OAS 2 This page applies to OpenAPI Specification ver. 2 (fka Swagger). To learn about the latest version, visit OpenAPI 3 pages.
Basic Structure
Swagger definitions can be written in
JSON or
YAML. In this guide, we only use YAML examples, but JSON works equally well. A sample Swagger specification written in YAML looks like:
swagger: "2.0"
info:
title: Sample API
description: API description in Markdown.
version: 1.0.0
host: api.example.com
basePath: /v1
schemes:
- https
paths:
/users:
get:
summary: Returns a list of users.
description: Optional extended description in Markdown.
produces:
- application/json
responses:
200:
description: OK
Metadata
Every Swagger specification starts with the Swagger version, 2.0 being the latest version. A Swagger version defines the overall structure of an API specification – what you can document and how you document it.
swagger: "2.0"
Then, you need to specify the API
info
–
title
,
description
(optional),
version
(API version, not file revision or Swagger version).
info:
title: Sample API
description: API description in Markdown.
version: 1.0.0
version
can be a random string. You can use
major.minor.patch (as in
semantic versioning), or an arbitrary format like
1.0-beta or
2016.11.15.
description
can be
multiline and supports
GitHub Flavored Markdown for rich text representation.
info
also supports other fields for contact information, license and other details.
Reference: Info Object.
Base URL
The base URL for all API calls is defined using
schemes
,
host
and
basePath
:
host: api.example.com
basePath: /v1
schemes:
- https
All API paths are relative to the base URL. For example,
/users actually means
https://api.example.com/v1/users.
More info: API Host and Base URL.
Consumes, Produces
The
consumes
and
produces
sections define the MIME types supported by the API. The root-level definition can be overridden in individual operations.
consumes:
- application/json
- application/xml
produces:
- application/json
- application/xml
More info: MIME Types.
Paths
The
paths
section defines individual endpoints (paths) in your API, and the HTTP methods (operations) supported by these endpoints. For example,
GET /users can be described as:
paths:
/users:
get:
summary: Returns a list of users.
description: Optional extended description in Markdown.
produces:
- application/json
responses:
200:
description: OK
More info: Paths and Operations.
Parameters
Operations can have parameters that can be passed via URL path (
/users/{userId}
), query string (
/users?role=admin
), headers (
X-CustomHeader: Value
) and request body. You can define the parameter types, format, whether they are required or optional, and other details:
paths:
/users/{userId}:
get:
summary: Returns a user by ID.
parameters:
- in: path
name: userId
required: true
type: integer
minimum: 1
description: Parameter description in Markdown.
responses:
200:
description: OK
More info: Describing Parameters.
Responses
For each operation, you can define possible status codes, such as 200 OK or 404 Not Found, and
schema
of the response body. Schemas can be defined inline or referenced from an external definition via
$ref
. You can also provide example responses for different content types.
paths:
/users/{userId}:
get:
summary: Returns a user by ID.
parameters:
- in: path
name: userId
required: true
type: integer
minimum: 1
description: The ID of the user to return.
responses:
200:
description: A User object.
schema:
type: object
properties:
id:
type: integer
example: 4
name:
type: string
example: Arthur Dent
400:
description: The specified user ID is invalid (e.g. not a number).
404:
description: A user with the specified ID was not found.
default:
description: Unexpected error
More info: Describing Responses.
Input and Output Models
The global
definitions
section lets you define common data structures used in your API. They can be referenced via
$ref
whenever a
schema
is required – both for request body and response body. For example, this JSON object:
{
"id": 4,
"name": "Arthur Dent"
}
can be represented as:
definitions:
User:
properties:
id:
type: integer
name:
type: string
# Both properties are required
required:
- id
- name
and then referenced in the request body schema and response body schema as follows:
paths:
/users/{userId}:
get:
summary: Returns a user by ID.
parameters:
- in: path
name: userId
required: true
type: integer
responses:
200:
description: OK
schema:
$ref: '#/definitions/User'
/users:
post:
summary: Creates a new user.
parameters:
- in: body
name: user
schema:
$ref: '#/definitions/User'
responses:
200:
description: OK
Authentication
The
securityDefinitions
and
security
keywords are used to describe the authentication methods used in your API.
securityDefinitions:
BasicAuth:
type: basic
security:
- BasicAuth: []
Supported authentication methods are:
More info: Authentication.
Did not find what you were looking for? Ask the community
Found a mistake? Let us know