home / skills / nickcrew / claude-cortex / openapi-specification
This skill helps you design, validate, and maintain OpenAPI 3.x specs, enabling robust contracts, reusable schemas, and automated documentation.
npx playbooks add skill nickcrew/claude-cortex --skill openapi-specificationReview the files below or copy the command above to add this skill to your agents.
---
name: openapi-specification
description: OpenAPI 3.x specification design, schema patterns, and validation for REST API contracts. Use when creating or maintaining API specifications, generating documentation, or validating API contracts.
tags: [openapi, swagger, api, documentation, rest]
triggers:
- openapi spec
- swagger definition
- api contract
- api specification
- oas design
---
# OpenAPI Specification
Design, validate, and maintain OpenAPI 3.x specifications for REST API contracts.
Covers schema patterns, security schemes, versioning, and code generation integration.
## When to Use This Skill
- Creating a new OpenAPI specification from scratch
- Adding endpoints or schemas to an existing spec
- Reviewing or validating an API contract for correctness
- Setting up code generation from OpenAPI definitions
- Designing reusable schema components for large APIs
- Implementing security schemes in API specifications
- Managing API versioning and deprecation
## Quick Reference
| Resource | Purpose | Load when |
|----------|---------|-----------|
| `references/spec-patterns.md` | Schema patterns, security schemes, validation, versioning, reusable components | Designing or reviewing specs |
---
## Workflow
```
Phase 1: Design → Define API overview, resources, and operations
Phase 2: Schema → Build data models with reusable components
Phase 3: Validate → Lint and verify the spec for correctness
Phase 4: Integrate → Generate docs, SDKs, and contract tests
```
---
## Phase 1: API Design
Start with a high-level design before writing the spec:
1. **Identify resources** -- what nouns does this API expose?
2. **Map operations** -- what CRUD and custom actions apply to each resource?
3. **Define relationships** -- how do resources reference each other?
4. **Plan authentication** -- what security schemes are needed?
5. **Set conventions** -- naming style, pagination, error format
### Spec Skeleton
```yaml
openapi: 3.1.0
info:
title: [API Name]
version: 1.0.0
description: [What this API does]
paths:
/resources:
get:
summary: List resources
operationId: listResources
post:
summary: Create a resource
operationId: createResource
/resources/{id}:
get:
summary: Get a resource
operationId: getResource
components:
schemas: {}
securitySchemes: {}
```
---
## Phase 2: Schema Design
Build data models using `components/schemas` for reuse:
- Use `$ref` to reference shared schemas -- never duplicate definitions
- Apply `allOf` for composition, `oneOf` / `anyOf` for polymorphism
- Add `example` values to every schema and property
- Use `required` arrays explicitly -- don't rely on implicit behavior
- Document nullable fields with `type: [string, "null"]` (3.1) or `nullable: true` (3.0)
---
## Phase 3: Validate
Run validation before committing any spec changes:
```bash
# Spectral (recommended)
spectral lint openapi.yaml
# Redocly
redocly lint openapi.yaml
# swagger-cli
swagger-cli validate openapi.yaml
```
### Common Validation Issues
| Issue | Fix |
|-------|-----|
| Missing `operationId` | Add unique operationId to every operation |
| Unused schema | Remove from components or add a `$ref` |
| Missing response `description` | Add description to every response code |
| Path parameter not in path | Match `{param}` in path with parameter definition |
| No `2xx` response defined | Add at least one success response per operation |
---
## Phase 4: Integrate
Use the validated spec to generate downstream artifacts:
- **Documentation**: Redoc, Swagger UI, Stoplight
- **Client SDKs**: openapi-generator, autorest, orval
- **Server stubs**: openapi-generator with server templates
- **Contract tests**: Schemathesis, Dredd, Prism
---
## Quality Checklist
- [ ] All paths have operationIds
- [ ] HTTP methods match resource actions (GET reads, POST creates, etc.)
- [ ] Every response has a description and schema
- [ ] Security requirements defined at operation or global level
- [ ] Examples provided for request and response bodies
- [ ] Consistent naming conventions (camelCase, snake_case -- pick one)
- [ ] Deprecation fields set on sunset endpoints
- [ ] Spec passes linter with zero errors
---
## Anti-Patterns
- Do not inline schemas -- use `$ref` to `components/schemas` for anything reused
- Do not mix API versions in a single spec file
- Do not use `200 OK` for create operations -- use `201 Created`
- Do not omit error response schemas -- document `4xx` and `5xx` consistently
- Do not use `additionalProperties: true` without clear justification
This skill designs, validates, and maintains OpenAPI 3.x specifications for REST API contracts. It covers schema patterns, security schemes, versioning, and integration points for code generation and documentation. Use it to produce clear, reusable API contracts that drive documentation, SDKs, and contract tests.
The skill guides you through a four‑phase workflow: design resources and operations, build reusable schemas, run linting/validation, and integrate with docs and codegen tools. It enforces patterns like component reuse via $ref, explicit required arrays, and examples for every schema. It also highlights common validation fixes and maps outputs to downstream tools such as Redoc, openapi-generator, and contract testing frameworks.
What OpenAPI version does this target?
This skill targets OpenAPI 3.x, with notes for 3.0 vs 3.1 differences (nullable vs union types).
Which validators and tools are recommended?
Recommended: Spectral for linting, Redocly for static checks, swagger-cli for validation; use openapi-generator, autorest, or orval for SDK/codegen and Schemathesis or Dredd for contract tests.