This project shows a "valid swagger" badge on your site, supporting Swagger/OpenAPI 2.0 and OpenAPI 3.0 specifications.
There is an online version hosted on http://validator.swagger.io.
You can also pull a docker image of the validator directly from DockerHub, e.g.:
docker pull swaggerapi/swagger-validator-v2:v2.0.4 docker run -it -p 8080:8080 --name swagger-validator-v2 swaggerapi/swagger-validator-v2:v2.0.4
2.0.2 local and non http/https urls are rejected by default, along with redirects; this is controllable with docker env variables / java system properties:
docker run -it -p 8080:8080 -e "REJECT_LOCAL=false" -e "REJECT_REDIRECT=false" --name swagger-validator-v2 swaggerapi/swagger-validator-v2:v2.0.4
In non docker environments, system properties
rejectRedirect can be used.
Of course the
YOUR_URL needs to be addressable by the validator (i.e. won't find anything on localhost). If it validates, you'll get a nice green VALID logo. Failures will give an INVALID logo, and if there are errors parsing the specification or reaching it, an ugly red ERROR logo.
For example, using https://raw.githubusercontent.com/OAI/OpenAPI-Specification/master/examples/v2.0/json/petstore-expanded.json as a source, we get ...
If your specification fails to validate for some reason, or if there is an error, you can get more information on why by visiting
Since the validator uses a browserless back-end to fetch the contents and schema, it's not subject to the terrible world of CORS.
You can also post a spec up to the service with CURL:
curl -X POST -d @swagger.json -H 'Content-Type:application/json' http://validator.swagger.io/validator/debug
In this example,
swagger.json is the swagger definition in JSON format, in the CWD.
Note that all the above is also applicable to OpenAPI 3.0 specifications; for example, using https://petstore3.swagger.io/api/v3/openapi.json as a source, we get ...
You can build and run the validator locally:
mvn package jetty:run
And access the validator like such:
Please disclose any security-related issues or vulnerabilities by emailing firstname.lastname@example.org, instead of using the public issue tracker.