OpenAPI / Swagger Specification
Also Known As
OpenAPI Specification
Swagger
OAS
API spec
TL;DR
A machine-readable YAML/JSON description of a REST API — enabling auto-generated documentation, client SDKs, mock servers, and contract testing.
Explanation
OpenAPI (formerly Swagger) is the standard for describing REST APIs in YAML or JSON: endpoints, parameters, request/response schemas, authentication methods, and error codes. An OpenAPI spec enables: Swagger UI interactive documentation, auto-generated client SDKs, contract testing (Dredd, Schemathesis), and mock servers for frontend development against a not-yet-built backend. PHP tools include zircote/swagger-php (annotation-based generation from docblocks), API Platform (spec-first approach), and league/openapi-psr7-validator for runtime request validation. Design-first (write the spec before the code) consistently produces better-structured APIs than code-first generation.
Common Misconception
✗ OpenAPI is just API documentation. An OpenAPI spec also drives code generation for clients and servers, automated contract testing, mock servers, and validation middleware — treating it as living documentation that drives tooling is far more valuable than static docs alone.
Why It Matters
OpenAPI (Swagger) is the standard for describing REST APIs — a machine-readable spec enables auto-generated docs, client SDKs, and contract testing, making the API a verifiable artifact not just documentation.
Common Mistakes
- Writing OpenAPI docs manually after the fact — they drift from the implementation immediately.
- Not using $ref for shared schemas — duplicate schema definitions diverge over time.
- Missing error response schemas — consumers cannot handle errors programmatically without them.
- Not validating requests against the OpenAPI spec at runtime — the spec and code can contradict each other.
Code Examples
✗ Vulnerable
# OpenAPI with no error schemas — consumers can't handle errors:
paths:
/users/{id}:
get:
responses:
'200':
content:
application/json:
schema: {$ref: '#/components/schemas/User'}
# Missing 404, 422, 500 schemas — errors undocumented
✓ Fixed
# OpenAPI 3.0 spec (openapi.yaml)
openapi: 3.0.3
info:
title: Order API
version: '2.0'
paths:
/orders:
post:
summary: Place an order
requestBody:
required: true
content:
application/json:
schema:
type: object
required: [user_id, items]
properties:
user_id: { type: integer }
items:
type: array
items:
type: object
required: [product_id, quantity]
properties:
product_id: { type: integer }
quantity: { type: integer, minimum: 1 }
responses:
'201': { description: Order created }
'422': { description: Validation error }
# Generate PHP client:
$ openapi-generator generate -i openapi.yaml -g php -o client/Tags
🤝 Adopt this term
£79/year · your link shown here
Added
15 Mar 2026
Edited
22 Mar 2026
Views
27
🤖 AI Guestbook educational data only
|
|
Last 30 days
Agents 0
No pings yet today
No pings yesterday
Amazonbot 8
Google 4
Perplexity 3
ChatGPT 3
Unknown AI 2
Ahrefs 2
SEMrush 2
Also referenced
How they use it
crawler 22
crawler_json 2
Related categories
⚡
DEV INTEL
Tools & Severity
🟡 Medium
⚙ Fix effort: Medium
⚡ Quick Fix
Define your API with OpenAPI 3.x — generate interactive docs with Swagger UI, validate requests/responses with middleware, and generate client SDKs automatically
📦 Applies To
any
web
api
laravel
symfony
🔗 Prerequisites
🔍 Detection Hints
No openapi.yaml or openapi.json in project; API documentation in README or Postman only; no request validation against schema
Auto-detectable:
✓ Yes
spectral
swagger-php
redoc
swagger-ui
⚠ Related Problems
🤖 AI Agent
Confidence: Medium
False Positives: Low
✗ Manual fix
Fix: Medium
Context: File