Skip to content
Go to file


Failed to load latest commit information.
Latest commit message
Commit time
Aug 25, 2017
Jan 9, 2020

Swagger Parser

NOTE: If you're looking for swagger-parser 1.X and OpenAPI 2.0, please refer to v1 branch

Build Status

Build Status

Build Status


This is the Swagger Parser project, which reads OpenAPI definitions into current Java POJOs. It also provides a simple framework to add additional converters from different formats into the Swagger objects, making the entire toolchain available.


Using the Swagger Parser is simple. Once included in your project, you can read a OpenAPI Specification from any location:

import io.swagger.v3.parser.OpenAPIV3Parser;
import io.swagger.v3.oas.models.OpenAPI;

// ... your code

  // read a swagger description from the petstore
  OpenAPI openAPI = new OpenAPIV3Parser().read("");

You can read from a file location as well:

  OpenAPI openAPI = new OpenAPIV3Parser().read("./path/to/openapi.yaml");

If your OpenAPI definition is protected, you can pass headers in the request:

import io.swagger.v3.parser.core.models.AuthorizationValue;

// ... your code

  // build a authorization value
  AuthorizationValue mySpecialHeader = new AuthorizationValue()
    .keyName("x-special-access")  //  the name of the authorization to pass
    .value("i-am-special")        //  the value of the authorization
    .type("header");              //  the location, as either `header` or `query`

  // or in a single constructor
  AuthorizationValue apiKey = new AuthorizationValue("api_key", "special-key", "header");
  OpenAPI openAPI = new OpenAPIV3Parser().readWithInfo(
    Arrays.asList(mySpecialHeader, apiKey)

Dealing with self-signed SSL certificates

If you're dealing with self-signed SSL certificates, or those signed by GoDaddy, you'll need to disable SSL Trust Manager. That's done by setting a system environment variable as such:

export TRUST_ALL=true

And then the Swagger Parser will ignore invalid certificates. Of course this is generally a bad idea, but if you're working inside a firewall or really know what you're doing, well, there's your rope.

Dealing with Let's Encrypt

Depending on the version of Java that you use, certificates signed by the Let's Encrypt certificate authority may not work by default. If you are using any version of Java prior to 1.8u101, you most likely must install an additional CA in your JVM. Also note that 1.8u101 may not be sufficient on it's own. Some users have reported that certain operating systems are not accepting Let's Encrypt signed certificates.

Your options include:

  • Accepting all certificates per above
  • Installing the certificate manually in your JVM using the keystore using the keytool command
  • Configuring the JVM on startup to load your certificate

But... this is all standard SSL configuration stuff and is well documented across the web.


You need the following installed and available in your $PATH:

After cloning the project, you can build it from source with this command:

mvn package


This project has a core artifact--swagger-parser, which uses Java Service Provider Inteface (SPI) so additional extensions can be added.

To build your own extension, you simply need to create a src/main/resources/META-INF/services/io.swagger.parser.SwaggerParserExtension file with the full classname of your implementation. Your class must also implement the io.swagger.parser.SwaggerParserExtension interface. Then, including your library with the swagger-parser module will cause it to be triggered automatically.

Adding to your project

You can include this library from Sonatype OSS for SNAPSHOTS, or Maven central for releases. In your dependencies:


Security contact

Please disclose any security-related issues or vulnerabilities by emailing, instead of using the public issue tracker.

You can’t perform that action at this time.