definition of input and output data types. These types can be objects, but also primitives and arrays. This object is a superset of the [JSON Schema Specification Draft 2020-12](https://tools.ietf.org/html/draft-bhutton-json-schema-00). The empty schema (which allows any instance to validate) MAY be represented by the boolean value `true` and a schema which allows no instance to validate MAY be represented by the boolean value `false`. For more information about the keywords, see [JSON Schema Core](https://tools.ietf.org/html/draft-bhutton-json-schema-00) and [JSON Schema Validation](https://tools.ietf.org/html/draft-bhutton-json-schema-validation-00). Unless stated otherwise, the keyword definitions follow those of JSON Schema and do not add any additional semantics; this includes keywords such as `$schema`, `$id`, `$ref`, and `$dynamicRef` being URIs rather than URLs. Where JSON Schema indicates that behavior is defined by the application (e.g. for annotations), OAS also defers the definition of semantics to the application consuming the OpenAPI document. ##### JSON Schema Keywords The OpenAPI Schema Object [dialect](https://tools.ietf.org/html/draft-bhutton-json-schema-00#section-4.3.3) is defined as requiring the [OAS base vocabulary](#base-vocabulary), in addition to the vocabularies as specified in the JSON Schema Specification Draft 2020-12 [general purpose meta-schema](https://tools.ietf.org/html/draft-bhutton-json-schema-00#section-8). The OpenAPI Schema Object dialect for this version of the specification is identified by the URI `https://spec.openapis.org/oas/3.1/dialect/base` (the "OAS dialect schema id"). The following keywords are taken from the JSON Schema specification but their definitions have been extended by the OAS: * description - [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. * format - See [Data Type Formats](#data-type-format) for further details. While relying on JSON Schema's defined formats, the OAS offers a few additional predefined formats. In addition to the JSON Schema keywords comprising the OAS dialect, the Schema Object supports keywords from any other vocabularies, or entirely arbitrary properties. JSON Schema implementations MAY choose to treat keywords defined by the OpenAPI Specification's base vocabulary as [unknown keywords](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-4.3.1), due to its inclusion in the OAS dialect with a [`$vocabulary`](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-8.1.2) value of `false`. The OAS base vocabulary is comprised of the following keywords: ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | discriminator | [Discriminator Object](#discriminator-object) | Adds support for polymorphism. The discriminator is used to determine which of a set of schemas a payload is expected to satisfy. See [Composition and Inheritance](#composition-and-inheritance-polymorphism) for more details. | | xml | [XML Object](#xml-object) | This MAY be used only on property schemas. It has no effect on root schemas. Adds additional metadata to describe the XML representation of this property. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this schema. | | example | Any | A free-form field to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary.

**Deprecated:** The `example` field has been deprecated in favor of the JSON Schema `examples` keyword. Use of `example` is discouraged, and later versions of this specification may remove it. | This object MAY be extended with [Specification Extensions](#specification-extensions), though as noted, additional properties MAY omit the `x-` prefix within this object. ##### Extended Validation with Annotations JSON Schema Draft 2020-12 supports [collecting annotations](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-7.7.1), including [treating unrecognized keywords as annotations](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-6.5). OAS implementations MAY use such annotations, including [extensions](https://spec.openapis.org/registry/extension/) not recognized as part of a declared JSON Schema vocabulary, as the basis for further validation. Note that JSON Schema Draft 2020-12 does not require an `x-` prefix for extensions. ###### Non-validating constraint keywords The [`format` keyword (when using default format-annotation vocabulary)](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-validation-00#section-7.2.1) and the [`contentMediaType`, `contentEncoding`, and `contentSchema` keywords](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-validation-00#section-8.2) define constraints on the data, but are treated as annotations instead of being validated directly. Extended validation is one way that these constraints MAY be enforced. ###### Validating `readOnly` and `writeOnly` The `readOnly` and `writeOnly` keywords are annotations, as JSON Schema is not aware of how the data it is validating is being used. Validation of these keywords MAY be done by checking the annotation, the read or write direction, and (if relevant) the current value of the field. [JSON Schema Validation Draft 2020-12 §9.4](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-validation-00#section-9.4) defines the expectations of these keywords, including that a resource (described as the "owning authority") MAY either ignore a `readOnly` field or treat it as an error. Fields that are both required and read-only are an example of when it is beneficial to ignore a `readOnly: true` constraint in a PUT, particularly if the value has not been changed. This allows correctly requiring the field on a GET and still using the same representation and schema with PUT. Even when read-only fields are not required, stripping them is burdensome for clients, particularly when the JSON data is complex or deeply nested. Note that the behavior of `readOnly` in particular differs from that specified by version 3.0 of this specification. ##### Data Modeling Techniques ###### Composition and Inheritance (Polymorphism) The OpenAPI Specification allows combining and extending model definitions using the `allOf` keyword of JSON Schema, in effect offering model composition. `allOf` takes an array of object definitions that are validated _independently_ but together compose a single object. While composition offers model extensibility, it does not imply a hierarchy between the models. To support polymorphism, the OpenAPI Specification adds the [`discriminator`](#schema-discriminator) field. When used, the `discriminator` indicates the name of the property that hints which schema definition is expected to validate the structure of the model. As such, the `discriminator` field MUST be a required field. There are two ways to define the value of a discriminator for an inheriting instance. * Use the schema name. * [Override the schema name](#discriminator-mapping) by overriding the property with a new value. If a new value exists, this takes precedence over the schema name. ###### Generic (Template) Data Structures Implementations MAY support defining generic or template data structures using JSON Schema's dynamic referencing feature: * `$dynamicAnchor` identifies a set of possible schemas (including a default placeholder schema) to which a `$dynamicRef` can resolve * `$dynamicRef` resolves to the first matching `$dynamicAnchor` encountered on its path from the schema entry point to the reference, as described in the JSON Schema specification An example is included in the "Schema Object Examples" section below, and further information can be found on the Learn OpenAPI site's ["Dynamic References"](https://learn.openapis.org/referencing/dynamic.html) page. ###### Annotated Enumerations The Schema Object's `enum` keyword does not allow associating descriptions or other information with individual values. Implementations MAY support recognizing a `oneOf` or `anyOf` where each subschema in the keyword's array consists of a `const` keyword and annotations such as `title` or `description` as an enumerated type with additional information. The exact behavior of this pattern beyond what is required by JSON Schema is implementation-defined. ###### XML Modeling The [xml](#schema-xml) field allows extra definitions when translating the JSON definition to XML. The [XML Object](#xml-object) contains additional information about the available options. ##### Specifying Schema Dialects It is important for tooling to be able to determine which dialect or meta-schema any given resource wishes to be processed with: JSON Schema Core, JSON Schema Validation, OpenAPI Schema dialect, or some custom meta-schema. The `$schema` keyword MAY be present in any Schema Object that is a [schema resource root](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-4.3.5), and if present MUST be used to determine which dialect should be used when processing the schema. This allows use of Schema Objects which comply with other drafts of JSON Schema than the default Draft 2020-12 support. Tooling MUST support the OAS dialect schema id, and MAY support additional values of `$schema`. To allow use of a different default `$schema` value for all Schema Objects contained within an OAS document, a `jsonSchemaDialect` value may be set within the OpenAPI Object. If this default is not set, then the OAS dialect schema id MUST be used for these Schema Objects. The value of `$schema` within a resource root Schema Object always overrides any default. For standalone JSON Schema documents that do not set `$schema`, or for Schema Objects in OpenAPI description documents that are _not_ [complete documents](#openapi-description-structure), the dialect SHOULD be assumed to be the OAS dialect. However, for maximum interoperability, it is RECOMMENDED that OpenAPI description authors explicitly set the dialect through `$schema` in such documents. ##### Schema Object Examples ###### Primitive Example ```json { "type": "string", "format": "email" } ``` ```yaml type: string format: email ``` ###### Simple Model ```json { "type": "object", "required": ["name"], "properties": { "name": { "type": "string" }, "address": { "$ref": "#/components/schemas/Address" }, "age": { "type": "integer", "format": "int32", "minimum": 0 } } } ``` ```yaml type: object required: - name properties: name: type: string address: $ref: '#/components/schemas/Address' age: type: integer format: int32 minimum: 0 ``` ###### Model with Map/Dictionary Properties For a simple string to string mapping: ```json { "type": "object", "additionalProperties": { "type": "string" } } ``` ```yaml type: object additionalProperties: type: string ``` For a string to model mapping: ```json { "type": "object", "additionalProperties": { "$ref": "#/components/schemas/ComplexModel" } } ``` ```yaml type: object additionalProperties: $ref: '#/components/schemas/ComplexModel' ``` ###### Model with Annotated Enumeration ```json { "oneOf": [ { "const": "RGB", "title": "Red, Green, Blue", "description": "Specify colors with the red, green, and blue additive color model" }, { "const": "CMYK", "title": "Cyan, Magenta, Yellow, Black", "description": "Specify colors with the cyan, magenta, yellow, and black subtractive color model" } ] } ``` ```yaml oneOf: - const: RGB title: Red, Green, Blue description: Specify colors with the red, green, and blue additive color model - const: CMYK title: Cyan, Magenta, Yellow, Black description: Specify colors with the cyan, magenta, yellow, and black subtractive color model ``` ###### Model with Example ```json { "type": "object", "properties": { "id": { "type": "integer", "format": "int64" }, "name": { "type": "string" } }, "required": ["name"], "examples": [ { "name": "Puma", "id": 1 } ] } ``` ```yaml type: object properties: id: type: integer format: int64 name: type: string required: - name examples: - name: Puma id: 1 ``` ###### Models with Composition ```json { "components": { "schemas": { "ErrorModel": { "type": "object", "required": ["message", "code"], "properties": { "message": { "type": "string" }, "code": { "type": "integer", "minimum": 100, "maximum": 600 } } }, "ExtendedErrorModel": { "allOf": [ { "$ref": "#/components/schemas/ErrorModel" }, { "type": "object", "required": ["rootCause"], "properties": { "rootCause": { "type": "string" } } } ] } } } } ``` ```yaml components: schemas: ErrorModel: type: object required: - message - code properties: message: type: string code: type: integer minimum: 100 maximum: 600 ExtendedErrorModel: allOf: - $ref: '#/components/schemas/ErrorModel' - type: object required: - rootCause properties: rootCause: type: string ``` ###### Models with Polymorphism Support ```json { "components": { "schemas": { "Pet": { "type": "object", "discriminator": { "propertyName": "petType" }, "properties": { "name": { "type": "string" }, "petType": { "type": "string" } }, "required": ["name", "petType"] }, "Cat": { "description": "A representation of a cat. Note that `Cat` will be used as the discriminating value.", "allOf": [ { "$ref": "#/components/schemas/Pet" }, { "type": "object", "properties": { "huntingSkill": { "type": "string", "description": "The measured skill for hunting", "default": "lazy", "enum": ["clueless", "lazy", "adventurous", "aggressive"] } }, "required": ["huntingSkill"] } ] }, "Dog": { "description": "A representation of a dog. Note that `Dog` will be used as the discriminating value.", "allOf": [ { "$ref": "#/components/schemas/Pet" }, { "type": "object", "properties": { "packSize": { "type": "integer", "format": "int32", "description": "the size of the pack the dog is from", "default": 0, "minimum": 0 } }, "required": ["packSize"] } ] } } } } ``` ```yaml components: schemas: Pet: type: object discriminator: propertyName: petType properties: name: type: string petType: type: string required: - name - petType Cat: # "Cat" will be used as the discriminating value description: A representation of a cat allOf: - $ref: '#/components/schemas/Pet' - type: object properties: huntingSkill: type: string description: The measured skill for hunting enum: - clueless - lazy - adventurous - aggressive required: - huntingSkill Dog: # "Dog" will be used as the discriminating value description: A representation of a dog allOf: - $ref: '#/components/schemas/Pet' - type: object properties: packSize: type: integer format: int32 description: the size of the pack the dog is from default: 0 minimum: 0 required: - packSize ``` ###### Generic Data Structure Model ```JSON { "components": { "schemas": { "genericArrayComponent": { "$id": "fully_generic_array", "type": "array", "items": { "$dynamicRef": "#generic-array" }, "$defs": { "allowAll": { "$dynamicAnchor": "generic-array" } } }, "numberArray": { "$id": "array_of_numbers", "$ref": "fully_generic_array", "$defs": { "numbersOnly": { "$dynamicAnchor": "generic-array", "type": "number" } } }, "stringArray": { "$id": "array_of_strings", "$ref": "fully_generic_array", "$defs": { "stringsOnly": { "$dynamicAnchor": "generic-array", "type": "string" } } }, "objWithTypedArray": { "$id": "obj_with_typed_array", "type": "object", "required": ["dataType", "data"], "properties": { "dataType": { "enum": ["string", "number"] } }, "oneOf": [{ "properties": { "dataType": {"const": "string"}, "data": {"$ref": "array_of_strings"} } }, { "properties": { "dataType": {"const": "number"}, "data": {"$ref": "array_of_numbers"} } }] } } } } ``` ```YAML components: schemas: genericArrayComponent: $id: fully_generic_array type: array items: $dynamicRef: '#generic-array' $defs: allowAll: $dynamicAnchor: generic-array numberArray: $id: array_of_numbers $ref: fully_generic_array $defs: numbersOnly: $dynamicAnchor: generic-array type: number stringArray: $id: array_of_strings $ref: fully_generic_array $defs: stringsOnly: $dynamicAnchor: generic-array type: string objWithTypedArray: $id: obj_with_typed_array type: object required: - dataType - data properties: dataType: enum: - string - number oneOf: - properties: dataType: const: string data: $ref: array_of_strings - properties: dataType: const: number data: $ref: array_of_numbers ``` #### Discriminator Object When request bodies or response payloads may be one of a number of different schemas, a Discriminator Object gives a hint about the expected schema of the document. This hint can be used to aid in serialization, deserialization, and validation. The Discriminator Object does this by implicitly or explicitly associating the possible values of a named property with alternative schemas. Note that `discriminator` MUST NOT change the validation outcome of the schema. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | propertyName | `string` | **REQUIRED**. The name of the property in the payload that will hold the discriminating value. This property SHOULD be required in the payload schema, as the behavior when the property is absent is undefined. | | mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or URI references. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Conditions for Using the Discriminator Object The Discriminator Object is legal only when using one of the composite keywords `oneOf`, `anyOf`, `allOf`. In both the `oneOf` and `anyOf` use cases, where those keywords are adjacent to `discriminator`, all possible schemas MUST be listed explicitly. To avoid redundancy, the discriminator MAY be added to a parent schema definition, and all schemas building on the parent schema via an `allOf` construct may be used as an alternate schema. The `allOf` form of `discriminator` is _only_ useful for non-validation use cases; validation with the parent schema with this form of `discriminator` _does not_ perform a search for child schemas or use them in validation in any way. This is because `discriminator` cannot change the validation outcome, and no standard JSON Schema keyword connects the parent schema to the child schemas. The behavior of any configuration of `oneOf`, `anyOf`, `allOf` and `discriminator` that is not described above is undefined. ##### Options for Mapping Values to Schemas The value of the property named in `propertyName` is used as the name of the associated schema under the [Components Object](#components-object), _unless_ a `mapping` is present for that value. The `mapping` entry maps a specific property value to either a different schema component name, or to a schema identified by a URI. When using implicit or explicit schema component names, inline `oneOf` or `anyOf` subschemas are not considered. The behavior of a `mapping` value that is both a valid schema name and a valid relative URI reference is implementation-defined, but it is RECOMMENDED that it be treated as a schema name. To ensure that an ambiguous value (e.g. `"foo"`) is treated as a relative URI reference by all implementations, authors MUST prefix it with the `"."` path segment (e.g. `"./foo"`). Mapping keys MUST be string values, but tooling MAY convert response values to strings for comparison. However, the exact nature of such conversions are implementation-defined. ##### Examples For these examples, assume all schemas are in the [entry document](#openapi-description-structure) of the OAD; for handling of `discriminator` in referenced documents see [Resolving Implicit Connections](#resolving-implicit-connections). In OAS 3.x, a response payload MAY be described to be exactly one of any number of types: ```yaml MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' ``` which means the payload _MUST_, by validation, match exactly one of the schemas described by `Cat`, `Dog`, or `Lizard`. Deserialization of a `oneOf` can be a costly operation, as it requires determining which schema matches the payload and thus should be used in deserialization. This problem also exists for `anyOf` schemas. A `discriminator` MAY be used as a "hint" to improve the efficiency of selection of the matching schema. The `discriminator` field cannot change the validation result of the `oneOf`, it can only help make the deserialization more efficient and provide better error messaging. We can specify the exact field that tells us which schema is expected to match the instance: ```yaml MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' discriminator: propertyName: petType ``` The expectation now is that a property with name `petType` _MUST_ be present in the response payload, and the value will correspond to the name of a schema defined in the OpenAPI Description. Thus the response payload: ```json { "id": 12345, "petType": "Cat" } ``` will indicate that the `Cat` schema is expected to match this payload. In scenarios where the value of the `discriminator` field does not match the schema name or implicit mapping is not possible, an optional `mapping` definition MAY be used: ```yaml MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' - $ref: https://gigantic-server.com/schemas/Monster/schema.json discriminator: propertyName: petType mapping: dog: '#/components/schemas/Dog' monster: https://gigantic-server.com/schemas/Monster/schema.json ``` Here the discriminating value of `dog` will map to the schema `#/components/schemas/Dog`, rather than the default (implicit) value of `#/components/schemas/dog`. If the discriminating value does not match an implicit or explicit mapping, no schema can be determined and validation SHOULD fail. When used in conjunction with the `anyOf` construct, the use of the discriminator can avoid ambiguity for serializers/deserializers where multiple schemas may satisfy a single payload. This example shows the `allOf` usage, which avoids needing to reference all child schemas in the parent: ```yaml components: schemas: Pet: type: object required: - petType properties: petType: type: string discriminator: propertyName: petType mapping: dog: Dog Cat: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a "Cat" properties: name: type: string Dog: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a "Dog" properties: bark: type: string Lizard: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a "Lizard" properties: lovesRocks: type: boolean ``` Validated against the `Pet` schema, a payload like this: ```json { "petType": "Cat", "name": "Misty" } ``` will indicate that the `#/components/schemas/Cat` schema is expected to match. Likewise this payload: ```json { "petType": "dog", "bark": "soft" } ``` will map to `#/components/schemas/Dog` because the `dog` entry in the `mapping` element maps to `Dog` which is the schema name for `#/components/schemas/Dog`. #### XML Object A metadata object that allows for more fine-tuned XML model definitions. When using arrays, XML element names are _not_ inferred (for singular/plural forms) and the `name` field SHOULD be used to add that information. See examples for expected behavior. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | name | `string` | Replaces the inferred name of the element/attribute used for the described schema property. For the root schema object of a [schema component](#components-schemas), the inferred name is the name of the component; for other schemas the name is inferred from the parent property name. When defined within `items`, it will affect the name of the individual XML elements within the list. When defined alongside `type` being `"array"` (outside the `items`), it will affect the wrapping element if and only if `wrapped` is `true`. If `wrapped` is `false`, it will be ignored. | | namespace | `string` | The URI of the namespace definition. Value MUST be in the form of a non-relative URI. | | prefix | `string` | The prefix to be used for the [name](#xml-name). | | attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. | | wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `"array"` (outside the `items`). | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Namespace Limitations The `namespace` field is intended to match the syntax of [XML namespaces](https://www.w3.org/TR/xml-names11/), although there are a few caveats: * Versions 3.1.0, 3.0.3, and earlier of this specification erroneously used the term "absolute URI" instead of "non-relative URI", so authors using namespaces that include a fragment should check tooling support carefully. * XML allows but discourages relative URI-references, while this specification outright forbids them. * XML 1.1 allows IRIs ([RFC3987](https://datatracker.ietf.org/doc/html/rfc3987)) as namespaces, and specifies that namespaces are compared without any encoding or decoding, which means that IRIs encoded to meet this specification's URI syntax requirement cannot be compared to IRIs as-is. ##### Handling `null` Values XML does not, by default, have a concept equivalent to `null`, and to preserve compatibility with version 3.1.1 and earlier of this specification, the behavior of serializing `null` values is implementation-defined. However, implementations SHOULD handle `null` values as follows: * For elements, produce an empty element with an `xsi:nil="true"` attribute. * For attributes, omit the attribute. Note that for attributes, this makes either a `null` value or a missing property serialize to an omitted attribute. As the Schema Object validates the in-memory representation, this allows handling the combination of `null` and a required property. However, because there is no distinct way to represent `null` as an attribute, it is RECOMMENDED to make attribute properties optional rather than use `null`. To ensure correct round-trip behavior, when parsing an element that omits an attribute, implementations SHOULD set the corresponding property to `null` if the schema allows for that value (e.g. `type: ["number", "null"]`), and omit the property otherwise (e.g.`type: "number"`). ##### XML Object Examples Each of the following examples represent the value of the `properties` keyword in a [Schema Object](#schema-object) that is omitted for brevity. The JSON and YAML representations of the `properties` value are followed by an example XML representation produced for the single property shown. ###### No XML Element Basic string property: ```json { "animals": { "type": "string" } } ``` ```yaml animals: type: string ``` ```xml ... ``` Basic string array property ([`wrapped`](#xml-wrapped) is `false` by default): ```json { "animals": { "type": "array", "items": { "type": "string" } } } ``` ```yaml animals: type: array items: type: string ``` ```xml ... ... ... ``` ###### XML Name Replacement ```json { "animals": { "type": "string", "xml": { "name": "animal" } } } ``` ```yaml animals: type: string xml: name: animal ``` ```xml ... ``` ###### XML Attribute, Prefix and Namespace In this example, a full [schema component](#components-schemas) definition is shown. Note that the name of the root XML element comes from the component name. ```json { "components": { "schemas": { "Person": { "type": "object", "properties": { "id": { "type": "integer", "format": "int32", "xml": { "attribute": true } }, "name": { "type": "string", "xml": { "namespace": "https://example.com/schema/sample", "prefix": "sample" } } } } } } } ``` ```yaml components: schemas: Person: type: object properties: id: type: integer format: int32 xml: attribute: true name: type: string xml: namespace: https://example.com/schema/sample prefix: sample ``` ```xml example ``` ###### XML Arrays Changing the element names: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } } } } ``` ```yaml animals: type: array items: type: string xml: name: animal ``` ```xml value value ``` The external `name` field has no effect on the XML: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "name": "aliens" } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: name: aliens ``` ```xml value value ``` Even when the array is wrapped, if a name is not explicitly defined, the same name will be used both internally and externally: ```json { "animals": { "type": "array", "items": { "type": "string" }, "xml": { "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: wrapped: true ``` ```xml value value ``` To overcome the naming problem in the example above, the following definition can be used: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: wrapped: true ``` ```xml value value ``` Affecting both internal and external names: ```json { "animals": { "type": "array", "items": { "type": "string", "xml": { "name": "animal" } }, "xml": { "name": "aliens", "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: animal xml: name: aliens wrapped: true ``` ```xml value value ``` If we change the external element but not the internal ones: ```json { "animals": { "type": "array", "items": { "type": "string" }, "xml": { "name": "aliens", "wrapped": true } } } ``` ```yaml animals: type: array items: type: string xml: name: aliens wrapped: true ``` ```xml value value ``` ###### XML With `null` Values Recall that the schema validates the in-memory data, not the XML document itself. ```json { "product": { "type": "object", "required": ["count", "description", "related"], "properties": { "count": { "type": ["number", "null"], "xml": { "attribute": true } }, "rating": { "type": "string", "xml": { "attribute": true } }, "description": { "type": "string" }, "related": { "type": ["object", "null"] } } } } ``` ```yaml product: type: object required: - count - description - related properties: count: type: - number - "null" xml: attribute: true rating: type: string xml: attribute: true description: type: string related: type: - object - "null" ``` ```xml Thing ``` The above XML example corresponds to the following in-memory instance: ```json { "product": { "count": null, "description": "Thing", "related": null } } ``` #### Security Scheme Object Defines a security scheme that can be used by the operations. Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), mutual TLS (use of a client certificate), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [[OpenID-Connect-Core]]. Please note that as of 2020, the implicit flow is about to be deprecated by [OAuth 2.0 Security Best Current Practice](https://tools.ietf.org/html/draft-ietf-oauth-security-topics). Recommended for most use cases is Authorization Code Grant flow with PKCE. ##### Fixed Fields | Field Name | Type | Applies To | Description | | ---- | :----: | ---- | ---- | | type | `string` | Any | **REQUIRED**. The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"mutualTLS"`, `"oauth2"`, `"openIdConnect"`. | | description | `string` | Any | A description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. | | in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"`, or `"cookie"`. | | scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). | | bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. | | flows | [OAuth Flows Object](#oauth-flows-object) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. | | openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [[OpenID-Connect-Discovery]] [provider metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Security Scheme Object Examples ###### Basic Authentication Example ```json { "type": "http", "scheme": "basic" } ``` ```yaml type: http scheme: basic ``` ###### API Key Example ```json { "type": "apiKey", "name": "api-key", "in": "header" } ``` ```yaml type: apiKey name: api-key in: header ``` ###### JWT Bearer Example ```json { "type": "http", "scheme": "bearer", "bearerFormat": "JWT" } ``` ```yaml type: http scheme: bearer bearerFormat: JWT ``` ###### MutualTLS Example ```json { "type": "mutualTLS", "description": "Cert must be signed by example.com CA" } ``` ```yaml type: mutualTLS description: Cert must be signed by example.com CA ``` ###### Implicit OAuth2 Example ```json { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "https://example.com/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } } ``` ```yaml type: oauth2 flows: implicit: authorizationUrl: https://example.com/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### OAuth Flows Object Allows configuration of the supported OAuth Flows. ##### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | implicit | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Implicit flow | | password | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Resource Owner Password flow | | clientCredentials | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Client Credentials flow. Previously called `application` in OpenAPI 2.0. | | authorizationCode | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Authorization Code flow. Previously called `accessCode` in OpenAPI 2.0. | This object MAY be extended with [Specification Extensions](#specification-extensions). #### OAuth Flow Object Configuration details for a supported OAuth Flow ##### Fixed Fields | Field Name | Type | Applies To | Description | | ---- | :----: | ---- | ---- | | authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | | tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | | refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | | scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty. | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### OAuth Flow Object Example ```JSON { "type": "oauth2", "flows": { "implicit": { "authorizationUrl": "https://example.com/api/oauth/dialog", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } }, "authorizationCode": { "authorizationUrl": "https://example.com/api/oauth/dialog", "tokenUrl": "https://example.com/api/oauth/token", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } } ``` ```yaml type: oauth2 flows: implicit: authorizationUrl: https://example.com/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets authorizationCode: authorizationUrl: https://example.com/api/oauth/dialog tokenUrl: https://example.com/api/oauth/token scopes: write:pets: modify pets in your account read:pets: read your pets ``` #### Security Requirement Object Lists the required security schemes to execute this operation. The name used for each property MUST correspond to a security scheme declared in the [Security Schemes](#components-security-schemes) under the [Components Object](#components-object). A Security Requirement Object MAY refer to multiple security schemes in which case all schemes MUST be satisfied for a request to be authorized. This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information. When the `security` field is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object) and contains multiple Security Requirement Objects, only one of the entries in the list needs to be satisfied to authorize the request. This enables support for scenarios where the API allows multiple, independent security schemes. An empty Security Requirement Object (`{}`) indicates anonymous access is supported. ##### Patterned Fields | Field Pattern | Type | Description | | ---- | :----: | ---- | | {name} | [`string`] | Each name MUST correspond to a security scheme which is declared in the [Security Schemes](#components-security-schemes) under the [Components Object](#components-object). If the security scheme is of type `"oauth2"` or `"openIdConnect"`, then the value is a list of scope names required for the execution, and the list MAY be empty if authorization does not require a specified scope. For other security scheme types, the array MAY contain a list of role names which are required for the execution, but are not otherwise defined or exchanged in-band. | ##### Security Requirement Object Examples See also [Appendix F: Resolving Security Requirements in a Referenced Document](#appendix-f-resolving-security-requirements-in-a-referenced-document) for an example using Security Requirement Objects in multi-document OpenAPI Descriptions. ###### Non-OAuth2 Security Requirement ```json { "api_key": [] } ``` ```yaml api_key: [] ``` ###### OAuth2 Security Requirement ```json { "petstore_auth": ["write:pets", "read:pets"] } ``` ```yaml petstore_auth: - write:pets - read:pets ``` ###### Optional OAuth2 Security Optional OAuth2 security as would be defined in an OpenAPI Object or an Operation Object: ```json { "security": [ {}, { "petstore_auth": ["write:pets", "read:pets"] } ] } ``` ```yaml security: - {} - petstore_auth: - write:pets - read:pets ``` ### Specification Extensions While the OpenAPI Specification tries to accommodate most use cases, additional data can be added to extend the specification at certain points. The extensions properties are implemented as patterned fields that are always prefixed by `x-`. | Field Pattern | Type | Description | | ---- | :--: | ---- | | ^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. Field names beginning `x-oai-` and `x-oas-` are reserved for uses defined by the [OpenAPI Initiative](https://www.openapis.org/). The value can be any valid JSON value (`null`, a primitive, an array, or an object.) | The OpenAPI Initiative maintains several [[OpenAPI-Registry|extension registries]], including registries for [individual extension keywords](https://spec.openapis.org/registry/extension/) and [extension keyword namespaces](https://spec.openapis.org/registry/namespace/). Extensions are one of the best ways to prove the viability of proposed additions to the specification. It is therefore RECOMMENDED that implementations be designed for extensibility to support community experimentation. Support for any one extension is OPTIONAL, and support for one extension does not imply support for others. ### Security Filtering Some objects in the OpenAPI Specification MAY be declared and remain empty, or be completely removed, even though they are inherently the core of the API documentation. The reasoning is to allow an additional layer of access control over the documentation. While not part of the specification itself, certain libraries MAY choose to allow access to parts of the documentation based on some form of authentication/authorization. Two examples of this: 1. The [Paths Object](#paths-object) MAY be present but empty. It may be counterintuitive, but this may tell the viewer that they got to the right place, but can't access any documentation. They would still have access to at least the [Info Object](#info-object) which may contain additional information regarding authentication. 2. The [Path Item Object](#path-item-object) MAY be empty. In this case, the viewer will be aware that the path exists, but will not be able to see any of its operations or parameters. This is different from hiding the path itself from the [Paths Object](#paths-object), because the user will be aware of its existence. This allows the documentation provider to finely control what the viewer can see. ## Security Considerations ### OpenAPI Description Formats OpenAPI Descriptions use a combination of JSON, YAML, and JSON Schema, and therefore share their security considerations: * [JSON](https://www.iana.org/assignments/media-types/application/json) * [YAML](https://www.iana.org/assignments/media-types/application/yaml) * [JSON Schema Core](https://tools.ietf.org/html/draft-bhutton-json-schema-00#section-13) * [JSON Schema Validation](https://tools.ietf.org/html/draft-bhutton-json-schema-validation-00#section-10) ### Tooling and Usage Scenarios In addition, OpenAPI Descriptions are processed by a wide variety of tooling for numerous different purposes, such as client code generation, documentation generation, server side routing, and API testing. OpenAPI Description authors must consider the risks of the scenarios where the OpenAPI Description may be used. ### Security Schemes An OpenAPI Description describes the security schemes used to protect the resources it defines. The security schemes available offer varying degrees of protection. Factors such as the sensitivity of the data and the potential impact of a security breach should guide the selection of security schemes for the API resources. Some security schemes, such as basic auth and OAuth Implicit flow, are supported for compatibility with existing APIs. However, their inclusion in OpenAPI does not constitute an endorsement of their use, particularly for highly sensitive data or operations. ### Handling External Resources OpenAPI Descriptions may contain references to external resources that may be dereferenced automatically by consuming tools. External resources may be hosted on different domains that may be untrusted. ### Handling Reference Cycles References in an OpenAPI Description may cause a cycle. Tooling must detect and handle cycles to prevent resource exhaustion. ### Markdown and HTML Sanitization Certain fields allow the use of Markdown which can contain HTML including script. It is the responsibility of tooling to appropriately sanitize the Markdown. ## Appendix A: Revision History | Version | Date | Notes | | ---- | ---- | ---- | | 3.1.2 | 2025-09-19 | Patch release of the OpenAPI Specification 3.1.2 | | 3.1.1 | 2024-10-24 | Patch release of the OpenAPI Specification 3.1.1 | | 3.1.0 | 2021-02-15 | Release of the OpenAPI Specification 3.1.0 | | 3.1.0-rc1 | 2020-10-08 | rc1 of the 3.1 specification | | 3.1.0-rc0 | 2020-06-18 | rc0 of the 3.1 specification | | 3.0.4 | 2024-10-24 | Patch release of the OpenAPI Specification 3.0.4 | | 3.0.3 | 2020-02-20 | Patch release of the OpenAPI Specification 3.0.3 | | 3.0.2 | 2018-10-08 | Patch release of the OpenAPI Specification 3.0.2 | | 3.0.1 | 2017-12-06 | Patch release of the OpenAPI Specification 3.0.1 | | 3.0.0 | 2017-07-26 | Release of the OpenAPI Specification 3.0.0 | | 3.0.0-rc2 | 2017-06-16 | rc2 of the 3.0 specification | | 3.0.0-rc1 | 2017-04-27 | rc1 of the 3.0 specification | | 3.0.0-rc0 | 2017-02-28 | Implementer's Draft of the 3.0 specification | | 2.0 | 2015-12-31 | Donation of Swagger 2.0 to the OpenAPI Initiative | | 2.0 | 2014-09-08 | Release of Swagger 2.0 | | 1.2 | 2014-03-14 | Initial release of the formal document. | | 1.1 | 2012-08-22 | Release of Swagger 1.1 | | 1.0 | 2011-08-10 | First release of the Swagger Specification | ## Appendix B: Data Type Conversion Serializing typed data to plain text, which can occur in `text/plain` message bodies or `multipart` parts, as well as in the `application/x-www-form-urlencoded` format in either URL query strings or message bodies, involves significant implementation- or application-defined behavior. [Schema Objects](#schema-object) validate data based on the [JSON Schema data model](https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema-00#section-4.2.1), which only recognizes four primitive data types: strings (which are [only broadly interoperable as UTF-8](https://datatracker.ietf.org/doc/html/rfc7159#section-8.1)), numbers, booleans, and `null`. Notably, integers are not a distinct type from other numbers, with `type: "integer"` being a convenience defined mathematically, rather than based on the presence or absence of a decimal point in any string representation. The [Parameter Object](#parameter-object), [Header Object](#header-object), and [Encoding Object](#encoding-object) offer features to control how to arrange values from array or object types. They can also be used to control how strings are further encoded to avoid reserved or illegal characters. However, there is no general-purpose specification for converting schema-validated non-UTF-8 primitive data types (or entire arrays or objects) to strings. Two cases do offer standards-based guidance: * [RFC3987](https://datatracker.ietf.org/doc/html/rfc3987#section-3.1) provides guidance for converting non-Unicode strings to UTF-8, particularly in the context of URIs (and by extension, the form media types which use the same encoding rules) * [RFC6570](https://www.rfc-editor.org/rfc/rfc6570#section-2.3) specifies which values, including but not limited to `null`, are considered _undefined_ and therefore treated specially in the expansion process when serializing based on that specification Implementations of RFC6570 often have their own conventions for converting non-string values, but these are implementation-specific and not defined by the RFC itself. This is one reason for the OpenAPI Specification to leave these conversions as implementation-defined: It allows using RFC6570 implementations regardless of how they choose to perform the conversions. To control the serialization of numbers, booleans, and `null` (or other values RFC6570 deems to be undefined) more precisely, schemas can be defined as `type: "string"` and constrained using `pattern`, `enum`, `format`, and other keywords to communicate how applications must pre-convert their data prior to schema validation. The resulting strings would not require any further type conversion. The `format` keyword can assist in serialization. Some formats (such as `date-time`) are unambiguous, while others (such as [`decimal`](https://spec.openapis.org/registry/format/decimal.html) in the [Format Registry](https://spec.openapis.org/registry/format/)) are less clear. However, care must be taken with `format` to ensure that the specific formats are supported by all relevant tools as unrecognized formats are ignored. Requiring input as pre-formatted, schema-validated strings also improves round-trip interoperability as not all programming languages and environments support the same data types. ## Appendix C: Using RFC6570-Based Serialization Serialization is defined in terms of [RFC6570](https://www.rfc-editor.org/rfc/rfc6570) URI Templates in three scenarios: | Object | Condition | | ---- | ---- | | [Parameter Object](#parameter-object) | When `schema` is present | | [Header Object](#header-object) | When `schema` is present | | [Encoding Object](#encoding-object) | When encoding for `application/x-www-form-urlencoded` and any of `style`, `explode`, or `allowReserved` are used | Implementations of this specification MAY use an implementation of RFC6570 to perform variable expansion, however, some caveats apply. Note that when using `style: "form"` RFC6570 expansion to produce an `application/x-www-form-urlencoded` HTTP message body, it is necessary to remove the `?` prefix that is produced to satisfy the URI query string syntax. When using `style` and similar keywords to produce a `multipart/form-data` body, the query string names are placed in the `name` parameter of the `Content-Disposition` part header, and the values are placed in the corresponding part body; the `?`, `=`, and `&` characters are not used, and URI percent encoding is not applied, regardless of the value of `allowReserved`. Note that while [RFC7578](https://datatracker.ietf.org/doc/html/rfc7578) allows using [[RFC3986]] percent-encoding in "file names", it does not otherwise address the use of percent-encoding within the format. Users are expected to provide names and data with any escaping necessary for conformance with RFC7578 already applied. Note also that not all RFC6570 implementations support all four levels of operators, all of which are needed to fully support the OpenAPI Specification's usage. Using an implementation with a lower level of support will require additional manual construction of URI Templates to work around the limitations. ### Equivalences Between Fields and RFC6570 Operators Certain field values translate to RFC6570 [operators](https://datatracker.ietf.org/doc/html/rfc6570#section-2.2) (or lack thereof): | field | value | equivalent | | ---- | ---- | ---- | | style | `"simple"` | _n/a_ | | style | `"matrix"` | `;` prefix operator | | style | `"label"` | `.` prefix operator | | style | `"form"` | `?` prefix operator | | allowReserved | `false` | _n/a_ | | allowReserved | `true` | `+` prefix operator | | explode | `false` | _n/a_ | | explode | `true` | `*` modifier suffix | Multiple `style: "form"` parameters are equivalent to a single RFC6570 [variable list](https://www.rfc-editor.org/rfc/rfc6570#section-2.2) using the `?` prefix operator: ```YAML parameters: - name: foo in: query schema: type: object explode: true - name: bar in: query schema: type: string ``` This example is equivalent to RFC6570's `{?foo*,bar}`, and **NOT** `{?foo*}{&bar}`. The latter is problematic because if `foo` is not defined, the result will be an invalid URI. The `&` prefix operator has no equivalent in the Parameter Object. Note that RFC6570 does not specify behavior for compound values beyond the single level addressed by `explode`. The result of using objects or arrays where no behavior is clearly specified for them is implementation-defined. ### Delimiters in Parameter Values Delimiters used by RFC6570 expansion, such as the `,` used to join arrays or object values with `style: "simple"`, are all automatically percent-encoded as long as `allowReserved` is `false`. Note that since RFC6570 does not define a way to parse variables based on a URI Template, users must take care to first split values by delimiter before percent-decoding values that might contain the delimiter character. When `allowReserved` is `true`, both percent-encoding (prior to joining values with a delimiter) and percent-decoding (after splitting on the delimiter) must be done manually at the correct time. See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for additional guidance on handling delimiters for `style` values with no RFC6570 equivalent that already need to be percent-encoded when used as delimiters. ### Non-RFC6570 Field Values and Combinations Configurations with no direct [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570) equivalent SHOULD also be handled according to RFC6570. Implementations MAY create a properly delimited URI Template with variables for individual names and values using RFC6570 regular or reserved expansion (based on `allowReserved`). This includes: * the styles `pipeDelimited`, `spaceDelimited`, and `deepObject`, which have no equivalents at all * the combination of the style `form` with `allowReserved: true`, which is not allowed because only one prefix operator can be used at a time * any parameter name that is not a legal RFC6570 variable name The Parameter Object's `name` field has a much more permissive syntax than RFC6570 [variable name syntax](https://www.rfc-editor.org/rfc/rfc6570#section-2.3). A parameter name that includes characters outside of the allowed RFC6570 variable character set MUST be percent-encoded before it can be used in a URI Template. ### Examples Let's say we want to use the following data in a form query string, where `formulas` is exploded, and `words` is not: ```YAML formulas: a: x+y b: x/y c: x^y words: - math - is - fun ``` #### RFC6570-Equivalent Expansion This array of Parameter Objects uses regular `style: "form"` expansion, fully supported by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570): ```YAML parameters: - name: formulas in: query schema: type: object additionalProperties: type: string explode: true - name: words in: query schema: type: array items: type: string ``` This translates to the following URI Template: ```uritemplate {?formulas*,words} ``` when expanded with the data given earlier, we get: ```uri ?a=x%2By&b=x%2Fy&c=x%5Ey&words=math,is,fun ``` #### Expansion with Non-RFC6570-Supported Options But now let's say that (for some reason), we really want that `/` in the `b` formula to show up as-is in the query string, and we want our words to be space-separated like in a written phrase. To do that, we'll add `allowReserved: true` to `formulas`, and change to `style: "spaceDelimited"` for `words`: ```YAML parameters: - name: formulas in: query schema: type: object additionalProperties: type: string explode: true allowReserved: true - name: words in: query style: spaceDelimited explode: false schema: type: array items: type: string ``` We can't combine the `?` and `+` RFC6570 [prefixes](https://datatracker.ietf.org/doc/html/rfc6570#section-2.4.1), and there's no way with RFC6570 to replace the `,` separator with a space character. So we need to restructure the data to fit a manually constructed URI Template that passes all of the pieces through the right sort of expansion. Here is one such template, using a made-up convention of `words.0` for the first entry in the words value, `words.1` for the second, and `words.2` for the third: ```uritemplate ?a={+a}&b={+b}&c={+c}&words={words.0} {words.1} {words.2} ``` RFC6570 [mentions](https://www.rfc-editor.org/rfc/rfc6570.html#section-2.4.2) the use of `.` "to indicate name hierarchy in substructures," but does not define any specific naming convention or behavior for it. Since the `.` usage is not automatic, we'll need to construct an appropriate input structure for this new template. We'll also need to pre-process the values for `formulas` because while `/` and most other reserved characters are allowed in the query string by RFC3986, `[`, `]`, and `#` [are not](https://datatracker.ietf.org/doc/html/rfc3986#appendix-A), and `&`, `=`, and `+` all have [special behavior](https://www.rfc-editor.org/rfc/rfc1866#section-8.2.1) in the `application/x-www-form-urlencoded` format, which is what we are using in the query string. Setting `allowReserved: true` does _not_ make reserved characters that are not allowed in URIs allowed, it just allows them to be _passed through expansion unchanged_, for example because some other specification has defined a particular meaning for them. Therefore, users still need to percent-encode any reserved characters that are _not_ being passed through due to a special meaning because reserved expansion does not know which reserved characters are being used, and which should still be percent-encoded. However, reserved expansion, unlike regular expansion, _will_ leave the pre-percent-encoded triples unchanged. See also [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for further guidance on percent-encoding and form media types, including guidance on handling the delimiter characters for `spaceDelimited`, `pipeDelimited`, and `deepObject` in parameter names and values. So here is our data structure that arranges the names and values to suit the template above, where values for `formulas` have `[]#&=+` pre-percent encoded (although only `+` appears in this example): ```YAML a: x%2By b: x/y c: x^y words.0: math words.1: is words.2: fun ``` Expanding our manually assembled template with our restructured data yields the following query string: ```uri ?a=x%2By&b=x/y&c=x%5Ey&words=math%20is%20fun ``` The `/` and the pre-percent-encoded `%2B` have been left alone, but the disallowed `^` character (inside a value) and space characters (in the template but outside of the expanded variables) were percent-encoded. #### Undefined Values and Manual URI Template Construction Care must be taken when manually constructing templates to handle the values that RFC6570 [considers to be _undefined_](https://datatracker.ietf.org/doc/html/rfc6570#section-2.3) correctly: ```YAML formulas: {} words: - hello - world ``` Using this data with our original RFC6570-friendly URI Template, `{?formulas*,words}`, produces the following: ```uri ?words=hello,world ``` This means that the manually constructed URI Template and restructured data need to leave out the `formulas` object entirely so that the `words` parameter is the first and only parameter in the query string. Restructured data: ```YAML words.0: hello words.1: world ``` Manually constructed URI Template: ```uritemplate ?words={words.0} {words.1} ``` Result: ```uri ?words=hello%20world ``` #### Illegal Variable Names as Parameter Names In this example, the heart emoji is not legal in URI Template names (or URIs): ```YAML parameters: - name: ❤️ in: query schema: type: string ``` We can't just pass `❤️: "love!"` to an RFC6570 implementation. Instead, we have to pre-percent-encode the name (which is a six-octet UTF-8 sequence) in both the data and the URI Template: ```YAML "%E2%9D%A4%EF%B8%8F": love! ``` ```uritemplate {?%E2%9D%A4%EF%B8%8F} ``` This will expand to the result: ```uri ?%E2%9D%A4%EF%B8%8F=love%21 ``` ## Appendix D: Serializing Headers and Cookies HTTP headers have inconsistent rules regarding what characters are allowed, and how some or all disallowed characters can be escaped and included. While the `quoted-string` ABNF rule given in [[RFC7230]] [Section 3.2.6](https://httpwg.org/specs/rfc7230.html#field.components) is the most common escaping solution, it is not sufficiently universal to apply automatically. For example, a strong `ETag` looks like `"foo"` (with quotes, regardless of the contents), and a weak `ETag` looks like `W/"foo"` (note that only part of the value is quoted); the contents of the quotes for this header are also not escaped in the way `quoted-string` contents are. For this reason, any data being passed to a header by way of a [Parameter](#parameter-object) or [Header](#header-object) Object needs to be quoted and escaped prior to passing it to the OAS implementation, and the parsed header values are expected to contain the quotes and escapes. ### Percent-Encoding and Cookies _**Note:** OAS v3.0.4 and v3.1.1 applied the advice in this section to avoid RFC6570-style serialization to both headers and cookies. However, further research has indicated that percent-encoding was never intended to apply to headers, so this section has been corrected to apply only to cookies._ [RFC6570](https://www.rfc-editor.org/rfc/rfc6570)'s percent-encoding behavior is not always appropriate for `in: "cookie"` parameters. In many cases, it is more appropriate to use `content` with a media type such as `text/plain` and require the application to assemble the correct string. [RFC6265](https://www.rfc-editor.org/rfc/rfc6265) recommends (but does not strictly required) base64 encoding (`contentEncoding: "base64"`) if "arbitrary data" will be stored in a cookie. Note that the standard base64-encoding alphabet includes non-URL-safe characters that are percent-encoded by RFC6570 expansion; serializing values through both encodings is NOT RECOMMENDED. While `contentEncoding` also supports the `base64url` encoding, which is URL-safe, the header and cookie RFCs do not mention this encoding. Using `style: "form"` with `in: "cookie"` via an RFC6570 implementation requires stripping the `?` prefix, as when producing `application/x-www-form-urlencoded` message bodies. For multiple values, `style: "form"` is always incorrect, even if no characters are subject to percent-encoding, as name=value pairs in cookies are delimited by a semicolon followed by a space character rather than `&`. ## Appendix E: Percent-Encoding and Form Media Types _**NOTE:** In this section, the `application/x-www-form-urlencoded` and `multipart/form-data` media types are abbreviated as `form-urlencoded` and `form-data`, respectively, for readability._ Percent-encoding is used in URIs and media types that derive their syntax from URIs. The fundamental rules of percent-encoding are: * The set of characters that MUST be encoded varies depending on which version of which specification you use, and (for URIs) in which part of the URI the character appears. * The way an unencoded `+` character is decoded depends on whether you are using `application/x-www-form-urlencoded` rules or more general URI rules; this is the only time where choice of decoding algorithm can change the outcome. * Encoding more characters than necessary is always safe in terms of the decoding process, but may produce non-normalized URIs. * In practice, some systems tolerate or even expect unencoded characters that some or all percent-encoding specifications require to be encoded; this can cause interoperability issues with more strictly compliant implementations. The rest of this appendix provides more detailed guidance based on the above rules. ### Percent-Encoding Character Classes This process is concerned with three classes of characters, the names of which vary among specifications but are defined as follows for the purposes of this section: * _unreserved_ characters do not need to be percent-encoded; while it is safe to percent-encode them, doing so produces a URI that is [not normalized](https://datatracker.ietf.org/doc/html/rfc3986#section-6.2.2.2) * _reserved_ characters either have special behavior in the URI syntax (such as delimiting components) or are reserved for other specifications that need to define special behavior (e.g. `form-urlencoded` defines special behavior for `=`, `&`, and `+`) * _unsafe_ characters are known to cause problems when parsing URIs in certain environments Unless otherwise specified, this section uses RFC3986's definition of [reserved](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2) and [unreserved](https://datatracker.ietf.org/doc/html/rfc3986#section-2.3), and defines the unsafe set as all characters not included in either of those sets. ### Percent-Encoding and `form-urlencoded` Each URI component (such as the query string) considers some of the reserved characters to be unsafe, either because they serve as delimiters between the components (e.g. `#`), or (in the case of `[` and `]`) were historically considered globally unsafe but were later given reserved status for limited purposes. Reserved characters with no special meaning defined within a component can be left un-percent encoded. However, other specifications can define special meanings, requiring percent-encoding for those characters outside of the additional special meanings. The `form-urlencoded` media type defines special meanings for `=` and `&` as delimiters, and `+` as the replacement for the space character (instead of its percent-encoded form of `%20`). This means that while these three characters are reserved-but-allowed in query strings by RFC3986, they must be percent-encoded in `form-urlencoded` query strings except when used for their `form-urlencoded` purposes; see [Appendix C](#appendix-c-using-rfc6570-based-serialization) for an example of handling `+` in form values. ### Percent-Encoding and `form-data` [RFC7578](https://datatracker.ietf.org/doc/html/rfc7578#section-2) suggests RFC3986-based percent-encoding as a mechanism to keep text-based per-part header data such as file names within the ASCII character set. This suggestion was not part of older (pre-2015) specifications for `form-data`, so care must be taken to ensure interoperability. Users wishing to use percent-encoding in this way MUST provide the data in percent-encoded form, as percent-encoding is not automatically applied for this media type regardless of which Encoding Object fields are used. The `form-data` media type allows arbitrary text or binary data in its parts, so percent-encoding or similar escaping is not needed in general. ### Generating and Validating URIs and `form-urlencoded` Strings URI percent encoding and the `form-urlencoded` media type have complex specification histories spanning multiple revisions and, in some cases, conflicting claims of ownership by different standards bodies. Unfortunately, these specifications each define slightly different percent-encoding rules, which need to be taken into account if the URIs or `form-urlencoded` message bodies will be subject to strict validation. (Note that many URI parsers do not perform validation by default, if at all.) This specification normatively cites the following relevant standards: | Specification | Date | OAS Usage | Percent-Encoding | Notes | | ---- | ---- | ---- | ---- | ---- | | [RFC3986](https://www.rfc-editor.org/rfc/rfc3986) | 01/2005 | URI/URL syntax | [[RFC3986]] | obsoletes [[RFC1738]], [[RFC2396]] | | [RFC6570](https://www.rfc-editor.org/rfc/rfc6570) | 03/2012 | style-based serialization | [[RFC3986]] | does not use `+` for form‑urlencoded | | [RFC1866](https://datatracker.ietf.org/doc/html/rfc1866#section-8.2.1) | 11/1995 | content-based serialization | [[RFC1738]] | obsoleted by [[HTML401]] [Section 17.13.4.1](https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1), [[URL]] [Section 5](https://url.spec.whatwg.org/#urlencoded-serializing) | Style-based serialization with percent-encoding is used in the [Parameter Object](#parameter-object) when `schema` is present, and in the [Encoding Object](#encoding-object) when at least one of `style`, `explode`, or `allowReserved` is present. See [Appendix C](#appendix-c-using-rfc6570-based-serialization) for more details of RFC6570's two different approaches to percent-encoding, including an example involving `+`. Content-based serialization is defined by the [Media Type Object](#media-type-object), and used with the [Parameter Object](#parameter-object) and [Header Object](#header-object) when the `content` field is present, and with the [Encoding Object](#encoding-object) based on the `contentType` field when the fields `style`, `explode`, and `allowReserved` are absent. Each part is encoded based on the media type (e.g. `text/plain` or `application/json`), and must then be percent-encoded for use in a `form-urlencoded` string unless the media type already incorporates URI percent-encoding. #### Interoperability with Historical Specifications In most cases, generating query strings in strict compliance with [[RFC3986]] is sufficient to pass validation (including JSON Schema's `format: "uri"` and `format: "uri-reference"` when `format` validation is enabled), but some `form-urlencoded` implementations still expect the slightly more restrictive [[RFC1738]] rules to be used. Since all RFC1738-compliant URIs are compliant with RFC3986, applications needing to ensure historical interoperability SHOULD use RFC1738's rules. #### Interoperability with Web Browser Environments WHATWG is a [web browser-oriented](https://whatwg.org/faq#what-is-the-whatwg-working-on) standards group that has defined a "URL Living Standard" for parsing and serializing URLs in a browser context, including parsing and serializing `form-urlencoded` data. WHATWG's percent-encoding rules for query strings are different depending on whether the query string is [being treated as `form-urlencoded`](https://url.spec.whatwg.org/#application-x-www-form-urlencoded-percent-encode-set) (where it requires more percent-encoding than [[RFC1738]]) or [as part of the generic syntax](https://url.spec.whatwg.org/#query-percent-encode-set), where it allows characters that [[RFC3986]] forbids. Implementations needing maximum compatibility with web browsers SHOULD use WHATWG's `form-urlencoded` percent-encoding rules. However, they SHOULD NOT rely on WHATWG's less stringent generic query string rules, as the resulting URLs would fail RFC3986 validation, including JSON Schema's `format: uri` and `format: uri-reference` (when `format` validation is endabled). ### Decoding URIs and `form-urlencoded` Strings The percent-decoding algorithm does not care which characters were or were not percent-decoded, which means that URIs percent-encoded according to any specification will be decoded correctly. Similarly, all `form-urlencoded` decoding algorithms simply add `+`-for-space handling to the percent-decoding algorithm, and will work regardless of the encoding specification used. However, care must be taken to use `form-urlencoded` decoding if `+` represents a space, and to use regular percent-decoding if `+` represents itself as a literal value. ### Percent-Encoding and Illegal or Reserved Delimiters The `[`, `]`, `|`, and space characters, which are used as delimiters for the `deepObject`, `pipeDelimited`, and `spaceDelimited` styles, respectively, all MUST be percent-encoded to comply with [[RFC3986]]. This requires users to pre-encode the character(s) in some other way in parameter names and values to distinguish them from the delimiter usage when using one of these styles. The space character is always illegal and encoded in some way by all implementations of all versions of the relevant standards. While one could use the `form-urlencoded` convention of `+` to distinguish spaces in parameter names and values from `spaceDelimited` delimiters encoded as `%20`, the specifications define the decoding as a single pass, making it impossible to distinguish the different usages in the decoded result unless a non-standard parsing algorithm is used that separates based on one delimiter before decoding the other. Any such non-standard parsing approach will not be interoperable across all tools. Some environments use `[`, `]`, and possibly `|` unencoded in query strings without apparent difficulties. WHATWG's generic query string rules do not require percent-encoding them in non-`form-urlencoded` query strings, although it also excludes them from the set of valid URL Unicode code points. Code that relies on leaving these delimiters unencoded, while using regular percent-encoding for them within names and values, is not guaranteed to be interoperable across all implementations. For maximum interoperability, it is RECOMMENDED to either define and document an additional escape convention while percent-encoding the delimiters for these styles, or to avoid these styles entirely. The exact method of additional encoding/escaping is left to the API designer, and is expected to be performed before serialization and encoding described in this specification, and reversed after this specification's encoding and serialization steps are reversed. This keeps it outside of the processes governed by this specification. ## Appendix F: Resolving Security Requirements in a Referenced Document This appendix shows how to retrieve an HTTP-accessible multi-document OpenAPI Description (OAD) and resolve a [Security Requirement Object](#security-requirement-object) in the referenced (non-entry) document. See [Resolving Implicit Connections](#resolving-implicit-connections) for more information. First, the [entry document](#openapi-description-structure) is where parsing begins. It defines the `MySecurity` security scheme to be JWT-based, and it defines a Path Item as a reference to a component in another document: ```HTTP GET /api/description/openapi HTTP/1.1 Host: www.example.com Accept: application/openapi+json ``` ```json "components": { "securitySchemes": { "MySecurity": { "type": "http", "scheme": "bearer", "bearerFormat": "JWT" } } }, "paths": { "/foo": { "$ref": "other#/components/pathItems/Foo" } } ``` ```HTTP GET /api/description/openapi HTTP/1.1 Host: www.example.com Accept: application/openapi+yaml ``` ```yaml components: securitySchemes: MySecurity: type: http scheme: bearer bearerFormat: JWT paths: /foo: $ref: 'other#/components/pathItems/Foo' ``` This entry document references another document, `other`, without using a file extension. This gives the client the flexibility to choose an acceptable format on a resource-by-resource basis, assuming both representations are available: ```HTTP GET /api/description/other HTTP/1.1 Host: www.example.com Accept: application/openapi+json ``` ```json "components": { "securitySchemes": { "MySecurity": { "type": "http", "scheme": "basic" } }, "pathItems": { "Foo": { "get": { "security": [ "MySecurity": [] ] } } } } ``` ```HTTP GET /api/description/other HTTP/1.1 Host: www.example.com Accept: application/openapi+yaml ``` ```yaml components: securitySchemes: MySecurity: type: http scheme: basic pathItems: Foo: get: security: - MySecurity: [] ``` In the `other` document, the referenced path item has a Security Requirement for a Security Scheme, `MySecurity`. The same Security Scheme exists in the original entry document. As outlined in [Resolving Implicit Connections](#resolving-implicit-connections), `MySecurity` is resolved with an [implementation-defined behavior](#undefined-and-implementation-defined-behavior). However, documented in that section, it is RECOMMENDED that tools resolve component names from the [entry document](#openapi-description-structure). As with all implementation-defined behavior, it is important to check tool documentation to determine which behavior is supported. OpenAPI-Specification-3.2.0/versions/3.2.0-editors.md000066400000000000000000000016401506330113000220170ustar00rootroot00000000000000# OpenAPI Specification Editors ## Active * Henry Andrews [@handrews](https://github.com/handrews) * Jeremy Whitlock [@whitlockjc](https://github.com/whitlockjc) * Karen Etheridge [@karenetheridge](https://github.com/karenetheridge) * Lorna Mitchell [@lornajane](https://github.com/lornajane) * Marsh Gardiner [@earth2marsh](https://github.com/earth2marsh) * Miguel Quintero [@miqui](https://github.com/miqui) * Mike Kistler [@mikekistler](https://github.com/mikekistler) * Ralf Handl [@ralfhandl](https://github.com/ralfhandl) * Vincent Biret [@baywet](https://github.com/baywet) ## Emeritus * Ron Ratovsky [@webron](https://github.com/webron) * Darrel Miller [@darrelmiller](https://github.com/darrelmiller) * Mike Ralphson [@MikeRalphson](https://github.com/MikeRalphson) * Uri Sarid [@usarid](https://github.com/usarid) * Jason Harmon [@jharmn](https://github.com/jharmn) * Tony Tam [@fehguy](https://github.com/fehguy) OpenAPI-Specification-3.2.0/versions/3.2.0.md000066400000000000000000011025221506330113000203520ustar00rootroot00000000000000# OpenAPI Specification ## Version 3.2.0 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [BCP 14](https://tools.ietf.org/html/bcp14) [RFC2119](https://tools.ietf.org/html/rfc2119) [RFC8174](https://tools.ietf.org/html/rfc8174) when, and only when, they appear in all capitals, as shown here. This document is licensed under [The Apache License, Version 2.0](https://www.apache.org/licenses/LICENSE-2.0.html). ## Introduction The OpenAPI Specification (OAS) defines a standard, language-agnostic interface to HTTP APIs which allows both humans and computers to discover and understand the capabilities of the service without access to source code, documentation, or through network traffic inspection. When properly defined, a consumer can understand and interact with the remote service by [parsing and serializing](#parsing-and-serializing) HTTP messages to and from a [data model](#data-types) with a minimal amount of implementation logic. An [OpenAPI Description](#openapi-description-structure) (OAD) can then be used by documentation generation tools to display the API, code generation tools to generate servers and clients in various programming languages, testing tools, and many other use cases. For examples of OpenAPI usage and additional documentation, please visit [[?OpenAPI-Learn]]. For extension registries and other specifications published by the OpenAPI Initiative, as well as the authoritative rendering of this specification, please visit [spec.openapis.org](https://spec.openapis.org/). ### Versions and Deprecation The OpenAPI Specification is versioned using a `major`.`minor`.`patch` versioning scheme. The `major`.`minor` portion of the version string (for example `3.1`) SHALL designate the OAS feature set. _`.patch`_ versions address errors in, or provide clarifications to, this document, not the feature set. Tooling which supports OAS 3.1 SHOULD be compatible with all OAS 3.1.\* versions. The patch version SHOULD NOT be considered by tooling, making no distinction between `3.1.0` and `3.1.1` for example. Certain fields or features may be marked **Deprecated**. These fields and features remain part of the specification and can be used like any other field or feature. However, OpenAPI Description authors should use newer fields and features documented to replace the deprecated ones whenever possible. At this time, such elements are expected to remain part of the OAS until the next major version, although a future minor version of this specification may define a policy for later removal of deprecated elements. Occasionally, non-backwards compatible changes may be made in `minor` versions of the OAS where impact is believed to be low relative to the benefit provided. ### Undefined and Implementation-Defined Behavior This specification deems certain situations to have either _undefined_ or _implementation-defined_ behavior. Behavior described as _undefined_ is likely, at least in some circumstances, to result in outcomes that contradict the specification. This description is used when detecting the contradiction is impossible or impractical. Implementations MAY support undefined scenarios for historical reasons, including ambiguous text in prior versions of the specification. This support might produce correct outcomes in many cases, but relying on it is NOT RECOMMENDED as there is no guarantee that it will work across all tools or with future specification versions, even if those versions are otherwise strictly compatible with this one. Behavior described as _implementation-defined_ allows implementations to choose which of several different-but-compliant approaches to a requirement to implement. This documents ambiguous requirements that API description authors are RECOMMENDED to avoid in order to maximize interoperability. Unlike undefined behavior, it is safe to rely on implementation-defined behavior if _and only if_ it can be guaranteed that all relevant tools support the same behavior. ## Format An OpenAPI document that conforms to the OpenAPI Specification is itself a JSON object, which may be represented either in [[RFC8259|JSON]] or [[YAML|YAML]] format. Examples in this specification will be shown in YAML for brevity. All field names in the specification are **case-sensitive**. This includes all fields that are used as keys in a map, except where explicitly noted that keys are **case-insensitive**. OAS [Objects](#objects-and-fields) expose two types of fields: _fixed fields_, which have a declared name, and _patterned fields_, which have a declared pattern for the field name. Patterned fields MUST have unique names within the containing object. **Note:** While APIs may be described by OpenAPI Descriptions in either YAML or JSON format, the API request and response bodies and other content are not required to be JSON or YAML. ### JSON and YAML Compatibility In order to preserve the ability to round-trip between YAML and JSON formats, YAML version [1.2](https://yaml.org/spec/1.2/spec.html) is RECOMMENDED along with the additional constraints listed in [[!RFC9512]] [Section 3.4](https://www.rfc-editor.org/rfc/rfc9512.html#name-yaml-and-json). The recommendation in previous versions of this specification to restrict YAML to its "JSON" [schema ruleset](https://yaml.org/spec/1.2/spec.html#id2803231) allowed for the inclusion of certain values that (despite the name) cannot be represented in JSON. OAD authors SHOULD NOT rely on any such JSON-incompatible YAML values. ### Case Sensitivity As most field names and values in the OpenAPI Specification are case-sensitive, this document endeavors to call out any case-insensitive names and values. However, the case sensitivity of field names and values that map directly to HTTP concepts follow the case sensitivity rules of HTTP, even if this document does not make a note of every concept. ### Rich Text Formatting Throughout the specification `description` fields are noted as supporting CommonMark markdown formatting. Where OpenAPI tooling renders rich text it MUST support, at a minimum, markdown syntax as described by [CommonMark 0.27](https://spec.commonmark.org/0.27/). Tooling MAY choose to ignore some CommonMark or extension features to address security concerns. While the framing of CommonMark 0.27 as a minimum requirement means that tooling MAY choose to implement extensions on top of it, note that any such extensions are by definition implementation-defined and will not be interoperable. OpenAPI Description authors SHOULD consider how text using such extensions will be rendered by tools that offer only the minimum support. ## Objects and Fields This section describes the structure of the OpenAPI Description format. This text is the only normative description of the format. A JSON Schema is hosted on [spec.openapis.org](https://spec.openapis.org) for informational purposes. If the JSON Schema differs from this section, then this section MUST be considered authoritative. In the following description, if a field is not explicitly **REQUIRED** or described with a MUST or SHALL, it can be considered OPTIONAL. ### OpenAPI Object This is the root object of the [OpenAPI Description](#openapi-description-structure). #### Fixed Fields In addition to the required fields, at least one of the `components`, `paths`, or `webhooks` fields MUST be present. | Field Name | Type | Description | | ---- | :----: | ---- | | openapi | `string` | **REQUIRED**. This string MUST be the [version number](#versions-and-deprecation) of the OpenAPI Specification that the OpenAPI document uses. The `openapi` field SHOULD be used by tooling to interpret the OpenAPI document. This is _not_ related to the [`info.version`](#info-version) string, which describes the OpenAPI document's version. | | $self | `string` | This string MUST be in the form of a URI reference as defined by [[RFC3986]] [Section 4.1](https://www.rfc-editor.org/rfc/rfc3986#section-4.1). The `$self` field provides the self-assigned URI of this document, which also serves as its base URI in accordance with [[RFC3986]] [Section 5.1.1](https://www.rfc-editor.org/rfc/rfc3986#section-5.1.1). Implementations MUST support identifying the targets of [API description URIs](#relative-references-in-api-description-uris) using the URI defined by this field when it is present. See [Establishing the Base URI](#establishing-the-base-uri) for the base URI behavior when `$self` is absent or relative, and see [Appendix F]((#appendix-f-examples-of-base-uri-determination-and-reference-resolution)) for examples of using `$self` to resolve references. | | info | [Info Object](#info-object) | **REQUIRED**. Provides metadata about the API. The metadata MAY be used by tooling as required. | | jsonSchemaDialect | `string` | The default value for the `$schema` keyword within [Schema Objects](#schema-object) contained within this OAS document. This MUST be in the form of a URI. | | servers | [[Server Object](#server-object)] | An array of Server Objects, which provide connectivity information to a target server. If the `servers` field is not provided, or is an empty array, the default value would be an array consisting of a single [Server Object](#server-object) with a [url](#server-url) value of `/`. | | paths | [Paths Object](#paths-object) | The available paths and operations for the API. | | webhooks | Map[`string`, [Path Item Object](#path-item-object)] | The incoming webhooks that MAY be received as part of this API and that the API consumer MAY choose to implement. Closely related to the `callbacks` feature, this section describes requests initiated other than by an API call, for example by an out of band registration. The key name is a unique string to refer to each webhook, while the (optionally referenced) Path Item Object describes a request that may be initiated by the API provider and the expected responses. An [example](https://learn.openapis.org/examples/v3.1/webhook-example.html) is available. | | components | [Components Object](#components-object) | An element to hold various Objects for the OpenAPI Description. | | security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used across the API. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. Individual operations can override this definition. The list can be incomplete, up to being empty or absent. To make security explicitly optional, an empty security requirement (`{}`) can be included in the array. | | tags | [[Tag Object](#tag-object)] | A list of tags used by the OpenAPI Description with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the [Operation Object](#operation-object) must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation. | This object MAY be extended with [Specification Extensions](#specification-extensions). To ensure interoperability, references MUST use the target document's `$self` URI if the `$self` field is present. Implementations MAY choose to support referencing by other URIs such as the retrieval URI even when `$self` is present, however this behavior is not interoperable and relying on it is NOT RECOMMENDED. #### OpenAPI Description Structure An **OpenAPI Description** (**OAD**) formally describes the surface of an API and its semantics. An OAD MAY be made up of a single document, or be distributed across multiple documents that are connected by various fields using [URI references](#relative-references-in-api-description-uris) and [implicit connections](#resolving-implicit-connections). In order for parsing behavior to be well-defined, all documents in an OAD MUST have either an OpenAPI Object or a Schema Object at the root, and MUST be parsed as complete documents, as described in the next section. Documents with a different Object at the root, or that mix OAD content with other content, MAY be supported, but will have implementation-defined or, potentially, undefined behavior as described in [Appendix G: Parsing and Resolution Guidance](#appendix-g-parsing-and-resolution-guidance). Throughout this specification, documents are assumed to have either an OpenAPI Object or Schema Object at the root unless otherwise specified. In a multi-document OAD, the document containing the OpenAPI Object where parsing begins is known as that OAD's **entry document**. It is RECOMMENDED that the entry document of an OAD be named `openapi.json` or `openapi.yaml`. An OpenAPI Object MAY be embedded in another format, called the **embedding format**, just as JSON Schema is embedded in the OAS in the form of Schema Objects. It is the responsibility of an embedding format to define how to parse embedded content, and OAS implementations that do not document support for an embedding format cannot be expected to parse embedded OAS content correctly. ##### Parsing Documents Each document in an OAD MUST be fully parsed in order to locate possible reference targets. This includes the parsing requirements of [JSON Schema Specification Draft 2020-12](https://www.ietf.org/archive/id/draft-bhutton-json-schema-01.html#section-9), with appropriate modifications regarding base URIs as specified in [Relative References In URIs](#relative-references-in-api-description-uris). Reference targets are defined by fields including the OpenAPI Object's [`$self`](#oas-self) field and the [Schema Object's](#schema-object) `$id`, `$anchor`, and `$dynamicAnchor` keywords. Implementations MUST NOT treat a reference as unresolvable before completely parsing all documents provided to the implementation as possible parts of the OAD. If only the referenced part of the document is parsed when resolving a reference, the resulting behavior can be implementation-defined or undefined; see [Warnings Regarding Fragmentary Parsing](#warnings-regarding-fragmentary-parsing) in [Appendix G](#appendix-g-parsing-and-resolution-guidance) for details. ##### Relative References in API Description URIs URIs used as references within an OpenAPI Description, or to external documentation or other supplementary information such as a license, are resolved as _identifiers_, and described by this specification as **_URIs_**, in contrast with [API URLs](#relative-references-in-api-urls). Note that some URI fields are named `url` for historical reasons, but the descriptive text for those fields uses the correct "URI" terminology. As noted under [Parsing Documents](#parsing-documents), several fields can be used to associate an OpenAPI document or a Schema Object with a URI, which might not match the document's or schema's location. This allows the same references to be used in different deployment environments, including local filesystems or networks restricted by security policies or connectivity limitations. Unless specified otherwise, all fields that are URIs MAY be relative references as defined by [[RFC3986]] [Section 4.2](https://tools.ietf.org/html/rfc3986#section-4.2). ###### Establishing the Base URI Relative URI references are resolved using the appropriate base URI, which MUST be determined in accordance with [[RFC3986]] [Section 5.1.1 – 5.1.4](https://tools.ietf.org/html/rfc3986#section-5.1.1) and, for Schema objects, [JSON Schema draft 2020-12 Section 8.2](https://www.ietf.org/archive/id/draft-bhutton-json-schema-01.html#section-8.2), as illustrated by the examples in [Appendix F: Examples of Base URI Determination and Reference Resolution](#appendix-f-examples-of-base-uri-determination-and-reference-resolution). If `$self` is a relative URI reference, it is resolved against the next possible base URI source ([[RFC3986]] [Section 5.1.2 – 5.1.4](https://tools.ietf.org/html/rfc3986#section-5.1.2)) before being used for the resolution of other relative URI references. The most common base URI source that is used in the event of a missing or relative `$self` (in the [OpenAPI Object](#openapi-object)) and (for [Schema Object](#schema-object)) `$id` is the retrieval URI. Implementations MAY support document retrieval, although see the [Security Considerations](#security-considerations) sections for additional guidance. Even if retrieval is supported, it may be impossible due to network configuration or server unavailability (including the server hosting an older version while a new version is in development), or undesirable due to performance impacts. Therefore, all implementations SHOULD allow users to provide documents with their intended retrieval URIs so that references can be resolved as if retrievals were performed. ###### Resolving URI fragments If a URI contains a fragment identifier, then the fragment should be resolved per the fragment resolution mechanism of the referenced document. If the representation of the referenced document is JSON or YAML, then the fragment identifier SHOULD be interpreted as a JSON Pointer as per [RFC6901](https://tools.ietf.org/html/rfc6901). ###### Relative URI References in CommonMark Fields Relative references in CommonMark hyperlinks are resolved in their rendered context, which might differ from the context of the API description. ##### Resolving Implicit Connections Several features of this specification require resolution of non-URI-based connections to some other part of the OpenAPI Description (OAD). These connections are unambiguously resolved in single-document OADs, but the resolution process in multi-document OADs is _implementation-defined_, within the constraints described in this section. In some cases, an unambiguous URI-based alternative is available, and OAD authors are RECOMMENDED to use the alternative to maximize interoperability. For resolving [Components Object](#components-object) and [Tag Object](#tag-object) names from a referenced (non-entry) document, it is RECOMMENDED that tools resolve from the entry document, rather than the current document. For resolving an [Operation Object](#operation-object) based on an `operationId`, it is RECOMMENDED to consider all Operation Objects from all parsed documents. Note that no aspect of implicit connection resolution changes how [URIs are resolved](#relative-references-in-api-description-uris), or restricts their possible targets. See [Appendix G: Parsing and Resolution Guidance](#appendix-g-parsing-and-resolution-guidance) for more details, including a list of Objects and fields using implicit connections. ### Info Object The object provides metadata about the API. The metadata MAY be used by the clients if needed, and MAY be presented in editing or documentation generation tools for convenience. #### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | title | `string` | **REQUIRED**. The title of the API. | | summary | `string` | A short summary of the API. | | description | `string` | A description of the API. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | termsOfService | `string` | A URI for the Terms of Service for the API. This MUST be in the form of a URI. | | contact | [Contact Object](#contact-object) | The contact information for the exposed API. | | license | [License Object](#license-object) | The license information for the exposed API. | | version | `string` | **REQUIRED**. The version of the OpenAPI document (which is distinct from the [OpenAPI Specification version](#oas-version) or the version of the API being described or the version of the OpenAPI Description). | This object MAY be extended with [Specification Extensions](#specification-extensions). #### Info Object Example ```yaml title: Example Pet Store App summary: A pet store manager. description: This is an example server for a pet store. termsOfService: https://example.com/terms/ contact: name: API Support url: https://www.example.com/support email: support@example.com license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html version: 1.0.1 ``` ### Contact Object Contact information for the exposed API. #### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | name | `string` | The identifying name of the contact person/organization. | | url | `string` | The URI for the contact information. This MUST be in the form of a URI. | | email | `string` | The email address of the contact person/organization. This MUST be in the form of an email address. | This object MAY be extended with [Specification Extensions](#specification-extensions). #### Contact Object Example ```yaml name: API Support url: https://www.example.com/support email: support@example.com ``` ### License Object License information for the exposed API. #### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | name | `string` | **REQUIRED**. The license name used for the API. | | identifier | `string` | An [SPDX](https://spdx.org/licenses/) license expression for the API. The `identifier` field is mutually exclusive of the `url` field. | | url | `string` | A URI for the license used for the API. This MUST be in the form of a URI. The `url` field is mutually exclusive of the `identifier` field. | This object MAY be extended with [Specification Extensions](#specification-extensions). #### License Object Example ```yaml name: Apache 2.0 identifier: Apache-2.0 ``` ### Server Object An object representing a Server. #### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | url | `string` | **REQUIRED**. A URL to the target host. This URL supports Server Variables and MAY be relative, to indicate that the host location is relative to the location where the document containing the Server Object is being served. Query and fragment MUST NOT be part of this URL. Variable substitutions will be made when a variable is named in `{`braces`}`. | | description | `string` | An optional string describing the host designated by the URL. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | name | `string` | An optional unique string to refer to the host designated by the URL. | | variables | Map[`string`, [Server Variable Object](#server-variable-object)] | A map between a variable name and its value. The value is used for substitution in the server's URL template. | This object MAY be extended with [Specification Extensions](#specification-extensions). #### Relative References in API URLs API endpoints are by definition accessed as locations, and are described by this specification as **_URLs_**. Unless specified otherwise, all fields that are URLs MAY be relative references as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-4.2). Because the API is a distinct entity from the OpenAPI document, RFC3986's base URI rules for the OpenAPI document do not apply. Unless specified otherwise, relative references are resolved using the URLs defined in the [Server Object](#server-object) as a base URL. Note that these themselves MAY be relative to the referring document. ##### Examples of API Base URL Determination Assume a retrieval URI of `https://device1.example.com` for the following OpenAPI document: ```yaml openapi: 3.2.0 $self: https://apidescriptions.example.com/foo info: title: Example API version: 1.0 servers: - url: . description: The production API on this device - url: ./test description: The test API on this device ``` For API URLs the `$self` field, which identifies the OpenAPI document, is ignored and the retrieval URI is used instead. This produces a normalized production URL of `https://device1.example.com`, and a normalized test URL of `https://device1.example.com/test`. #### Server Object Example A single server would be described as: ```yaml url: https://development.gigantic-server.com/v1 description: Development server name: dev ``` The following shows how multiple servers can be described, for example, at the OpenAPI Object's [`servers`](#oas-servers): ```yaml servers: - url: https://development.gigantic-server.com/v1 description: Development server name: dev - url: https://staging.gigantic-server.com/v1 description: Staging server name: staging - url: https://api.gigantic-server.com/v1 description: Production server name: prod ``` The following shows how variables can be used for a server configuration: ```yaml servers: - url: https://{username}.gigantic-server.com:{port}/{basePath} description: The production API server name: prod variables: username: # note! no enum here means it is an open value default: demo description: A user-specific subdomain. Use `demo` for a free sandbox environment. port: enum: - '8443' - '443' default: '8443' basePath: # open meaning there is the opportunity to use special base paths as assigned by the provider, default is "v2" default: v2 ``` ### Server Variable Object An object representing a Server Variable for server URL template substitution. The server URL templating is defined by the following [ABNF](https://tools.ietf.org/html/rfc5234) syntax. ```abnf server-url-template = 1*( literals / server-variable ) server-variable = "{" server-variable-name "}" server-variable-name = 1*( %x00-7A / %x7C / %x7E-10FFFF ) ; every Unicode character except { and } literals = 1*( %x21 / %x23-24 / %x26-3B / %x3D / %x3F-5B / %x5D / %x5F / %x61-7A / %x7E / ucschar / iprivate / pct-encoded) ; any Unicode character except: CTL, SP, ; DQUOTE, "%" (aside from pct-encoded), ; "<", ">", "\", "^", "`", "{", "|", "}" pct-encoded = "%" HEXDIG HEXDIG ucschar = %xA0-D7FF / %xF900-FDCF / %xFDF0-FFEF / %x10000-1FFFD / %x20000-2FFFD / %x30000-3FFFD / %x40000-4FFFD / %x50000-5FFFD / %x60000-6FFFD / %x70000-7FFFD / %x80000-8FFFD / %x90000-9FFFD / %xA0000-AFFFD / %xB0000-BFFFD / %xC0000-CFFFD / %xD0000-DFFFD / %xE1000-EFFFD iprivate = %xE000-F8FF / %xF0000-FFFFD / %x100000-10FFFD ``` Here, `literals`, `pct-encoded`, `ucschar` and `iprivate` definitions are taken from [RFC 6570](https://www.rfc-editor.org/rfc/rfc6570), incorporating the corrections specified in [Errata 6937](https://www.rfc-editor.org/errata/eid6937) for `literals`. Each server variable MUST NOT appear more than once in the URL template. See the [Paths Object](#paths-object) for guidance on constructing full request URLs. #### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | enum | [`string`] | An enumeration of string values to be used if the substitution options are from a limited set. The array MUST NOT be empty. | | default | `string` | **REQUIRED**. The default value to use for substitution, which SHALL be sent if an alternate value is _not_ supplied. If the [`enum`](#server-variable-enum) is defined, the value MUST exist in the enum's values. Note that this behavior is different from the [Schema Object](#schema-object)'s `default` keyword, which documents the receiver's behavior rather than inserting the value into the data. | | description | `string` | An optional description for the server variable. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | This object MAY be extended with [Specification Extensions](#specification-extensions). ### Components Object Holds a set of reusable objects for different aspects of the OAS. All objects defined within the Components Object will have no effect on the API unless they are explicitly referenced from outside the Components Object. #### Fixed Fields | Field Name | Type | Description | | ---- | :---- | ---- | | schemas | Map[`string`, [Schema Object](#schema-object)] | An object to hold reusable [Schema Objects](#schema-object). | | responses | Map[`string`, [Response Object](#response-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Response Objects](#response-object). | | parameters | Map[`string`, [Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Parameter Objects](#parameter-object). | | examples | Map[`string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Example Objects](#example-object). | | requestBodies | Map[`string`, [Request Body Object](#request-body-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Request Body Objects](#request-body-object). | | headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Header Objects](#header-object). | | securitySchemes | Map[`string`, [Security Scheme Object](#security-scheme-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Security Scheme Objects](#security-scheme-object). | | links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Link Objects](#link-object). | | callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Callback Objects](#callback-object). | | pathItems | Map[`string`, [Path Item Object](#path-item-object)] | An object to hold reusable [Path Item Objects](#path-item-object). | | mediaTypes | Map[`string`, [Media Type Object](#media-type-object) \| [Reference Object](#reference-object)] | An object to hold reusable [Media Type Objects](#media-type-object). | This object MAY be extended with [Specification Extensions](#specification-extensions). All the fixed fields declared above are objects that MUST use keys that match the regular expression: `^[a-zA-Z0-9\.\-_]+$`. Field Name Examples: ```text User User_1 User_Name user-name my.org.User ``` #### Components Object Example ```yaml components: schemas: GeneralError: type: object properties: code: type: integer format: int32 message: type: string Category: type: object properties: id: type: integer format: int64 name: type: string Tag: type: object properties: id: type: integer format: int64 name: type: string parameters: skipParam: name: skip in: query description: number of items to skip required: true schema: type: integer format: int32 limitParam: name: limit in: query description: max records to return required: true schema: type: integer format: int32 responses: NotFound: description: Entity not found. IllegalInput: description: Illegal input for operation. GeneralError: description: General Error content: application/json: schema: $ref: '#/components/schemas/GeneralError' securitySchemes: api_key: type: apiKey name: api-key in: header petstore_auth: type: oauth2 flows: implicit: authorizationUrl: https://example.org/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets ``` ### Paths Object Holds the relative paths to the individual endpoints and their operations. The path is appended to the URL from the [Server Object](#server-object) in order to construct the full URL. The Paths Object MAY be empty, due to [Access Control List (ACL) constraints](#security-filtering). #### Patterned Fields | Field Pattern | Type | Description | | ---- | :----: | ---- | | /{path} | [Path Item Object](#path-item-object) | A relative path to an individual endpoint. The field name MUST begin with a forward slash (`/`). The URL from the [Server Object](#server-object)'s `url` field, resolved and with template variables substituted, has the path **appended** (no relative URL resolution) to it in order to construct the full URL. [Path templating](#path-templating) is allowed. When matching URLs, concrete (non-templated) paths would be matched before their templated counterparts. Templated paths with the same hierarchy but different templated names MUST NOT exist as they are identical. In case of ambiguous matching, it's up to the tooling to decide which one to use. | This object MAY be extended with [Specification Extensions](#specification-extensions). #### Path Templating Path templating refers to the usage of template expressions, delimited by curly braces (`{}`), to mark a section of a URL path as replaceable using path parameters. Each template expression in the path MUST correspond to a path parameter that is included in the [Path Item](#path-item-object) itself and/or in each of the Path Item's [Operations](#operation-object). An exception is if the path item is empty, for example due to ACL constraints, matching path parameters are not required. The value for these path parameters MUST NOT contain any unescaped "generic syntax" characters described by [RFC3986](https://tools.ietf.org/html/rfc3986#section-3): forward slashes (`/`), question marks (`?`), or hashes (`#`). See [URL Percent-Encoding](#url-percent-encoding) for additional guidance on escaping characters. The path templating is defined by the following [ABNF](https://tools.ietf.org/html/rfc5234) syntax ```abnf path-template = "/" *( path-segment "/" ) [ path-segment ] path-segment = 1*( path-literal / template-expression ) path-literal = 1*pchar template-expression = "{" template-expression-param-name "}" template-expression-param-name = 1*( %x00-7A / %x7C / %x7E-10FFFF ) ; every Unicode character except { and } pchar = unreserved / pct-encoded / sub-delims / ":" / "@" unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~" pct-encoded = "%" HEXDIG HEXDIG sub-delims = "!" / "$" / "&" / "'" / "(" / ")" / "*" / "+" / "," / ";" / "=" ``` Here, `pchar`, `unreserved`, `pct-encoded` and `sub-delims` definitions are taken from [RFC 3986](https://tools.ietf.org/html/rfc3986). The `path-template` is directly derived from [RFC 3986, section 3.3](https://datatracker.ietf.org/doc/html/rfc3986#section-3.3). Each template expression MUST NOT appear more than once in a single path template. See also [Appendix C: Using RFC6570-Based Serialization](#appendix-c-using-rfc6570-based-serialization) for additional guidance. ##### Path Templating Matching Assuming the following paths, the concrete definition, `/pets/mine`, will be matched first if used: ```text /pets/{petId} /pets/mine ``` The following paths are considered identical and invalid: ```text /pets/{petId} /pets/{name} ``` The following may lead to ambiguous resolution: ```text /{entity}/me /books/{id} ``` #### Paths Object Example ```yaml /pets: get: description: Returns all pets from the system that the user has access to responses: '200': description: A list of pets. content: application/json: schema: type: array items: $ref: '#/components/schemas/pet' ``` ### Path Item Object Describes the operations available on a single path. A Path Item MAY be empty, due to [ACL constraints](#security-filtering). The path itself is still exposed to the documentation viewer but they will not know which operations and parameters are available. #### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | $ref | `string` | Allows for a referenced definition of this path item. The value MUST be in the form of a URI, and the referenced structure MUST be in the form of a [Path Item Object](#path-item-object). In case a Path Item Object field appears both in the defined object and the referenced object, the behavior is undefined. See the rules for resolving [Relative References](#relative-references-in-api-description-uris).

_**Note:** The behavior of `$ref` with adjacent properties is likely to change in future versions of this specification to bring it into closer alignment with the behavior of the [Reference Object](#reference-object)._ | | summary | `string` | An optional string summary, intended to apply to all operations in this path. | | description | `string` | An optional string description, intended to apply to all operations in this path. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | get | [Operation Object](#operation-object) | A definition of a GET operation on this path. | | put | [Operation Object](#operation-object) | A definition of a PUT operation on this path. | | post | [Operation Object](#operation-object) | A definition of a POST operation on this path. | | delete | [Operation Object](#operation-object) | A definition of a DELETE operation on this path. | | options | [Operation Object](#operation-object) | A definition of a OPTIONS operation on this path. | | head | [Operation Object](#operation-object) | A definition of a HEAD operation on this path. | | patch | [Operation Object](#operation-object) | A definition of a PATCH operation on this path. | | trace | [Operation Object](#operation-object) | A definition of a TRACE operation on this path. | | query | [Operation Object](#operation-object) | A definition of a QUERY operation, as defined in the most recent IETF draft ([draft-ietf-httpbis-safe-method-w-body-08](https://www.ietf.org/archive/id/draft-ietf-httpbis-safe-method-w-body-11.html) as of this writing) or its RFC successor, on this path. | | additionalOperations | Map[`string`, [Operation Object](#operation-object)] | A map of additional operations on this path. The map key is the HTTP method with the same capitalization that is to be sent in the request. This map MUST NOT contain any entry for the methods that can be defined by other fixed fields with Operation Object values (e.g. no `POST` entry, as the `post` field is used for this method). | | servers | [[Server Object](#server-object)] | An alternative `servers` array to service all operations in this path. If a `servers` array is specified at the [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | | parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for all the operations described under this path. These parameters can be overridden at the operation level, but cannot be removed there. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined in the [OpenAPI Object's `components.parameters`](#components-parameters). | This object MAY be extended with [Specification Extensions](#specification-extensions). #### Path Item Object Example ```yaml get: description: Returns pets based on ID summary: Find pets by ID operationId: getPetsById responses: '200': description: pet response content: '*/*': schema: type: array items: $ref: '#/components/schemas/Pet' default: description: error payload content: text/html: schema: $ref: '#/components/schemas/ErrorModel' parameters: - name: id in: path description: ID of pet to use required: true schema: type: array items: type: string style: simple additionalOperations: COPY: description: Copies pet information based on ID summary: Copies pets by ID operationId: copyPetsById responses: '200': description: pet response content: '*/*': schema: type: array items: $ref: '#/components/schemas/Pet' default: description: error payload content: text/html: schema: $ref: '#/components/schemas/ErrorModel' ``` ### Operation Object Describes a single API operation on a path. #### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | tags | [`string`] | A list of tags for API documentation control. Tags can be used for logical grouping of operations by resources or any other qualifier. | | summary | `string` | A short summary of what the operation does. | | description | `string` | A verbose explanation of the operation behavior. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this operation. | | operationId | `string` | Unique string used to identify the operation. The id MUST be unique among all operations described in the API. The operationId value is **case-sensitive**. Tools and libraries MAY use the operationId to uniquely identify an operation, therefore, it is RECOMMENDED to follow common programming naming conventions. | | parameters | [[Parameter Object](#parameter-object) \| [Reference Object](#reference-object)] | A list of parameters that are applicable for this operation. If a parameter is already defined at the [Path Item](#path-item-parameters), the new definition will override it but can never remove it. The list MUST NOT include duplicated parameters. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). The list can use the [Reference Object](#reference-object) to link to parameters that are defined in the [OpenAPI Object's `components.parameters`](#components-parameters). | | requestBody | [Request Body Object](#request-body-object) \| [Reference Object](#reference-object) | The request body applicable for this operation. The `requestBody` is fully supported in HTTP methods where the HTTP specification [RFC9110](https://www.rfc-editor.org/rfc/rfc9110.html#section-9.3) has explicitly defined semantics for request bodies. In other cases where the HTTP spec discourages message content (such as [GET](https://www.rfc-editor.org/rfc/rfc9110.html#section-9.3.1) and [DELETE](https://www.rfc-editor.org/rfc/rfc9110.html#section-9.3.5)), `requestBody` is permitted but does not have well-defined semantics and SHOULD be avoided if possible. | | responses | [Responses Object](#responses-object) | The list of possible responses as they are returned from executing this operation. | | callbacks | Map[`string`, [Callback Object](#callback-object) \| [Reference Object](#reference-object)] | A map of possible out-of band callbacks related to the parent operation. The key is a unique identifier for the Callback Object. Each value in the map is a [Callback Object](#callback-object) that describes a request that may be initiated by the API provider and the expected responses. | | deprecated | `boolean` | Declares this operation to be deprecated. Consumers SHOULD refrain from usage of the declared operation. Default value is `false`. | | security | [[Security Requirement Object](#security-requirement-object)] | A declaration of which security mechanisms can be used for this operation. The list of values includes alternative Security Requirement Objects that can be used. Only one of the Security Requirement Objects need to be satisfied to authorize a request. To make security optional, an empty security requirement (`{}`) can be included in the array. This definition overrides any declared top-level [`security`](#oas-security). To remove a top-level security declaration, an empty array can be used. | | servers | [[Server Object](#server-object)] | An alternative `servers` array to service this operation. If a `servers` array is specified at the [Path Item Object](#path-item-servers) or [OpenAPI Object](#oas-servers) level, it will be overridden by this value. | This object MAY be extended with [Specification Extensions](#specification-extensions). #### Operation Object Example ```yaml tags: - pet summary: Updates a pet in the store with form data operationId: updatePetWithForm parameters: - name: petId in: path description: ID of pet that needs to be updated required: true schema: type: string requestBody: content: application/x-www-form-urlencoded: schema: type: object properties: name: description: Updated name of the pet type: string status: description: Updated status of the pet type: string required: - status responses: '200': description: Pet updated. content: application/json: {} application/xml: {} '405': description: Method Not Allowed content: application/json: {} application/xml: {} security: - petstore_auth: - write:pets - read:pets ``` ### External Documentation Object Allows referencing an external resource for extended documentation. #### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | description | `string` | A description of the target documentation. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | url | `string` | **REQUIRED**. The URI for the target documentation. This MUST be in the form of a URI. | This object MAY be extended with [Specification Extensions](#specification-extensions). #### External Documentation Object Example ```yaml description: Find more info here url: https://example.com ``` ### Parameter Object Describes a single operation parameter. A unique parameter is defined by a combination of a [name](#parameter-name) and [location](#parameter-in). See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detailed examination of percent-encoding concerns, including interactions with the `application/x-www-form-urlencoded` query string format. #### Parameter Locations There are five possible parameter locations specified by the `in` field: * path - Used together with [Path Templating](#path-templating), where the parameter value is actually part of the operation's URL. This does not include the host or base path of the API. For example, in `/items/{itemId}`, the path parameter is `itemId`. * query - Parameters that are appended to the URL. For example, in `/items?id=###`, the query parameter is `id`; MUST NOT appear in the same operation (or in the operation's path-item) as an `in: "querystring"` parameter. * querystring - A parameter that treats the entire URL query string as a value which MUST be specified using the `content` field, most often with media type `application/x-www-form-urlencoded` using [Encoding Objects](#encoding-object) in the same way as with request bodies of that media type; MUST NOT appear more than once, and MUST NOT appear in the same operation (or in the operation's path-item) as any `in: "query"` parameters. * header - Custom headers that are expected as part of the request. Note that [RFC9110](https://www.rfc-editor.org/rfc/rfc9110.html#section-5.1) states header names are case-insensitive. * cookie - Used to pass a specific cookie value to the API. #### Fixed Fields The rules for serialization of the parameter are specified in one of two ways. Parameter Objects MUST include either a `content` field or a `schema` field, but not both. See [Appendix B](#appendix-b-data-type-conversion) for a discussion of converting values of various types to string representations. ##### Common Fixed Fields These fields MAY be used with either `content` or `schema`. The `example` and `examples` fields are mutually exclusive; see [Working with Examples](#working-with-examples) for guidance on validation requirements. | Field Name | Type | Description | | ---- | :----: | ---- | | name | `string` | **REQUIRED**. The name of the parameter. Parameter names are _case-sensitive_.
  • If [`in`](#parameter-in) is `"path"`, the `name` field MUST correspond to a single template expression occurring within the [path](#paths-path) field in the [Paths Object](#paths-object). See [Path Templating](#path-templating) for further information.
  • If [`in`](#parameter-in) is `"header"` and the `name` field is `"Accept"`, `"Content-Type"` or `"Authorization"`, the parameter definition SHALL be ignored.
  • If `in` is `"querystring"`, or for [certain combinations](#style-examples) of [`style`](#parameter-style) and [`explode`](#parameter-explode), the value of `name` is not used in the parameter serialization.
  • For all other cases, the `name` corresponds to the parameter name used by the [`in`](#parameter-in) field.
| | in | `string` | **REQUIRED**. The location of the parameter. Possible values are `"query"`, `"querystring"`, `"header"`, `"path"` or `"cookie"`. | | description | `string` | A brief description of the parameter. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | required | `boolean` | Determines whether this parameter is mandatory. If the [parameter location](#parameter-in) is `"path"`, this field is **REQUIRED** and its value MUST be `true`. Otherwise, the field MAY be included and its default value is `false`. | | deprecated | `boolean` | Specifies that a parameter is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | | allowEmptyValue | `boolean` | If `true`, clients MAY pass a zero-length string value in place of parameters that would otherwise be omitted entirely, which the server SHOULD interpret as the parameter being unused. Default value is `false`. If [`style`](#parameter-style) is used, and if [behavior is _n/a_ (cannot be serialized)](#style-examples), the value of `allowEmptyValue` SHALL be ignored. Interactions between this field and the parameter's [Schema Object](#schema-object) are implementation-defined. This field is valid only for `query` parameters.

**Deprecated:** Use of this field is NOT RECOMMENDED, and it is likely to be removed in a later revision. | | example | Any | Example of the parameter's potential value; see [Working With Examples](#working-with-examples). | | examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the parameter's potential value; see [Working With Examples](#working-with-examples). | This object MAY be extended with [Specification Extensions](#specification-extensions). Note that while `"Cookie"` as a `name` is not forbidden if `in` is `"header"`, the effect of defining a cookie parameter that way is undefined; use `in: "cookie"` instead. ##### Fixed Fields for use with `schema` For simpler scenarios, a [`schema`](#parameter-schema) and [`style`](#parameter-style) can describe the structure and syntax of the parameter. These fields MUST NOT be used with `in: "querystring"`. Care is needed for parameters with `schema` that have `in: "header"` or `in: "cookie", style: "cookie"`: * When serializing these values, URI percent-encoding MUST NOT be applied. * When parsing these parameters, any apparent percent-encoding MUST NOT be decoded. * If using an RFC6570 implementation that automatically performs encoding or decoding steps, the steps MUST be undone before use. In these cases, implementations MUST pass values through unchanged rather than attempting to quote or escape them, as the quoting rules for headers and escaping conventions for cookies vary too widely to be performed automatically; see [Appendix D](#appendix-d-serializing-headers-and-cookies) for guidance on quoting and escaping. | Field Name | Type | Description | | ---- | :----: | ---- | | style | `string` | Describes how the parameter value will be serialized depending on the type of the parameter value. Default values (based on value of `in`): for `"query"` - `"form"`; for `"path"` - `"simple"`; for `"header"` - `"simple"`; for `"cookie"` - `"form"` (for compatibility reasons; note that `style: "cookie"` SHOULD be used with `in: "cookie"`; see [Appendix D](#appendix-d-serializing-headers-and-cookies) for details). | | explode | `boolean` | When this is true, parameter values of type `array` or `object` generate separate parameters for each value of the array or key-value pair of the map. For other types of parameters, or when [`style`](#parameter-style) is `"deepObject"`, this field has no effect. When `style` is `"form"` or `"cookie"`, the default value is `true`. For all other styles, the default value is `false`. | | allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are not allowed by the rules of the `in` destination or media type, or are [not allowed in the path by this specification](#path-templating); see [URL Percent-Encoding](#url-percent-encoding) for details. The default value is `false`. This field only applies to `in` and `style` values that automatically percent-encode. | | schema | [Schema Object](#schema-object) | The schema defining the type used for the parameter. | See also [Appendix C: Using RFC6570-Based Serialization](#appendix-c-using-rfc6570-based-serialization) for additional guidance. ##### Fixed Fields for use with `content` For more complex scenarios, the [`content`](#parameter-content) field can define the media type and schema of the parameter, as well as give examples of its use. For use with `in: "querystring"` and `application/x-www-form-urlencoded`, see [Encoding the `x-www-form-urlencoded` Media Type](#encoding-the-x-www-form-urlencoded-media-type). | Field Name | Type | Description | | ---- | :----: | ---- | | content | Map[`string`, [Media Type Object](#media-type-object) \| [Reference Object](#reference-object)] | A map containing the representations for the parameter. The key is the media type and the value describes it. The map MUST only contain one entry. | #### Style Values In order to support common ways of serializing simple parameters, a set of `style` values are defined. Combinations not represented in this table are not permitted. | `style` | [`type`](#data-types) | `in` | Comments | | ---- | ---- | ---- | ---- | | `matrix` | primitive, `array`, `object` | `path` | Path-style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.7) | | `label` | primitive, `array`, `object` | `path` | Label style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.5) | | `simple` | primitive, `array`, `object` | `path`, `header` | Simple style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.2). This option replaces `collectionFormat` with a `csv` value from OpenAPI 2.0. | | `form` | primitive, `array`, `object` | `query`, `cookie` | Form style parameters defined by [RFC6570](https://tools.ietf.org/html/rfc6570#section-3.2.8). This option replaces `collectionFormat` with a `csv` (when `explode` is false) or `multi` (when `explode` is true) value from OpenAPI 2.0. | | `spaceDelimited` | `array`, `object` | `query` | Space separated array values or object properties and values. This option replaces `collectionFormat` equal to `ssv` from OpenAPI 2.0. | | `pipeDelimited` | `array`, `object` | `query` | Pipe separated array values or object properties and values. This option replaces `collectionFormat` equal to `pipes` from OpenAPI 2.0. | | `deepObject` | `object` | `query` | Allows objects with scalar properties to be represented using form parameters. The representation of array or object properties is not defined (but see [Extending Support for Querystring Formats](#extending-support-for-querystring-formats) for alternatives). | | `cookie` | primitive, `array`, `object` | `cookie` | Analogous to `form`, but following [[RFC6265]] `Cookie` syntax rules, meaning that name-value pairs are separated by a semicolon followed by a single space (e.g. `n1=v1; n2=v2`), and no percent-encoding or other escaping is applied; data values that require any sort of escaping MUST be provided in escaped form. | #### URL Percent-Encoding All API URLs MUST successfully parse and percent-decode using [[RFC3986]] rules. Content in the `application/x-www-form-urlencoded` format, including query strings produced by [Parameter Objects](#parameter-object) with `in: "query"`, MUST also successfully parse and percent-decode using [[WHATWG-URL]] rules, including treating non-percent-encoded `+` as an escaped space character. These requirements are specified in terms of percent-_decoding_ rules, which are consistently tolerant across different versions of the various standards that apply to URIs. Percent-_encoding_ is performed in several places: * By [[RFC6570]] implementations (or simulations thereof; see [Appendix C](#appendix-c-using-rfc6570-based-serialization)) * By the Parameter or [Encoding](#encoding-object) Objects when incorporating a value serialized with a [Media Type Object](#media-type-object) for a media type that does not already incorporate URI percent-encoding * By the user, prior to passing data through RFC6570's reserved expansion process When percent-encoding, the safest approach is to percent-encode all characters not in RFC3986's "unreserved" set, and for `form-urlencoded` to also percent-encode the tilde character (`~`) to align with historical requirements that are traced back to [[?RFC1738]], the URI RFC at the time `form-urlencoded` was created. This approach is used in examples in this specification. For `form-urlencoded`, while the encoding algorithm given by [[WHATWG-URL]] requires escaping the space character as `+`, percent-encoding it as `%20` also meets the above requirements. Examples in this specification will prefer `%20` when using RFC6570's default (non-reserved) form-style expansion, and `+` otherwise. Reserved characters MUST NOT be percent-encoded when being used for reserved purposes such as `&=+` for `form-urlencoded` or `,` for delimiting non-exploded array and object values in RFC6570 expansions. The result of inserting non-percent-encoded delimiters into data using manual percent-encoding, including via RFC6570's reserved expansion rules, is undefined and will likely prevent implementations from parsing the results back into the correct data structures. In some cases, such as inserting `/` into path parameter values, doing so is [explicitly forbidden](#path-templating) by this specification. See also: * [Appendix C](#appendix-c-using-rfc6570-based-serialization) for guidance on using or simulating/extending RFC6570 implementations. * [Appendix D](#appendix-d-serializing-headers-and-cookies) for guidance on percent-encoding and cookies, as well as other escaping approaches for headers and cookies. * [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a thorough discussion of percent-encoding options, compatibility, and handling OAS-defined delimiters that are not allowed by RFC3986. #### Serialization and Examples The rules in this section apply to both the Parameter and [Header](#header-object) Objects, both of which use the same mechanisms. When showing serialized examples, such as with the [Example Object's](#example-object) `serializedValue` or `externalValue` fields, in most cases the value to show is just the value, with all relevant percent-encoding or other encoding/escaping applied, and also including any delimiters produced by the `style` and `explode` configuration. In cases where the name is an inherent part of constructing the serialization, such as the `name=value` pairs produced by `style: "form"` or the combination of `style: "simple", explode: true`, the name and any delimiter between the name and value MUST be included. The `matrix` and `label` styles produce a leading delimiter which is always a valid part of the serialization and MUST be included. The RFC6570 operators corresponding to `style: "form"` produce a leading delimiter of either `?` or `&` depending on the exact syntax used. As the suitability of either delimiter depends on where in the query string the parameter occurs, as well as whether it is in a URI or in `application/x-www-form-urlencoded` content, this leading delimiter MUST NOT be included in examples of individual parameters or media type documents. For `in: "cookie", style: "form"`, neither the `&` nor `?` delimiters are ever correct; see [Appendix D: Serializing Headers and Cookies](#appendix-d-serializing-headers-and-cookies) for more details. For headers, the header name MUST NOT be included as part of the serialization, as it is never part of the RFC6570-derived result. However, names produced by `style: "simple", explode: "true"` are included as they appear within the header value, not as separate headers. See the [Header Object](#header-object) for special rules for showing examples of the `Set-Cookie` response header, which violates the normal rules for multiple header values. #### Style Examples Assume a parameter named `color` has one of the following values, where the value to the right of the `->` is what would be shown in the `dataValue` field of an Example Object: ```js string -> "blue" array -> ["blue", "black", "brown"] object -> { "R": 100, "G": 200, "B": 150 } ``` The following table shows serialized examples, as would be shown with the `serializedValue` field of an Example Object, of the different serializations for each value. * The value _empty_ denotes the empty string, and is unrelated to the `allowEmptyValue` field. * The behavior of combinations marked _n/a_ is undefined. * The `undefined` column replaces the `empty` column in previous versions of this specification in order to better align with [RFC6570](https://www.rfc-editor.org/rfc/rfc6570.html#section-2.3) terminology, which describes certain values including but not limited to `null` as "undefined" values with special handling; notably, the empty string is _not_ undefined. * For `form` and the non-RFC6570 query string styles `spaceDelimited`, `pipeDelimited`, and `deepObject`, see [Appendix C](#appendix-c-using-rfc6570-based-serialization) for more information on constructing query strings from multiple parameters, and [Appendix D](#appendix-d-serializing-headers-and-cookies) for warnings regarding `form` and `cookie` parameters. * The examples are percent-encoded as explained in the [URL Percent-Encoding](#url-percent-encoding) section above; see [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a thorough discussion of percent-encoding concerns, including why unencoded `|` (`%7C`), `[` (`%5B`), and `]` (`%5D`) seem to work in some environments despite not being compliant. | [`style`](#style-values) | `explode` | `undefined` | `string` | `array` | `object` | | ---- | ---- | ---- | ---- | ---- | ---- | | matrix | false | ;color | ;color=blue | ;color=blue,black,brown | ;color=R,100,G,200,B,150 | | matrix | true | ;color | ;color=blue | ;color=blue;color=black;color=brown | ;R=100;G=200;B=150 | | label | false | . | .blue | .blue,black,brown | .R,100,G,200,B,150 | | label | true | . | .blue | .blue.black.brown | .R=100.G=200.B=150 | | simple | false | _empty_ | blue | blue,black,brown | R,100,G,200,B,150 | | simple | true | _empty_ | blue | blue,black,brown | R=100,G=200,B=150 | | form | false | color= | color=blue | color=blue,black,brown | color=R,100,G,200,B,150 | | form | true | color= | color=blue | color=blue&color=black&color=brown | R=100&G=200&B=150 | | spaceDelimited | false | _n/a_ | _n/a_ | color=blue%20black%20brown | color=R%20100%20G%20200%20B%20150 | | spaceDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | | pipeDelimited | false | _n/a_ | _n/a_ | color=blue%7Cblack%7Cbrown | color=R%7C100%7CG%7C200%7CB%7C150 | | pipeDelimited | true | _n/a_ | _n/a_ | _n/a_ | _n/a_ | | deepObject | _n/a_ | _n/a_ | _n/a_ | _n/a_ | color%5BR%5D=100&color%5BG%5D=200&color%5BB%5D=150 | | cookie | false | color= | color=blue | color=blue,black,brown | color=R,100,G,200,B,150 | | cookie | true | color= | color=blue | color=blue; color=black; color=brown | R=100; G=200; B=150 | #### Extending Support for Querystring Formats Many frameworks define query string syntax for complex values, such as appending array indices to parameter names or indicating multiple levels of of nested objects, which go well beyond the capabilities of the `deepObject` style. As these are not standards, and often contradict each other, the OAS does not attempt to support them directly. Two avenues are available for supporting such formats with `in: "querystring"`: * Use `content` and `text/plain` with a schema of `type: "string"` and define the format outside of OpenAPI. While this requires more work to document and construct or parse the format, which is seen as a plain string from the OpenAPI perspective, it provides the easiest flexible option * Define a media type (which need not necessarily be [IANA-registered](https://www.rfc-editor.org/rfc/rfc6838.html)) and a process for mapping in-memory data to the serialized media type. To increase the likelihood of support across multiple tools, submit a registration for the media type and process to the OpenAPI Initiative's [Media Type Registry](#openapi-media-type-registry). #### Parameter Object Examples A header parameter with an array of 64-bit integer numbers: ```yaml name: X-Token in: header description: token to be passed as a header required: true schema: type: array items: type: integer format: int64 style: simple examples: Tokens: dataValue: - 12345678 - 90099 serializedValue: "12345678,90099" ``` A cookie parameter with an exploded object (the default for `style: "cookie"`): ```yaml name: cookie in: cookie style: cookie schema: type: object properties: greeting: type: string code: type: integer minimum: 0 examples: Object: description: | Note that the comma (,) has been pre-percent-encoded to "%2C" in the data, as it is forbidden in cookie values. However, the exclamation point (!) is legal in cookies, so it can be left unencoded. dataValue: greeting: Hello%2C world! code: 42 serializedValue: "greeting=Hello%2C world!; code=42" ``` A cookie parameter relying on the percent-encoding behavior of the default `style: "form"`: ```yaml name: greeting in: cookie schema: type: string examples: Greeting: description: | Note that in this approach, RFC6570's percent-encoding process applies, so unsafe characters are not pre-percent-encoded. This results in all non-URL-safe characters, rather than just the one non-cookie-safe character, getting percent-encoded. dataValue: Hello, world! serializedValue: "greeting=Hello%2C%20world%21" ``` A path parameter of a string value: ```yaml name: username in: path description: username to fetch required: true schema: type: string examples: "Edsger Dijkstra": dataValue: edijkstra serializedValue: edijkstra Diṅnāga: dataValue: diṅnāga serializedValue: di%E1%B9%85n%C4%81ga Al-Khwarizmi: dataValue: "الخوارزميّ" serializedValue: "%D8%A7%D9%84%D8%AE%D9%88%D8%A7%D8%B1%D8%B2%D9%85%D9%8A%D9%91" ``` An optional query parameter of a string value, allowing multiple values by repeating the query parameter (Note that we use `"%20"` in place of `" "` (space) because that is how RFC6570 handles it; for guidance on using `+` to represent the space character, see [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for more guidance on these escaping options): ```yaml name: thing in: query required: false schema: type: array items: type: string style: form explode: true examples: ObjectList: dataValue: - one thing - another thing serializedValue: "thing=one%20thing&thing=another%20thing" ``` A free-form query parameter, allowing arbitrary parameters of `type: "integer"`: ```yaml in: query name: freeForm schema: type: object additionalProperties: type: integer style: form examples: Pagination: dataValue: page: 4 pageSize: 50 serializeValue: page=4&pageSize=50 ``` A complex parameter using `content` to define serialization, with multiple levels and types of examples shown to make the example usage options clear — note that `dataValue` is the same at both levels and does not need to be shown in both places in normal usage, but `serializedValue` is different: ```yaml in: query name: coordinates content: application/json: schema: type: object required: - lat - long properties: lat: type: number long: type: number examples: dataValue: lat: 10 long: 60 serializedValue: '{"lat":10,"long":60}' examples: dataValue: lat: 10 long: 60 serializedValue: coordinates=%7B%22lat%22%3A10%2C%22long%22%3A60%7D ``` A querystring parameter using regular form encoding, but managed with a Media Type Object. This shows spaces being handled per the `application/x-www-form-urlencoded` media type rules (encode as `+`) rather than the RFC6570 process (encode as `%20`); see [Appendix E](appendix-e-percent-encoding-and-form-media-types) for further guidance on this distinction. Examples are shown at both the media type and parameter level to emphasize that, since `application/x-www-form-urlencoded` is suitable for use in query strings by definition, no further encoding or escaping is applied to the serialized media type value: ```yaml in: querystring content: application/x-www-form-urlencoded: schema: type: object properties: foo: type: string bar: type: boolean examples: spacesAndPluses: description: Note handling of spaces and "+" per media type. dataValue: foo: a + b bar: true serializedValue: foo=a+%2B+b&bar=true examples: spacesAndPluses: description: | Note that no additional percent encoding is done, as this media type is URI query string-ready by definition. dataValue: foo: a + b bar: true serializedValue: foo=a+%2B+b&bar=true ``` A querystring parameter that uses JSON for the entire string (not as a single query parameter value). The `dataValue` field is shown at both levels to fully illustrate both ways of providing an example. As seen below, this is redundant and need not be done in practice: ```yaml in: querystring name: json content: application/json: schema: type: object properties: numbers: type: array items: type: integer flag: type: [boolean, "null"] examples: TwoNoFlag: description: Serialize with minimized whitespace dataValue: numbers: - 1 - 2 flag: null serializedValue: '{"numbers":[1,2],"flag":null}' examples: TwoNoFlag: dataValue: numbers: - 1 - 2 flag: null serializedValue: "%7B%22numbers%22%3A%5B1%2C2%5D%2C%22flag%22%3Anull%7D" ``` Assuming a path of `/foo`, a server of `https://example.com`, the full URL incorporating the value from `serializedValue` would be: ```uri https://example.com/foo?%7B%22numbers%22%3A%5B1%2C2%5D%2C%22flag%22%3Anull%7D ``` A querystring parameter that uses [[?RFC9535|JSONPath]]. Note that in this example we not only do not repeat `dataValue`, but we use the shorthand `example` because the `application/jsonpath` value is a string that, at the media type level, is serialized as-is: ```yaml in: querystring name: selector content: application/jsonpath: schema: type: string example: $.a.b[1:1] examples: Selector: serializedValue: "%24.a.b%5B1%3A1%5D" ``` As there is not, as of this writing, a [registered](#openapi-media-type-registry) mapping between the JSON Schema data model and JSONPath, the details of the string's allowed structure would need to be conveyed either in a human-readable `description` field, or through a mechanism outside of the OpenAPI Description, such as a JSON Schema for the data structure to be queried. Assuming a path of `/foo` and a server of `https://example.com`, the full URL incorporating the value from `serializedValue` would be: ```uri https://example.com/foo?%24.a.b%5B1%3A1%5D ``` ### Request Body Object Describes a single request body. #### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | description | `string` | A brief description of the request body. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | content | Map[`string`, [Media Type Object](#media-type-object) \| [Reference Object](#reference-object)] | **REQUIRED**. The content of the request body. The key is a media type or [media type range](https://www.rfc-editor.org/rfc/rfc9110.html#appendix-A) and the value describes it. The map SHOULD have at least one entry; if it does not, the behavior is implementation-defined. For requests that match multiple keys, only the most specific key is applicable. e.g. `"text/plain"` overrides `"text/*"` | | required | `boolean` | Determines if the request body is required in the request. Defaults to `false`. | This object MAY be extended with [Specification Extensions](#specification-extensions). #### Request Body Examples A request body with a referenced schema definition. ```yaml description: user to add to the system content: application/json: schema: $ref: '#/components/schemas/User' examples: user: summary: User example externalValue: https://foo.bar/examples/user-example.json application/xml: schema: $ref: '#/components/schemas/User' examples: user: summary: User example in XML externalValue: https://foo.bar/examples/user-example.xml text/plain: examples: user: summary: User example in plain text externalValue: https://foo.bar/examples/user-example.txt '*/*': examples: user: summary: User example in other format externalValue: https://foo.bar/examples/user-example.whatever ``` ### Media Type Object Each Media Type Object describes content structured in accordance with the media type identified by its key. Multiple Media Type Objects can be used to describe content that can appear in any of several different media types. When `example` or `examples` are provided, the example SHOULD match the specified schema and be in the correct format as specified by the media type and its encoding. The `example` and `examples` fields are mutually exclusive. See [Working With Examples](#working-with-examples) for further guidance regarding the different ways of specifying examples, including non-JSON/YAML values. #### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | schema | [Schema Object](#schema-object) | A schema describing the complete content of the request, response, parameter, or header. | | itemSchema | [Schema Object](#schema-object) | A schema describing each item within a [sequential media type](#sequential-media-types). | | example | Any | Example of the media type; see [Working With Examples](#working-with-examples). | | examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the media type; see [Working With Examples](#working-with-examples). | | encoding | Map[`string`, [Encoding Object](#encoding-object)] | A map between a property name and its encoding information, as defined under [Encoding By Name](#encoding-by-name). The `encoding` field SHALL only apply when the media type is `multipart` or `application/x-www-form-urlencoded`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. This field MUST NOT be present if `prefixEncoding` or `itemEncoding` are present. | | prefixEncoding | [[Encoding Object](#encoding-object)] | An array of positional encoding information, as defined under [Encoding By Position](#encoding-by-position). The `prefixEncoding` field SHALL only apply when the media type is `multipart`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. This field MUST NOT be present if `encoding` is present. | | itemEncoding | [Encoding Object](#encoding-object) | A single Encoding Object that provides encoding information for multiple array items, as defined under [Encoding By Position](#encoding-by-position). The `itemEncoding` field SHALL only apply when the media type is `multipart`. If no Encoding Object is provided for a property, the behavior is determined by the default values documented for the Encoding Object. This field MUST NOT be present if `encoding` is present. | This object MAY be extended with [Specification Extensions](#specification-extensions). #### Media Types Media types are publicly registered with the [IANA media types registry](https://www.iana.org/assignments/media-types/media-types.xhtml), through process documented in [[?RFC6838]]. APIs also sometimes define private media types such as GitHub's `application/vnd.github.v3+json`, which are not registered, and other media types such as `application/schema+json` become widely used before an intended registration. See [Parsing and Serializing](#parsing-and-serializing) under the [Schema Object](#schema-object) for guidance on using schemas with a variety of media types. ##### OpenAPI Media Type Registry The OpenAPI Initiative maintains a [Media Type Registry](https://spec.openapis.org/registry/media-type/) summarizing media type support expected by this specification and providing an index to which sections address which media types. It also links to IANA registrations (where they exist) and to the most notable specification document(s) related to each media type. Any additional media types added to this registry as extensions or for later versions of this or other OpenAPI specifications MAY be supported by implementations of this version of the OAS. #### Complete vs Streaming Content The `schema` field MUST be applied to the complete content, as defined by the media type and the context ([Request Body Object](#request-body-object), [Response Object](#response-object), [Parameter Object](#parameter-object), or [Header Object](#header-object). Because this requires loading the content into memory in its entirety, it poses a challenge for streamed content. Use cases where clients are intended to choose when to stop reading are particularly challenging as there is no well-defined end to the stream. ##### Sequential Media Types Within this specification, a _sequential media type_ is defined as any media type that consists of a repeating structure, without any sort of header, footer, envelope, or other metadata in addition to the sequence. Some examples of sequential media types (including some that are not IANA-registered but are in common use) are: ```text application/jsonl application/x-ndjson application/json-seq application/geo+json-seq text/event-stream multipart/mixed ``` In the first three above, the repeating structure is any [JSON value](https://tools.ietf.org/html/rfc8259#section-3). The fourth repeats `application/geo+json`-structured values, while `text/event-stream` repeats a custom text format related to Server-Sent Events. The final media type listed above, `multipart/mixed`, provides an ordered list of documents of any media type, and is sometimes streamed. Note that while `multipart` formats technically allow a preamble and an epilogue, the RFC directs that they are to be ignored, making them effectively comments, and this specification does not model them. Implementations MUST support mapping sequential media types into the JSON Schema data model by treating them as if the values were in an array in the same order. See [Complete vs Streaming Content](#complete-vs-streaming-content) for more information on handling sequential media types in a streaming context, including special considerations for `text/event-stream` content. For `multipart` types, see also [Encoding By Position](#encoding-by-position). ###### Streaming Sequential Media Types The `itemSchema` field is provided to support streaming use cases for sequential media types, with `itemEncoding` as a corresponding encoding mechanism for streaming [positional `multipart` media types](#encoding-by-position). Unlike `schema`, which is applied to the complete content (treated as an array as described in the [sequential media types](#sequential-media-types) section), `itemSchema` MUST be applied to each item in the stream independently, which supports processing each item as it is read from the stream. Both `schema` and `itemSchema` MAY be used in the same Media Type Object. However, doing so is unlikely to have significant advantages over using the `items` keyword within the `schema` field. ##### Binary Streams The `maxLength` keyword MAY be used to set an expected upper bound on the length of a streaming payload that consists of either string data, including encoded binary data, or unencoded binary data. For unencoded binary data, the length is the number of octets. For this use case, `maxLength` MAY be implemented outside of regular JSON Schema evaluation as JSON Schema does not directly apply to binary data, and an encoded binary stream may be impractical to store in memory in its entirety. #### Special Considerations for Server-Sent Events For `text/event-stream`, implementations MUST work with event data after it has been parsed according to the [`text/event-stream` specification](https://html.spec.whatwg.org/multipage/server-sent-events.html#parsing-an-event-stream), including all guidance on ignoring certain fields (including comments) and/or values, and on combining values split across multiple lines. Field value types MUST be handled as specified by the `text/event-stream` specification (e.g. the `retry` field value is modeled as a JSON number that is expected to be of JSON Schema `type: integer`), and fields not given an explicit value type MUST be handled as strings. Some users of `text/event-stream` use a format such as JSON for field values, particularly the `data` field. Use JSON Schema's keywords for working with the [contents of string-encoded data](https://www.ietf.org/archive/id/draft-bhutton-json-schema-validation-01.html#name-a-vocabulary-for-the-conten), particularly `contentMediaType` and `contentSchema`, to describe and validate such fields with more detail than string-related validation keywords such as `pattern` can support. Note that `contentSchema` is [not automatically validated by default](https://www.ietf.org/archive/id/draft-bhutton-json-schema-validation-01.html#name-implementation-requirements-2) (see also the [Non-validating constraint keywords](#non-validating-constraint-keywords) section of this specification). The following Schema Object is a generic schema for the `text/event-stream` media type as documented by the [[?HTML]] specification as of the time of this writing: ```yaml type: object required: - data properties: data: type: string event: type: string id: type: string retry: type: integer minimum: 0 ``` #### Encoding Usage and Restrictions These encoding fields define how to map each [Encoding Object](#encoding-object) to a specific value in the data. Each field has its own set of media types with which it can be used; for all other media types all three fields SHALL be ignored. ##### Encoding By Name The behavior of the `encoding` field is designed to support web forms, and is therefore only defined for media types structured as name-value pairs that allow repeat values, most notably `application/x-www-form-urlencoded` and `multipart/form-data`. To use the `encoding` field, each key under the field MUST exist as a property; `encoding` entries with no corresponding property SHALL be ignored. Array properties MUST be handled by applying the given Encoding Object to produce one encoded value per array item, each with the same `name`, as is recommended by [[!RFC7578]] [Section 4.3](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.3) for supplying multiple values per form field. For all other value types for both top-level non-array properties and for values, including array values, within a top-level array, the Encoding Object MUST be applied to the entire value. The order of these name-value pairs in the target media type is implementation-defined. For `application/x-www-form-urlencoded`, the encoding keys MUST map to parameter names, with the values produced according to the rules of the [Encoding Object](#encoding-object). See [Encoding the `x-www-form-urlencoded` Media Type](#encoding-the-x-www-form-urlencoded-media-type) for guidance and examples, both with and without the `encoding` field. For `multipart`, the encoding keys MUST map to the [`name` parameter](https://www.rfc-editor.org/rfc/rfc7578#section-4.2) of the `Content-Disposition: form-data` header of each part, as is defined for `multipart/form-data` in [[!RFC7578]]. See [[!RFC7578]] [Section 5](https://www.rfc-editor.org/rfc/rfc7578.html#section-5) for guidance regarding non-ASCII part names. See [Encoding `multipart` Media Types](#encoding-multipart-media-types) for further guidance and examples, both with and without the `encoding` field. ##### Encoding By Position Most `multipart` media types, including `multipart/mixed` which defines the underlying rules for parsing all `multipart` types, do not have named parts. Data for these media types are modeled as an array, with one item per part, in order. To use the `prefixEncoding` and/or `itemEncoding` fields, either `itemSchema` or an array `schema` MUST be present. These fields are analogous to the `prefixItems` and `items` JSON Schema keywords, with `prefixEncoding` (if present) providing an array of Encoding Objects that are each applied to the value at the same position in the data array, and `itemEncoding` applying its single Encoding Object to all remaining items in the array. As with `prefixItems`, it is _not_ an error if the instance array is shorter than the `prefixEncoding` array; the additional Encoding Objects SHALL be ignored. The `itemEncoding` field can also be used with `itemSchema` to support streaming `multipart` content. ##### Additional Encoding Approaches The `prefixEncoding` field can be used with any `multipart` content to require a fixed part order. This includes `multipart/form-data`, for which the Encoding Object's `headers` field MUST be used to provide the `Content-Disposition` and part name, as no property names exist to provide the names automatically. Prior versions of this specification advised using the [`name` parameter](https://www.rfc-editor.org/rfc/rfc7578#section-4.2) of the `Content-Disposition: form-data` header of each part with `multipart` media types other than `multipart/form-data` in order to work around the limitations of the `encoding` field. Implementations MAY choose to support this workaround, but as this usage is not common, implementations of non-`form-data` `multipart` media types are unlikely to support it. #### Media Type Examples For form-related and `multipart` media type examples, see the [Encoding Object](#encoding-object). ##### JSON Note that since this example is written in YAML, the Example Object's `value` field can be formatted as YAML due to the trivial conversion to JSON. This avoids needing to embed JSON as a string. ```yaml application/json: schema: $ref: '#/components/schemas/Pet' examples: cat: summary: An example of a cat value: name: Fluffy petType: Cat color: White gender: male breed: Persian dog: summary: An example of a dog with a cat's name value: name: Puma petType: Dog color: Black gender: Female breed: Mixed frog: $ref: '#/components/examples/frog-example' ``` Alternatively, since all JSON is valid YAML, the example value can use JSON syntax within a YAML document: ```yaml application/json: schema: $ref: '#/components/schemas/Pet' examples: cat: summary: An example of a cat value: { "name": "Fluffy", "petType": "Cat", "color": "White", "gender": "male", "breed": "Persian" } dog: summary: An example of a dog with a cat's name value: { "name": "Puma", "petType": "Dog", "color": "Black", "gender": "Female", "breed": "Mixed" } frog: $ref: '#/components/examples/frog-example' ``` ##### Sequential JSON For any [sequential media type](#sequential-media-types) where the items in the sequence are JSON values, no conversion of each value is required. JSON Text Sequences ([[?RFC7464]] `application/json-seq` and [[?RFC8091]] the `+json-seq` structured suffix), [JSON Lines](https://jsonlines.org/) (`application/jsonl`), and [NDJSON](https://github.com/ndjson/ndjson-spec) (`application/x-ndjson`) are all in this category. Note that the media types for JSON Lines and NDJSON are not registered with the IANA, but are in common use. The following example shows Media Type Objects for both streaming log entries and returning a fixed-length set in response to a query. This shows the relationship between `schema` and `itemSchema`, and when to use each even though the `examples` field is the same either way. ```yaml components: schemas: LogEntry: type: object properties: timestamp: type: string format: date-time level: type: integer minimum: 0 message: type: string Log: type: array items: $ref: "#/components/schemas/LogEntry" maxItems: 100 examples: LogJSONSeq: summary: Log entries in application/json-seq # JSON Text Sequences require an unprintable character # that cannot be escaped in a YAML string, and therefore # must be placed in an external document shown below externalValue: examples/log.json-seq LogJSONPerLine: summary: Log entries in application/jsonl or application/x-ndjson description: JSONL and NDJSON are identical for this example # Note that the value must be written as a string with newlines, # as JSONL and NDJSON are not valid YAML value: | {"timestamp": "1985-04-12T23:20:50.52Z", "level": 1, "message": "Hi!"} {"timestamp": "1985-04-12T23:20:51.37Z", "level": 1, "message": "Bye!"} responses: LogStream: description: | A stream of JSON-format log messages that can be read for as long as the application is running, and is available in any of the sequential JSON media types. content: application/json-seq: itemSchema: $ref: "#/components/schemas/LogEntry" examples: JSON-SEQ: $ref: "#/components/examples/LogJSONSeq" application/jsonl: itemSchema: $ref: "#/components/schemas/LogEntry" examples: JSONL: $ref: "#/components/examples/LogJSONPerLine" application/x-ndjson: itemSchema: $ref: "#/components/schemas/LogEntry" examples: NDJSON: $ref: "#/components/examples/LogJSONPerLine" LogExcerpt: description: | A response consisting of no more than 100 log records, generally as a result of a query of the historical log, available in any of the sequential JSON media types. content: application/json-seq: schema: $ref: "#/components/schemas/Log" examples: JSON-SEQ: $ref: "#/components/examples/LogJSONSeq" application/jsonl: schema: $ref: "#/components/schemas/Log" examples: JSONL: $ref: "#/components/examples/LogJSONPerLine" application/x-ndjson: schema: $ref: "#/components/schemas/Log" examples: NDJSON: $ref: "#/components/examples/LogJSONPerLine" ``` Our `application/json-seq` example has to be an external document because of the use of both newlines and of the unprintable Record Separator (`0x1E`) character, which cannot be escaped in YAML block literals: ```jsonseq 0x1E{ "timestamp": "1985-04-12T23:20:50.52Z", "level": 1, "message": "Hi!" } 0x1E{ "timestamp": "1985-04-12T23:20:51.37Z", "level": 1, "message": "Bye!" } ``` ##### Server-Sent Event Streams For this example, assume that the generic event schema provided in the [Special Considerations for Server-Sent Events](#special-considerations-for-server-sent-events) section is available at `#/components/schemas/Event`: ```yaml description: A request body to add a stream of typed data. required: true content: text/event-stream: itemSchema: $ref: "#/components/schemas/Event" required: [event] oneOf: - properties: event: const: addString - properties: event: const: addInt64 data: $comment: | Since the `data` field is a string, we need a format to signal that it should be handled as a 64-bit integer. format: int64 - properties: event: const: addJson data: $comment: | These content fields indicate that the string value should be parsed and validated as a JSON document (since JSON is not a binary format, `contentEncoding` is not needed) contentMediaType: application/json contentSchema: type: object required: [foo] properties: foo: type: integer ``` The following `text/event-stream` document is an example of a valid request body for the above example: ```eventstream event: addString data: This data is formatted data: across two lines retry: 5 event: addInt64 data: 1234.5678 unknownField: this is ignored : This is a comment event: addJSON data: {"foo": 42} ``` To more clearly see how this stream is handled, the following is the equivalent JSON Lines document, which shows how the numeric and JSON data are handled as strings, and how unknown fields and comments are ignored and not passed to schema validation: ```jsonl {"event": "addString", "data": "This data is formatted\nacross two lines", "retry": 5} {"event": "addInt64", "data": "1234.5678"} {"event": "addJSON", "data": "{\"foo\": 42}"} ``` #### Considerations for File Uploads In contrast to OpenAPI 2.0, `file` input/output content in OAS 3.x is described with the same semantics as any other schema type. In contrast to OAS 3.0, the `format` keyword has no effect on the content-encoding of the schema in OAS 3.1. Instead, JSON Schema's `contentEncoding` and `contentMediaType` keywords are used. See [Working With Binary Data](#working-with-binary-data) for how to model various scenarios with these keywords, and how to migrate from the previous `format` usage. Examples: Content transferred in binary (octet-stream) MAY omit `schema`: ```yaml # a PNG image as a binary file: content: image/png: {} ``` ```yaml # an arbitrary binary file: content: application/octet-stream: {} ``` ```yaml # arbitrary JSON without constraints beyond being syntactically valid: content: application/json: {} ``` These examples apply to either input payloads of file uploads or response payloads. A `requestBody` for submitting a file in a `POST` operation may look like the following example: ```yaml requestBody: content: application/octet-stream: {} ``` In addition, specific media types MAY be specified: ```yaml # multiple, specific media types may be specified: requestBody: content: # a binary file of type png or jpeg image/jpeg: {} image/png: {} ``` To upload multiple files, a `multipart` media type MUST be used as shown under [Example: Multipart Form with Multiple Files](#example-multipart-form-with-multiple-files). ### Encoding Object A single encoding definition applied to a single value, with the mapping of Encoding Objects to values determined by the [Media Type Object](@media-type-object) as described under [Encoding Usage and Restrictions](#encoding-usage-and-restrictions). See [Appendix B](#appendix-b-data-type-conversion) for a discussion of converting values of various types to string representations. See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detailed examination of percent-encoding concerns for form media types. #### Fixed Fields ##### Common Fixed Fields These fields MAY be used either with or without the RFC6570-style serialization fields defined in the next section below. | Field Name | Type | Description | | ---- | :----: | ---- | | contentType | `string` | The `Content-Type` for encoding a specific property. The value is a comma-separated list, each element of which is either a specific media type (e.g. `image/png`) or a wildcard media type (e.g. `image/*`). The default value depends on the type as shown in the table below. | | headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | A map allowing additional information to be provided as headers. `Content-Type` is described separately and SHALL be ignored in this section. This field SHALL be ignored if the media type is not a `multipart`. | | encoding | Map[`string`, [Encoding Object](#encoding-object)] | Applies nested Encoding Objects in the same manner as the [Media Type Object](#media-type-object)'s `encoding` field. | | prefixEncoding | [[Encoding Object](#encoding-object)] | Applies nested Encoding Objects in the same manner as the [Media Type Object](#media-type-object)'s `prefixEncoding` field. | | itemEncoding | [Encoding Object](#encoding-object) | Applies nested Encoding Objects in the same manner as the [Media Type Object](#media-type-object)'s `itemEncoding` field. | This object MAY be extended with [Specification Extensions](#specification-extensions). The default values for `contentType` are as follows, where an _n/a_ in the `contentEncoding` column means that the presence or value of `contentEncoding` is irrelevant. This table is based on the value to which the Encoding Object is being applied as defined under [Encoding Usage and Restrictions](#encoding-usage-and-restrictions). Note that in the case of [Encoding By Name](#encoding-by-name), this value is the array item for properties of type `"array"`, and the entire value for all other types. Therefore the `array` row in this table applies only to array values inside of a top-level array when encoding by name. | `type` | `contentEncoding` | Default `contentType` | | ---- | ---- | ---- | | [_absent_](#working-with-binary-data) | _n/a_ | `application/octet-stream` | | `string` | _present_ | `application/octet-stream` | | `string` | _absent_ | `text/plain` | | `number`, `integer`, or `boolean` | _n/a_ | `text/plain` | | `object` | _n/a_ | `application/json` | | `array` | _n/a_ | `application/json` | Determining how to handle a `type` value of `null` depends on how `null` values are being serialized. If `null` values are entirely omitted, then the `contentType` is irrelevant. See [Appendix B](#appendix-b-data-type-conversion) for a discussion of data type conversion options. ##### Fixed Fields for RFC6570-style Serialization | Field Name | Type | Description | | ---- | :----: | ---- | | style | `string` | Describes how a specific property value will be serialized depending on its type. See [Parameter Object](#parameter-object) for details on the [`style`](#parameter-style) field. The behavior follows the same values as `query` parameters, including the default value of `"form"` which applies only when `contentType` is _not_ being used due to one or both of `explode` or `allowReserved` being explicitly specified. Note that the initial `?` used in query strings is not used in `application/x-www-form-urlencoded` message bodies, and MUST be removed (if using an RFC6570 implementation) or simply not added (if constructing the string manually). This field SHALL be ignored if the media type is not `application/x-www-form-urlencoded` or `multipart/form-data`. If a value is explicitly defined, then the value of [`contentType`](#encoding-content-type) (implicit or explicit) SHALL be ignored. | | explode | `boolean` | When this is true, property values of type `array` or `object` generate separate parameters for each value of the array, or key-value-pair of the map. For other types of properties, or when [`style`](#encoding-style) is `"deepObject"`, this field has no effect. When `style` is `"form"`, the default value is `true`. For all other styles, the default value is `false`. This field SHALL be ignored if the media type is not `application/x-www-form-urlencoded` or `multipart/form-data`. If a value is explicitly defined, then the value of [`contentType`](#encoding-content-type) (implicit or explicit) SHALL be ignored. | | allowReserved | `boolean` | When this is true, parameter values are serialized using reserved expansion, as defined by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3), which allows [RFC3986's reserved character set](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2), as well as percent-encoded triples, to pass through unchanged, while still percent-encoding all other disallowed characters (including `%` outside of percent-encoded triples). Applications are still responsible for percent-encoding reserved characters that are not allowed in the target media type; see [URL Percent-Encoding](#url-percent-encoding) for details. The default value is `false`. This field SHALL be ignored if the media type is not `application/x-www-form-urlencoded` or `multipart/form-data`. If a value is explicitly defined, then the value of [`contentType`](#encoding-content-type) (implicit or explicit) SHALL be ignored. | When using RFC6570-style serialization for `multipart/form-data`, URI percent-encoding MUST NOT be applied, and the value of `allowReserved` has no effect. See also [Appendix C: Using RFC6570 Implementations](#appendix-c-using-rfc6570-based-serialization) for additional guidance. Note that the presence of at least one of `style`, `explode`, or `allowReserved` with an explicit value is equivalent to using `schema` with `in: "query"` Parameter Objects. The absence of all three of those fields is the equivalent of using `content`, but with the media type specified in `contentType` rather than through a Media Type Object. #### Nested Encoding Nested formats requiring encoding, most notably nested `multipart/mixed`, can be supported with this Object's `encoding`, `prefixEncoding`, and / or `itemEncoding` fields. Implementations MUST support one level of nesting, and MAY support additional levels. #### Encoding the `x-www-form-urlencoded` Media Type To work with content using form url encoding via [[WHATWG-URL]], use the `application/x-www-form-urlencoded` media type in the [Media Type Object](#media-type-object). This configuration means that the content MUST be percent-encoded per [[WHATWG-URL]]'s rules for that media type, after any complex objects have been serialized to a string representation. See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detailed examination of percent-encoding concerns for form media types. ##### Example: URL Encoded Form with JSON Values When there is no [`encoding`](#media-type-encoding) field, the serialization strategy is based on the Encoding Object's default values: ```yaml requestBody: content: application/x-www-form-urlencoded: schema: type: object properties: id: type: string format: uuid address: type: object properties: {} ``` With this example, consider an `id` of `f81d4fae-7dec-11d0-a765-00a0c91e6bf6` and a US-style address (with ZIP+4) as follows: ```json { "streetAddress": "123 Example Dr.", "city": "Somewhere", "state": "CA", "zip": "99999+1234" } ``` Assuming the most compact representation of the JSON value (with unnecessary whitespace removed), we would expect to see the following request body, where space characters have been replaced with `+` and `+`, `"`, `:`, `,`, `{`, and `}` have been percent-encoded to `%2B`, `%22`, `%3A`, `%2C`, `%7B`, and `%7D`, respectively: ```uri id=f81d4fae-7dec-11d0-a765-00a0c91e6bf6&address=%7B%22streetAddress%22%3A%22123+Example+Dr.%22%2C%22city%22%3A%22Somewhere%22%2C%22state%22%3A%22CA%22%2C%22zip%22%3A%2299999%2B1234%22%7D ``` Note that the `id` keyword is treated as `text/plain` per the [Encoding Object](#encoding-object)'s default behavior, and is serialized as-is. If it were treated as `application/json`, then the serialized value would be a JSON string including quotation marks, which would be percent-encoded as `%22`. Here is the `id` parameter (without `address`) serialized as `application/json` instead of `text/plain`, and then encoded per [[WHATWG-URL]]'s `form-urlencoded` rules: ```uri id=%22f81d4fae-7dec-11d0-a765-00a0c91e6bf6%22 ``` ##### Example: URL Encoded Form with Binary Values Note that `application/x-www-form-urlencoded` is a text format, which requires base64-encoding any binary data: ```yaml requestBody: content: application/x-www-form-urlencoded: schema: type: object properties: name: type: string icon: # The default content type with `contentEncoding` present # is `application/octet-stream`, so we need to set the correct # image media type(s) in the Encoding Object. type: string contentEncoding: base64url encoding: icon: contentType: image/png, image/jpeg ``` Given a name of `example` and a solid red 2x2-pixel PNG for `icon`, this would produce a request body of: ```uri name=example&icon=iVBORw0KGgoAAAANSUhEUgAAAAIAAAACCAIAAAD91JpzAAAABGdBTUEAALGPC_xhBQAAADhlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAAqACAAQAAAABAAAAAqADAAQAAAABAAAAAgAAAADO0J6QAAAAEElEQVQIHWP8zwACTGCSAQANHQEDqtPptQAAAABJRU5ErkJggg%3D%3D ``` Note that the `=` padding characters at the end need to be percent-encoded, even with the "URL safe" `contentEncoding: base64url`. Some base64-decoding implementations may be able to use the string without the padding per [RFC4648](https://datatracker.ietf.org/doc/html/rfc4648#section-3.2). However, this is not guaranteed, so it may be more interoperable to keep the padding and rely on percent-decoding. #### Encoding `multipart` Media Types See [Encoding Usage and Restrictions](#encoding-usage-and-restrictions) for guidance on correlating schema properties with parts. Note that there are significant restrictions on what headers can be used with `multipart` media types in general ([RFC2046](https://www.rfc-editor.org/rfc/rfc2046.html#section-5.1)) and `multi-part/form-data` in particular ([RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.8)). ##### Handling Multiple `contentType` Values When multiple values are provided for `contentType`, parsing remains straightforward as the part's actual `Content-Type` is included in the document. For encoding and serialization, implementations MUST provide a mechanism for applications to indicate which media type is intended. Implementations MAY choose to offer media type sniffing ([[SNIFF]]) as an alternative, but this MUST NOT be the default behavior due to the security risks inherent in the process. ##### `Content-Transfer-Encoding` and `contentEncoding` Using `contentEncoding` for a multipart field is equivalent to specifying an [Encoding Object](#encoding-object) with a `headers` field containing `Content-Transfer-Encoding` with a schema that requires the value used in `contentEncoding`. If `contentEncoding` is used for a multipart field that has an Encoding Object with a `headers` field containing `Content-Transfer-Encoding` with a schema that disallows the value from `contentEncoding`, the result is undefined for serialization and parsing. Note that as stated in [Working with Binary Data](#working-with-binary-data), if the Encoding Object's `contentType`, whether set explicitly or implicitly through its default value rules, disagrees with the `contentMediaType` in a Schema Object, the `contentMediaType` SHALL be ignored. Because of this, and because the Encoding Object's `contentType` defaulting rules do not take the Schema Object's`contentMediaType` into account, the use of `contentMediaType` with an Encoding Object is NOT RECOMMENDED. Note also that `Content-Transfer-Encoding` is deprecated for `multipart/form-data` ([RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.7)) where binary data is supported, as it is in HTTP. See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for a detailed examination of percent-encoding concerns for form media types. ##### Example: Basic Multipart Form When the `encoding` field is _not_ used, the encoding is determined by the Encoding Object's defaults: ```yaml requestBody: content: multipart/form-data: schema: type: object properties: # default content type for a string without `contentEncoding` # is `text/plain` id: type: string format: uuid # default content type for a schema without `type` # is `application/octet-stream` profileImage: {} # for arrays, the `encoding` field applies the Encoding Object # to each item individually and determines the default content type # based on the type in the `items` subschema, which in this example # is an object, so the default content type for each item is # `application/json` addresses: type: array items: $ref: '#/components/schemas/Address' ``` ##### Example: Multipart Form with Encoding Objects Using `encoding`, we can set more specific types for binary data, or non-JSON formats for complex values. We can also describe headers for each part: ```yaml requestBody: content: multipart/form-data: schema: type: object properties: # No Encoding Object, so use default `text/plain` id: type: string format: uuid # Encoding Object overrides the default `application/json` content type # for each item in the array with `application/xml; charset=utf-8` addresses: description: addresses in XML format type: array items: $ref: '#/components/schemas/Address' # Encoding Object accepts only PNG or JPEG, and also describes # a custom header for just this part in the multipart format profileImage: {} encoding: addresses: contentType: application/xml; charset=utf-8 profileImage: contentType: image/png, image/jpeg headers: X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: integer ``` ##### Example: Multipart Form with Multiple Files In accordance with [RFC7578](https://www.rfc-editor.org/rfc/rfc7578.html#section-4.3), multiple files for a single form field are uploaded using the same name (`file` in this example) for each file's part: ```yaml requestBody: content: multipart/form-data: schema: properties: # The property name `file` will be used for all files. file: type: array items: {} ``` As seen in the [Encoding Object's `contentType` field documentation](#encoding-content-type), the empty schema for `items` indicates a media type of `application/octet-stream`. ##### Example: Ordered, Unnamed Multipart A `multipart/mixed` payload consisting of a JSON metadata document followed by an image which the metadata describes: ```yaml multipart/mixed: schema: type: array prefixItems: - # default content type for objects # is `application/json` type: object properties: author: type: string created: type: string format: datetime copyright: type: string license: type: string - # default content type for a schema without `type` # is `application/octet-stream`, which we need # to override. {} prefixEncoding: - # Encoding Object defaults are correct for JSON {} - contentType: image/* ``` ##### Example: Ordered Multipart With Required Header As described in [[?RFC2557]], a set of resources making up a web page can be sent in a `multipart/related` payload, preserving links from the `text/html` document to subsidiary resources such as scripts, style sheets, and images by defining a `Content-Location` header for each page. The first part is used as the root resource (unless using `Content-ID`, which RFC2557 advises against and is forbidden in this example), so we use `prefixItems` and `prefixEncoding` to define that it must be an HTML resource, and then allow any of several different types of resources in any order to follow. The `Content-Location` header is defined using `content: {text/plain: {...}}` to avoid percent-encoding its URI value; see [Appendix D](appendix-d-serializing-headers-and-cookies) for further details. ```yaml components: headers: RFC2557NoContentId: description: Use Content-Location instead of Content-ID schema: false RFC2557ContentLocation: required: true content: text/plain: schema: $comment: Use a full URI (not a relative reference) type: string format: uri requestBodies: RFC2557: content: multipart/related; type=text/html: schema: prefixItems: - type: string items: anyOf: - type: string - $comment: To allow binary, this must always pass prefixEncoding: - contentType: text/html headers: Content-ID: $ref: '#/components/headers/RFC2557NoContentId' Content-Location: $ref: '#/components/headers/RFC2557ContentLocation' itemEncoding: contentType: text/css,text/javascript,image/* headers: Content-ID: $ref: '#/components/headers/RFC2557NoContentId' Content-Location: $ref: '#/components/headers/RFC2557ContentLocation' ``` ##### Example: Streaming Multipart This example assumes a device that takes large sets of pictures and streams them to the caller. Unlike the previous example, we use `itemSchema` here because the expectation is that each image is processed as it arrives (or in small batches), since we know that buffering the entire stream will take too much memory. ```yaml multipart/mixed: itemSchema: $comment: A single data image from the device itemEncoding: contentType: image/jpg ``` ##### Example: Streaming Byte Ranges For `multipart/byteranges` [[RFC9110]] [Section 14.6](https://www.rfc-editor.org/rfc/rfc9110.html#section-14.6), a `Content-Range` header is required: See [Appendix D](appendix-d-serializing-headers-and-cookies) for an explanation of why `content: {text/plain: {...}}` is used to describe the header value. ```yaml multipart/byteranges: itemSchema: $comment: A single range of bytes from a video itemEncoding: contentType: video/mp4 headers: Content-Range: required: true content: text/plain: schema: # The `pattern` regular expression that would # be included in practice is omitted for simplicity type: string ``` ##### Example: Nested `multipart/mixed` This defines a two-part `multipart/mixed` where the first part is a JSON array and the second part is a nested `multipart/mixed` document. The nested parts are XML, plain text, and a PNG image. ```yaml multipart/mixed: schema: type: array prefixItems: - type: array - type: array prefixItems: - type: object - type: string - {} prefixEncoding: - {} # Accept the default application/json - contentType: multipart/mixed prefixEncoding: - contentType: application/xml - {} # Accept the default text/plain - contentType: image/png ``` ### Responses Object A container for the expected responses of an operation. The container maps a HTTP response code to the expected response. The documentation is not necessarily expected to cover all possible HTTP response codes because they may not be known in advance. However, documentation is expected to cover a successful operation response and any known errors. The `default` MAY be used as a default Response Object for all HTTP codes that are not covered individually by the Responses Object. The Responses Object MUST contain at least one response code, and if only one response code is provided it SHOULD be the response for a successful operation call. #### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | default | [Response Object](#response-object) \| [Reference Object](#reference-object) | The documentation of responses other than the ones declared for specific HTTP response codes. Use this field to cover undeclared responses. | #### Patterned Fields | Field Pattern | Type | Description | | ---- | :----: | ---- | | [HTTP Status Code](#http-status-codes) | [Response Object](#response-object) \| [Reference Object](#reference-object) | Any [HTTP status code](#http-status-codes) can be used as the property name, but only one property per code, to describe the expected response for that HTTP status code. This field MUST be enclosed in quotation marks (for example, "200") for compatibility between JSON and YAML. To define a range of response codes, this field MAY contain the uppercase wildcard character `X`. For example, `2XX` represents all response codes between `200` and `299`. Only the following range definitions are allowed: `1XX`, `2XX`, `3XX`, `4XX`, and `5XX`. If a response is defined using an explicit code, the explicit code definition takes precedence over the range definition for that code. | This object MAY be extended with [Specification Extensions](#specification-extensions). #### HTTP Status Codes The HTTP Status Codes are used to indicate the status of the executed operation. Status codes SHOULD be selected from the available status codes registered in the [IANA Status Code Registry](https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml). #### Responses Object Example A 200 response for a successful operation and a default response for others (implying an error): ```yaml '200': description: a pet to be returned content: application/json: schema: $ref: '#/components/schemas/Pet' default: description: Unexpected error content: application/json: schema: $ref: '#/components/schemas/ErrorModel' ``` ### Response Object Describes a single response from an API operation, including design-time, static `links` to operations based on the response. #### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | summary | `string` | A short summary of the meaning of the response. | | description | `string` | A description of the response. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | headers | Map[`string`, [Header Object](#header-object) \| [Reference Object](#reference-object)] | Maps a header name to its definition. [RFC9110](https://www.rfc-editor.org/rfc/rfc9110.html#section-5.1) states header names are case-insensitive. If a response header is defined with the name `"Content-Type"`, it SHALL be ignored. | | content | Map[`string`, [Media Type Object](#media-type-object) \| [Reference Object](#reference-object)] | A map containing descriptions of potential response payloads. The key is a media type or [media type range](https://www.rfc-editor.org/rfc/rfc9110.html#appendix-A) and the value describes it. For responses that match multiple keys, only the most specific key is applicable. e.g. `"text/plain"` overrides `"text/*"` | | links | Map[`string`, [Link Object](#link-object) \| [Reference Object](#reference-object)] | A map of operations links that can be followed from the response. The key of the map is a short name for the link, following the naming constraints of the names for [Component Objects](#components-object). | This object MAY be extended with [Specification Extensions](#specification-extensions). #### Response Object Examples Response of an array of a complex type: ```yaml description: A complex object array response content: application/json: schema: type: array items: $ref: '#/components/schemas/VeryComplexType' ``` Response with a string type: ```yaml description: A simple string response content: text/plain: schema: type: string ``` Plain text response with headers: ```yaml description: A simple string response content: text/plain: schema: type: string example: 'whoa!' headers: X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: integer X-Rate-Limit-Remaining: description: The number of remaining requests in the current period schema: type: integer X-Rate-Limit-Reset: description: The number of seconds left in the current period schema: type: integer ``` Response with no return value: ```yaml description: object created ``` ### Callback Object A map of possible out-of band callbacks related to the parent operation. Each value in the map is a [Path Item Object](#path-item-object) that describes a set of requests that may be initiated by the API provider and the expected responses. The key value used to identify the Path Item Object is an expression, evaluated at runtime, that identifies a URL to use for the callback operation. To describe incoming requests from the API provider independent from another API call, use the [`webhooks`](#oas-webhooks) field. #### Patterned Fields | Field Pattern | Type | Description | | ---- | :----: | ---- | | {expression} | [Path Item Object](#path-item-object) | A Path Item Object used to define a callback request and expected responses. A [complete example](https://learn.openapis.org/examples/v3.0/callback-example.html) is available. | This object MAY be extended with [Specification Extensions](#specification-extensions). #### Key Expression The key that identifies the [Path Item Object](#path-item-object) is a [runtime expression](#runtime-expressions) that can be evaluated in the context of a runtime HTTP request/response to identify the URL to be used for the callback request. A simple example might be `$request.body#/url`. However, using a [runtime expression](#runtime-expressions) the complete HTTP message can be accessed. This includes accessing any part of a body that a JSON Pointer [RFC6901](https://tools.ietf.org/html/rfc6901) can reference. For example, given the following HTTP request: ```http POST /subscribe/myevent?queryUrl=https://clientdomain.com/stillrunning HTTP/1.1 Host: example.org Content-Type: application/json Content-Length: 188 { "failedUrl": "https://clientdomain.com/failed", "successUrls": [ "https://clientdomain.com/fast", "https://clientdomain.com/medium", "https://clientdomain.com/slow" ] } ``` resulting in: ```http 201 Created Location: https://example.org/subscription/1 ``` The following examples show how the various expressions evaluate, assuming the callback operation has a path parameter named `eventType` and a query parameter named `queryUrl`. | Expression | Value | | ---- | :---- | | $url | | | $method | POST | | $request.path.eventType | myevent | | $request.query.queryUrl | | | $request.header.content-type | application/json | | $request.body#/failedUrl | | | $request.body#/successUrls/1 | | | $response.header.Location | | #### Callback Object Examples The following example uses the user provided `queryUrl` query string parameter to define the callback URL. This is similar to a [webhook](#oas-webhooks), but differs in that the callback only occurs because of the initial request that sent the `queryUrl`. ```yaml myCallback: '{$request.query.queryUrl}': post: requestBody: description: Callback payload content: application/json: schema: $ref: '#/components/schemas/SomePayload' responses: '200': description: callback successfully processed ``` The following example shows a callback where the server is hard-coded, but the query string parameters are populated from the `id` and `email` property in the request body. ```yaml transactionCallback: 'http://notificationServer.com?transactionId={$request.body#/id}&email={$request.body#/email}': post: requestBody: description: Callback payload content: application/json: schema: $ref: '#/components/schemas/SomePayload' responses: '200': description: callback successfully processed ``` ### Example Object An object grouping an internal or external example value with basic `summary` and `description` metadata. The examples can show either data suitable for schema validation, or serialized data as required by the containing [Media Type Object](#media-type-object), [Parameter Object](#parameter-object), or [Header Object](#header-object). This object is typically used in fields named `examples` (plural), and is a [referenceable](#reference-object) alternative to older `example` (singular) fields that do not support referencing or metadata. The various fields and types of examples are explained in more detail under [Working With Examples](#working-with-examples). #### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | summary | `string` | Short description for the example. | | description | `string` | Long description for the example. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | dataValue | Any | An example of the data structure that MUST be valid according to the relevant [Schema Object](#schema-object). If this field is present, `value` MUST be absent. | | serializedValue | `string` | An example of the serialized form of the value, including encoding and escaping as described under [Validating Examples](#validating-examples). If `dataValue` is present, then this field SHOULD contain the serialization of the given data. Otherwise, it SHOULD be the valid serialization of a data value that itself MUST be valid as described for `dataValue`. This field SHOULD NOT be used if the serialization format is JSON, as the data form is easier to work with. If this field is present, `value`, and `externalValue` MUST be absent. | | externalValue | `string` | A URI that identifies the serialized example in a separate document, allowing for values not easily or readably expressed as a Unicode string. If `dataValue` is present, then this field SHOULD identify a serialization of the given data. Otherwise, the value SHOULD be the valid serialization of a data value that itself MUST be valid as described for `dataValue`. If this field is present, `serializedValue` and `value` MUST be absent. See also the rules for resolving [Relative References](#relative-references-in-api-description-uris). | | value | Any | Embedded literal example. The `value` field and `externalValue` field are mutually exclusive. To represent examples of media types that cannot naturally be represented in JSON or YAML, use a string value to contain the example, escaping where necessary.

**Deprecated for non-JSON serialization targets:** Use `dataValue` and/or `serializedValue`, which both have unambiguous syntax and semantics, instead. | This object MAY be extended with [Specification Extensions](#specification-extensions). In all cases, the example value SHOULD be compatible with the schema of its associated value. Tooling implementations MAY choose to validate compatibility automatically, and reject the example value(s) if incompatible. See [Validating Examples](#validating-examples) for the exact meaning of "compatible" for each field in this Object. #### Working with Examples Example Objects can be used in [Parameter Objects](#parameter-object), [Header Objects](#header-object), and [Media Type Objects](#media-type-object). In all three Objects, this is done through the `examples` (plural) field. However, there are several other ways to provide examples: The `example` (singular) field that is mutually exclusive with `examples` in all three Objects, and two keywords (the deprecated singular `example` and the current plural `examples`, which takes an array of examples) in the [Schema Object](#schema-object) that appears in the `schema` field of all three Objects. We will refer to the singular `example` field in the Parameter, Header, or Media Type Object, which has the same behavior as a single Example Object with only the `value` field, as the "shorthand `example`" field. Each of these fields has slightly different considerations. ##### JSON-Compatible and `value`-Safe Examples The `value` and the shorthand `example` field are intended to have the same _semantics_ as `serializedValue` (or `externalValue`), while allowing a more convenient _syntax_ when there is no difference between a JSON (or [JSON-compatible YAML](#format)) representation and the final serialized form. When using this syntax for `application/json` or any `+json` media type, these fields effectively behave like `dataValue`, as the serialization is trivial, and they are safe to use. For data that consists of a single string, and a serialization target such as `text/plain` where the string is guaranteed to be serialized without any further escaping, these fields are also safe to use. For other serialization targets, the ambiguity of the phrase "naturally be represented in JSON or YAML," as well as past errors in the parameter style examples table, have resulted in inconsistencies in the support and usage of these fields. In practice, this has resulted in the `value` and shorthand `example` fields having implementation-defined behavior for non-JSON targets; OAD authors SHOULD use other fields to ensure interoperability. ##### Choosing Which Field(s) to Use Keeping in mind the caveats from the previous section, and that the shorthand `example` can be used in place of `value` if there is only one Example Object involved, use the following guidelines to determine which field to use. To show an example as it would be validated by a Schema Object: * Use the Schema Object's `examples` array (from JSON Schema draft 2020-12) if the intent is to keep the example with the validating schema. * Use the Schema Object's `example` (singular) only if compatibility with OAS v3.0 or earlier is required. * Use the Example Object's `dataValue` field if the intent is to associate the example with an example of its serialization, or if it is desirable to maintain it separately from the schema. * Use the Example Object's `value` field only if compatibility with OAS v3.1 or earlier is needed and the value can be "naturally represented in JSON or YAML" without any changes (such as percent-encoding) between the validation-ready value and the serialized representation. To show an example as it would be serialized in order to construct an HTTP/1.1 message: * Use the Example Object's `serializedValue` if the serialization can be represented as a valid Unicode string, and there is no need to demonstrate the exact character encoding to be used. * Use the string form of `value` only if compatibility with OAS v3.1 or earlier is needed. * Use the Example Object's `externalValue` for all other values, or if it is desirable to maintain the example separately from the OpenAPI document. The `serializedValue` and `externalValue` fields both MUST show the serialized form of the data. For Media Type Objects, this is a document of the appropriate media type, with any Encoding Object effects applied. For Parameter and Header Objects using `schema` and `style` rather than a Media Type Object, see [Style Examples](#style-examples) for what constitutes a serialized value. ##### Criteria for `serializedExample` A serialization can be represented as a valid Unicode string in `serializedValue` if any of the following are true of the serialization: * It is for a media type that supports a `charset` parameter that indicates any Unicode encoding (UTF-8, UTF-16, etc.), or any valid subset of such an encoding, such as US-ASCII. * It is for a format (such as URIs or HTTP fields) or character-based media type that requires or defaults to a Unicode encoding, or any valid subset of such an encoding, such as US-ASCII, and this is not overridden by `charset`. * It is for a compound format where all parts meet at least one of the above criteria, e.g. a `multipart/mixed` media type with parts that are `application/json` (a media type that defaults to UTF-8) and `application/xml; charset=utf-8` (a media type with an explicit `charset` parameter). In all of these cases, the conversion from the character set of the OAD (presumed to be UTF-8 as the only interoperable character set for JSON, and therefore also for JSON-compatible YAML as noted in [[RFC9512]] [Section 3.4](https://www.rfc-editor.org/rfc/rfc9512.html#section-3.4)) first to Unicode code points and then to the actual serialization character set is well-defined. For `externalValue`, if the character set is neither explicitly stated nor determined by the format or media type specification, implementations SHOULD assume UTF-8. ##### Validating Examples Tooling implementations MAY choose to validate compatibility automatically, and reject the example value(s) if incompatible. For examples that are in schema-ready data form, this is straightforward. With serialized examples, some formats allow multiple possible valid representations of the same data, including in scenarios noted in [Appendix B](#appendix-b-data-type-conversion). In some cases, parsing the serialized example and validating the resulting data can eliminate the ambiguity, but in a few cases parsing is also ambiguous. Therefore, OAD authors are cautioned that validation of certain serialized examples is by necessity a best-effort feature. #### Example Object Examples ##### JSON Examples When writing in YAML, JSON syntax can be used for `dataValue` (as shown in the `noRating` example) but is not required. While this example shows the behavior of both `dataValue` and `serializedValue` for JSON (in the 'withRating` example), in most cases only the data form is needed. ```yaml content: application/json: schema: type: object required: - author - title properties: author: type: string title: type: string rating: type: number minimum: 1 maximum: 5 multipleOf: 0.5 examples: noRating: summary: A not-yet-rated work dataValue: author: A. Writer title: The Newest Book withRating: summary: A work with an average rating of 4.5 stars dataValue: author: A. Writer title: An Older Book rating: 4.5 serializedValue: | { "author": "A. Writer", "title": "An Older Book", "rating": 4.5 } ``` ##### Binary Examples Fully binary data is shown using `externalValue`: ```yaml content: image/png: schema: {} examples: Red: externalValue: ./examples/2-by-2-red-pixels.png ``` ##### Boolean Query Parameter Examples Since there is no standard for serializing boolean values (as discussed in [Appendix B](#appendix-b-data-type-conversion)), this example uses `dataValue` and `serializedValue` to show how booleans are serialized for this particular parameter: ```yaml name: flag in: query required: true schema: type: boolean examples: "true": dataValue: true serializedValue: flag=true "false": dataValue: false serializedValue: flag=false ``` ### Link Object The Link Object represents a possible design-time link for a response. The presence of a link does not guarantee the caller's ability to successfully invoke it, rather it provides a known relationship and traversal mechanism between responses and other operations. Unlike _dynamic_ links (i.e. links provided **in** the response payload), the OAS linking mechanism does not require link information in the runtime response. For computing links and providing instructions to execute them, a [runtime expression](#runtime-expressions) is used for accessing values in an operation and using them as parameters while invoking the linked operation. #### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | operationRef | `string` | A URI reference to an OAS operation. This field is mutually exclusive of the `operationId` field, and MUST point to an [Operation Object](#operation-object). Relative `operationRef` values MAY be used to locate an existing [Operation Object](#operation-object) in the OpenAPI Description. | | operationId | `string` | The name of an _existing_, resolvable OAS operation, as defined with a unique `operationId`. This field is mutually exclusive of the `operationRef` field. | | parameters | Map[`string`, Any \| [{expression}](#runtime-expressions)] | A map representing parameters to pass to an operation as specified with `operationId` or identified via `operationRef`. The key is the parameter name to be used (optionally qualified with the parameter location, e.g. `path.id` for an `id` parameter in the path), whereas the value can be a constant or an expression to be evaluated and passed to the linked operation. | | requestBody | Any \| [{expression}](#runtime-expressions) | A literal value or [{expression}](#runtime-expressions) to use as a request body when calling the target operation. | | description | `string` | A description of the link. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | server | [Server Object](#server-object) | A server object to be used by the target operation. | This object MAY be extended with [Specification Extensions](#specification-extensions). A linked operation MUST be identified using either an `operationRef` or `operationId`. The identified or referenced operation MUST be unique, and in the case of an `operationId`, it MUST be resolved within the scope of the OpenAPI Description (OAD). Because of the potential for name clashes, the `operationRef` syntax is preferred for multi-document OADs. However, because use of an operation depends on its URL path template in the [Paths Object](#paths-object), operations from any [Path Item Object](#path-item-object) that is referenced multiple times within the OAD cannot be resolved unambiguously. In such ambiguous cases, the resulting behavior is implementation-defined and MAY result in an error. Note that it is not possible to provide a constant value to `parameters` that matches the syntax of a runtime expression. It is possible to have ambiguous parameter names, e.g. `name: "id", in: "path"` and `name: "path.id", in: "query"`; this is NOT RECOMMENDED and the behavior is implementation-defined, however implementations SHOULD prefer the qualified interpretation (`path.id` as a path parameter), as the names can always be qualified to disambiguate them (e.g. using `query.path.id` for the query parameter). #### Examples Computing a link from a request operation where the `$request.path.id` is used to pass a request parameter to the linked operation. ```yaml paths: /users/{id}: parameters: - name: id in: path required: true description: the user identifier, as userId schema: type: string get: responses: '200': description: the user being returned content: application/json: schema: type: object properties: uuid: # the unique user id type: string format: uuid links: address: # the target link operationId operationId: getUserAddress parameters: # get the `id` field from the request path parameter named "id" userid: $request.path.id # the path item of the linked operation /users/{userid}/address: parameters: - name: userid in: path required: true description: the user identifier, as userId schema: type: string # linked operation get: operationId: getUserAddress responses: '200': description: the user's address ``` When a runtime expression fails to evaluate, no parameter value is passed to the target operation. Values from the response body can be used to drive a linked operation. ```yaml links: address: operationId: getUserAddressByUUID parameters: # get the `uuid` field from the `uuid` field in the response body userUuid: $response.body#/uuid ``` Clients follow all links at their discretion. Neither permissions nor the capability to make a successful call to that link is guaranteed solely by the existence of a relationship. ##### `operationRef` Examples As the `operationId` is an optional field in an [Operation Object](#operation-object), references MAY instead be made through a URI reference with `operationRef`. Note that both of these examples reference operations that can be identified via the [Paths Object](#paths-object) to ensure that the operation's path template is unambiguous. A relative URI reference `operationRef`: ```yaml links: UserRepositories: # returns array of '#/components/schemas/repository' operationRef: '#/paths/~12.0~1repositories~1%7Busername%7D/get' parameters: username: $response.body#/username ``` A non-relative URI `operationRef`: ```yaml links: UserRepositories: # returns array of '#/components/schemas/repository' operationRef: https://na2.gigantic-server.com/#/paths/~12.0~1repositories~1%7Busername%7D/get parameters: username: $response.body#/username ``` Note that in the use of `operationRef` the _escaped forward-slash_ (`~1`) is necessary when using JSON Pointer in URI fragments, and it is necessary to URL-encode `{` and `}` as `%7B` and `%7D`, respectively. The unescaped, percent-decoded path template in the above examples would be `/2.0/repositories/{username}`. #### Runtime Expressions Runtime expressions allow defining values based on information that will only be available within the HTTP message in an actual API call. This mechanism is used by [Link Objects](#link-object) and [Callback Objects](#callback-object). The runtime expression is defined by the following [ABNF](https://tools.ietf.org/html/rfc5234) syntax ```abnf expression = "$url" / "$method" / "$statusCode" / "$request." source / "$response." source source = header-reference / query-reference / path-reference / body-reference header-reference = "header." token query-reference = "query." name path-reference = "path." name body-reference = "body" ["#" json-pointer ] json-pointer = *( "/" reference-token ) reference-token = *( unescaped / escaped ) unescaped = %x00-2E / %x30-7D / %x7F-10FFFF ; %x2F ('/') and %x7E ('~') are excluded from 'unescaped' escaped = "~" ( "0" / "1" ) ; representing '~' and '/', respectively name = *char token = 1*tchar tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA ``` Here, `json-pointer` is taken from [RFC6901](https://tools.ietf.org/html/rfc6901), `char` from [RFC8259](https://tools.ietf.org/html/rfc8259#section-7) and `token` from [RFC9110](https://www.rfc-editor.org/rfc/rfc9110.html#section-5.6.2). The `name` identifier is case-sensitive, whereas `token` is not. The table below provides examples of runtime expressions and examples of their use in a value: ##### Example Expressions | Source Location | example expression | notes | | ---- | :---- | :---- | | HTTP Method | `$method` | The allowable values for the `$method` will be those for the HTTP operation. | | Requested media type | `$request.header.accept` | | | Request parameter | `$request.path.id` | Request parameters MUST be declared in the `parameters` section of the parent operation or they cannot be evaluated. This includes request headers. | | Request body property | `$request.body#/user/uuid` | In operations which accept payloads, references may be made to portions of the `requestBody` or the entire body. | | Request URL | `$url` | | | Response value | `$response.body#/status` | In operations which return payloads, references may be made to portions of the response body or the entire body. | | Response header | `$response.header.Server` | Single header values only are available | Runtime expressions preserve the type of the referenced value. Expressions can be embedded into string values by surrounding the expression with `{}` curly braces. ### Header Object Describes a single header for [HTTP responses](#response-headers) and for [individual parts in `multipart` representations](#encoding-headers); see the relevant [Response Object](#response-object) and [Encoding Object](#encoding-object) documentation for restrictions on which headers can be described. The Header Object follows the structure of the [Parameter Object](#parameter-object), including determining its serialization strategy based on whether `schema` or `content` is present, with the following changes: 1. `name` MUST NOT be specified, it is given in the corresponding `headers` map. 1. `in` MUST NOT be specified, it is implicitly in `header`. 1. All traits that are affected by the location MUST be applicable to a location of `header` (for example, [`style`](#parameter-style)). This means that `allowEmptyValue` MUST NOT be used, and `style`, if used, MUST be limited to `"simple"`. #### Fixed Fields ##### Common Fixed Fields These fields MAY be used with either `content` or `schema`. The `example` and `examples` fields are mutually exclusive; see [Working with Examples](#working-with-examples) for guidance on validation requirements. | Field Name | Type | Description | | ---- | :----: | ---- | | description | `string` | A brief description of the header. This could contain examples of use. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | required | `boolean` | Determines whether this header is mandatory. The default value is `false`. | | deprecated | `boolean` | Specifies that the header is deprecated and SHOULD be transitioned out of usage. Default value is `false`. | | example | Any | Example of the header's potential value; see [Working With Examples](#working-with-examples). | | examples | Map[ `string`, [Example Object](#example-object) \| [Reference Object](#reference-object)] | Examples of the header's potential value; see [Working With Examples](#working-with-examples). | This object MAY be extended with [Specification Extensions](#specification-extensions). ##### Fixed Fields for use with `schema` For simpler scenarios, a [`schema`](#header-schema) and [`style`](#header-style) can describe the structure and syntax of the header. When serializing headers with `schema`, URI percent-encoding MUST NOT be applied; if using an RFC6570 implementation that automatically applies it, it MUST be removed before use. Implementations MUST pass header values through unchanged rather than attempting to automatically quote header values, as the quoting rules vary too widely among different headers; see [Appendix D](#appendix-d-serializing-headers-and-cookies) for guidance on quoting and escaping. | Field Name | Type | Description | | ---- | :----: | ---- | | style | `string` | Describes how the header value will be serialized. The default (and only legal value for headers) is `"simple"`. | | explode | `boolean` | When this is true, header values of type `array` or `object` generate a single header whose value is a comma-separated list of the array items or key-value pairs of the map, see [Style Examples](#style-examples). For other data types this field has no effect. The default value is `false`. | | schema | [Schema Object](#schema-object) | The schema defining the type used for the header. | See also [Appendix C: Using RFC6570-Based Serialization](#appendix-c-using-rfc6570-based-serialization) for additional guidance. ##### Fixed Fields for use with `content` For more complex scenarios, the [`content`](#header-content) field can define the media type and schema of the header, as well as give examples of its use. | Field Name | Type | Description | | ---- | :----: | ---- | | content | Map[`string`, [Media Type Object](#media-type-object) \| [Reference Object](#reference-object)] | A map containing the representations for the header. The key is the media type and the value describes it. The map MUST only contain one entry. | #### Modeling Link Headers [[!RFC9264]] defines the `application/linkset` and `application/linkset+json` media types. The former is exactly the format of HTTP link header values except allowing additional whitespace for readability, while the latter is an equivalent JSON representation of such headers. To use either of these media types, the `schema` in the [Media Type Object](#media-type-object) MUST describe the links as they would be structured in the `application/linkset+json` format. If the Media Type Object's parent key is `application/linkset+json`, then the serialization is trivial, however this format cannot be used in the HTTP `Link` header. If the Media Type Object's parent key is `application/linkset`, then the serialization MUST be the equivalent representation of the `schema`-modeled links in the `application/linkset` format. If the `application/linkset` Media Type Object is used in the `content` field of a Header Object (or a Parameter Object with `in: "header"`), the serialization MUST be made compatible with the HTTP field syntax as described by [[!RFC9264]] [Section 4.1](https://www.rfc-editor.org/rfc/rfc9264.html#name-http-link-document-format-a). The following example shows how the same data model can be used for a collection pagination linkset either in JSON format as message content, or in the HTTP `Link` header: ```yaml components: schemas: SimpleLinkContext: type: array items: type: object required: - href properties: href: type: string format: uri-reference CollectionLinks: type: object required: - linkset properties: linkset: type: array items: type: object required: [first, prev, next, last] properties: anchor: type: string format: uri additionalProperties: $ref: '#/components/schemas/SimpleLinkContext' responses: CollectionWithLinks: content: application/json: schema: type: array headers: Link: required: true content: application/linkset: schema: $ref: '#/components/schemas/CollectionLinks' StandaloneJsonLinkset: content: application/linkset+json: schema: $ref: '#/components/mediaTypes/CollectionLinks' ``` #### Representing the `Set-Cookie` Header The `Set-Cookie` header is noted in [[!RFC9110]] [Section 5.3](https://www.rfc-editor.org/rfc/rfc9110.html#section-5.3) as an exception to the normal rules of headers with multiple values. For most headers using the general syntax defined in RFC9110, the multiple-line and comma-separated single-line forms are interchangeable, meaning that this: ```http Accept-Encoding: compress;q=0.5 Accept-Encoding: gzip;q=1.0 ``` is interchangeable with the one-line form that works well with the OAS's `style: "simple"` option: ```http Accept-Encoding: compress;q=0.5,gzip;q=1.0 ``` The OAS models such multi-value headers using the one-line form as it matches the behavior of `style: "simple"`, and works well when using `content` as the values are completely separate from the header name, but it does not matter which form is used in an actual HTTP message. As also noted in the RFC, `Set-Cookie` is an exception as it allows unquoted, non-escaped commas in its values, and can only use the one-value-per-line form. For HTTP messages, this is purely a serialization concern, and no more of a problem than a message that uses the multi-line form of any other header. However, because examples and values modeled with `content` do not incorporate the header name, for these fields `Set-Cookie` MUST be handled by placing each value on a separate line, without the header name or the `:` delimiter. Note also that any URI percent-encoding, base64 encoding, or other escaping MUST be performed prior to supplying the data to OAS tooling; see [Appendix D](appendix-d-serializing-headers-and-cookies) for details. The following example shows two different ways to describe `Set-Cookie` headers that require cookies named `"lang"` and `"foo"`, as well as a `"urlSafeData"` cookie that is expected to be percent-encoded. The first uses `content` in order to show exactly how such examples are formatted, but also notes the limitations of schema constraints with multi-line text. The second shows the use of `style: "simple"`, which produces the same serialized example text (with each line corresponding to one `Set-Cookie:` line in the HTTP response), but allows schema constraints on each cookie; note that the percent-encoding is already applied in the `dataValue` field of the example: ```yaml components: headers: SetCookieWithContent: content: text/plain: schema: # Due to lack of support for multiline regular expressions # in the `pattern` keyword, not much validation can be done. type: string examples: WithExpires: # This demonstrates that the text is required to be provided # in the final format, and is not changed by serialization. # In practice, it is not necessary to show both value fields. # Note that only the comma (%2C) would need to be percent-encoded # if percent-encoding were only being done to make the value # a valid cookie, as space (%20) and the exclamation point (%21) # are allowed in cookies, but not in URLs. See the cookie # input parameter examples for an example of encoding only # what is needed for the cookie syntax. dataValue: | lang=en-US; Expires=Wed, 09 Jun 2021 10:18:14 GMT foo=bar; Expires=Wed, 09 Jun 2021 10:18:14 GMT urlSafeData: Hello%2C%20world%21 serializedValue: | lang=en-US; Expires=Wed, 09 Jun 2021 10:18:14 GMT foo=bar; Expires=Wed, 09 Jun 2021 10:18:14 GMT urlSafeData: Hello%2C%20world%21 SetCookieWithSchemaAndStyle: schema: type: object required: - lang - foo - urlSafeData properties: urlSafeData: type: string pattern: ^[-_.%a-zA-Z0-9]+(;|$) additionalProperties: $comment: Require an Expires parameter pattern: "; *Expires=" style: simple explode: true examples: SetCookies: dataValue: { "lang": "en-US; Expires=Wed, 09 Jun 2021 10:18:14 GMT" "foo": "bar; Expires=Wed, 09 Jun 2021 10:18:14 GMT" "urlSafeData": "Hello%2C%20world%21" } serializedValue: | lang=en-US; Expires=Wed, 09 Jun 2021 10:18:14 GMT foo=bar; Expires=Wed, 09 Jun 2021 10:18:14 GMT urlSafeData: Hello%2C%20world%21 ``` In an HTTP message, the serialized example would look like: ```http Set-Cookie: lang=en-US; Expires=Wed, 09 Jun 2021 10:18:14 GM Set-Cookie: foo=bar; Expires=Wed, 09 Jun 2021 10:18:14 GMT Set-Cookie: urlSafeData=Hello%2C%20world%21 ``` #### Header Object Example A simple header of type `integer`: ```yaml X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: integer ``` Requiring that a strong `ETag` header (with a value starting with `"` rather than `W/`) is present. ```yaml ETag: required: true schema: type: string # Note that quotation marks are part of the # ETag value, unlike many other headers that # use a quoted string purely for managing # reserved characters. pattern: ^" example: '"xyzzy"' ``` ### Tag Object Adds metadata to a single tag that is used by the [Operation Object](#operation-object). It is not mandatory to have a Tag Object per tag defined in the Operation Object instances. #### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | name | `string` | **REQUIRED**. The name of the tag. Use this value in the `tags` array of an Operation. | | summary | `string` | A short summary of the tag, used for display purposes. | | description | `string` | A description for the tag. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this tag. | | parent | `string` | The `name` of a tag that this tag is nested under. The named tag MUST exist in the API description, and circular references between parent and child tags MUST NOT be used. | | kind | `string` | A machine-readable string to categorize what sort of tag it is. Any string value can be used; common uses are `nav` for Navigation, `badge` for visible badges, `audience` for APIs used by different groups. A [registry of the most commonly used values](https://spec.openapis.org/registry/tag-kind/) is available. | This object MAY be extended with [Specification Extensions](#specification-extensions). #### Tag Object Example ```yaml tags: - name: account-updates summary: Account Updates description: Account update operations kind: nav - name: partner summary: Partner description: Operations available to the partners network parent: external kind: audience - name: external summary: External description: Operations available to external consumers kind: audience ``` ### Reference Object A simple object to allow referencing other components in the OpenAPI Description, internally and externally. The `$ref` string value contains a URI [RFC3986](https://tools.ietf.org/html/rfc3986), which identifies the value being referenced. See the rules for resolving [Relative References](#relative-references-in-api-description-uris). #### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | $ref | `string` | **REQUIRED**. The reference identifier. This MUST be in the form of a URI. | | summary | `string` | A short summary which by default SHOULD override that of the referenced component. If the referenced object-type does not allow a `summary` field, then this field has no effect. | | description | `string` | A description which by default SHOULD override that of the referenced component. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. If the referenced object-type does not allow a `description` field, then this field has no effect. | This object cannot be extended with additional properties, and any properties added SHALL be ignored. Note that this restriction on additional properties is a difference between Reference Objects and [Schema Objects](#schema-object) that contain a `$ref` keyword. #### Reference Object Example ```yaml $ref: '#/components/schemas/Pet' ``` #### Relative Schema Document Example ```yaml $ref: Pet.yaml ``` #### Relative Documents with Embedded Schema Example ```yaml $ref: definitions.yaml#/Pet ``` ### Schema Object The Schema Object allows the definition of input and output data types. These types can be objects, but also primitives and arrays. This object is a superset of the [JSON Schema Specification Draft 2020-12](https://www.ietf.org/archive/id/draft-bhutton-json-schema-01.html). The empty schema (which allows any instance to validate) MAY be represented by the boolean value `true` and a schema which allows no instance to validate MAY be represented by the boolean value `false`. For more information about the keywords, see [JSON Schema Core](https://www.ietf.org/archive/id/draft-bhutton-json-schema-01.html) and [JSON Schema Validation](https://www.ietf.org/archive/id/draft-bhutton-json-schema-validation-01.html). Unless stated otherwise, the keyword definitions follow those of JSON Schema and do not add any additional semantics; this includes keywords such as `$schema`, `$id`, `$ref`, and `$dynamicRef` being URIs rather than URLs. Where JSON Schema indicates that behavior is defined by the application (e.g. for annotations), OAS also defers the definition of semantics to the application consuming the OpenAPI document. #### JSON Schema Keywords The OpenAPI Schema Object [dialect](https://www.ietf.org/archive/id/draft-bhutton-json-schema-01.html#section-4.3.3) is defined as requiring the [OAS base vocabulary](#base-vocabulary), in addition to the vocabularies as specified in the JSON Schema Specification Draft 2020-12 [general purpose meta-schema](https://www.ietf.org/archive/id/draft-bhutton-json-schema-01.html#section-8). The OpenAPI Schema Object dialect for this version of the specification is identified by the URI `https://spec.openapis.org/oas/3.1/dialect/base` (the "OAS dialect schema id"). The following keywords are taken from the JSON Schema specification but their definitions have been extended by the OAS: * description - [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. * format - See [Data Type Formats](#data-type-format) for further details. While relying on JSON Schema's defined formats, the OAS offers a few additional predefined formats. In addition to the JSON Schema keywords comprising the OAS dialect, the Schema Object supports keywords from any other vocabularies, or entirely arbitrary properties. JSON Schema implementations MAY choose to treat keywords defined by the OpenAPI Specification's base vocabulary as [unknown keywords](https://www.ietf.org/archive/id/draft-bhutton-json-schema-01.html#section-4.3.1), due to its inclusion in the OAS dialect with a [`$vocabulary`](https://www.ietf.org/archive/id/draft-bhutton-json-schema-01.html#section-8.1.2) value of `false`. The OAS base vocabulary is comprised of the following keywords: #### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | discriminator | [Discriminator Object](#discriminator-object) | The discriminator provides a "hint" for which of a set of schemas a payload is expected to satisfy. See [Composition and Inheritance](#composition-and-inheritance-polymorphism) for more details. | | xml | [XML Object](#xml-object) | Adds additional metadata to describe the XML representation of this schema. | | externalDocs | [External Documentation Object](#external-documentation-object) | Additional external documentation for this schema. | | example | Any | A free-form field to include an example of an instance for this schema. To represent examples that cannot be naturally represented in JSON or YAML, a string value can be used to contain the example with escaping where necessary.

**Deprecated:** The `example` field has been deprecated in favor of the JSON Schema `examples` keyword. Use of `example` is discouraged, and later versions of this specification may remove it. | This object MAY be extended with [Specification Extensions](#specification-extensions), though as noted, additional properties MAY omit the `x-` prefix within this object. #### Data Types Data types in the OAS are based on the types defined by the [JSON Schema Validation Specification Draft 2020-12](https://www.ietf.org/archive/id/draft-bhutton-json-schema-validation-01.html#section-6.1.1): "null", "boolean", "object", "array", "number", "string", or "integer". Models are defined using the [Schema Object](#schema-object), which is a superset of the JSON Schema Specification Draft 2020-12. JSON Schema keywords and `format` values operate on JSON "instances" which may be one of the six JSON data types, "null", "boolean", "object", "array", "number", or "string", with certain keywords and formats only applying to a specific type. For example, the `pattern` keyword and the `date-time` format only apply to strings, and treat any instance of the other five types as _automatically valid._ This means JSON Schema keywords and formats do **NOT** implicitly require the expected type. Use the `type` keyword to explicitly constrain the type. Note that the `type` keyword allows `"integer"` as a value for convenience, but keyword and format applicability does not recognize integers as being of a distinct JSON type from other numbers because [[RFC8259|JSON]] itself does not make that distinction. Since there is no distinct JSON integer type, JSON Schema defines integers mathematically. This means that both `1` and `1.0` are [equivalent](https://www.ietf.org/archive/id/draft-bhutton-json-schema-01.html#section-4.2.2), and are both considered to be integers. ##### Data Type Format As defined by the [JSON Schema Validation specification](https://www.ietf.org/archive/id/draft-bhutton-json-schema-validation-01.html#section-7.3), data types can have an optional modifier keyword: `format`. As described in that specification, `format` is treated as a non-validating annotation by default; the ability to validate `format` varies across implementations. The OpenAPI Initiative also hosts a [Format Registry](https://spec.openapis.org/registry/format/) for formats defined by OAS users and other specifications. Support for any registered format is strictly OPTIONAL, and support for one registered format does not imply support for any others. Types that are not accompanied by a `format` keyword follow the type definition in the JSON Schema. Tools that do not recognize a specific `format` MAY default back to the `type` alone, as if the `format` is not specified. For the purpose of [JSON Schema validation](https://www.ietf.org/archive/id/draft-bhutton-json-schema-validation-01.html#section-7.1), each format should specify the set of JSON data types for which it applies. In this registry, these types are shown in the "JSON Data Type" column. The formats defined by the OAS are: | `format` | JSON Data Type | Comments | | ---- | ---- | ---- | | `int32` | number | signed 32 bits | | `int64` | number | signed 64 bits (a.k.a long) | | `float` | number | | | `double` | number | | | `password` | string | A hint to obscure the value. | As noted under [Data Type](#data-types), both `type: number` and `type: integer` are considered to be numbers in the data model. #### Parsing and Serializing API data has several forms: 1. The serialized form, which is either a document of a particular media type, an HTTP header value, or part of a URI. 2. The data form, intended for use with a [Schema Object](#schema-object). 3. The application form, which incorporates any additional information conveyed by JSON Schema keywords such as `format` and `contentType`, and possibly additional information such as class hierarchies that are beyond the scope of this specification, although they MAY be based on specification elements such as the [Discriminator Object](#discriminator-object) or guidance regarding [Data Modeling Techniques](#data-modeling-techniques). ##### JSON Data JSON-serialized data is nearly equivalent to the data form because the [JSON Schema data model](https://www.ietf.org/archive/id/draft-bhutton-json-schema-01.html#section-4.2.1) is nearly equivalent to the JSON representation. The serialized UTF-8 JSON string `{"when": "1985-04-12T23:20:50.52"}` represents an object with one data field, named `when`, with a string value, `1985-04-12T23:20:50.52`. The exact application form is beyond the scope of this specification, as can be shown with the following schema for our JSON instance: ```yaml type: object properties: when: type: string format: date-time ``` Some applications might leave the string as a string regardless of programming language, while others might notice the `format` and use it as a `datetime.datetime` instance in Python, or a `java.time.ZonedDateTime` in Java. This specification only requires that the data is valid according to the schema, and that [annotations](#extended-validation-with-annotations) such as `format` are available in accordance with the JSON Schema specification. ##### Non-JSON Data Non-JSON serializations can be substantially different from their corresponding data form, and might require several steps to parse. To continue our "when" example, if we serialized the object as `application/x-www-form-urlencoded`, it would appear as the ASCII string `when=1985-04-12T23%3A20%3A50.52`. This example is still straightforward to use as it is all string data, and the only differences from JSON are the URI percent-encoding and the delimiter syntax (`=` instead of JSON punctuation and quoting). However, many non-JSON text-based formats can be complex, requiring examination of the appropriate schema(s) in order to correctly parse the text into a schema-ready data structure. Serializing data into such formats requires either examining the schema-validated data or performing the same schema inspections. When inspecting schemas, given a starting point schema, implementations MUST examine that schema and all schemas that can be reached from it by following only `$ref` and `allOf` keywords. These schemas are guaranteed to apply to any instance. When searching schemas for `type`, if the `type` keyword's value is a list of types and the serialized value can be successfully parsed as more than one of the types in the list, and no other findable `type` keyword disambiguates the actual required type, the behavior is implementation-defined. Schema Objects that do not contain `type` MUST be considered to allow all types, regardless of which other keywords are present (e.g. `maximum` applies to numbers, but _does not_ require the instance to be a number). Implementations MAY inspect subschemas or possible reference targets of other keywords such as `oneOf` or `$dynamicRef`, but MUST NOT attempt to resolve ambiguities. For example, if an implementation opts to inspect `anyOf`, the schema: ```yaml anyOf: - type: number minimum: 0 - type: number maximum: 100 ``` unambiguously indicates a numeric type, but the schema: ```yaml anyOf: - type: number - maximum: 100 ``` does not, because the second subschema allows all types. Due to these limited requirements for searching schemas, serializers that have access to validated data MUST inspect the data if possible; implementations that either do not work with runtime data (such as code generators) or cannot access validated data for some reason MUST fall back to schema inspection. Recall also that in JSON Schema, keywords that apply to a specific type (e.g. `pattern` applies to strings, `minimum` applies to numbers) _do not_ require or imply that the data will actually be of that type. As an example of these processes, given these OpenAPI components: ```yaml components: requestBodies: Form: content: application/x-www-form-urlencoded: schema: $ref: "#/components/schemas/FormData" encoding: extra: contentType: application/xml schemas: FormData: type: object properties: code: allOf: - type: [string, number] pattern: "1" minimum: 0 - type: string pattern: "2" count: type: integer extra: type: object ``` And this request body to parse into its data form: ```uri code=1234&count=42&extra=%3Cinfo%3Eabc%3C/info%3E ``` We must first search the schema for `properties` or other property-defining keywords, and then use each property schema as a starting point for a search for that property's `type` keyword, as follows (the exact order is implementation-defined): * `#/components/requestBodies/Form/content/application~1x-www-form-urlencoded/schema` (initial starting point schema, only `$ref`) * `#/components/schemas/FormData` (follow `$ref`, found `properties`) * `#/components/schemas/FormData/properties/code` (starting point schema for `code` property) * `#/components/schemas/FormData/properties/code/allOf/0` (follow `allOf`, found `type: [string, number]`) * `#/components/schemas/FormData/properties/code/allOf/1` (follow `allOf`, found `type: string`) * `#/components/schemas/FormData/properties/count` (starting point schema for `count` property, found `type: integer`) * `#/components/schemas/FormData/properties/extra` (starting point schema for `extra` property, found `type: object`) Note that for `code` we first found an ambiguous `type`, but then found another `type` keyword that ensures only one of the two possibilities is valid. From this inspection, we determine that `code` is a string that happens to look like a number, while `count` needs to be parsed into a number _prior_ to schema validation. Furthermore, the `extra` string is in fact an XML serialization of an object containing an `info` property. This means that the data form of this serialization is equivalent to the following JSON object: ```json { "code": "1234", "count": 42 "extra": { "info": "abc" } } ``` Serializing this object also requires correlating properties with [Encoding Objects](#encoding-object), and may require inspection to determine a default value of the `contentType` field. If validated data is not available, the schema inspection process is identical to that shown for parsing. In this example, both `code` and `count` are of primitive type and do not appear in the `encoding` field, and are therefore serialized as plain text. However, the `extra` field is an object, which would by default be serialized as JSON, but the `extra` entry in the `encoding` field tells use to serialize it as XML instead. ##### Working with Binary Data The OAS can describe either _raw_ or _encoded_ binary data. * **raw binary** is used where unencoded binary data is allowed, such as when sending a binary payload as the entire HTTP message body, or as part of a `multipart/*` payload that allows binary parts * **encoded binary** is used where binary data is embedded in a text-only format such as `application/json` or `application/x-www-form-urlencoded` (either as a message body or in the URL query string). In the following table showing how to use Schema Object keywords for binary data, we use `image/png` as an example binary media type. Any binary media type, including `application/octet-stream`, is sufficient to indicate binary content. | Keyword | Raw | Encoded | Comments | | ---- | ---- | ---- | ---- | | `type` | _omit_ | `string` | raw binary is [outside of `type`](https://www.ietf.org/archive/id/draft-bhutton-json-schema-01.html#section-4.2.3) | | `contentMediaType` | `image/png` | `image/png` | can sometimes be omitted if redundant (see below) | | `contentEncoding` | _omit_ | `base64` or `base64url` | other encodings are [allowed](https://www.ietf.org/archive/id/draft-bhutton-json-schema-validation-01.html#section-8.3) | Note that the encoding indicated by `contentEncoding`, which inflates the size of data in order to represent it as 7-bit ASCII text, is unrelated to HTTP's `Content-Encoding` header, which indicates whether and how a message body has been compressed and is applied after all content serialization described in this section has occurred. Since HTTP allows unencoded binary message bodies, there is no standardized HTTP header for indicating base64 or similar encoding of an entire message body. Using a `contentEncoding` of `base64url` ensures that URL encoding (as required in the query string and in message bodies of type `application/x-www-form-urlencoded`) does not need to further encode any part of the already-encoded binary data. The `contentMediaType` keyword is redundant if the media type is already set: * as the key for a [Media Type Object](#media-type-object) * in the `contentType` field of an [Encoding Object](#encoding-object) If the [Schema Object](#schema-object) will be processed by a non-OAS-aware JSON Schema implementation, it may be useful to include `contentMediaType` even if it is redundant. However, if `contentMediaType` contradicts a relevant Media Type Object or Encoding Object, then `contentMediaType` SHALL be ignored. See [Complete vs Streaming Content](#complete-vs-streaming-content) for guidance on streaming binary payloads. ###### Schema Evaluation and Binary Data Few JSON Schema implementations directly support working with binary data, as doing so is not a mandatory part of that specification. OAS Implementations that do not have access to a binary-instance-supporting JSON Schema implementation MUST examine schemas and apply them in accordance with [Working with Binary Data](#working-with-binary-data). When the entire instance is binary, this is straightforward as few keywords are relevant. However, `multipart` media types can mix binary and text-based data, leaving implementations with two options for schema evaluations: 1. Use a placeholder value, on the assumption that no assertions will apply to the binary data and no conditional schema keywords will cause the schema to treat the placeholder value differently (e.g. a part that could be either plain text or binary might behave unexpectedly if a string is used as a binary placeholder, as it would likely be treated as plain text and subject to different subschemas and keywords). 2. Inspect the schema(s) to find the appropriate keywords (`properties`, `prefixItems`, etc.) in order to break up the subschemas and apply them separately to binary and JSON-compatible data. ###### Migrating Binary Descriptions from OAS 3.0 The following table shows how to migrate from OAS 3.0 binary data descriptions, continuing to use `image/png` as the example binary media type: | OAS < 3.1 | OAS >= 3.1 | Comments | | ---- | ---- | ---- | | type: string
format: binary | contentMediaType: image/png | if redundant, can be omitted, often resulting in an empty [Schema Object](#schema-object) | | type: string
format: byte | type: string
contentMediaType: image/png
contentEncoding: base64 | note that `base64url` can be used to avoid re-encoding the base64 string to be URL-safe | #### Extended Validation with Annotations JSON Schema Draft 2020-12 supports [collecting annotations](https://www.ietf.org/archive/id/draft-bhutton-json-schema-01.html#section-7.7.1), including [treating unrecognized keywords as annotations](https://www.ietf.org/archive/id/draft-bhutton-json-schema-01.html#section-6.5). OAS implementations MAY use such annotations, including [extensions](https://spec.openapis.org/registry/extension/) not recognized as part of a declared JSON Schema vocabulary, as the basis for further validation. Note that JSON Schema Draft 2020-12 does not require an `x-` prefix for extensions. ##### Non-Validating Constraint Keywords The [`format` keyword (when using default format-annotation vocabulary)](https://www.ietf.org/archive/id/draft-bhutton-json-schema-validation-01.html#section-7.2.1) and the [`contentMediaType`, `contentEncoding`, and `contentSchema` keywords](https://www.ietf.org/archive/id/draft-bhutton-json-schema-validation-01.html#section-8.2) define constraints on the data, but are treated as annotations instead of being validated directly. Extended validation is one way that these constraints MAY be enforced. ##### Validating `readOnly` and `writeOnly` The `readOnly` and `writeOnly` keywords are annotations, as JSON Schema is not aware of how the data it is validating is being used. Validation of these keywords MAY be done by checking the annotation, the read or write direction, and (if relevant) the current value of the field. [JSON Schema Validation Draft 2020-12 Section 9.4](https://www.ietf.org/archive/id/draft-bhutton-json-schema-validation-01.html#section-9.4) defines the expectations of these keywords, including that a resource (described as the "owning authority") MAY either ignore a `readOnly` field or treat it as an error. Fields that are both required and read-only are an example of when it is beneficial to ignore a `readOnly: true` constraint in a PUT, particularly if the value has not been changed. This allows correctly requiring the field on a GET and still using the same representation and schema with PUT. Even when read-only fields are not required, stripping them is burdensome for clients, particularly when the JSON data is complex or deeply nested. Note that the behavior of `readOnly` in particular differs from that specified by version 3.0 of this specification. #### Data Modeling Techniques ##### Composition and Inheritance (Polymorphism) The OpenAPI Specification allows combining and extending model definitions using the `allOf` keyword of JSON Schema, in effect offering model composition. `allOf` takes an array of object definitions that are validated _independently_ but together compose a single object. While composition offers model extensibility, it does not imply a hierarchy between the models. JSON Schema also provides the `anyOf` and `oneOf` keywords, which allow defining multiple schemas where at least one or exactly one of them must be valid, respectively. As is the case with `allOf`, the schemas are validated _independently_. These keywords can be used to describe polymorphism, where a single field can accept multiple types of values. The OpenAPI specification extends the JSON Schema support for polymorphism by adding the [`discriminator`](#schema-discriminator) field whose value is a [Discriminator Object](#discriminator-object). When used, the Discriminator Object indicates the name of the property that hints which schema of an `anyOf` or `oneOf` is expected to validate the structure of the model. The discriminating property MAY be defined as required or optional, but when defined as an optional property the Discriminator Object MUST include a `defaultMapping` field that specifies which schema of the `anyOf` or `oneOf`, or which schema that references the current schema in an `allOf`, is expected to validate the structure of the model when the discriminating property is not present. There are two ways to define the value of a discriminating property for an inheriting instance. * Use the schema name. * [Override the schema name](#discriminator-mapping) by overriding the property with a new value. If a new value exists, this takes precedence over the schema name. ##### Generic (Template) Data Structures Implementations SHOULD support defining generic or template data structures using JSON Schema's dynamic referencing feature: * `$dynamicAnchor` identifies a set of possible schemas (including a default placeholder schema) to which a `$dynamicRef` can resolve * `$dynamicRef` resolves to the first matching `$dynamicAnchor` encountered on its path from the schema entry point to the reference, as described in the JSON Schema specification An example is included in the [Schema Object Examples](#schema-object-examples) section below, and further information can be found on the Learn OpenAPI site's ["Dynamic References"](https://learn.openapis.org/referencing/dynamic.html) page. ##### Annotated Enumerations The Schema Object's `enum` keyword does not allow associating descriptions or other information with individual values. Implementations MAY support recognizing a `oneOf` or `anyOf` where each subschema in the keyword's array consists of a `const` keyword and annotations such as `title` or `description` as an enumerated type with additional information. The exact behavior of this pattern beyond what is required by JSON Schema is implementation-defined. ##### XML Modeling The [xml](#schema-xml) field allows extra definitions when translating the JSON definition to XML. The [XML Object](#xml-object) contains additional information about the available options. #### Specifying Schema Dialects It is important for tooling to be able to determine which dialect or meta-schema any given resource wishes to be processed with: JSON Schema Core, JSON Schema Validation, OpenAPI Schema dialect, or some custom meta-schema. The `$schema` keyword MAY be present in any Schema Object that is a [schema resource root](https://www.ietf.org/archive/id/draft-bhutton-json-schema-01.html#section-4.3.5), and if present MUST be used to determine which dialect should be used when processing the schema. This allows use of Schema Objects which comply with other drafts of JSON Schema than the default Draft 2020-12 support. Tooling MUST support the OAS dialect schema id, and MAY support additional values of `$schema`. To allow use of a different default `$schema` value for all Schema Objects contained within an OAS document, a `jsonSchemaDialect` value may be set within the OpenAPI Object. If this default is not set, then the OAS dialect schema id MUST be used for these Schema Objects. The value of `$schema` within a resource root Schema Object always overrides any default. For standalone JSON Schema documents that do not set `$schema`, or for Schema Objects in OpenAPI description documents that are _not_ [complete documents](#openapi-description-structure), the dialect SHOULD be assumed to be the OAS dialect. However, for maximum interoperability, it is RECOMMENDED that OpenAPI description authors explicitly set the dialect through `$schema` in such documents. #### Schema Object Examples ##### Primitive Example ```yaml type: string format: email ``` ##### Simple Model ```yaml type: object required: - name properties: name: type: string address: $ref: '#/components/schemas/Address' age: type: integer format: int32 minimum: 0 ``` ##### Model with Map/Dictionary Properties For a simple string to string mapping: ```yaml type: object additionalProperties: type: string ``` For a string to model mapping: ```yaml type: object additionalProperties: $ref: '#/components/schemas/ComplexModel' ``` ##### Model with Annotated Enumeration ```yaml oneOf: - const: RGB title: Red, Green, Blue description: Specify colors with the red, green, and blue additive color model - const: CMYK title: Cyan, Magenta, Yellow, Black description: Specify colors with the cyan, magenta, yellow, and black subtractive color model ``` ##### Model with Example ```yaml type: object properties: id: type: integer format: int64 name: type: string required: - name examples: - name: Puma id: 1 ``` ##### Models with Composition ```yaml components: schemas: ErrorModel: type: object required: - message - code properties: message: type: string code: type: integer minimum: 100 maximum: 600 ExtendedErrorModel: allOf: - $ref: '#/components/schemas/ErrorModel' - type: object required: - rootCause properties: rootCause: type: string ``` ##### Models with Polymorphism Support The following example describes a `Pet` model that can represent either a cat or a dog, as distinguished by the `petType` property. Each type of pet has other properties beyond those of the base `Pet` model. An instance without a `petType` property, or with a `petType` property that does not match either `cat` or `dog`, is invalid. ```yaml components: schemas: Pet: type: object properties: name: type: string required: - name - petType oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' Cat: description: A pet cat type: object properties: petType: const: 'cat' huntingSkill: type: string description: The measured skill for hunting enum: - clueless - lazy - adventurous - aggressive required: - huntingSkill Dog: description: A pet dog type: object properties: petType: const: 'dog' packSize: type: integer format: int32 description: the size of the pack the dog is from default: 0 minimum: 0 required: - packSize ``` ##### Models with Polymorphism Support and a Discriminator Object The following example extends the example of the previous section by adding a [Discriminator Object](#discriminator-object) to the `Pet` schema. Note that the Discriminator Object is only a hint to the consumer of the API and does not change the validation outcome of the schema. ```yaml components: schemas: Pet: type: object discriminator: propertyName: petType mapping: cat: '#/components/schemas/Cat' dog: '#/components/schemas/Dog' properties: name: type: string required: - name - petType oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' Cat: description: A pet cat type: object properties: petType: const: 'cat' huntingSkill: type: string description: The measured skill for hunting enum: - clueless - lazy - adventurous - aggressive required: - huntingSkill Dog: description: A pet dog type: object properties: petType: const: 'dog' packSize: type: integer format: int32 description: the size of the pack the dog is from default: 0 minimum: 0 required: - petType - packSize ``` ##### Models with Polymorphism Support using `allOf` and a Discriminator Object It is also possible to describe polymorphic models using `allOf`. The following example uses `allOf` with a [Discriminator Object](#discriminator-object) to describe a polymorphic `Pet` model. ```yaml components: schemas: Pet: type: object discriminator: propertyName: petType properties: name: type: string petType: type: string required: - name - petType Cat: # "Cat" will be used as the discriminating value description: A representation of a cat allOf: - $ref: '#/components/schemas/Pet' - type: object properties: huntingSkill: type: string description: The measured skill for hunting enum: - clueless - lazy - adventurous - aggressive required: - huntingSkill Dog: # "Dog" will be used as the discriminating value description: A representation of a dog allOf: - $ref: '#/components/schemas/Pet' - type: object properties: packSize: type: integer format: int32 description: the size of the pack the dog is from default: 0 minimum: 0 required: - packSize ``` ##### Generic Data Structure Model ```yaml components: schemas: genericArrayComponent: $id: fully_generic_array type: array items: $dynamicRef: '#generic-array' $defs: allowAll: $dynamicAnchor: generic-array numberArray: $id: array_of_numbers $ref: fully_generic_array $defs: numbersOnly: $dynamicAnchor: generic-array type: number stringArray: $id: array_of_strings $ref: fully_generic_array $defs: stringsOnly: $dynamicAnchor: generic-array type: string objWithTypedArray: $id: obj_with_typed_array type: object required: - dataType - data properties: dataType: enum: - string - number oneOf: - properties: dataType: const: string data: $ref: array_of_strings - properties: dataType: const: number data: $ref: array_of_numbers ``` ### Discriminator Object When request bodies or response payloads may be one of a number of different schemas, these should use the JSON Schema `anyOf` or `oneOf` keywords to describe the possible schemas (see [Composition and Inheritance](#composition-and-inheritance-polymorphism)). A polymorphic schema MAY include a Discriminator Object, which defines the name of the property that may be used as a hint for which schema of the `anyOf` or `oneOf`, or which schema that references the current schema in an `allOf`, is expected to validate the structure of the model. This hint can be used to aid in serialization, deserialization, and validation. The Discriminator Object does this by implicitly or explicitly associating the possible values of a named property with alternative schemas. Note that `discriminator` MUST NOT change the validation outcome of the schema. #### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | propertyName | `string` | **REQUIRED**. The name of the discriminating property in the payload that will hold the discriminating value. The discriminating property MAY be defined as required or optional, but when defined as optional the Discriminator Object MUST include a `defaultMapping` field that specifies which schema is expected to validate the structure of the model when the discriminating property is not present. | | mapping | Map[`string`, `string`] | An object to hold mappings between payload values and schema names or URI references. | | defaultMapping | `string` | The schema name or URI reference to a schema that is expected to validate the structure of the model when the discriminating property is not present in the payload or contains a value for which there is no explicit or implicit mapping. | This object MAY be extended with [Specification Extensions](#specification-extensions). #### Conditions for Using the Discriminator Object The Discriminator Object is legal only when using one of the composite keywords `oneOf`, `anyOf`, `allOf`. In both the `oneOf` and `anyOf` use cases, where those keywords are adjacent to `discriminator`, all possible schemas MUST be listed explicitly. To avoid redundancy, the discriminator MAY be added to a parent schema definition, and all schemas building on the parent schema via an `allOf` construct may be used as an alternate schema. The `allOf` form of `discriminator` is _only_ useful for non-validation use cases; validation with the parent schema with this form of `discriminator` _does not_ perform a search for child schemas or use them in validation in any way. This is because `discriminator` cannot change the validation outcome, and no standard JSON Schema keyword connects the parent schema to the child schemas. The behavior of any configuration of `oneOf`, `anyOf`, `allOf` and `discriminator` that is not described above is undefined. #### Options for Mapping Values to Schemas The value of the property named in `propertyName` is used as the name of the associated schema under the [Components Object](#components-object), _unless_ a `mapping` is present for that value. The `mapping` entry maps a specific property value to either a different schema component name, or to a schema identified by a URI. When using implicit or explicit schema component names, inline `oneOf` or `anyOf` subschemas are not considered. The behavior of a `mapping` value or `defaultMapping` value that is both a valid schema name and a valid relative URI reference is implementation-defined, but it is RECOMMENDED that it be treated as a schema name. To ensure that an ambiguous value (e.g. `"foo"`) is treated as a relative URI reference by all implementations, authors MUST prefix it with the `"."` path segment (e.g. `"./foo"`). Mapping keys MUST be string values, but tooling MAY convert response values to strings for comparison. However, the exact nature of such conversions are implementation-defined. #### Optional Discriminating Property When the discriminating property is defined as optional, the [Discriminator Object](#discriminator-object) MUST include a `defaultMapping` field that specifies a schema that is expected to validate the structure of the model when the discriminating property is not present in the payload or contains a value for which there is no explicit or implicit mapping. This allows the schema to still be validated correctly even if the discriminating property is missing. The primary use case for an optional discriminating property is to allow a schema to be extended with a discriminator without breaking existing clients that do not provide the discriminating property. When the discriminating property is defined as optional, it is important that each subschema that defines a value for the discriminating property also define the property as required, since this is no longer enforced by the parent schema. The `defaultMapping` schema is also expected to validate the structure of the model when the discriminating property is present but contains a value for which there is no explicit or implicit mapping. This is typically expressed in the `defaultMapping` schema by excluding any instances with mapped values of the discriminating property, e.g. ```yaml OtherPet: type: object properties: petType: not: enum: ['cat', 'dog'] ``` This prevents the `defaultMapping` schema from validating a payload that includes the discriminating property with a mapped discriminating value, which would cause a validation to fail when polymorphism is described using the `oneOf` JSON schema keyword. #### Examples For these examples, assume all schemas are in the [entry document](#openapi-description-structure) of the OAD; for handling of `discriminator` in referenced documents see [Resolving Implicit Connections](#resolving-implicit-connections). In OAS 3.x, a response payload MAY be described to be exactly one of any number of types: ```yaml MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' ``` which means a valid payload has to match exactly one of the schemas described by `Cat`, `Dog`, or `Lizard`. Deserialization of a `oneOf` can be a costly operation, as it requires determining which schema matches the payload and thus should be used in deserialization. This problem also exists for `anyOf` schemas. A `discriminator` can be used as a "hint" to improve the efficiency of selection of the matching schema. The [Discriminator Object](#discriminator-object) cannot change the validation result of the `oneOf`, it can only help make the deserialization more efficient and provide better error messaging. We can specify the exact field that tells us which schema is expected to match the instance: ```yaml MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' discriminator: propertyName: petType ``` The expectation now is that a property with name `petType` _MUST_ be present in the response payload, and the value will correspond to the name of a schema defined in the OpenAPI Description. Thus the response payload: ```json { "id": 12345, "petType": "Cat" } ``` will indicate that the `Cat` schema is expected to match this payload. In scenarios where the value of the discriminating property does not match the schema name or implicit mapping is not possible, an optional `mapping` definition can be used: ```yaml MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' - $ref: https://gigantic-server.com/schemas/Monster/schema.json discriminator: propertyName: petType mapping: dog: '#/components/schemas/Dog' monster: https://gigantic-server.com/schemas/Monster/schema.json ``` Here the discriminating value of `dog` will map to the schema `#/components/schemas/Dog`, rather than the default (implicit) value of `#/components/schemas/dog`. If the discriminating value does not match an implicit or explicit mapping, no schema can be determined and validation SHOULD fail. When used in conjunction with the `anyOf` construct, the use of the discriminator can avoid ambiguity for serializers/deserializers where multiple schemas may satisfy a single payload. When the discriminating property is defined as optional, the Discriminator Object has to include a `defaultMapping` field that specifies a schema of the `anyOf` or `oneOf` is expected to validate the structure of the model when the discriminating property is not present in the payload. This allows the schema to still be validated correctly even if the discriminator property is missing. For example: ```yaml MyResponseType: oneOf: - $ref: '#/components/schemas/Cat' - $ref: '#/components/schemas/Dog' - $ref: '#/components/schemas/Lizard' - $ref: '#/components/schemas/OtherPet' discriminator: propertyName: petType defaultMapping: OtherPet OtherPet: type: object properties: petType: not: enum: ['Cat', 'Dog', 'Lizard'] ``` In this example, if the `petType` property is not present in the payload, or if the value of `petType` is not "Cat", "Dog", or "Lizard", then the payload should validate against the `OtherPet` schema. This example shows the `allOf` usage, which avoids needing to reference all child schemas in the parent: ```yaml components: schemas: Pet: type: object required: - petType properties: petType: type: string discriminator: propertyName: petType mapping: dog: Dog Cat: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a `Cat` properties: name: type: string Dog: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a `Dog` properties: bark: type: string Lizard: allOf: - $ref: '#/components/schemas/Pet' - type: object # all other properties specific to a `Lizard` properties: lovesRocks: type: boolean ``` Validated against the `Pet` schema, a payload like this: ```json { "petType": "Cat", "name": "Misty" } ``` will indicate that the `#/components/schemas/Cat` schema is expected to match. Likewise this payload: ```json { "petType": "dog", "bark": "soft" } ``` will map to `#/components/schemas/Dog` because the `dog` entry in the `mapping` element maps to `Dog` which is the schema name for `#/components/schemas/Dog`. ### XML Object A metadata object that allows for more fine-tuned XML model definitions. When using a Schema Object with XML, if no XML Object is present, the behavior is determined by the XML Object's default field values. #### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | nodeType | `string` | One of `element`, `attribute`, `text`, `cdata`, or `none`, as explained under [XML Node Types](#xml-node-types). The default value is `none` if `$ref`, `$dynamicRef`, or `type: "array"` is present in the [Schema Object](#schema-object) containing the XML Object, and `element` otherwise. | | name | `string` | Sets the name of the element/attribute corresponding to the schema, replacing the name that was inferred as described under [XML Node Names](#xml-node-names). This field SHALL be ignored if the `nodeType` is `text`, `cdata`, or `none`. | | namespace | `string` | The IRI ([[RFC3987]]) of the namespace definition. Value MUST be in the form of a non-relative IRI. | | prefix | `string` | The prefix to be used for the [name](#xml-name). | | attribute | `boolean` | Declares whether the property definition translates to an attribute instead of an element. Default value is `false`. If `nodeType` is present, this field MUST NOT be present.

**Deprecated:** Use `nodeType: "attribute"` instead of `attribute: true` | | wrapped | `boolean` | MAY be used only for an array definition. Signifies whether the array is wrapped (for example, ``) or unwrapped (``). Default value is `false`. The definition takes effect only when defined alongside `type` being `"array"` (outside the `items`). If `nodeType` is present, this field MUST NOT be present.

**Deprecated:** Use `nodeType: "element"` instead of `wrapped: true` | Note that when generating an XML document from object data, the order of the nodes is undefined. Use `prefixItems` to control node ordering as shown under [Ordered Elements and Text](#ordered-elements-and-text). See [Appendix B](#appendix-b-data-type-conversion) for a discussion of converting values of various types to string representations. This object MAY be extended with [Specification Extensions](#specification-extensions). #### XML Node Types Each Schema Object describes a particular type of XML [[!DOM]] [node](https://dom.spec.whatwg.org/#interface-node) which is specified by the `nodeType` field, which has the following possible values. Except for the special value `none`, these values have numeric equivalents in the DOM specification which are given in parentheses after the name: * `element` (1): The schema represents an element and describes its contents * `attribute` (2): The schema represents an attribute and describes its value * `text` (3): The schema represents a text node (parsed character data) * `cdata` (4): The schema represents a CDATA section * `none`: The schema does not correspond to any node in the XML document, and the nodes corresponding to its subschema(s) are included directly under its parent schema's node The `none` type is useful for JSON Schema constructs that require more Schema Objects than XML nodes, such as a schema containing only `$ref` that exists to facilitate re-use rather than imply any structure. ##### Modeling Element Lists For historical compatibility, schemas of `type: "array"` default to `nodeType: "none"`, placing the nodes for each array item directly under the parent node. This also aligns with the inferred naming behavior defined under [XML Node Names](#xml-node-names). To produce an element wrapping the list, set an explicit `nodeType: "element"` on the `type: "array"` schema. When doing so, it is advisable to set an explicit name on either the wrapping element or the item elements to avoid them having the same inferred name. See examples for expected behavior. ##### Implicit and Explicit `text` Nodes If an `element` node has a primitive type, then the schema also produces an implicit `text` node described by the schema for the contents of the `element` node named by the property name (or `name` field). Explicit `text` nodes are necessary if an element has both attributes and content. Note that placing two `text` nodes adjacent to each other is ambiguous for parsing, and the resulting behavior is implementation-defined. #### XML Node Names The `element` and `attribute` node types require a name, which MUST be inferred from the schema as follows, unless overridden by the `name` field: * For schemas directly under the [Components Object's](#components-object) `schemas` field, the component name is the inferred name. * For property schemas, and for array item schemas under a property schema, the property name is the inferred name. * In all other cases, such as an inline schema under a [Media Type Object's](#media-type-object) `schema` field, no name can be inferred and an XML Object with a `name` field MUST be present. Note that when using arrays, singular vs plural forms are _not_ inferred, and must be set explicitly. #### Namespace Limitations The `namespace` field is intended to match the syntax of [XML namespaces](https://www.w3.org/TR/xml-names11/), although there are a few caveats: * Versions 3.1.0, 3.0.3, and earlier of this specification erroneously used the term "absolute URI" instead of "non-relative URI" ("non-relative IRI" as of OAS v3.2.0), so authors using namespaces that include a fragment should check tooling support carefully. * XML allows but discourages relative IRI-references, while this specification outright forbids them. #### Handling `null` Values XML does not, by default, have a concept equivalent to `null`, and to preserve compatibility with version 3.1.1 and earlier of this specification, the behavior of serializing `null` values is implementation-defined. However, implementations SHOULD handle `null` values as follows: * For elements, produce an empty element with an `xsi:nil="true"` attribute. * For attributes, omit the attribute. * For text and CDATA sections, see [Appendix B](#appendix-b-data-type-conversion) for a discussion of serializing non-text values to text. Note that for attributes, this makes either a `null` value or a missing property serialize to an omitted attribute. As the Schema Object validates the in-memory representation, this allows handling the combination of `null` and a required property. However, because there is no distinct way to represent `null` as an attribute, it is RECOMMENDED to make attribute properties optional rather than use `null`. To ensure correct round-trip behavior, when parsing an element that omits an attribute, implementations SHOULD set the corresponding property to `null` if the schema allows for that value (e.g. `type: ["number", "null"]`), and omit the property otherwise (e.g.`type: "number"`). #### XML Object Examples The Schema Objects are followed by an example XML representation produced for the schema shown. For examples using `attribute` or `wrapped`, please see version 3.1 of the OpenAPI Specification. ##### No XML Object Basic string property without an XML Object, using `serializedValue` (the remaining examples will use `externalValue` so that the XML form can be shown with syntax highlighting): ```yaml application/xml: schema: type: object xml: name: document properties: animals: type: string examples: pets: dataValue: animals: dog, cat, hamster serializedValue: | dog, cat, hamster ``` Basic string array property (`nodeType` is `none` by default): ```yaml application/xml: schema: type: object xml: name: document properties: animals: type: array items: type: string examples: pets: dataValue: animals: - dog - cat - hamster externalValue: ./examples/pets.xml ``` Where `./examples/pets.xml` would be: ```xml dog cat hamster ``` ##### XML Name Replacement ```yaml application/xml: schema: type: object xml: name: document properties: animals: type: string xml: name: animal examples: pets: dataValue: animals: - dog - cat - hamster externalValue: ./examples/pets.xml ``` Where `./examples/pets.xml` would be: ```xml dog cat hamster ``` ##### XML Attribute, Prefix and Namespace Note that the name of the root XML element comes from the component name. ```yaml components: schemas: Person: type: object properties: id: type: integer format: int32 xml: nodeType: attribute name: type: string xml: namespace: https://example.com/schema/sample prefix: sample requestBodies: Person: content: application/xml: schema: $ref: "#/components/schemas/Person" examples: Person: dataValue: id: 123 name: example externalValue: ./examples/Person.xml ``` Where `./examples/Person.xml` would be: ```xml example ``` ##### XML Arrays Changing the element names: ```yaml application/xml: schema: type: object xml: name: document properties: animals: type: array items: type: string xml: name: animal examples: pets: dataValue: animals: - dog - cat - hamster externalValue: ./examples/pets.xml ``` Where `./examples/pets.xml` would be: ```xml dog cat hamster ``` The `name` field for the `type: "array"` schema has no effect because the default `nodeType` for that object is `none`: ```yaml application/xml: schema: type: object xml: name: document properties: animals: type: array xml: name: aliens items: type: string xml: name: animal examples: pets: dataValue: animals: - dog - cat - hamster externalValue: ./examples/pets.xml ``` Where `./examples/pets.xml` would be: ```xml dog cat hamster ``` Even when a wrapping element is explicitly created by setting `nodeType` to `element`, if a name is not explicitly defined, the same name will be used for both the wrapping element and the list item elements: ```yaml application/xml: schema: type: object xml: name: document properties: animals: type: array xml: nodeType: element items: type: string examples: pets: dataValue: animals: - dog - cat - hamster externalValue: ./examples/pets.xml ``` Where `./examples/pets.xml` would be: ```xml dog cat hamster ``` To overcome the naming problem in the example above, the following definition can be used: ```yaml application/xml: schema: type: object xml: name: document properties: animals: type: array xml: nodeType: element items: type: string xml: name: animal examples: pets: dataValue: animals: - dog - cat - hamster externalValue: ./examples/pets.xml ``` Where `./examples/pets.xml` would be: ```xml dog cat hamster ``` Affecting both wrapping element and item element names: ```yaml application/xml: schema: type: object xml: name: document properties: animals: type: array xml: name: aliens nodeType: element items: type: string xml: name: animal examples: pets: dataValue: animals: - dog - cat - hamster externalValue: ./examples/pets.xml ``` Where `./examples/pets.xml` would be: ```xml dog cat hamster ``` If we change the wrapping element name but not the item element names: ```yaml application/xml: schema: type: object xml: name: document properties: animals: type: array xml: name: aliens nodeType: element items: type: string examples: pets: dataValue: animals: - dog - cat - hamster externalValue: ./examples/pets.xml ``` Where `./examples/pets.xml` would be: ```xml dog cat hamster ``` ##### Elements With Attributes And Text ```yaml application/xml: schema: type: array xml: nodeType: element name: animals items: xml: name: animal properties: kind: type: string xml: nodeType: attribute name: type: string xml: nodeType: text examples: pets: dataValue: - kind: Cat name: Fluffy - kind: Dog name: Fido ``` Where `./examples/pets.xml` would be: ```xml Fluffy Fido ``` ##### Referenced Element With CDATA In this example, no element is created for the Schema Object that contains only the `$ref`, as its `nodeType` defaults to `none`. It is necessary to create a subschema for the CDATA section as otherwise the content would be treated as an implicit node of type `text`. ```yaml components: schemas: Documentation: type: object properties: content: type: string contentMediaType: text/html xml: nodeType: cdata responses: content: application/xml: schema: $ref: "#/components/schemas/Documentation" examples: docs: dataValue: content: Awesome Docs externalValue: ./examples/docs.xml ``` Where `./examples/docs.xml` would be: ```xml Awesome Docs]]> ``` Alternatively, the named root element could be set at the point of use and the root element disabled on the component (note that in this example, the same `dataValue` is used in two places with different serializations shown with `externalValue`): ```yaml paths: /docs: get: responses: "200": content: application/xml: schema: xml: nodeType: element name: StoredDocument $ref: "#/components/schemas/Documentation" examples: stored: dataValue: content: Awesome Docs externalValue: ./examples/stored.xml put: requestBody: required: true content: application/xml: schema: xml: nodeType: element name: UpdatedDocument $ref: "#/components/schemas/Documentation" examples: updated: dataValue: content: Awesome Docs externalValue: ./examples/updated.xml responses: "201": {} components: schemas: Documentation: xml: nodeType: none type: object properties: content: type: string contentMediaType: text/html xml: nodeType: cdata ``` where `./examples/stored.xml` would be: ```xml Awesome Docs]]> ``` and `./examples/updated.xml` would be: ```xml Awesome Docs]]> ``` ##### Ordered Elements and Text To control the exact order of elements, use the `prefixItems` keyword. With this approach, it is necessary to set the element names using the XML Object as they would otherwise all inherit the parent's name despite being different elements in a specific order. It is also necessary to set `nodeType: "element"` explicitly on the array in order to get an element containing the sequence. This first ordered example shows a sequence of elements, as well as the recommended serialization of `null` for elements: ```yaml application/xml: schema: xml: nodeType: element name: OneTwoThree type: array minLength: 3 maxLength: 3 prefixItems: - xml: name: One type: string - xml: name: Two type: object required: - unit - value properties: unit: type: string xml: nodeType: attribute value: type: number xml: nodeType: text - xml: name: Three type: - boolean - "null" examples: OneTwoThree: dataValue: - Some text - unit: cubits value: 42 null ] externalValue: ./examples/OneTwoThree.xml ``` Where `./examples/OneTwoThree.xml` would be: ```xml Some text 42 ``` In this next example, the `name` needs to be set for the element, while the `nodeType` needs to be set for the text nodes. ```yaml application/xml: schema: xml: nodeType: element name: Report type: array prefixItems: - xml: nodeType: text type: string - xml: name: data type: number - xml: nodeType: text type: string examples: Report: dataValue: - Some preamble text. - 42 - Some postamble text. externalValue: ./examples/Report.xml ``` Where `./examples/Report.xml` would be: ```xml Some preamble text.42Some postamble text. ``` ##### XML With `null` Values Recall that the schema validates the in-memory data, not the XML document itself. This example does not define properties for `"related"` as it is showing how empty objects and `null` are handled. ```yaml application/xml: schema: xml: name: product type: object required: - count - description - related properties: count: type: - number - "null" xml: nodeType: attribute rating: type: string xml: nodeType: attribute description: type: string related: type: - object - "null" examples: productWithNulls: dataValue: count: null description: Thing related: null externalValue: ./examples/productWithNulls.xml productNoNulls: dataValue: count: 42 description: Thing related: {} externalValue: ./examples/productNoNulls.xml ``` Where `./examples/productWithNulls.xml` would be: ```xml Thing ``` and `./examples/productNoNulls.xml` would be: ```xml Thing ``` ### Security Scheme Object Defines a security scheme that can be used by the operations. Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), mutual TLS (use of a client certificate), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), OAuth2 device authorization flow as defined in [RFC8628](https://tools.ietf.org/html/rfc8628), and [[OpenID-Connect-Core]]. Please note that as of 2020, the implicit flow is about to be deprecated by [OAuth 2.0 Security Best Current Practice](https://tools.ietf.org/html/draft-ietf-oauth-security-topics). Recommended for most use cases is Authorization Code Grant flow with PKCE. #### Fixed Fields | Field Name | Type | Applies To | Description | | ---- | :----: | ---- | ---- | | type | `string` | Any | **REQUIRED**. The type of the security scheme. Valid values are `"apiKey"`, `"http"`, `"mutualTLS"`, `"oauth2"`, `"openIdConnect"`. | | description | `string` | Any | A description for security scheme. [CommonMark syntax](https://spec.commonmark.org/) MAY be used for rich text representation. | | name | `string` | `apiKey` | **REQUIRED**. The name of the header, query or cookie parameter to be used. | | in | `string` | `apiKey` | **REQUIRED**. The location of the API key. Valid values are `"query"`, `"header"`, or `"cookie"`. | | scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC9110](https://www.rfc-editor.org/rfc/rfc9110.html#section-16.4.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml). The value is case-insensitive, as defined in [RFC9110](https://www.rfc-editor.org/rfc/rfc9110.html#section-11.1). | | bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes. | | flows | [OAuth Flows Object](#oauth-flows-object) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported. | | openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [[OpenID-Connect-Discovery]] [provider metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). | | oauth2MetadataUrl | `string` | `oauth2` | URL to the OAuth2 authorization server metadata [RFC8414](https://datatracker.ietf.org/doc/html/rfc8414). TLS is required. | | deprecated | `boolean` | Any | Declares this security scheme to be deprecated. Consumers SHOULD refrain from usage of the declared scheme. Default value is `false`. | This object MAY be extended with [Specification Extensions](#specification-extensions). #### Security Scheme Object Examples ##### Basic Authentication Example ```yaml type: http scheme: basic ``` ##### API Key Example ```yaml type: apiKey name: api-key in: header ``` ##### JWT Bearer Example ```yaml type: http scheme: bearer bearerFormat: JWT ``` ##### MutualTLS Example ```yaml type: mutualTLS description: Cert must be signed by example.com CA ``` ##### Implicit OAuth2 Example ```yaml type: oauth2 flows: implicit: authorizationUrl: https://example.com/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets ``` ### OAuth Flows Object Allows configuration of the supported OAuth Flows. #### Fixed Fields | Field Name | Type | Description | | ---- | :----: | ---- | | implicit | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Implicit flow | | password | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Resource Owner Password flow | | clientCredentials | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Client Credentials flow. Previously called `application` in OpenAPI 2.0. | | authorizationCode | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Authorization Code flow. Previously called `accessCode` in OpenAPI 2.0. | | deviceAuthorization | [OAuth Flow Object](#oauth-flow-object) | Configuration for the OAuth Device Authorization flow. | This object MAY be extended with [Specification Extensions](#specification-extensions). ### OAuth Flow Object Configuration details for a supported OAuth Flow #### Fixed Fields | Field Name | Type | Applies To | Description | | ---- | :----: | ---- | ---- | | authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | | deviceAuthorizationUrl | `string` | `oauth2` (`"deviceAuthorization"`) | **REQUIRED**. The device authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | | tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`, `"deviceAuthorization"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | | refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS. | | scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty. | This object MAY be extended with [Specification Extensions](#specification-extensions). #### OAuth Flow Object Example ```yaml type: oauth2 flows: implicit: authorizationUrl: https://example.com/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets authorizationCode: authorizationUrl: https://example.com/api/oauth/dialog tokenUrl: https://example.com/api/oauth/token scopes: write:pets: modify pets in your account read:pets: read your pets ``` ### Security Requirement Object Lists the required security schemes to execute this operation. The name used for each property MUST either correspond to a security scheme declared in the [Security Schemes](#components-security-schemes) under the [Components Object](#components-object), or be the URI of a Security Scheme Object. Property names that are identical to a component name under the Components Object MUST be treated as a component name. To reference a Security Scheme with a single-segment relative URI reference (e.g. `foo`) that collides with a component name (e.g. `#/components/securitySchemes/foo`), use the `.` path segment (e.g. `./foo`). Using a Security Scheme component name that appears to be a URI is NOT RECOMMENDED, as the precedence of component-name-matching over URI resolution, which is necessary to maintain compatibility with prior OAS versions, is counter-intuitive. See also [Security Considerations](#security-considerations). A Security Requirement Object MAY refer to multiple security schemes in which case all schemes MUST be satisfied for a request to be authorized. This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information. When the `security` field is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object) and contains multiple Security Requirement Objects, only one of the entries in the list needs to be satisfied to authorize the request. This enables support for scenarios where the API allows multiple, independent security schemes. An empty Security Requirement Object (`{}`) indicates anonymous access is supported. #### Patterned Fields | Field Pattern | Type | Description | | ---- | :----: | ---- | | {name} | [`string`] | Each name or URI MUST correspond to a security scheme as described above. If the security scheme is of type `"oauth2"` or `"openIdConnect"`, then the value is a list of scope names required for the execution, and the list MAY be empty if authorization does not require a specified scope. For other security scheme types, the array MAY contain a list of role names which are required for the execution, but are not otherwise defined or exchanged in-band. | #### Security Requirement Object Examples See also [Implicit Connection Resolution Examples](#implicit-connection-resolution-examples) in [Appendix G: Parsing and Resolution Guidance](#appendix-g-parsing-and-resolution-guidance) for an example using Security Requirement Objects in multi-document OpenAPI Descriptions. ##### Non-OAuth2 Security Requirement ```yaml api_key: [] ``` ##### OAuth2 Security Requirement This example uses a component name for the Security Scheme. ```yaml petstore_auth: - write:pets - read:pets ``` ##### Optional OAuth2 Security This example uses a relative URI reference for the Security Scheme. Optional OAuth2 security as would be defined in an OpenAPI Object or an Operation Object: ```yaml security: - {} - petstore_auth: - write:pets - read:pets ``` ## Specification Extensions While the OpenAPI Specification tries to accommodate most use cases, additional data can be added to extend the specification at certain points. The extensions properties are implemented as patterned fields that are always prefixed by `x-`. | Field Pattern | Type | Description | | ---- | :--: | ---- | | ^x- | Any | Allows extensions to the OpenAPI Schema. The field name MUST begin with `x-`, for example, `x-internal-id`. Field names beginning `x-oai-` and `x-oas-` are reserved for uses defined by the [OpenAPI Initiative](https://www.openapis.org/). The value can be any valid JSON value (`null`, a primitive, an array, or an object.) | The OpenAPI Initiative maintains several [[OpenAPI-Registry|extension registries]], including registries for [individual extension keywords](https://spec.openapis.org/registry/extension/) and [extension keyword namespaces](https://spec.openapis.org/registry/namespace/). Extensions are one of the best ways to prove the viability of proposed additions to the specification. It is therefore RECOMMENDED that implementations be designed for extensibility to support community experimentation. Support for any one extension is OPTIONAL, and support for one extension does not imply support for others. ## Security Considerations ### OpenAPI Description Formats OpenAPI Descriptions use a combination of JSON, YAML, and JSON Schema, and therefore share their security considerations: * [JSON](https://www.iana.org/assignments/media-types/application/json) * [YAML](https://www.iana.org/assignments/media-types/application/yaml) * [JSON Schema Core](https://www.ietf.org/archive/id/draft-bhutton-json-schema-01.html#section-13) * [JSON Schema Validation](https://www.ietf.org/archive/id/draft-bhutton-json-schema-validation-01.html#section-10) ### Tooling and Usage Scenarios In addition, OpenAPI Descriptions are processed by a wide variety of tooling for numerous different purposes, such as client code generation, documentation generation, server side routing, and API testing. OpenAPI Description authors must consider the risks of the scenarios where the OpenAPI Description may be used. ### Security Schemes An OpenAPI Description describes the security schemes used to protect the resources it defines. The security schemes available offer varying degrees of protection. Factors such as the sensitivity of the data and the potential impact of a security breach should guide the selection of security schemes for the API resources. Some security schemes, such as basic auth and OAuth Implicit flow, are supported for compatibility with existing APIs. However, their inclusion in OpenAPI does not constitute an endorsement of their use, particularly for highly sensitive data or operations. The rules for connecting a [Security Requirement Object](#security-requirement-object) to a [Security Scheme Object](#security-scheme-object) under a [Components Object](#components-object) are ambiguous in a way that could be exploited. Specifically: * It is implementation-defined whether a component name used by a Security Requirement Object in a referenced document is resolved from the entry document (RECOMMENDED) or the referenced document. * A Security Requirement Object that uses a URI to identify a Security Scheme Object can have the URI resolution hijacked by providing a Security Scheme component name identical to the URI, as the name lookup behavior takes precedence over URI resolution for compatibility with previous versions of the OAS. ### Security Filtering Some objects in the OpenAPI Specification MAY be declared and remain empty, or be completely removed, even though they are inherently the core of the API documentation. The reasoning is to allow an additional layer of access control over the documentation. While not part of the specification itself, certain libraries MAY choose to allow access to parts of the documentation based on some form of authentication/authorization. Two examples of this: 1. The [Paths Object](#paths-object) MAY be present but empty. It may be counterintuitive, but this may tell the viewer that they got to the right place, but can't access any documentation. They would still have access to at least the [Info Object](#info-object) which may contain additional information regarding authentication. 2. The [Path Item Object](#path-item-object) MAY be empty. In this case, the viewer will be aware that the path exists, but will not be able to see any of its operations or parameters. This is different from hiding the path itself from the [Paths Object](#paths-object), because the user will be aware of its existence. This allows the documentation provider to finely control what the viewer can see. ### Handling External Resources OpenAPI Descriptions may contain references to external resources that may be dereferenced automatically by consuming tools. External resources may be hosted on different domains that may be untrusted. ### Handling Reference Cycles References in an OpenAPI Description may cause a cycle. Tooling must detect and handle cycles to prevent resource exhaustion. ### Markdown and HTML Sanitization Certain fields allow the use of Markdown which can contain HTML including script. It is the responsibility of tooling to appropriately sanitize the Markdown. ## Appendix A: Revision History | Version | Date | Notes | | ---- | ---- | ---- | | 3.2.0 | 2025-09-19 | Release of the OpenAPI Specification 3.2.0 | | 3.1.2 | 2025-09-19 | Patch release of the OpenAPI Specification 3.1.2 | | 3.1.1 | 2024-10-24 | Patch release of the OpenAPI Specification 3.1.1 | | 3.1.0 | 2021-02-15 | Release of the OpenAPI Specification 3.1.0 | | 3.1.0-rc1 | 2020-10-08 | rc1 of the 3.1 specification | | 3.1.0-rc0 | 2020-06-18 | rc0 of the 3.1 specification | | 3.0.4 | 2024-10-24 | Patch release of the OpenAPI Specification 3.0.4 | | 3.0.3 | 2020-02-20 | Patch release of the OpenAPI Specification 3.0.3 | | 3.0.2 | 2018-10-08 | Patch release of the OpenAPI Specification 3.0.2 | | 3.0.1 | 2017-12-06 | Patch release of the OpenAPI Specification 3.0.1 | | 3.0.0 | 2017-07-26 | Release of the OpenAPI Specification 3.0.0 | | 3.0.0-rc2 | 2017-06-16 | rc2 of the 3.0 specification | | 3.0.0-rc1 | 2017-04-27 | rc1 of the 3.0 specification | | 3.0.0-rc0 | 2017-02-28 | Implementer's Draft of the 3.0 specification | | 2.0 | 2015-12-31 | Donation of Swagger 2.0 to the OpenAPI Initiative | | 2.0 | 2014-09-08 | Release of Swagger 2.0 | | 1.2 | 2014-03-14 | Initial release of the formal document. | | 1.1 | 2012-08-22 | Release of Swagger 1.1 | | 1.0 | 2011-08-10 | First release of the Swagger Specification | ## Appendix B: Data Type Conversion Serializing typed data to plain text, which can occur in `text/plain` message bodies or `multipart` parts, as well as in the `application/x-www-form-urlencoded` format in either URL query strings or message bodies, involves significant implementation- or application-defined behavior. [Schema Objects](#schema-object) validate data based on the [JSON Schema data model](https://www.ietf.org/archive/id/draft-bhutton-json-schema-01.html#section-4.2.1), which only recognizes four primitive data types: strings (which are [only broadly interoperable as UTF-8](https://datatracker.ietf.org/doc/html/rfc7159#section-8.1)), numbers, booleans, and `null`. Notably, integers are not a distinct type from other numbers, with `type: "integer"` being a convenience defined mathematically, rather than based on the presence or absence of a decimal point in any string representation. The [Parameter Object](#parameter-object), [Header Object](#header-object), and [Encoding Object](#encoding-object) offer features to control how to arrange values from array or object types. They can also be used to control how strings are further encoded to avoid reserved or illegal characters. However, there is no general-purpose specification for converting schema-validated non-UTF-8 primitive data types (or entire arrays or objects) to strings. Two cases do offer standards-based guidance: * [RFC3987](https://datatracker.ietf.org/doc/html/rfc3987#section-3.1) provides guidance for converting non-Unicode strings to UTF-8, particularly in the context of URIs (and by extension, the form media types which use the same encoding rules) * [RFC6570](https://www.rfc-editor.org/rfc/rfc6570#section-2.3) specifies which values, including but not limited to `null`, are considered _undefined_ and therefore treated specially in the expansion process when serializing based on that specification Implementations of RFC6570 often have their own conventions for converting non-string values, but these are implementation-specific and not defined by the RFC itself. This is one reason for the OpenAPI Specification to leave these conversions as implementation-defined: It allows using RFC6570 implementations regardless of how they choose to perform the conversions. To control the serialization of numbers, booleans, and `null` (or other values RFC6570 deems to be undefined) more precisely, schemas can be defined as `type: "string"` and constrained using `pattern`, `enum`, `format`, and other keywords to communicate how applications must pre-convert their data prior to schema validation. The resulting strings would not require any further type conversion. The `format` keyword can assist in serialization. Some formats (such as `date-time`) are unambiguous, while others (such as [`decimal`](https://spec.openapis.org/registry/format/decimal.html) in the [Format Registry](https://spec.openapis.org/registry/format/)) are less clear. However, care must be taken with `format` to ensure that the specific formats are supported by all relevant tools as unrecognized formats are ignored. Requiring input as pre-formatted, schema-validated strings also improves round-trip interoperability as not all programming languages and environments support the same data types. ## Appendix C: Using RFC6570-Based Serialization Serialization is defined in terms of [RFC6570](https://www.rfc-editor.org/rfc/rfc6570) URI Templates in three scenarios: | Object | Condition | | ---- | ---- | | [Parameter Object](#parameter-object) | When `schema` is present | | [Header Object](#header-object) | When `schema` is present | | [Encoding Object](#encoding-object) | When encoding for `application/x-www-form-urlencoded` and any of `style`, `explode`, or `allowReserved` are used | Implementations of this specification MAY use an implementation of RFC6570 to perform variable expansion, however, some caveats apply. Note that when using `style: "form"` RFC6570 expansion to produce an `application/x-www-form-urlencoded` HTTP message body, it is necessary to remove the `?` prefix that is produced to satisfy the URI query string syntax. When using `style` and similar keywords to produce a `multipart/form-data` body, the query string names are placed in the `name` parameter of the `Content-Disposition` part header, and the values are placed in the corresponding part body; the `?`, `=`, and `&` characters are not used, and URI percent encoding is not applied, regardless of the value of `allowReserved`. Note that while [RFC7578](https://datatracker.ietf.org/doc/html/rfc7578) allows using [[RFC3986]] percent-encoding in "file names", it does not otherwise address the use of percent-encoding within the format. Users are expected to provide names and data with any escaping necessary for conformance with RFC7578 already applied. Note also that not all RFC6570 implementations support all four levels of operators, all of which are needed to fully support the OpenAPI Specification's usage. Using an implementation with a lower level of support will require additional manual construction of URI Templates to work around the limitations. ### Equivalences Between Fields and RFC6570 Operators Certain field values translate to RFC6570 [operators](https://datatracker.ietf.org/doc/html/rfc6570#section-2.2) (or lack thereof): | field | value | equivalent | | ---- | ---- | ---- | | style | `"simple"` | _n/a_ | | style | `"matrix"` | `;` prefix operator | | style | `"label"` | `.` prefix operator | | style | `"form"` | `?` prefix operator | | allowReserved | `false` | _n/a_ | | allowReserved | `true` | `+` prefix operator | | explode | `false` | _n/a_ | | explode | `true` | `*` modifier suffix | Multiple `style: "form"` parameters are equivalent to a single RFC6570 [variable list](https://www.rfc-editor.org/rfc/rfc6570#section-2.2) using the `?` prefix operator: ```yaml parameters: - name: foo in: query schema: type: object explode: true - name: bar in: query schema: type: string ``` This example is equivalent to RFC6570's `{?foo*,bar}`, and **NOT** `{?foo*}{&bar}`. The latter is problematic because if `foo` is not defined, the result will be an invalid URI. The `&` prefix operator has no equivalent in the Parameter Object. Note that RFC6570 does not specify behavior for compound values beyond the single level addressed by `explode`. The result of using objects or arrays where no behavior is clearly specified for them is implementation-defined. ### Delimiters in Parameter Values Delimiters used by RFC6570 expansion, such as the `,` used to join arrays or object values with `style: "simple"`, are all automatically percent-encoded as long as `allowReserved` is `false`. Note that since RFC6570 does not define a way to parse variables based on a URI Template, users must take care to first split values by delimiter before percent-decoding values that might contain the delimiter character. When `allowReserved` is `true`, both percent-encoding (prior to joining values with a delimiter) and percent-decoding (after splitting on the delimiter) must be done manually at the correct time. See [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for additional guidance on handling delimiters for `style` values with no RFC6570 equivalent that already need to be percent-encoded when used as delimiters. ### Non-RFC6570 Field Values and Combinations Configurations with no direct [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570) equivalent SHOULD also be handled according to RFC6570. Implementations MAY create a properly delimited URI Template with variables for individual names and values using RFC6570 regular or reserved expansion (based on `allowReserved`). This includes: * the styles `pipeDelimited`, `spaceDelimited`, and `deepObject`, which have no equivalents at all * the combination of the style `form` with `allowReserved: true`, which is not allowed because only one prefix operator can be used at a time * any parameter name that is not a legal RFC6570 variable name The Parameter Object's `name` field has a much more permissive syntax than RFC6570 [variable name syntax](https://www.rfc-editor.org/rfc/rfc6570#section-2.3). A parameter name that includes characters outside of the allowed RFC6570 variable character set MUST be percent-encoded before it can be used in a URI Template. ### Examples Let's say we want to use the following data in a form query string, where `formulas` is exploded, and `words` is not: ```yaml formulas: a: x+y b: x/y c: x^y words: - math - is - fun ``` #### RFC6570-Equivalent Expansion This array of Parameter Objects uses regular `style: "form"` expansion, fully supported by [RFC6570](https://datatracker.ietf.org/doc/html/rfc6570): ```yaml parameters: - name: formulas in: query schema: type: object additionalProperties: type: string explode: true - name: words in: query schema: type: array items: type: string ``` This translates to the following URI Template: ```uritemplate {?formulas*,words} ``` when expanded with the data given earlier, we get: ```uri ?a=x%2By&b=x%2Fy&c=x%5Ey&words=math,is,fun ``` #### Expansion with Non-RFC6570-Supported Options But now let's say that (for some reason), we really want that `/` in the `b` formula to show up as-is in the query string, and we want our words to be space-separated like in a written phrase. To do that, we'll add `allowReserved: true` to `formulas`, and change to `style: "spaceDelimited"` for `words`: ```yaml parameters: - name: formulas in: query schema: type: object additionalProperties: type: string explode: true allowReserved: true - name: words in: query style: spaceDelimited explode: false schema: type: array items: type: string ``` We can't combine the `?` and `+` RFC6570 [prefixes](https://datatracker.ietf.org/doc/html/rfc6570#section-2.4.1), and there's no way with RFC6570 to replace the `,` separator with a space character. So we need to restructure the data to fit a manually constructed URI Template that passes all of the pieces through the right sort of expansion. Here is one such template, using a made-up convention of `words.0` for the first entry in the words value, `words.1` for the second, and `words.2` for the third: ```uritemplate ?a={+a}&b={+b}&c={+c}&words={words.0} {words.1} {words.2} ``` RFC6570 [mentions](https://www.rfc-editor.org/rfc/rfc6570.html#section-2.4.2) the use of `.` "to indicate name hierarchy in substructures," but does not define any specific naming convention or behavior for it. Since the `.` usage is not automatic, we'll need to construct an appropriate input structure for this new template. We'll also need to pre-process the values for `formulas` because while `/` and most other reserved characters are allowed in the query string by RFC3986, `[`, `]`, and `#` [are not](https://datatracker.ietf.org/doc/html/rfc3986#appendix-A), and `&`, `=`, and `+` all have [special behavior](https://url.spec.whatwg.org/#application/x-www-form-urlencoded) in the `application/x-www-form-urlencoded` format, which is what we are using in the query string. Setting `allowReserved: true` does _not_ make reserved characters that are not allowed in URIs allowed, it just allows them to be _passed through expansion unchanged_, for example because some other specification has defined a particular meaning for them. Therefore, users still need to percent-encode any reserved characters that are _not_ being passed through due to a special meaning because reserved expansion does not know which reserved characters are being used, and which should still be percent-encoded. However, reserved expansion, unlike regular expansion, _will_ leave the pre-percent-encoded triples unchanged. See also [Appendix E](#appendix-e-percent-encoding-and-form-media-types) for further guidance on percent-encoding and form media types, including guidance on handling the delimiter characters for `spaceDelimited`, `pipeDelimited`, and `deepObject` in parameter names and values. So here is our data structure that arranges the names and values to suit the template above, where values for `formulas` have `[]#&=+` pre-percent encoded (although only `+` appears in this example): ```yaml a: x%2By b: x/y c: x^y words.0: math words.1: is words.2: fun ``` Expanding our manually assembled template with our restructured data yields the following query string: ```uri ?a=x%2By&b=x/y&c=x%5Ey&words=math%20is%20fun ``` The `/` and the pre-percent-encoded `%2B` have been left alone, but the disallowed `^` character (inside a value) and space characters (in the template but outside of the expanded variables) were percent-encoded. #### Undefined Values and Manual URI Template Construction Care must be taken when manually constructing templates to handle the values that RFC6570 [considers to be _undefined_](https://datatracker.ietf.org/doc/html/rfc6570#section-2.3) correctly: ```yaml formulas: {} words: - hello - world ``` Using this data with our original RFC6570-friendly URI Template, `{?formulas*,words}`, produces the following: ```uri ?words=hello,world ``` This means that the manually constructed URI Template and restructured data need to leave out the `formulas` object entirely so that the `words` parameter is the first and only parameter in the query string. Restructured data: ```yaml words.0: hello words.1: world ``` Manually constructed URI Template: ```uritemplate ?words={words.0} {words.1} ``` Result: ```uri ?words=hello%20world ``` #### Illegal Variable Names as Parameter Names In this example, the heart emoji is not legal in URI Template names (or URIs): ```yaml parameters: - name: ❤️ in: query schema: type: string ``` We can't just pass `❤️: "love!"` to an RFC6570 implementation. Instead, we have to pre-percent-encode the name (which is a six-octet UTF-8 sequence) in both the data and the URI Template: ```yaml "%E2%9D%A4%EF%B8%8F": love! ``` ```uritemplate {?%E2%9D%A4%EF%B8%8F} ``` This will expand to the result: ```uri ?%E2%9D%A4%EF%B8%8F=love%21 ``` ## Appendix D: Serializing Headers and Cookies HTTP headers have inconsistent rules regarding what characters are allowed, and how some or all disallowed characters can be escaped and included. While the `quoted-string` ABNF rule given in [[RFC9110]] [Section 5.4.6](https://www.rfc-editor.org/rfc/rfc9110.html#section-5.6.4) is the most common escaping solution, it is not sufficiently universal to apply automatically. For example, a strong `ETag` looks like `"foo"` (with quotes, regardless of the contents), and a weak `ETag` looks like `W/"foo"` (note that only part of the value is quoted); the contents of the quotes for this header are also not escaped in the way `quoted-string` contents are. For this reason, any data being passed to a header by way of a [Parameter](#parameter-object) or [Header](#header-object) Object needs to be quoted and escaped prior to passing it to the OAS implementation, and the parsed header values are expected to contain the quotes and escapes. ### Percent-Encoding and Cookies [RFC6570](https://www.rfc-editor.org/rfc/rfc6570)'s percent-encoding behavior is not always appropriate for `in: "cookie"` parameters. While percent-encoding seems more common as an escaping mechanism than the base64 encoding (`contentEncoding`: "base64") recommended by [[RFC6265]], [section 5.6 of draft-ietf-httpbis-rfc6265bis-20](https://www.ietf.org/archive/id/draft-ietf-httpbis-rfc6265bis-20.html#section-5.6), the proposed update to that RFC notes that cookies sent in the `Set-Cookie` response header that appear to be percent-encoded MUST NOT be decoded when stored by the client, which would mean that they are already encoded when retrieved from that storage for use in the `Cookie` request header. The behavior of `style: "cookie"` assumes this usage, and _does not_ apply or remove percent-encoding. If automatic percent-encoding is desired, `style: "form"` with a primitive value or with the non-default `explode` value of `false` provides this behavior. However, note that the default value of `explode: true` for `style: "form"` with non-primitive values uses the wrong delimiter for cookies (`&` instead of `;` followed by a single space) to set multiple cookie values. Using `style: "form"` with `in: "cookie"` via an RFC6570 implementation requires stripping the `?` prefix, as when producing `application/x-www-form-urlencoded` message bodies. To allow the full use of `style: "form"` with `in: "cookie"`, use the `allowReserved` field. ## Appendix E: Percent-Encoding and Form Media Types _**NOTE:** In this section, the `application/x-www-form-urlencoded` and `multipart/form-data` media types are abbreviated as `form-urlencoded` and `form-data`, respectively, for readability._ Percent-encoding is used in URIs and media types that derive their syntax from URIs. The fundamental rules of percent-encoding are: * The set of characters that MUST be encoded varies depending on which version of which specification you use, and (for URIs) in which part of the URI the character appears. * The way an unencoded `+` character is decoded depends on whether you are using `application/x-www-form-urlencoded` rules or more general URI rules; this is the only time where choice of decoding algorithm can change the outcome. * Encoding more characters than necessary is always safe in terms of the decoding process, but may produce non-normalized URIs. * In practice, some systems tolerate or even expect unencoded characters that some or all percent-encoding specifications require to be encoded; this can cause interoperability issues with more strictly compliant implementations. The rest of this appendix provides more detailed guidance based on the above rules. ### Percent-Encoding Character Classes This process is concerned with three classes of characters, the names of which vary among specifications but are defined as follows for the purposes of this section: * _unreserved_ characters do not need to be percent-encoded; while it is safe to percent-encode them, doing so produces a URI that is [not normalized](https://datatracker.ietf.org/doc/html/rfc3986#section-6.2.2.2) * _reserved_ characters either have special behavior in the URI syntax (such as delimiting components) or are reserved for other specifications that need to define special behavior (e.g. `form-urlencoded` defines special behavior for `=`, `&`, and `+`) * _unsafe_ characters are known to cause problems when parsing URIs in certain environments Unless otherwise specified, this section uses RFC3986's definition of [reserved](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2) and [unreserved](https://datatracker.ietf.org/doc/html/rfc3986#section-2.3), and defines the unsafe set as all characters not included in either of those sets. ### Percent-Encoding and `form-urlencoded` Each URI component (such as the query string) considers some of the reserved characters to be unsafe, either because they serve as delimiters between the components (e.g. `#`), or (in the case of `[` and `]`) were historically considered globally unsafe but were later given reserved status for limited purposes. Reserved characters with no special meaning defined within a component can be left un-percent encoded. However, other specifications can define special meanings, requiring percent-encoding for those characters outside of the additional special meanings. The `form-urlencoded` media type defines special meanings for `=` and `&` as delimiters, and `+` as the replacement for the space character (instead of its percent-encoded form of `%20`). This means that while these three characters are reserved-but-allowed in query strings by RFC3986, they must be percent-encoded in `form-urlencoded` query strings except when used for their `form-urlencoded` purposes; see [Appendix C](#appendix-c-using-rfc6570-based-serialization) for an example of handling `+` in form values. ### Percent-Encoding and `form-data` [RFC7578](https://datatracker.ietf.org/doc/html/rfc7578#section-2) suggests RFC3986-based percent-encoding as a mechanism to keep text-based per-part header data such as file names within the ASCII character set. This suggestion was not part of older (pre-2015) specifications for `form-data`, so care must be taken to ensure interoperability. Users wishing to use percent-encoding in this way MUST provide the data in percent-encoded form, as percent-encoding is not automatically applied for this media type regardless of which Encoding Object fields are used. The `form-data` media type allows arbitrary text or binary data in its parts, so percent-encoding or similar escaping is not needed in general. ### Generating and Validating URIs and `form-urlencoded` Strings URI percent encoding and the `form-urlencoded` media type have complex specification histories spanning multiple revisions and, in some cases, conflicting claims of ownership by different standards bodies. Unfortunately, these specifications each define slightly different percent-encoding rules, which need to be taken into account if the URIs or `form-urlencoded` message bodies will be subject to strict validation. (Note that many URI parsers do not perform validation by default, if at all.) This specification normatively cites the following relevant standards: | Specification | Date | OAS Usage | Percent-Encoding | Notes | | ---- | ---- | ---- | ---- | ---- | | [RFC3986](https://www.rfc-editor.org/rfc/rfc3986) | 01/2005 | URI/URL syntax, including non-`form-urlencoded` content-based serialization | [[RFC3986]] | obsoletes [[?RFC1738]], [[?RFC2396]] | | [RFC6570](https://www.rfc-editor.org/rfc/rfc6570) | 03/2012 | style-based serialization | [[RFC3986]] | does not use `+` for query strings | | [WHATWG-URL Section 5](https://url.spec.whatwg.org/#application/x-www-form-urlencoded) | "living" standard | content-based `form/url-encoded` serialization, including HTTP message contents | [WHATWG-URL Section 1.3](https://url.spec.whatwg.org/#application-x-www-form-urlencoded-percent-encode-set) | obsoletes [[?RFC1866]], [[?HTML401]] | Style-based serialization with percent-encoding is used in the [Parameter Object](#parameter-object) when `schema` is present, and in the [Encoding Object](#encoding-object) when at least one of `style`, `explode`, or `allowReserved` is present. See [Appendix C](#appendix-c-using-rfc6570-based-serialization) for more details of RFC6570's two different approaches to percent-encoding, including an example involving `+`. Content-based serialization is defined by the [Media Type Object](#media-type-object), and used with the [Parameter Object](#parameter-object) and [Header Object](#header-object) when the `content` field is present, and with the [Encoding Object](#encoding-object) based on the `contentType` field when the fields `style`, `explode`, and `allowReserved` are absent. For use in URIs, each part is encoded based on the media type (e.g. `text/plain` or `application/json`), and must then be percent-encoded for use in a `form-urlencoded` string (in form-style query strings), or for general URI use in other URL components, unless the media type already incorporates URI percent-encoding. #### Interoperability with Historical Specifications Prior versions of this specification required [[?RFC1866]] and its use of [[?RFC1738]] percent-encoding rules in place of [[WHATWG-URL]]. The [[WHATWG-URL]] `form-urlencoded` rules represent the current browser consensus on that media type, and avoid the ambiguity introduced by unclear paraphrasing of RFC1738 in RFC1866. Users needing conformance with RFC1866/RFC1738 are advised to check their tooling and library behavior carefully. #### Interoperability with Web Browser Environments WHATWG is a [web browser-oriented](https://whatwg.org/faq#what-is-the-whatwg-working-on) standards group that has defined a "URL Living Standard" for parsing and serializing URLs in a browser context, including parsing and serializing `form-urlencoded` data. WHATWG's percent-encoding rules for query strings are different depending on whether the query string is [being treated as `form-urlencoded`](https://url.spec.whatwg.org/#application-x-www-form-urlencoded-percent-encode-set) (where it requires more percent-encoding than [[?RFC1738]]) or [as part of the generic syntax](https://url.spec.whatwg.org/#query-percent-encode-set), where its requirements differ from [[RFC3986]]. This specification only depends on WHATWG for its `form-urlencoded` specification. Implementations using the query string in other ways are advised that, the distinctions between WHATWG's non-`form-urlencoded` query string rules and RFC3986 require careful consideration, incorporating both WHATWG's percent-encoding sets and their set of valid Unicode code points for URLs; see [Percent-Encoding and Illegal or Reserved Delimiters](#percent-encoding-and-illegal-or-reserved-delimiters) for more information. ### Decoding URIs and `form-urlencoded` Strings The percent-decoding algorithm does not care which characters were or were not percent-decoded, which means that URIs percent-encoded according to any specification will be decoded correctly. Similarly, all `form-urlencoded` decoding algorithms simply add `+`-for-space handling to the percent-decoding algorithm, and will work regardless of the encoding specification used. However, care must be taken to use `form-urlencoded` decoding if `+` represents a space, and to use regular percent-decoding if `+` represents itself as a literal value. ### Percent-Encoding and Illegal or Reserved Delimiters The `[`, `]`, `|`, and space characters, which are used as delimiters for the `deepObject`, `pipeDelimited`, and `spaceDelimited` styles, respectively, all MUST be percent-encoded to comply with [[RFC3986]]. This requires users to pre-encode the character(s) in some other way in parameter names and values to distinguish them from the delimiter usage when using one of these styles. The space character is always illegal and encoded in some way by all implementations of all versions of the relevant standards. While one could use the `form-urlencoded` convention of `+` to distinguish spaces in parameter names and values from `spaceDelimited` delimiters encoded as `%20`, the specifications define the decoding as a single pass, making it impossible to distinguish the different usages in the decoded result unless a non-standard parsing algorithm is used that separates based on one delimiter before decoding the other. Any such non-standard parsing approach will not be interoperable across all tools. Some environments use `[`, `]`, and possibly `|` unencoded in query strings without apparent difficulties. WHATWG's generic query string rules do not require percent-encoding them in non-`form-urlencoded` query strings, although it also excludes them from the set of valid URL Unicode code points. Code that relies on leaving these delimiters unencoded, while using regular percent-encoding for them within names and values, is not guaranteed to be interoperable across all implementations. For maximum interoperability, it is RECOMMENDED to either define and document an additional escape convention while percent-encoding the delimiters for these styles, or to avoid these styles entirely. The exact method of additional encoding/escaping is left to the API designer, and is expected to be performed before serialization and encoding described in this specification, and reversed after this specification's encoding and serialization steps are reversed. This keeps it outside of the processes governed by this specification. ## Appendix F: Examples of Base URI Determination and Reference Resolution This section shows each of the four possible sources of base URIs, followed by an example with a relative `$self` and `$id`. ### Base URI Within Content A base URI within the resource's content ([RFC3986](https://tools.ietf.org/html/rfc3986#section-5.1.1)) is the highest-precedence source of a base URI. For OpenAPI documents, this source is the OpenAPI Object's `$self` field, while for Schema Objects that contain a `$id`, or are a subschema of a Schema Object containing a `$id`, the source is the `$id` field: Assume the retrieval URI of the following document is `file://home/someone/src/api/openapi.yaml`: ```yaml openapi: 3.2.0 $self: https://example.com/api/openapi info: title: Example API version: 1.0 paths: /foo: get: requestBody: $ref: "shared/foo#/components/requestBodies/Foo" ``` Assume the retrieval URI for the following document is `https://git.example.com/shared/blob/main/shared/foo.yaml`: ```yaml openapi: 3.2.0 $self: https://example.com/api/shared/foo info: title: Shared components for all APIs version: 1.0 components: requestBodies: Foo: content: application/json: schema: $ref: ../schemas/foo schemas: Foo: $id: https://example.com/api/schemas/foo properties: bar: $ref: bar Bar: $id: https://example.com/api/schemas/bar type: string ``` In this example, the retrieval URIs are irrelevant because both documents define `$self`. The relative `$ref` in the first document is resolved against `$self` to produce `https://example.com/api/shared/foo#/components/requestBodies/Foo`. The portion of that URI before the `#` matches the `$self` of the second document, so the reference target is resolved to `#/components/requestBodies/Foo` in that second document. In that document, the `$ref` in the Request Body Object is resolved using that document's `$self` as the base URI, producing `https://example.com/api/schemas/foo`. This matches the `$id` at `#/components/schemas/Foo/$id` so it points to that Schema Object. That Schema Object has a subschema with `$ref: bar`, which is resolved against the `$id` to produce `https://example.com/api/schemas/bar`, which matches the `$id` at `#/components/schemas/Bar/$id`. To guarantee interoperability, Schema Objects containing an `$id`, or that are under a schema containing an `$id`, MUST be referenced by the nearest such `$id` for the non-fragment part of the reference. As the JSON Schema specification notes, using a base URI other than the nearest `$id` and crossing that `$id` with a JSON Pointer fragment [is not interoperable](https://www.ietf.org/archive/id/draft-bhutton-json-schema-01.html#name-json-pointer-fragments-and-). Note also that it is impossible for the reference at `#/components/schemas/Foo/properties/bar/$ref` to reference the schema at `#/components/schemas/Bar` using _only_ a JSON Pointer fragment, as the JSON Pointer would be resolved relative to `https://example.com/api/schemas/foo`, not to the OpenAPI document's base URI from `$self`. ### Base URI From Encapsulating Entity If no base URI can be determined within the content, the next location to search is any encapsulating entity ([RFC3986](https://tools.ietf.org/html/rfc3986#section-5.1.2)). This is common for Schema Objects encapsulated within an OpenAPI document. An example of an OpenAPI Object itself being encapsulated in another entity would be a `multipart/related` archive ([[?RFC2557]]), such as the following `multipart/related; boundary="boundary-example"; type="application/openapi+yaml"` document. Note that this is purely an example, and support for such multipart documents or any other format that could encapsulate an OpenAPI Object is not a requirement of this specification. RFC2557 was written to allow sending hyperlinked sets of documents as email attachments, in which case there would not be a retrieval URI for the multipart attachment (although the format could also be used in HTTP as well). ```multipart --boundary-example Content-Type: application/openapi+yaml Content-Location: https://example.com/api/openapi.yaml openapi: 3.2.0 info: title: Example API version: 1.0 externalDocs: url: docs.html components: requestBodies: Foo: content: application/json: schema: $ref: "#/components/api/schemas/Foo" schemas: Foo: properties: bar: $ref: schemas/bar --boundary-example Content-Type: application/schema+json Content-Location: https://example.com/api/schemas/bar { "type": "string" } --boundary-example Content-Type: text/html Content-Location: https://example.com/api/docs.html API Documentation

Awesome documentation goes here

--boundary-example ``` In this example, the URI for each part, which also serves as its base URI, comes from the part's `Content-Location` header as specified by RFC2557. Since the Schema Object at `#/components/schemas/Foo` does not contain an `$id`, the reference in its subschema uses the OpenAPI document's base URI, which is taken from the `Content-Location` header of its part within the `multipart/related` format. The resulting reference to `https://example.com/schemas/bar` matches the `Content-Location` header of the second part, which according to RFC2557 allows the reference target to be located within the multipart archive. Similarly, the `url` field of the [External Documentation Object](#external-documentation-object) is resolved against the base URI from `Content-Location`, producing `https://example.com/api/docs.html` which matches the `Content-Location` of the third part. ### Base URI From the Retrieval URI If no base URI is provided from either of the previous sources, the next source is the retrieval URI ([RFC3986](https://tools.ietf.org/html/rfc3986#section-5.1.3)). Assume this document was retrieved from `https://example.com/api/openapis.yaml`: ```yaml openapi: 3.2.0 info: title: Example API version: 1.0 components: requestBodies: Foo: content: application/json: schema: $ref: schemas/foo ``` Assume this document was retrieved from `https://example.com/api/schemas/foo`: ```json { "type": "object", "properties": { "bar": { "type": "string" } } } ``` Resolving the `$ref: schemas/foo` against the retrieval URI of the OpenAPI document produces `https://example.com/api/schemas/foo`, the retrieval URI of the JSON Schema document. ### Application-Specific Default Base URI When constructing an OpenAPI document in memory that does not have a `$self`, or an encapsulating entity, or a retrieval URI, applications can resolve internal (fragment-only) references by assuming a default base URI ([RFC3986](https://tools.ietf.org/html/rfc3986#section-5.1.4)). While this sort of internal resolution can be performed in practice without choosing a base URI, choosing one, such as a URN with a randomly generated UUID (e.g. `urn:uuid:f26cdaad-3193-4398-a838-4ecb7326c4c5`) avoids the need to implement it as a special case. ### Resolving Relative `$self` and `$id` Let's re-consider the first example in this appendix, but with relative URI references for `$self` and `$id`, and retrieval URIs that support that relative usage: Assume that the following is retrieved from `https://staging.example.com/api/openapi`: ```yaml openapi: 3.2.0 $self: /api/openapi info: title: Example API version: 1.0 paths: /foo: get: requestBody: $ref: "shared/foo#/components/requestBodies/Foo" ``` Assume the retrieval URI for the following document is `https://staging.example.com/api/shared/foo`: ```yaml openapi: 3.2.0 $self: /api/shared/foo info: title: Shared components for all APIs version: 1.0 components: requestBodies: Foo: content: application/json: schema: $ref: ../schemas/foo schemas: Foo: $id: /api/schemas/foo properties: bar: $ref: bar Bar: $id: /api/schemas/bar type: string ``` In this example, all of the `$self` and `$id` values are relative URI references consisting of an absolute path. This allows the retrieval URI to set the host (and scheme), in this case `https://staging.example.com`, resulting in the first document's `$self` being `https://staging.example.com/openapi`, and the second document's `$self` being `https://staging.example.com/api/shared/foo`, with `$id` values of `https://staging.example.com/api/schemas/foo` and `https://staging.example.com/api/schemas/bar`. Relative `$self` and `$id` values of this sort allow the same set of documents to work when deployed to other hosts, e.g. `https://example.com` (production) or `https://localhost:8080` (local development). ## Appendix G: Parsing and Resolution Guidance Implementations MAY support complete-document parsing in any of the following ways: * Detecting OpenAPI or JSON Schema documents using media types * Detecting OpenAPI documents through the root `openapi` field * Detecting JSON Schema documents through detecting keywords or otherwise successfully parsing the document in accordance with the JSON Schema specification Additional mechanisms can be used to support documents with Objects other than an OpenAPI Object or a Schema Object at the root, but note that the resulting behavior is implementation-defined: * Detecting a document containing a referenceable Object at its root based on the expected type of the reference * Allowing users to configure the type of documents that might be loaded due to a reference to a non-root Object ### Warnings Regarding Fragmentary Parsing Implementations that parse referenced fragments of OpenAPI content without regard for the content of the rest of the containing document will miss keywords that change the meaning and behavior of the reference target. In particular, failing to take into account keywords that change the base URI introduces security risks by causing references to resolve to unintended URIs, with unpredictable results. While some implementations support this sort of parsing due to the requirements of past versions of this specification, in version 3.1 and later, the result of parsing fragments in isolation is _undefined_ and likely to contradict the requirements of this specification. While it is possible to structure certain OpenAPI Descriptions to ensure that they will behave correctly when references are parsed as isolated fragments, depending on this is NOT RECOMMENDED. This specification does not explicitly enumerate the conditions under which such behavior is safe and provides no guarantee for continued safety in any future versions of the OAS. ### Conflicts Between Field Types and Reference Contexts JSON or YAML objects within an OAD are interpreted as specific Objects (such as [Operation Objects](#operation-object), [Response Objects](#response-object), [Reference Objects](#reference-object), etc.) based on their context. Depending on how references are arranged, a given JSON or YAML object can be interpreted in multiple different contexts: * As the root object of the [entry document](#openapi-description-structure), which is always interpreted as an OpenAPI Object * As the Object type implied by its parent Object's field within the document * As a reference target, with the Object type matching the reference source's context If the same JSON/YAML object is parsed multiple times and the respective contexts require it to be parsed as _different_ Object types, the resulting behavior is _implementation defined_, and MAY be treated as an error if detected. An example would be referencing an empty Schema Object under `#/components/schemas` where a Path Item Object is expected, as an empty object is valid for both types. For maximum interoperability, it is RECOMMENDED that OpenAPI Description authors avoid such scenarios. ### Guidance Regarding Implicit Connections The following Objects and Fields involve the use of implicit connections: | Source | Target | Alternative | | ---- | ---- | ---- | | [Security Requirement Object](#security-requirement-object) `{name}` | [Security Scheme Object](#security-scheme-object) name under the [Components Object](#components-object) | _n/a_ | | [Discriminator Object](#discriminator-object) `mapping` _(implicit, or explicit name syntax)_ | [Schema Object](#schema-object) name under the Components Object | `mapping` _(explicit URI syntax)_ | | [Operation Object](#operation-object) `tags` | [Tag Object](#tag-object) `name` (in the [OpenAPI Object](#openapi-object)'s `tags` array) | _n/a_ | | [Link Object](#link-object) `operationId` | [Operation Object](#operation-object) `operationId` | `operationRef` | An additional implicit connection involves appending the templated URL paths of the [Paths Object](#paths-object) to the appropriate [Server Object](#server-object)'s `url` field. This connection is unambiguous because only the entry document's Paths Object contributes URLs to the described API. The implicit connections in the Security Requirement Object and Discriminator Object rely on the _component name_, which is the name of the property holding the component in the appropriately typed sub-object of the Components Object. For example, the component name of the Schema Object at `#/components/schemas/Foo` is `Foo`. The implicit connection of `tags` in the Operation Object uses the `name` field of Tag Objects, which (like the Components Object) are found under the root OpenAPI Object. This means resolving component names and tag names both depend on starting from the correct OpenAPI Object. For resolving component and tag name connections from a referenced (non-entry) document, it is RECOMMENDED that tools resolve from the entry document, rather than the current document. Resolving component and tag name connections from a referenced (non-entry) document to the entry document as recommended under [Resolving Implicit Connections](#resolving-implicit-connections) allows components and Tag Objects to be defined next to the API's deployment information in the top-level array of Server Objects and treated as an interface for referenced documents to access. For Security Requirement Objects and Discriminator Objects, it is also possible to keep the resolution within the referenced document by using the URI-reference form that these Objects offer. There are no URI-based alternatives for the Operation Object's `tags` field. OAD authors are advised to use external solutions such as the OpenAPI Initiative's Overlay Specification to simulate sharing [Tag Objects](#tag-object) across multiple documents. #### Implicit Connection Resolution Examples This section shows how to retrieve an HTTP-accessible multi-document OpenAPI Description (OAD) and resolve a [Security Requirement Object](#security-requirement-object) in the referenced (non-entry) document. The behavior for Discriminator Object non-URI mappings and for the Operation Object's `tags` field operate on the same principles. First, the [entry document](#openapi-description-structure) is where parsing begins. It defines the `MySecurity` security scheme to be JWT-based, and it defines a Path Item as a reference to a component in another document: ```http GET /api/description/openapi HTTP/1.1 Host: www.example.com Accept: application/openapi+json ``` ```json "components": { "securitySchemes": { "MySecurity": { "type": "http", "scheme": "bearer", "bearerFormat": "JWT" } } }, "paths": { "/foo": { "$ref": "other#/components/pathItems/Foo" } } ``` ```http GET /api/description/openapi HTTP/1.1 Host: www.example.com Accept: application/openapi+yaml ``` ```yaml components: securitySchemes: MySecurity: type: http scheme: bearer bearerFormat: JWT paths: /foo: $ref: 'other#/components/pathItems/Foo' ``` This entry document references another document, `other`, without using a file extension. This gives the client the flexibility to choose an acceptable format on a resource-by-resource basis, assuming both representations are available: ```http GET /api/description/other HTTP/1.1 Host: www.example.com Accept: application/openapi+json ``` ```json "components": { "securitySchemes": { "MySecurity": { "type": "http", "scheme": "basic" } }, "pathItems": { "Foo": { "get": { "security": [ "MySecurity": [] ] } } } } ``` ```http GET /api/description/other HTTP/1.1 Host: www.example.com Accept: application/openapi+yaml ``` ```yaml components: securitySchemes: MySecurity: type: http scheme: basic pathItems: Foo: get: security: - MySecurity: [] ``` In the `other` document, the referenced path item has a Security Requirement for a Security Scheme, `MySecurity`. The same Security Scheme exists in the original entry document. As outlined in [Resolving Implicit Connections](#resolving-implicit-connections), `MySecurity` is resolved with an [implementation-defined behavior](#undefined-and-implementation-defined-behavior), but the section formally recommends that tools resolve component names from the [entry document](#openapi-description-structure). As with all implementation-defined behavior, it is important to check tool documentation to determine which behavior is supported. OpenAPI-Specification-3.2.0/vitest.config.mjs000066400000000000000000000014551506330113000210170ustar00rootroot00000000000000import { defineConfig } from 'vitest/config' import { jsonSchemaCoveragePlugin } from "@hyperjump/json-schema-coverage/vitest" export default defineConfig({ plugins: [jsonSchemaCoveragePlugin()], test: { globalSetup: ["tests/schema/oas-schema.mjs"], coverage: { include: ["src/schemas/validation/**/*.yaml"], thresholds: process.env.BASE !== "dev" ? { statements: 99.42, // should be 100% but we are missing some tests lines: 99.42, // should be 100% but we are missing some tests functions: 92.58, // should be 100% but we are missing some tests // branches: 56.77, // need to discuss whether we should check/increase this } : {} }, forceRerunTriggers: ['**/scripts/**', '**/tests/**'], testTimeout: 10000, // 10 seconds }, })