MCPcopy
hub / github.com/getkin/kin-openapi

github.com/getkin/kin-openapi @v0.140.0 sqlite

repository ↗ · DeepWiki ↗ · release v0.140.0 ↗
2,102 symbols 8,444 edges 265 files 820 documented · 39%
README

CI Go Report Card Go Reference Join Gitter Chat Channel -

Introduction

A Go project for handling OpenAPI files. We target: * OpenAPI v2.0 (formerly known as Swagger) * OpenAPI v3.0 * OpenAPI v3.1 Soon! Tracking issue here.

Licensed under the MIT License.

Contributors, users and sponsors

The project has received pull requests from many people. Thanks to everyone!

Please, give back to this project by becoming a sponsor.

Here's some projects that depend on kin-openapi: * github.com/go-fuego/fuego - "Framework generating OpenAPI 3 spec from source code" * github.com/a-h/rest - "Generate OpenAPI 3.0 specifications from Go code without annotations or magic comments" * github.com/Tufin/oasdiff - "A diff tool for OpenAPI Specification 3" * github.com/danielgtaylor/apisprout - "Lightweight, blazing fast, cross-platform OpenAPI 3 mock server with validation" * github.com/oapi-codegen/oapi-codegen - "Generate Go client and server boilerplate from OpenAPI 3 specifications" * github.com/dunglas/vulcain - "Use HTTP/2 Server Push to create fast and idiomatic client-driven REST APIs" * github.com/danielgtaylor/restish - "...a CLI for interacting with REST-ish HTTP APIs with some nice features built-in" * github.com/goadesign/goa - "Design-based APIs and microservices in Go" * github.com/hashicorp/nomad-openapi - "Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Nomad is easy to operate and scale and has native Consul and Vault integrations." * gitlab.com/jamietanna/httptest-openapi (blog post) - "Go OpenAPI Contract Verification for use with net/http" * github.com/SIMITGROUP/openapigenerator - "Openapi v3 microservices generator" * https://github.com/projectsveltos/addon-controller - "Kubernetes add-on controller designed to manage tens of clusters." * (Feel free to add your project by creating an issue or a pull request)

Alternatives

Be sure to check OpenAPI Initiative's great tooling list as well as OpenAPI.Tools.

Structure

  • openapi2 (Go Reference)
    • Support for OpenAPI 2 files, including serialization, deserialization, and validation.
  • openapi2conv (Go Reference)
    • Converts OpenAPI 2 files into OpenAPI 3 files.
  • openapi3 (Go Reference)
    • Support for OpenAPI 3 files, including serialization, deserialization, and validation.
  • openapi3filter (Go Reference)
    • Validates HTTP requests and responses
    • Provides a gorilla/mux router for OpenAPI operations
  • openapi3gen (Go Reference)
    • Generates *openapi3.Schema values for Go types.

Some recipes

Validating an OpenAPI document

go run github.com/getkin/kin-openapi/cmd/validate@latest [--defaults] [--examples] [--ext] [--patterns] -- <local YAML or JSON file>

Loading OpenAPI document

Use openapi3.Loader, which resolves all references:

loader := openapi3.NewLoader()
doc, err := loader.LoadFromFile("my-openapi-spec.json")

Tracking source locations (Origin)

When IncludeOrigin is enabled, the loader records the file, line, and column of each element in the OpenAPI document. This is useful for tools that need to report errors or changes with precise source locations (e.g. linters, diff tools, editors).

loader := openapi3.NewLoader()
loader.IncludeOrigin = true
doc, err := loader.LoadFromFile("my-openapi-spec.json")

// Each element has an Origin field with source location info
fmt.Println(doc.Info.Origin.Key.File)   // "my-openapi-spec.json"
fmt.Println(doc.Info.Origin.Key.Line)   // 2
fmt.Println(doc.Info.Origin.Key.Column) // 1

The Origin struct contains three parts: - Key — the location of the object itself (file, line, column). - Fields — locations of scalar fields within the object (e.g. origin.Fields["description"] gives the line of the description field). - Sequences — locations of items in sequence-valued fields. For example, origin.Sequences["enum"] gives the location of each item in an enum array. This is used for fields like enum, required, and servers where the individual items are scalars and don't have their own Origin field.

Origin data is populated by an internal post-processing step after YAML decoding — it is not part of the OpenAPI spec itself. For this reason, Origin fields are excluded from serialization. If you marshal a loaded document back to JSON/YAML, origin data will not appear in the output.

Getting OpenAPI operation that matches request

loader := openapi3.NewLoader()
doc, _ := loader.LoadFromData([]byte(`...`))
_ = doc.Validate(loader.Context)
router, _ := gorillamux.NewRouter(doc)
route, pathParams, _ := router.FindRoute(httpRequest)
// Do something with route.Operation

Validating HTTP requests/responses

package main

import (
    "context"
    "fmt"
    "net/http"

    "github.com/getkin/kin-openapi/openapi3"
    "github.com/getkin/kin-openapi/openapi3filter"
    "github.com/getkin/kin-openapi/routers/gorillamux"
)

func main() {
    ctx := context.Background()
    loader := &openapi3.Loader{Context: ctx, IsExternalRefsAllowed: true}
    doc, _ := loader.LoadFromFile(".../My-OpenAPIv3-API.yml")
    // Validate document
    _ = doc.Validate(ctx)
    router, _ := gorillamux.NewRouter(doc)
    httpReq, _ := http.NewRequest(http.MethodGet, "/items", nil)

    // Find route
    route, pathParams, _ := router.FindRoute(httpReq)

    // Validate request
    requestValidationInput := &openapi3filter.RequestValidationInput{
        Request:    httpReq,
        PathParams: pathParams,
        Route:      route,
    }
    _ = openapi3filter.ValidateRequest(ctx, requestValidationInput)

    // Handle that request
    // --> YOUR CODE GOES HERE <--
    responseHeaders := http.Header{"Content-Type": []string{"application/json"}}
    responseCode := 200
    responseBody := []byte(`{}`)

    // Validate response
    responseValidationInput := &openapi3filter.ResponseValidationInput{
        RequestValidationInput: requestValidationInput,
        Status:                 responseCode,
        Header:                 responseHeaders,
    }
    responseValidationInput.SetBodyBytes(responseBody)
    _ = openapi3filter.ValidateResponse(ctx, responseValidationInput)
}

Custom content type for body of HTTP request/response

By default, the library parses a body of the HTTP request and response of a few content types e.g. "text/plain" or "application/json". To support other content types you must register decoders for them:

func main() {
    // ...

    // Register a body's decoder for content type "application/xml".
    openapi3filter.RegisterBodyDecoder("application/xml", xmlBodyDecoder)

    // Now you can validate HTTP request that contains a body with content type "application/xml".
    requestValidationInput := &openapi3filter.RequestValidationInput{
        Request:    httpReq,
        PathParams: pathParams,
        Route:      route,
    }
    if err := openapi3filter.ValidateRequest(ctx, requestValidationInput); err != nil {
        panic(err)
    }

    // ...

    // And you can validate HTTP response that contains a body with content type "application/xml".
    if err := openapi3filter.ValidateResponse(ctx, responseValidationInput); err != nil {
        panic(err)
    }
}

func xmlBodyDecoder(body io.Reader, h http.Header, schema *openapi3.SchemaRef, encFn openapi3filter.EncodingFn) (decoded any, err error) {
    // Decode body to a primitive, []any, or map[string]any.
}

Custom function to check uniqueness of array items

By default, the library checks unique items using the following predefined function:

func isSliceOfUniqueItems(xs []any) bool {
    s := len(xs)
    m := make(map[string]struct{}, s)
    for _, x := range xs {
        key, _ := json.Marshal(&x)
        m[string(key)] = struct{}{}
    }
    return s == len(m)
}

In the predefined function json.Marshal is used to generate a string that can be used as a map key which is to check the uniqueness of an array when the array items are objects or arrays. You can register you own function according to your input data to get better performance:

func main() {
    // ...

    // Register a customized function used to check uniqueness of array.
    openapi3.RegisterArrayUniqueItemsChecker(arrayUniqueItemsChecker)

    // ... other validate codes
}

func arrayUniqueItemsChecker(items []any) bool {
    // Check the uniqueness of the input slice
}

Custom function to change schema error messages

By default, the error message returned when validating a value includes the error reason, the schema, and the input value.

For example, given the following schema:

{
  "type": "string",
  "allOf": [
    { "pattern": "[A-Z]" },
    { "pattern": "[a-z]" },
    { "pattern": "[0-9]" },
    { "pattern": "[!@#$%^&*()_+=-?~]" }
  ]
}

Passing the input value "secret" to this schema will produce the following error message:

string doesn't match the regular expression "[A-Z]"
Schema:
  {
    "pattern": "[A-Z]"
  }

Value:
  "secret"

Including the original value in the error message can be helpful for debugging, but it may not be appropriate for sensitive information such as secrets.

To disable the extra details in the schema error message, you can set the openapi3.SchemaErrorDetailsDisabled option to true:

func main() {
    // ...

    // Disable schema error detailed error messages
    openapi3.SchemaErrorDetailsDisabled = true

    // ... other validate codes
}

This will shorten the error message to present only the reason:

string doesn't match the regular expression "[A-Z]"

For more fine-grained control over the error message, you can pass a custom openapi3filter.Options object to openapi3filter.RequestValidationInput that includes a openapi3filter.CustomSchemaErrorFunc.

func validationOptions() *openapi3filter.Options {
    options := &openapi3filter.Options{}
    options.WithCustomSchemaErrorFunc(safeErrorMessage)
    return options
}

func safeErrorMessage(err *openapi3.SchemaError) string {
    return err.Reason
}

This will change the schema validation errors to return only the Reason field, which is guaranteed to not include the original value.

Reconciling component $ref types

ReferencesComponentInRootDocument is a useful helper function to check if a component reference coincides with a reference in the root document's component objects fixed fields.

This can be used to determine if two schema definitions are of the same structure, helpful for code generation tools when generating go type models.

doc, err = loader.LoadFromFile("openapi.yml")

for _, path := range doc.Paths.InMatchingOrder() {
    pathItem := doc.Paths.Find(path)

    if pathItem.Get == nil || pathItem.Get.Responses.Status(200) {
        continue
    }

    for _, s := range pathItem.Get.Responses.Status(200).Value.Content {
        name, match := ReferencesComponentInRootDocument(doc, s.Schema)
        fmt.Println(path, match, name) // /record true #/components/schemas/BookRecord
    }
}

CHANGELOG: Sub-v1 breaking API changes

v0.137.0

  • Reinstated openapi3.*Ptr(..) funcs for Go 1.25

v0.136.0

  • openapi3.Schema.ExclusiveMin and openapi3.Schema.ExclusiveMax fields changed from bool to ExclusiveBound (a union type holding *bool for OpenAPI 3.0 or *float64 for OpenAPI 3.1).
  • openapi3.Schema.PrefixItems field changed from []*SchemaRef to SchemaRefs.
  • `openapi3.Schema.Uneval

Extension points exported contracts — how you extend this code

FormatValidator (Interface)
FormatValidator is an interface for custom format validators. [39 implementers]
openapi3/schema_formats.go
ComponentRef (Interface)
(no doc) [10 implementers]
openapi3/helpers.go
Router (Interface)
Router helps link http.Request.s and an OpenAPIv3 spec [2 implementers]
routers/types.go
StatusCoder (Interface)
StatusCoder is checked by DefaultErrorEncoder. If an error value implements StatusCoder, the StatusCode will be used whe [1 …
openapi3filter/validation_kit.go
Option (FuncType)
Option configures an Upgrade pass. See WithWriter.
openapi3conv/openapi3_conv.go
Option (FuncType)
Option allows tweaking SchemaRef generation
openapi3gen/openapi3gen.go
NewCallbackOption (FuncType)
NewCallbackOption describes options to NewCallback func
openapi3/callback.go
RefNameResolver (FuncType)
RefNameResolver maps a component to a name that is used as it's internalized name. The function should avoid name colli
openapi3/internalize_refs.go

Core symbols most depended-on inside this repo

Validate
called by 299
openapi3/schema_formats.go
NewLoader
called by 228
openapi3/loader.go
As
called by 178
openapi3/errors.go
VisitJSON
called by 177
openapi3/schema.go
Value
called by 164
openapi3/maplike.go
LoadFromData
called by 139
openapi3/loader.go
Error
called by 129
openapi3/errors.go
componentNames
called by 104
openapi3/helpers.go

Shape

Function 938
Method 772
Struct 288
TypeAlias 70
FuncType 25
Interface 9

Languages

Go100%

Modules by API surface

openapi3/validation_error.go299 symbols
openapi3/schema.go118 symbols
openapi3/refs.go108 symbols
openapi3/validation_error_test.go81 symbols
openapi3filter/req_resp_decoder.go67 symbols
openapi2conv/openapi2_conv.go42 symbols
openapi3/loader.go41 symbols
openapi3gen/openapi3gen_test.go39 symbols
openapi3/validation_error_context.go39 symbols
openapi3/maplike.go33 symbols
openapi3filter/middleware.go32 symbols
openapi3/security_scheme.go31 symbols

Dependencies from manifests, versioned

github.com/go-openapi/jsonpointerv0.22.5 · 1×
github.com/go-openapi/swag/jsonnamev0.25.5 · 1×
github.com/kr/textv0.2.0 · 1×
github.com/oasdiff/yamlv0.1.0 · 1×
github.com/oasdiff/yaml3v0.0.13 · 1×
github.com/pmezard/go-difflibv1.0.0 · 1×
github.com/santhosh-tekuri/jsonschema/v6v6.0.2 · 1×
golang.org/x/textv0.14.0 · 1×
gopkg.in/check.v1v1.0.0-2020113013444 · 1×

For agents

$ claude mcp add kin-openapi \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact