openapi-specification

OpenAPI 3.x specification design, schema patterns, and validation for REST API contracts. Use when creating or maintaining API specifications, generating documentation, or validating API contracts.

13 stars

Best use case

openapi-specification is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

OpenAPI 3.x specification design, schema patterns, and validation for REST API contracts. Use when creating or maintaining API specifications, generating documentation, or validating API contracts.

Teams using openapi-specification should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/openapi-specification/SKILL.md --create-dirs "https://raw.githubusercontent.com/NickCrew/Claude-Cortex/main/skills/openapi-specification/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/openapi-specification/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How openapi-specification Compares

Feature / Agentopenapi-specificationStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

OpenAPI 3.x specification design, schema patterns, and validation for REST API contracts. Use when creating or maintaining API specifications, generating documentation, or validating API contracts.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# OpenAPI Specification

Design, validate, and maintain OpenAPI 3.x specifications for REST API contracts.
Covers schema patterns, security schemes, versioning, and code generation integration.

## When to Use This Skill

- Creating a new OpenAPI specification from scratch
- Adding endpoints or schemas to an existing spec
- Reviewing or validating an API contract for correctness
- Setting up code generation from OpenAPI definitions
- Designing reusable schema components for large APIs
- Implementing security schemes in API specifications
- Managing API versioning and deprecation

## Quick Reference

| Resource | Purpose | Load when |
|----------|---------|-----------|
| `references/spec-patterns.md` | Schema patterns, security schemes, validation, versioning, reusable components | Designing or reviewing specs |

---

## Workflow

```
Phase 1: Design       → Define API overview, resources, and operations
Phase 2: Schema       → Build data models with reusable components
Phase 3: Validate     → Lint and verify the spec for correctness
Phase 4: Integrate    → Generate docs, SDKs, and contract tests
```

---

## Phase 1: API Design

Start with a high-level design before writing the spec:

1. **Identify resources** -- what nouns does this API expose?
2. **Map operations** -- what CRUD and custom actions apply to each resource?
3. **Define relationships** -- how do resources reference each other?
4. **Plan authentication** -- what security schemes are needed?
5. **Set conventions** -- naming style, pagination, error format

### Spec Skeleton

```yaml
openapi: 3.1.0
info:
  title: [API Name]
  version: 1.0.0
  description: [What this API does]
paths:
  /resources:
    get:
      summary: List resources
      operationId: listResources
    post:
      summary: Create a resource
      operationId: createResource
  /resources/{id}:
    get:
      summary: Get a resource
      operationId: getResource
components:
  schemas: {}
  securitySchemes: {}
```

---

## Phase 2: Schema Design

Build data models using `components/schemas` for reuse:

- Use `$ref` to reference shared schemas -- never duplicate definitions
- Apply `allOf` for composition, `oneOf` / `anyOf` for polymorphism
- Add `example` values to every schema and property
- Use `required` arrays explicitly -- don't rely on implicit behavior
- Document nullable fields with `type: [string, "null"]` (3.1) or `nullable: true` (3.0)

---

## Phase 3: Validate

Run validation before committing any spec changes:

```bash
# Spectral (recommended)
spectral lint openapi.yaml

# Redocly
redocly lint openapi.yaml

# swagger-cli
swagger-cli validate openapi.yaml
```

### Common Validation Issues

| Issue | Fix |
|-------|-----|
| Missing `operationId` | Add unique operationId to every operation |
| Unused schema | Remove from components or add a `$ref` |
| Missing response `description` | Add description to every response code |
| Path parameter not in path | Match `{param}` in path with parameter definition |
| No `2xx` response defined | Add at least one success response per operation |

---

## Phase 4: Integrate

Use the validated spec to generate downstream artifacts:

- **Documentation**: Redoc, Swagger UI, Stoplight
- **Client SDKs**: openapi-generator, autorest, orval
- **Server stubs**: openapi-generator with server templates
- **Contract tests**: Schemathesis, Dredd, Prism

---

## Quality Checklist

- [ ] All paths have operationIds
- [ ] HTTP methods match resource actions (GET reads, POST creates, etc.)
- [ ] Every response has a description and schema
- [ ] Security requirements defined at operation or global level
- [ ] Examples provided for request and response bodies
- [ ] Consistent naming conventions (camelCase, snake_case -- pick one)
- [ ] Deprecation fields set on sunset endpoints
- [ ] Spec passes linter with zero errors

---

## Anti-Patterns

- Do not inline schemas -- use `$ref` to `components/schemas` for anything reused
- Do not mix API versions in a single spec file
- Do not use `200 OK` for create operations -- use `201 Created`
- Do not omit error response schemas -- document `4xx` and `5xx` consistently
- Do not use `additionalProperties: true` without clear justification

Related Skills

writing-skills

13
from NickCrew/Claude-Cortex

Use when creating new skills, editing existing skills, or verifying skills work before deployment - applies TDD to process documentation by testing with subagents before writing, iterating until bulletproof against rationalization

workflow-security-audit

13
from NickCrew/Claude-Cortex

Comprehensive security assessment and remediation. Use for security reviews, compliance checks, vulnerability assessments.

workflow-performance

13
from NickCrew/Claude-Cortex

Systematic performance analysis and optimization. Use when things are slow, need optimization, or preparing for scale.

workflow-feature

13
from NickCrew/Claude-Cortex

Complete feature development workflow from design to deployment. Use when implementing new features or functionality.

workflow-feature-development

13
from NickCrew/Claude-Cortex

Complete workflow for developing new features from design to deployment. Use when starting a new feature, adding functionality, or building something new.

workflow-bug-fix

13
from NickCrew/Claude-Cortex

Systematic approach to identifying, fixing, and validating bug fixes. Use when fixing bugs, resolving issues, or addressing errors.

wiring-audit

13
from NickCrew/Claude-Cortex

User-triggered audit that finds wiring drift between a project's UI surfaces and backend capabilities — orphan surfaces (UI calls endpoints/hooks/procedures that no longer exist), unwired capabilities (backend routes/exports that nothing surfaces), shape drift (both exist but contracts mismatch), method drift (URL matches, HTTP verb does not), validation drift (frontend vs backend rules diverged), permission drift (UI exposes what backend forbids or vice versa), stale labels (UI text references renamed backend concepts), and unsurfaced configuration (env vars or flags that gate behavior with no UI or CLI to control them). This skill should be used when the user asks to "audit our wiring," "find UI/backend drift," "find unwired capabilities," "find stale surfaces," "check for contract violations," "find unused endpoints," "find unused hooks," "what mismatches between UI and backend," or any similar request whose deliverable is a prioritized findings report rather than a descriptive snapshot. Generic across UI frameworks but optimized for React applications (hooks, fetch, react-query, SWR, tRPC, server actions, react-router, Next.js). Not for descriptive architectural snapshots (use architectural-analysis), security audits (use security-auditor), or performance audits (use workflow-performance).

webapp-testing

13
from NickCrew/Claude-Cortex

Toolkit for interacting with and testing local web applications using Playwright. Use when verifying frontend functionality, debugging UI behavior, capturing browser screenshots, and viewing browser logs.

web-researcher

13
from NickCrew/Claude-Cortex

Use this skill when you need to research a topic online, gather information from multiple sources, or evaluate source credibility. Trigger phrases: 'research', 'find information about', 'look up', 'investigate'. Not for academic systematic reviews (use literature-reviewer) or fact-checking specific claims (use fact-checker).

visual-modes

13
from NickCrew/Claude-Cortex

Use when activating visual showcase modes (supersaiyan, kamehameha, over9000) for UI or interaction design - provides mode-specific enhancement checklists.

vibe-security

13
from NickCrew/Claude-Cortex

Comprehensive secure coding guide covering OWASP web vulnerabilities with prevention patterns and checklists. Use when writing or reviewing web application code to prevent XSS, CSRF, SSRF, SQL injection, access control flaws, and other common security vulnerabilities.

verification-before-completion

13
from NickCrew/Claude-Cortex

Use when about to claim work is complete, fixed, or passing, before committing or creating PRs - requires running verification commands and confirming output before making any success claims; evidence before assertions always