Creating a robust OpenAPI Specification is essential for building well-documented, secure, and easy-to-understand APIs. Follow these steps and guidelines to create specifications like the provided "perfect" example.
An OpenAPI Specification consists of the following main sections:
- OpenAPI Metadata: Basic information about the API.
- Servers: List of environments where the API is hosted.
- Security: Define the authentication mechanisms.
- Components: Define reusable objects (schemas, enums, security schemes).
- Paths: Define the API endpoints and their behaviors.
Define the basic information about your API:
title: The name of your API.version: The current version of the API.description: A short description of what the API does.
Example:
info:
title: founder-matching-api
version: "1.0.0"
description: The API for the FounderMatching project by HarDeconstructionList all the environments where the API is available:
description: A description of the environment (e.g., production, development).url: The base URL of the API environment.
Example:
servers:
- description: SwaggerHub API Auto Mocking
url: https://virtserver.swaggerhub.com/DUCLNC2004/FounderMatching/1.0.0Define the security schemes used by your API. For example, if using JWT for authentication:
type: Must behttp.scheme: Usebearerfor bearer tokens.bearerFormat: Specify the token format (e.g.,JWT).
Example:
components:
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWTApply the security globally:
security:
- bearerAuth: []Reusable definitions for data types, enums, and objects.
- Define a reusable enumeration using
type: stringandenum. - Use meaningful names for the schema.
Example:
GenderType:
type: string
enum:
- male
- female
- other-
For numbers:
- Specify
type: integerortype: number. - Include
format: int32orformat: float. - Define
minimumandmaximumvalues.
Example:
UserID: type: integer format: int32 minimum: 1 maximum: 99999999
- Specify
-
For strings:
- Specify
type: string. - Include
maxLengthto enforce a character limit. - Define a
patternusing regex for validation.
Example:
Email: type: string format: email maxLength: 255 pattern: "^[^@\\s]+@[^@\\s]+\\.[^@\\s]+$"
- Specify
Define the API endpoints and operations (GET, POST, PATCH, DELETE).
tags: Group endpoints for easier documentation.summary: A short description of the endpoint.description: A more detailed explanation of the operation.operationId: A unique identifier for the operation.responses: Define possible HTTP status codes and their behaviors.
Example:
/users/me:
get:
tags:
- Profile
summary: Get the current user's profile
description: Fetch the profile details of the logged-in user.
operationId: getUserProfile
responses:
'200':
description: User profile details.
content:
application/json:
schema:
type: object
properties:
UserAccount:
$ref: '#/components/schemas/UserAccount'
'404':
description: Profile not found
content:
application/json:
schema:
type: object
properties:
message:
type: string
example: "Profile not found."
maxLength: 100
pattern: "^[A-Za-z0-9 ,.?!'-]+$"
'401':
description: Unauthorized
content:
application/json:
schema:
type: object
properties:
error:
type: string
example: "Unauthorized access"
maxLength: 100
pattern: "^[A-Za-z0-9 ,.?!'-]+$"Define input parameters for paths or requests:
name: The parameter name.in: Specify where the parameter is located (path,query,header, etc.).schema: Define the data type and constraints.required: Specify if the parameter is mandatory.
Example:
parameters:
- name: id
in: path
required: true
schema:
type: integer
format: int32
minimum: 1
maximum: 99999999For POST or PATCH requests, define a requestBody:
content: Specify the content type (application/json).schema: Reference a reusable object or define inline.
Example:
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CandidateProfile'For each response, specify:
description: A short explanation.content: Define the response type and schema.- Use meaningful error messages in the
defaultresponse.
Example:
responses:
'200':
description: Profile created successfully.
content:
application/json:
schema:
type: object
properties:
message:
type: string
example: "Profile created successfully."
maxLength: 100
pattern: "^[A-Za-z0-9 ,.?!'-]+$"
'404':
description: Resource not found.
content:
application/json:
schema:
type: object
properties:
message:
type: string
example: "Resource not found."
maxLength: 100
pattern: "^[A-Za-z0-9 ,.?!'-]+$"
'401':
description: Unauthorized.
content:
application/json:
schema:
type: object
properties:
error:
type: string
example: "Unauthorized access."
maxLength: 100
pattern: "^[A-Za-z0-9 ,.?!'-]+$"
default:
description: Unexpected error
content:
application/json:
schema:
type: object
properties:
error:
type: string
example: "An unexpected error occurred."
maxLength: 100
pattern: "^[A-Za-z0-9 ,.?!'-]+$"- Define Reusable Schemas: Use
$refto reference reusable schemas. - Validation Everywhere:
- For numbers, define
minimumandmaximum. - For strings, use
maxLengthandpattern.
- For numbers, define
- Security: Always define and apply security schemes.
- Descriptive Responses: Include meaningful error messages with proper validation.
- Consistent Naming: Use PascalCase or camelCase for property names.
- Global Defaults: Provide a
defaultresponse for unexpected errors.
Here’s how to write each schema element perfectly:
UserID:
type: integer
format: int32
minimum: 1
maximum: 99999999Email:
type: string
format: email
maxLength: 255
pattern: "^[^@\\s]+@[^@\\s]+\\.[^@\\s]+$"GenderType:
type: string
enum:
- male
- female
- otherBy following these guidelines, you can ensure your OpenAPI Specification is comprehensive, secure, and easy to use.