The following table shows how to migrate from OAS 3.0 binary data descriptions, continuing to useimage/png as the example binary media type:

This objectMAY be extended withSpecification Extensions.

This objectMAY be extended withSpecification Extensions.

{"title":"Example Pet Store App","summary":"A pet store manager.","description":"This is an example server for a pet store.","termsOfService":"https://example.com/terms/","contact":{"name":"API Support","url":"https://www.example.com/support","email":"support@example.com"},"license":{"name":"Apache 2.0","url":"https://www.apache.org/licenses/LICENSE-2.0.html"},"version":"1.0.1"}

title:ExamplePetStoreAppsummary:Apetstoremanager.description:Thisisanexampleserverforapetstore.termsOfService:https://example.com/terms/contact:name:APISupporturl:https://www.example.com/supportemail:support@example.comlicense:name:Apache2.0url:https://www.apache.org/licenses/LICENSE-2.0.htmlversion:1.0.1

This objectMAY be extended withSpecification Extensions.

{"name":"API Support","url":"https://www.example.com/support","email":"support@example.com"}

name:APISupporturl:https://www.example.com/supportemail:support@example.com

This objectMAY be extended withSpecification Extensions.

{"name":"Apache 2.0","identifier":"Apache-2.0"}

name:Apache2.0identifier:Apache-2.0

This objectMAY be extended withSpecification Extensions.

A single server would be described as:

{"url":"https://development.gigantic-server.com/v1","description":"Development server"}

url:https://development.gigantic-server.com/v1description:Developmentserver

The following shows how multiple servers can be described, for example, at the OpenAPI Object’sservers:

{"servers":[{"url":"https://development.gigantic-server.com/v1","description":"Development server"},{"url":"https://staging.gigantic-server.com/v1","description":"Staging server"},{"url":"https://api.gigantic-server.com/v1","description":"Production server"}]}

servers:-url:https://development.gigantic-server.com/v1description:Developmentserver-url:https://staging.gigantic-server.com/v1description:Stagingserver-url:https://api.gigantic-server.com/v1description:Productionserver

The following shows how variables can be used for a server configuration:

{"servers":[{"url":"https://{username}.gigantic-server.com:{port}/{basePath}","description":"The production API server","variables":{"username":{"default":"demo","description":"A user-specific subdomain. Use `demo` for a free sandbox environment."},"port":{"enum":["8443","443"],"default":"8443"},"basePath":{"default":"v2"}}}]}

servers:-url:https://{username}.gigantic-server.com:{port}/{basePath}description:TheproductionAPIservervariables:username:# note! no enum here means it is an open valuedefault:demodescription:Auser-specificsubdomain.Use`demo`forafreesandboxenvironment.port:enum:-'8443'-'443'default:'8443'basePath:# open meaning there is the opportunity to use special base paths as assigned by the provider, default is "v2"default:v2

This objectMAY be extended withSpecification Extensions.

This objectMAY be extended withSpecification Extensions.

All the fixed fields declared above are objects thatMUST use keys that match the regular expression:^[a-zA-Z0-9\.\-_]+$.

Field Name Examples:

UserUser_1User_Nameuser-namemy.org.User

"components":{"schemas":{"GeneralError":{"type":"object","properties":{"code":{"type":"integer","format":"int32"},"message":{"type":"string"}}},"Category":{"type":"object","properties":{"id":{"type":"integer","format":"int64"},"name":{"type":"string"}}},"Tag":{"type":"object","properties":{"id":{"type":"integer","format":"int64"},"name":{"type":"string"}}}},"parameters":{"skipParam":{"name":"skip","in":"query","description":"number of items to skip","required":true,"schema":{"type":"integer","format":"int32"}},"limitParam":{"name":"limit","in":"query","description":"max records to return","required":true,"schema":{"type":"integer","format":"int32"}}},"responses":{"NotFound":{"description":"Entity not found."},"IllegalInput":{"description":"Illegal input for operation."},"GeneralError":{"description":"General Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GeneralError"}}}}},"securitySchemes":{"api_key":{"type":"apiKey","name":"api-key","in":"header"},"petstore_auth":{"type":"oauth2","flows":{"implicit":{"authorizationUrl":"https://example.org/api/oauth/dialog","scopes":{"write:pets":"modify pets in your account","read:pets":"read your pets"}}}}}}

components:schemas:GeneralError:type:objectproperties:code:type:integerformat:int32message:type:stringCategory:type:objectproperties:id:type:integerformat:int64name:type:stringTag:type:objectproperties:id:type:integerformat:int64name:type:stringparameters:skipParam:name:skipin:querydescription:numberofitemstoskiprequired:trueschema:type:integerformat:int32limitParam:name:limitin:querydescription:maxrecordstoreturnrequired:trueschema:type:integerformat:int32responses:NotFound:description:Entitynotfound.IllegalInput:description:Illegalinputforoperation.GeneralError:description:GeneralErrorcontent:application/json:schema:$ref:'#/components/schemas/GeneralError'securitySchemes:api_key:type:apiKeyname:api-keyin:headerpetstore_auth:type:oauth2flows:implicit:authorizationUrl:https://example.org/api/oauth/dialogscopes:write:pets:modifypetsinyouraccountread:pets:readyourpets

This objectMAY be extended withSpecification Extensions.

Assuming the following paths, the concrete definition,/pets/mine, will be matched first if used:

  /pets/{petId}  /pets/mine

The following paths are considered identical and invalid:

  /pets/{petId}  /pets/{name}

The following may lead to ambiguous resolution:

  /{entity}/me  /books/{id}

{"/pets":{"get":{"description":"Returns all pets from the system that the user has access to","responses":{"200":{"description":"A list of pets.","content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/pet"}}}}}}}}}

/pets:get:description:Returnsallpetsfromthesystemthattheuserhasaccesstoresponses:'200':description:Alistofpets.content:application/json:schema:type:arrayitems:$ref:'#/components/schemas/pet'

This objectMAY be extended withSpecification Extensions.

{"get":{"description":"Returns pets based on ID","summary":"Find pets by ID","operationId":"getPetsById","responses":{"200":{"description":"pet response","content":{"*/*":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/Pet"}}}}},"default":{"description":"error payload","content":{"text/html":{"schema":{"$ref":"#/components/schemas/ErrorModel"}}}}}},"parameters":[{"name":"id","in":"path","description":"ID of pet to use","required":true,"schema":{"type":"array","items":{"type":"string"}},"style":"simple"}]}

get:description:ReturnspetsbasedonIDsummary:FindpetsbyIDoperationId:getPetsByIdresponses:'200':description:petresponsecontent:'*/*':schema:type:arrayitems:$ref:'#/components/schemas/Pet'default:description:errorpayloadcontent:text/html:schema:$ref:'#/components/schemas/ErrorModel'parameters:-name:idin:pathdescription:IDofpettouserequired:trueschema:type:arrayitems:type:stringstyle:simple

This objectMAY be extended withSpecification Extensions.

{"tags":["pet"],"summary":"Updates a pet in the store with form data","operationId":"updatePetWithForm","parameters":[{"name":"petId","in":"path","description":"ID of pet that needs to be updated","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/x-www-form-urlencoded":{"schema":{"type":"object","properties":{"name":{"description":"Updated name of the pet","type":"string"},"status":{"description":"Updated status of the pet","type":"string"}},"required":["status"]}}}},"responses":{"200":{"description":"Pet updated.","content":{"application/json":{},"application/xml":{}}},"405":{"description":"Method Not Allowed","content":{"application/json":{},"application/xml":{}}}},"security":[{"petstore_auth":["write:pets","read:pets"]}]}

tags:-petsummary:UpdatesapetinthestorewithformdataoperationId:updatePetWithFormparameters:-name:petIdin:pathdescription:IDofpetthatneedstobeupdatedrequired:trueschema:type:stringrequestBody:content:application/x-www-form-urlencoded:schema:type:objectproperties:name:description:Updatednameofthepettype:stringstatus:description:Updatedstatusofthepettype:stringrequired:-statusresponses:'200':description:Petupdated.content:application/json: {}application/xml: {}'405':description:MethodNotAllowedcontent:application/json: {}application/xml: {}security:-petstore_auth:-write:pets-read:pets

This objectMAY be extended withSpecification Extensions.

{"description":"Find more info here","url":"https://example.com"}

description:Findmoreinfohereurl:https://example.com

There are four possible parameter locations specified by thein field:

• path - Used together withPath Templating, where the parameter value is actually part of the operation’s URL. This does not include the host or base path of the API. For example, in/items/{itemId}, the path parameter isitemId.
• query - Parameters that are appended to the URL. For example, in/items?id=###, the query parameter isid.
• header - Custom headers that are expected as part of the request. Note that [RFC7230]Section 3.2 states header names are case insensitive.
• cookie - Used to pass a specific cookie value to the API.

The rules for serialization of the parameter are specified in one of two ways.Parameter ObjectsMUST include either acontent field or aschema field, but not both.SeeAppendix B for a discussion of converting values of various types to string representations.

In order to support common ways of serializing simple parameters, a set ofstyle values are defined.

All API URLsMUST successfully parse and percent-decode using [RFC3986] rules.

Content in theapplication/x-www-form-urlencoded format, including query strings produced byParameter Objects within: "query",MUST also successfully parse and percent-decode using [RFC1866] rules, including treating non-percent-encoded+ as an escaped space character.

These requirements are specified in terms of percent-decoding rules, which are consistently tolerant across different versions of the various standards that apply to URIs.

Percent-encoding is performed in several places:

• By [RFC6570] implementations (or simulations thereof; seeAppendix C)
• By the Parameter orEncoding Objects when incorporating a value serialized with aMedia Type Object for a media type that does not already incorporate URI percent-encoding
• By the user, prior to passing data through RFC6570’s reserved expansion process

When percent-encoding, the safest approach is to percent-encode all characters not in RFC3986’s “unreserved” set, and forform-urlencoded to also percent-encode the tilde character (~) to align with the historical requirements of [RFC1738], which is cited by RFC1866.This approach is used in examples in this specification.

Forform-urlencoded, while the encoding algorithm given by RFC1866 requires escaping the space character as+, percent-encoding it as%20 also meets the above requirements.Examples in this specification will prefer%20 when using RFC6570’s default (non-reserved) form-style expansion, and+ otherwise.

Reserved charactersMUST NOT be percent-encoded when being used for reserved purposes such as&=+ forform-urlencoded or, for delimiting non-exploded array and object values in RFC6570 expansions.The result of inserting non-percent-encoded delimiters into data using manual percent-encoding, including via RFC6570’s reserved expansion rules, is undefined and will likely prevent implementations from parsing the results back into the correct data structures.In some cases, such as inserting/ into path parameter values, doing so isexplicitly forbidden by this specification.

SeeAppendix E for a thorough discussion of percent-encoding options, compatibility, and OAS-defined delimiters that are not allowed by RFC3986, andAppendix C for guidance on using RFC6570 implementations.

The rules in this section apply to both the Parameter andHeader Objects, both of which use the same mechanisms.

When showing serialized examples using theexample field orExample Objects, in most cases the value to show is just the value, with all relevant percent-encoding or other encoding/escaping applied, and also including any delimiters produced by thestyle andexplode configuration.

In cases where the name is an inherent part of constructing the serialization, such as thename=value pairs produced bystyle: "form" or the combination ofstyle: "simple", explode: true, the name and any delimiter between the name and valueMUST be included.

Thematrix andlabel styles produce a leading delimiter which is always a valid part of the serialization andMUST be included.The RFC6570 operators corresponding tostyle: "form" produce a leading delimiter of either? or& depending on the exact syntax used.As the suitability of either delimiter depends on where in the query string the parameter occurs, as well as whether it is in a URI or inapplication/x-www-form-urlencoded content, this leading delimiterMUST NOT be included in examples of individual parameters or media type documents.Forin: "cookie", style: "form", neither the& nor? delimiters are ever correct; seeAppendix D: Serializing Headers and Cookies for more details.

For headers, the header nameMUST NOT be included as part of the serialization, as it is never part of the RFC6570-derived result.However, names produced bystyle: "simple", explode: "true" are included as they appear within the header value, not as separate headers.

The following section illustrates these rules.

Assume a parameter namedcolor has one of the following values:

   string ->"blue"   array -> ["blue","black","brown"]   object -> {"R":100,"G":200,"B":150 }

The following table shows serialized examples, as would be shown with theexample orexamples keywords, of the different serializations for each value.

• The valueempty denotes the empty string, and is unrelated to theallowEmptyValue field.
• The behavior of combinations markedn/a is undefined.
• Theundefined column replaces theempty column in previous versions of this specification in order to better align with [RFC6570]Section 2.3 terminology, which describes certain values including but not limited tonull as “undefined” values with special handling; notably, the empty string isnot undefined.
• Forform and the non-RFC6570 query string stylesspaceDelimited,pipeDelimited, anddeepObject, seeAppendix C for more information on constructing query strings from multiple parameters, andAppendix D for warnings regardingform and cookie parameters.
• The examples are percent-encoded as explained in theURL Percent-Encoding section above; seeAppendix E for a thorough discussion of percent-encoding concerns, including why unencoded| (%7C),[ (%5B), and] (%5D) seem to work in some environments despite not being compliant.

A header parameter with an array of 64-bit integer numbers:

{"name":"token","in":"header","description":"token to be passed as a header","required":true,"schema":{"type":"array","items":{"type":"integer","format":"int64"}},"style":"simple"}

name:tokenin:headerdescription:tokentobepassedasaheaderrequired:trueschema:type:arrayitems:type:integerformat:int64style:simple

A path parameter of a string value:

{"name":"username","in":"path","description":"username to fetch","required":true,"schema":{"type":"string"}}

name:usernamein:pathdescription:usernametofetchrequired:trueschema:type:string

An optional query parameter of a string value, allowing multiple values by repeating the query parameter:

{"name":"id","in":"query","description":"ID of the object to fetch","required":false,"schema":{"type":"array","items":{"type":"string"}},"style":"form","explode":true}

name:idin:querydescription:IDoftheobjecttofetchrequired:falseschema:type:arrayitems:type:stringstyle:formexplode:true

A free-form query parameter, allowing undefined parameters of a specific type:

{"in":"query","name":"freeForm","schema":{"type":"object","additionalProperties":{"type":"integer"}},"style":"form"}

in:queryname:freeFormschema:type:objectadditionalProperties:type:integerstyle:form

A complex parameter usingcontent to define serialization:

{"in":"query","name":"coordinates","content":{"application/json":{"schema":{"type":"object","required":["lat","long"],"properties":{"lat":{"type":"number"},"long":{"type":"number"}}}}}}

in:queryname:coordinatescontent:application/json:schema:type:objectrequired:-lat-longproperties:lat:type:numberlong:type:number

This objectMAY be extended withSpecification Extensions.

A request body with a referenced schema definition.

{"description":"user to add to the system","content":{"application/json":{"schema":{"$ref":"#/components/schemas/User"},"examples":{"user":{"summary":"User Example","externalValue":"https://foo.bar/examples/user-example.json"}}},"application/xml":{"schema":{"$ref":"#/components/schemas/User"},"examples":{"user":{"summary":"User example in XML","externalValue":"https://foo.bar/examples/user-example.xml"}}},"text/plain":{"examples":{"user":{"summary":"User example in Plain text","externalValue":"https://foo.bar/examples/user-example.txt"}}},"*/*":{"examples":{"user":{"summary":"User example in other format","externalValue":"https://foo.bar/examples/user-example.whatever"}}}}}

description:usertoaddtothesystemcontent:application/json:schema:$ref:'#/components/schemas/User'examples:user:summary:UserexampleexternalValue:https://foo.bar/examples/user-example.jsonapplication/xml:schema:$ref:'#/components/schemas/User'examples:user:summary:UserexampleinXMLexternalValue:https://foo.bar/examples/user-example.xmltext/plain:examples:user:summary:UserexampleinplaintextexternalValue:https://foo.bar/examples/user-example.txt'*/*':examples:user:summary:UserexampleinotherformatexternalValue:https://foo.bar/examples/user-example.whatever

This objectMAY be extended withSpecification Extensions.

{"application/json":{"schema":{"$ref":"#/components/schemas/Pet"},"examples":{"cat":{"summary":"An example of a cat","value":{"name":"Fluffy","petType":"Cat","color":"White","gender":"male","breed":"Persian"}},"dog":{"summary":"An example of a dog with a cat's name","value":{"name":"Puma","petType":"Dog","color":"Black","gender":"Female","breed":"Mixed"}},"frog":{"$ref":"#/components/examples/frog-example"}}}}

application/json:schema:$ref:'#/components/schemas/Pet'examples:cat:summary:Anexampleofacatvalue:name:FluffypetType:Catcolor:Whitegender:malebreed:Persiandog:summary:Anexampleofadogwithacat'snamevalue:name:PumapetType:Dogcolor:Blackgender:Femalebreed:Mixedfrog:$ref:'#/components/examples/frog-example'

In contrast to OpenAPI 2.0,file input/output content in OAS 3.x is described with the same semantics as any other schema type.

In contrast to OAS 3.0, theformat keyword has no effect on the content-encoding of the schema in OAS 3.1. Instead, JSON Schema’scontentEncoding andcontentMediaType keywords are used. SeeWorking With Binary Data for how to model various scenarios with these keywords, and how to migrate from the previousformat usage.

Examples:

Content transferred in binary (octet-stream)MAY omitschema:

# a PNG image as a binary file:content:image/png: {}

# an arbitrary binary file:content:application/octet-stream: {}

# arbitrary JSON without constraints beyond being syntactically valid:content:application/json: {}

These examples apply to either input payloads of file uploads or response payloads.

ArequestBody for submitting a file in aPOST operation may look like the following example:

requestBody:content:application/octet-stream: {}

In addition, specific media typesMAY be specified:

# multiple, specific media types may be specified:requestBody:content:# a binary file of type png or jpegimage/jpeg: {}image/png: {}

To upload multiple files, amultipart media typeMUST be used as shown underExample: Multipart Form with Multiple Files.

SeeEncoding thex-www-form-urlencoded Media Type for guidance and examples, both with and without theencoding field.

SeeEncodingmultipart Media Types for further guidance and examples, both with and without theencoding field.

To submit content using form url encoding via [RFC1866], use theapplication/x-www-form-urlencoded media type in theMedia Type Object under theRequest Body Object.This configuration means that the request bodyMUST be encoded per [RFC1866] when passed to the server, after any complex objects have been serialized to a string representation.

SeeAppendix E for a detailed examination of percent-encoding concerns for form media types.

requestBody:content:application/x-www-form-urlencoded:schema:type:objectproperties:id:type:stringformat:uuidaddress:# complex types are stringified to support RFC 1866type:objectproperties: {}

{"streetAddress":"123 Example Dr.","city":"Somewhere","state":"CA","zip":"99999+1234"}

id=f81d4fae-7dec-11d0-a765-00a0c91e6bf6&address=%7B%22streetAddress%22%3A%22123+Example+Dr.%22%2C%22city%22%3A%22Somewhere%22%2C%22state%22%3A%22CA%22%2C%22zip%22%3A%2299999%2B1234%22%7D

id=%22f81d4fae-7dec-11d0-a765-00a0c91e6bf6%22

requestBody:content:application/x-www-form-urlencoded:schema:type:objectproperties:name:type:stringicon:# The default content type with `contentEncoding` present# is "application/octet-stream", so we need to set the correct# image media type(s) in the Encoding Object.type:stringcontentEncoding:base64urlencoding:icon:contentType:image/png,image/jpeg

name=example&icon=iVBORw0KGgoAAAANSUhEUgAAAAIAAAACCAIAAAD91JpzAAAABGdBTUEAALGPC_xhBQAAADhlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAAqACAAQAAAABAAAAAqADAAQAAAABAAAAAgAAAADO0J6QAAAAEElEQVQIHWP8zwACTGCSAQANHQEDqtPptQAAAABJRU5ErkJggg%3D%3D

It is common to usemultipart/form-data as aContent-Type when transferring forms as request bodies. In contrast to OpenAPI 2.0, aschema isREQUIRED to define the input parameters to the operation when usingmultipart content. This supports complex structures as well as supporting mechanisms for multiple file uploads.

Theform-data disposition and itsname parameter are mandatory formultipart/form-data ([RFC7578]Section 4.2).Array properties are handled by applying the samename to multiple parts, as is recommended by [RFC7578]Section 4.3 for supplying multiple values per form field.See [RFC7578]Section 5 for guidance regarding non-ASCII part names.

Various othermultipart types, most notablemultipart/mixed ([RFC2046]Section 5.1.3) neither require nor forbid specificContent-Disposition values, which means care must be taken to ensure that any values used are supported by all relevant software.It is not currently possible to correlate schema properties with unnamed, ordered parts in media types such asmultipart/mixed, but implementationsMAY choose to support such types whenContent-Disposition: form-data is used with aname parameter.

Note that there are significant restrictions on what headers can be used withmultipart media types in general ([RFC2046]Section 5.1) andmulti-part/form-data in particular ([RFC7578]Section 4.8).

Note also thatContent-Transfer-Encoding is deprecated formultipart/form-data ([RFC7578]Section 4.7) where binary data is supported, as it is in HTTP.

UsingcontentEncoding for a multipart field is equivalent to specifying anEncoding Object with aheaders field containingContent-Transfer-Encoding with a schema that requires the value used incontentEncoding.IfcontentEncoding is used for a multipart field that has an Encoding Object with aheaders field containingContent-Transfer-Encoding with a schema that disallows the value fromcontentEncoding, the result is undefined for serialization and parsing.

Note that as stated inWorking with Binary Data, if the Encoding Object’scontentType, whether set explicitly or implicitly through its default value rules, disagrees with thecontentMediaType in a Schema Object, thecontentMediaTypeSHALL be ignored.Because of this, and because the Encoding Object’scontentType defaulting rules do not take the Schema Object’scontentMediaType into account, the use ofcontentMediaType with an Encoding Object isNOT RECOMMENDED.

SeeAppendix E for a detailed examination of percent-encoding concerns for form media types.

requestBody:content:multipart/form-data:schema:type:objectproperties:# default content type for a string without `contentEncoding`# is "text/plain"id:type:stringformat:uuid# default content type for a schema without `type`# is "application/octet-stream"profileImage: {}# default content type for arrays is based on the type# in the `items` subschema, which is an object here,# so the default content type for each item is "application/json"addresses:type:arrayitems:$ref:'#/components/schemas/Address'

requestBody:content:multipart/form-data:schema:type:objectproperties:# No Encoding Object, so use default "text/plain"id:type:stringformat:uuid# Encoding Object overrides the default "application/json" content type# for each item in the array with "application/xml; charset=utf-8"addresses:description:addressesinXMLformattype:arrayitems:$ref:'#/components/schemas/Address'# Encoding Object accepts only PNG or JPEG, and also describes# a custom header for just this part in the multipart formatprofileImage: {}encoding:addresses:contentType:application/xml;charset=utf-8profileImage:contentType:image/png,image/jpegheaders:X-Rate-Limit-Limit:description:Thenumberofallowedrequestsinthecurrentperiodschema:type:integer

requestBody:content:multipart/form-data:schema:properties:# The property name `file` will be used for all files.file:type:arrayitems: {}

This objectMAY be extended withSpecification Extensions.

A 200 response for a successful operation and a default response for others (implying an error):

{"200":{"description":"a pet to be returned","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Pet"}}}},"default":{"description":"Unexpected error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorModel"}}}}}

'200':description:apettobereturnedcontent:application/json:schema:$ref:'#/components/schemas/Pet'default:description:Unexpectederrorcontent:application/json:schema:$ref:'#/components/schemas/ErrorModel'

This objectMAY be extended withSpecification Extensions.

Response of an array of a complex type:

{"description":"A complex object array response","content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/VeryComplexType"}}}}}

description:Acomplexobjectarrayresponsecontent:application/json:schema:type:arrayitems:$ref:'#/components/schemas/VeryComplexType'

Response with a string type:

{"description":"A simple string response","content":{"text/plain":{"schema":{"type":"string"}}}}

description:Asimplestringresponsecontent:text/plain:schema:type:string

Plain text response with headers:

{"description":"A simple string response","content":{"text/plain":{"schema":{"type":"string"},"example":"whoa!"}},"headers":{"X-Rate-Limit-Limit":{"description":"The number of allowed requests in the current period","schema":{"type":"integer"}},"X-Rate-Limit-Remaining":{"description":"The number of remaining requests in the current period","schema":{"type":"integer"}},"X-Rate-Limit-Reset":{"description":"The number of seconds left in the current period","schema":{"type":"integer"}}}}

description:Asimplestringresponsecontent:text/plain:schema:type:stringexample:'whoa!'headers:X-Rate-Limit-Limit:description:Thenumberofallowedrequestsinthecurrentperiodschema:type:integerX-Rate-Limit-Remaining:description:Thenumberofremainingrequestsinthecurrentperiodschema:type:integerX-Rate-Limit-Reset:description:Thenumberofsecondsleftinthecurrentperiodschema:type:integer

Response with no return value:

{"description":"object created"}

description:objectcreated

This objectMAY be extended withSpecification Extensions.

The key that identifies thePath Item Object is aruntime expression that can be evaluated in the context of a runtime HTTP request/response to identify the URL to be used for the callback request.A simple example might be$request.body#/url.However, using aruntime expression the complete HTTP message can be accessed.This includes accessing any part of a body that a JSON Pointer [RFC6901] can reference.

For example, given the following HTTP request:

POST/subscribe/myevent?queryUrl=https://clientdomain.com/stillrunningHTTP/1.1Host:example.orgContent-Type:application/jsonContent-Length:188{  "failedUrl": "https://clientdomain.com/failed",  "successUrls": [    "https://clientdomain.com/fast",    "https://clientdomain.com/medium",    "https://clientdomain.com/slow"  ]}

resulting in:

201 CreatedLocation:https://example.org/subscription/1

The following examples show how the various expressions evaluate, assuming the callback operation has a path parameter namedeventType and a query parameter namedqueryUrl.

The following example uses the user providedqueryUrl query string parameter to define the callback URL. This is similar to awebhook, but differs in that the callback only occurs because of the initial request that sent thequeryUrl.

myCallback:'{$request.query.queryUrl}':post:requestBody:description:Callbackpayloadcontent:application/json:schema:$ref:'#/components/schemas/SomePayload'responses:'200':description:callbacksuccessfullyprocessed

The following example shows a callback where the server is hard-coded, but the query string parameters are populated from theid andemail property in the request body.

transactionCallback:'http://notificationServer.com?transactionId={$request.body#/id}&email={$request.body#/email}':post:requestBody:description:Callbackpayloadcontent:application/json:schema:$ref:'#/components/schemas/SomePayload'responses:'200':description:callbacksuccessfullyprocessed

This objectMAY be extended withSpecification Extensions.

In all cases, the example valueSHOULD be compatible with the schema of its associated value.Tooling implementationsMAY choose to validate compatibility automatically, and reject the example value(s) if incompatible.

Example Objects can be used inParameter Objects,Header Objects, andMedia Type Objects.In all three Objects, this is done through theexamples (plural) field.However, there are several other ways to provide examples: Theexample (singular) field that is mutually exclusive withexamples in all three Objects, and two keywords (the deprecated singularexample and the current pluralexamples, which takes an array of examples) in theSchema Object that appears in theschema field of all three Objects.Each of these fields has slightly different considerations.

The Schema Object’s fields are used to show example values without regard to how they might be formatted as parameters or within media type representations.Theexamples array is part of JSON Schema and is the preferred way to include examples in the Schema Object, whileexample is retained purely for compatibility with older versions of the OpenAPI Specification.

The mutually exclusive fields in the Parameter, Header, or Media Type Objects are used to show example values whichSHOULD both match the schema and be formatted as they would appear as a serialized parameter, serialized header, or within a media type representation.The exact serialization and encoding is determined by various fields in the Parameter Object, Header Object, or in the Media Type Object’sEncoding Object.Because examples using these fields represent the final serialized form of the data, theySHALLoverride anyexample in the corresponding Schema Object.

The singularexample field in the Parameter, Header, or Media Type Object is concise and convenient for simple examples, but does not offer any other advantages over using Example Objects underexamples.

Some examples cannot be represented directly in JSON or YAML.For all three ways of providing examples, these can be shown as string values with any escaping necessary to make the string valid in the JSON or YAML format of documents that comprise the OpenAPI Description.With the Example Object, such values can alternatively be handled through theexternalValue field.

In a request body:

requestBody:content:'application/json':schema:$ref:'#/components/schemas/Address'examples:foo:summary:Afooexamplevalue:foo:barbar:summary:Abarexamplevalue:bar:bazapplication/xml:examples:xmlExample:summary:ThisisanexampleinXMLexternalValue:https://example.org/examples/address-example.xmltext/plain:examples:textExample:summary:ThisisatextexampleexternalValue:https://foo.bar/examples/address-example.txt

In a parameter:

parameters:-name:zipCodein:queryschema:type:stringformat:zip-codeexamples:zip-example:$ref:'#/components/examples/zip-example'

In a response:

responses:'200':description:yourcarappointmenthasbeenbookedcontent:application/json:schema:$ref:'#/components/schemas/SuccessResponse'examples:confirmation-success:$ref:'#/components/examples/confirmation-success'

Two different uses of JSON strings:

First, a request or response body that is just a JSON string (not an object containing a string):

"application/json":{"schema":{"type":"string"},"examples":{"jsonBody":{"description":"A body of just the JSON string \"json\"","value":"json"}}}

application/json:schema:type:stringexamples:jsonBody:description:'A body of just the JSON string "json"'value:json

In the above example, we can just show the JSON string (or any JSON value) as-is, rather than stuffing a serialized JSON value into a JSON string, which would have looked like"\"json\"".

In contrast, a JSON string encoded inside of a URL-style form body:

"application/x-www-form-urlencoded":{"schema":{"type":"object","properties":{"jsonValue":{"type":"string"}}},"encoding":{"jsonValue":{"contentType":"application/json"}},"examples":{"jsonFormValue":{"description":"The JSON string \"json\" as a form value","value":"jsonValue=%22json%22"}}}

application/x-www-form-urlencoded:schema:type:objectproperties:jsonValue:type:stringencoding:jsonValue:contentType:application/jsonexamples:jsonFormValue:description:'The JSON string "json" as a form value'value:jsonValue=%22json%22

In this example, the JSON string had to be serialized before encoding it into the URL form value, so the example includes the quotation marks that are part of the JSON serialization, which are then URL percent-encoded.

This objectMAY be extended withSpecification Extensions.

A linked operationMUST be identified using either anoperationRef oroperationId.The identified or referenced operationMUST be unique, and in the case of anoperationId, itMUST be resolved within the scope of the OpenAPI Description (OAD).Because of the potential for name clashes, theoperationRef syntax is preferred for multi-document OADs.However, because use of an operation depends on its URL path template in thePaths Object, operations from anyPath Item Object that is referenced multiple times within the OAD cannot be resolved unambiguously.In such ambiguous cases, the resulting behavior is implementation-defined andMAY result in an error.

Note that it is not possible to provide a constant value toparameters that matches the syntax of a runtime expression.It is possible to have ambiguous parameter names, e.g.name: "id", in: "path" andname: "path.id", in: "query"; this isNOT RECOMMENDED and the behavior is implementation-defined, however implementationsSHOULD prefer the qualified interpretation (path.id as a path parameter), as the names can always be qualified to disambiguate them (e.g. usingquery.path.id for the query parameter).

Computing a link from a request operation where the$request.path.id is used to pass a request parameter to the linked operation.

paths:/users/{id}:parameters:-name:idin:pathrequired:truedescription:theuseridentifier,asuserIdschema:type:stringget:responses:'200':description:theuserbeingreturnedcontent:application/json:schema:type:objectproperties:uuid:# the unique user idtype:stringformat:uuidlinks:address:# the target link operationIdoperationId:getUserAddressparameters:# use the value of the request path parameter named "id"userid:$request.path.id# the path item of the linked operation/users/{userid}/address:parameters:-name:useridin:pathrequired:truedescription:theuseridentifier,asuserIdschema:type:string# linked operationget:operationId:getUserAddressresponses:'200':description:theuser'saddress

When a runtime expression fails to evaluate, no parameter value is passed to the target operation.

Values from the response body can be used to drive a linked operation.

links:address:operationId:getUserAddressByUUIDparameters:# use the value of the `uuid` field in the response bodyuserUuid:$response.body#/uuid

Clients follow all links at their discretion.Neither permissions nor the capability to make a successful call to that link is guaranteedsolely by the existence of a relationship.

links:UserRepositories:operationRef:'#/paths/~12.0~1repositories~1%7Busername%7D/get'parameters:username:$response.body#/username

links:UserRepositories:operationRef:https://na2.gigantic-server.com/#/paths/~12.0~1repositories~1%7Busername%7D/getparameters:username:$response.body#/username

Runtime expressions allow defining values based on information that will only be available within the HTTP message in an actual API call.This mechanism is used byLink Objects andCallback Objects.

The runtime expression is defined by the following [ABNF] syntax

    expression="$url" /"$method" /"$statusCode" /"$request." source /"$response." source    source= header-reference / query-reference / path-reference / body-reference    header-reference="header." token    query-reference="query." name    path-reference="path." name    body-reference="body" ["#" json-pointer ]    json-pointer= *("/" reference-token )    reference-token= *( unescaped / escaped )    unescaped=%x00-2E /%x30-7D /%x7F-10FFFF; %x2F ('/') and %x7E ('~') are excluded from 'unescaped'    escaped="~" ("0" /"1" ); representing '~' and '/', respectively    name= *char    token=1*tchar    tchar="!" /"#" /"$" /"%" /"&" /"'" /"*" /"+" /"-" /"."          /"^" /"_" /"`" /"|" /"~" /DIGIT /ALPHA

Here,json-pointer is taken from [RFC6901],char from [RFC7159]Section 7 andtoken from [RFC7230]Section 3.2.6.

Thename identifier is case-sensitive, whereastoken is not.

The table below provides examples of runtime expressions and examples of their use in a value:

A simple header of typeinteger:

"X-Rate-Limit-Limit":{"description":"The number of allowed requests in the current period","schema":{"type":"integer"}}

X-Rate-Limit-Limit:description:Thenumberofallowedrequestsinthecurrentperiodschema:type:integer

Requiring that a strongETag header (with a value starting with" rather thanW/) is present.

"ETag":{"required":true,"schema":{"type":"string","pattern":"^\""}}

ETag:required:trueschema:type:stringpattern:^"

This objectMAY be extended withSpecification Extensions.

{"name":"pet","description":"Pets operations"}

name:petdescription:Petsoperations

This object cannot be extended with additional properties, and any properties addedSHALL be ignored.

Note that this restriction on additional properties is a difference between Reference Objects andSchema Objects that contain a$ref keyword.

{"$ref":"#/components/schemas/Pet"}

$ref:'#/components/schemas/Pet'

{"$ref":"Pet.json"}

$ref:Pet.yaml

{"$ref":"definitions.json#/Pet"}

$ref:definitions.yaml#/Pet

The OpenAPI Schema Objectdialect is defined as requiring theOAS base vocabulary, in addition to the vocabularies as specified in the JSON Schema Specification Draft 2020-12general purpose meta-schema.

The OpenAPI Schema Object dialect for this version of the specification is identified by the URIhttps://spec.openapis.org/oas/3.1/dialect/base (the“OAS dialect schema id”).

The following keywords are taken from the JSON Schema specification but their definitions have been extended by the OAS:

• description - [CommonMark] syntaxMAY be used for rich text representation.
• format - SeeData Type Formats for further details. While relying on JSON Schema’s defined formats, the OAS offers a few additional predefined formats.

In addition to the JSON Schema keywords comprising the OAS dialect, the Schema Object supports keywords from any other vocabularies, or entirely arbitrary properties.

JSON Schema implementationsMAY choose to treat keywords defined by the OpenAPI Specification’s base vocabulary asunknown keywords, due to its inclusion in the OAS dialect with a$vocabulary value offalse.The OAS base vocabulary is comprised of the following keywords:

This objectMAY be extended withSpecification Extensions, though as noted, additional propertiesMAY omit thex- prefix within this object.

JSON Schema Draft 2020-12 supportscollecting annotations, includingtreating unrecognized keywords as annotations.OAS implementationsMAY use such annotations, includingextensions not recognized as part of a declared JSON Schema vocabulary, as the basis for further validation.Note that JSON Schema Draft 2020-12 does not require anx- prefix for extensions.

It is important for tooling to be able to determine which dialect or meta-schema any given resource wishes to be processed with: JSON Schema Core, JSON Schema Validation, OpenAPI Schema dialect, or some custom meta-schema.

The$schema keywordMAY be present in any Schema Object that is aschema resource root, and if presentMUST be used to determine which dialect should be used when processing the schema. This allows use of Schema Objects which comply with other drafts of JSON Schema than the default Draft 2020-12 support. ToolingMUST support theOAS dialect schema id, andMAY support additional values of$schema.

To allow use of a different default$schema value for all Schema Objects contained within an OAS document, ajsonSchemaDialect value may be set within theOpenAPI Object. If this default is not set, then the OAS dialect schema idMUST be used for these Schema Objects. The value of$schema within a resource root Schema Object always overrides any default.

For standalone JSON Schema documents that do not set$schema, or for Schema Objects in OpenAPI description documents that arenotcomplete documents, the dialectSHOULD be assumed to be the OAS dialect.However, for maximum interoperability, it isRECOMMENDED that OpenAPI description authors explicitly set the dialect through$schema in such documents.

This objectMAY be extended withSpecification Extensions.

The Discriminator Object is legal only when using one of the composite keywordsoneOf,anyOf,allOf.

In both theoneOf andanyOf use cases, where those keywords are adjacent todiscriminator, all possible schemasMUST be listed explicitly.

To avoid redundancy, the discriminatorMAY be added to a parent schema definition, and all schemas building on the parent schema via anallOf construct may be used as an alternate schema.

TheallOf form ofdiscriminator isonly useful for non-validation use cases; validation with the parent schema with this form ofdiscriminatordoes not perform a search for child schemas or use them in validation in any way.This is becausediscriminator cannot change the validation outcome, and no standard JSON Schema keyword connects the parent schema to the child schemas.

The behavior of any configuration ofoneOf,anyOf,allOf anddiscriminator that is not described above is undefined.

The value of the property named inpropertyName is used as the name of the associated schema under theComponents Object,unless amapping is present for that value.Themapping entry maps a specific property value to either a different schema component name, or to a schema identified by a URI.When using implicit or explicit schema component names, inlineoneOf oranyOf subschemas are not considered.The behavior of amapping value that is both a valid schema name and a valid relative URI reference is implementation-defined, but it isRECOMMENDED that it be treated as a schema name.To ensure that an ambiguous value (e.g."foo") is treated as a relative URI reference by all implementations, authorsMUST prefix it with the"." path segment (e.g."./foo").

Mapping keysMUST be string values, but toolingMAY convert response values to strings for comparison.However, the exact nature of such conversions are implementation-defined.