Fortinet white logo
Fortinet white logo

Administration Guide

Creating OpenAPI files

Creating OpenAPI files

This section provides instructions to:

  • Create an OpenAPI file
  • Add an OpenAPI file to an OpenAPI validation policy

To create an OpenAPI file

  1. Go to Web Protection > OpenAPI Validation > OpenAPI File.
  2. To upload cross-referenced files, you can enable Upload zip, and click Choose File to upload a zip file.
  3. Or just click Choose File to upload a valid OpenAPI file.
  4. Only yaml format of OpenAPI file is supported.
  5. Click OK.
  6. Click to upload more files.

    The figure below shows a list of OpenAPI files.



    Select one file, you can click to remove the file or to view details of this file. Moreover, you can also right click one file to delete it or view its details.

    The following figure shows details of an OpenAPI file.



    On the left, you can find the source OpenAPI file, and on the right, the parsing results including the objects described in the file are shown.

    The table below includes the objects of the OpenAPI document.

    Field Name Type Description
    openapi string REQUIRED. This string MUST be the semantic version number of the OpenAPI Specification version that the OpenAPI document uses. The openapi field SHOULD be used by tooling specifications and clients to interpret the OpenAPI document. This is not related to the API info.version string.
    info Info Object REQUIRED. Provides metadata about the API. The metadata MAY be used by tooling as required.
    servers Server Object An array of Server Objects, which provide connectivity information to a target server. If the servers property is not provided, or is an empty array, the default value would be a Server Object with a url value of /.
    paths Paths Object REQUIRED. The available paths and operations for the API.
    components Components Object An element to hold various schemas for the specification.
    security Security Requirement Object A declaration of which security mechanisms can be used across the API. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. Individual operations can override this definition.
    tags Tag Object A list of tags used by the specification with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the Operation Object must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique.
    externalDocs External Documentation Object Additional external documentation.


To add an OpenAPI file to an OpenAPI validation policy

For details about creating an OpenAPI validation policy, see Creating OpenAPI validation policies

  1. Go Web Protection > OpenAPI Validation > OpenAPI Validation Policy.
  2. Select the existing OpenAPI validation policy to which you want to add the OpenAPI file.
  3. Click Edit.
  4. Click .
  5. From the OpenAPI File drop-down list, select the OpenAPI file you want to include in the OpenAPI policy.

  6. You can click or right click the file to delete the file from the policy.

  7. Click OK.
  8. Repeat Steps 4-6 for as many OpenAPI files as you want to add to the OpenAPI validation policy.

Creating OpenAPI files

Creating OpenAPI files

This section provides instructions to:

  • Create an OpenAPI file
  • Add an OpenAPI file to an OpenAPI validation policy

To create an OpenAPI file

  1. Go to Web Protection > OpenAPI Validation > OpenAPI File.
  2. To upload cross-referenced files, you can enable Upload zip, and click Choose File to upload a zip file.
  3. Or just click Choose File to upload a valid OpenAPI file.
  4. Only yaml format of OpenAPI file is supported.
  5. Click OK.
  6. Click to upload more files.

    The figure below shows a list of OpenAPI files.



    Select one file, you can click to remove the file or to view details of this file. Moreover, you can also right click one file to delete it or view its details.

    The following figure shows details of an OpenAPI file.



    On the left, you can find the source OpenAPI file, and on the right, the parsing results including the objects described in the file are shown.

    The table below includes the objects of the OpenAPI document.

    Field Name Type Description
    openapi string REQUIRED. This string MUST be the semantic version number of the OpenAPI Specification version that the OpenAPI document uses. The openapi field SHOULD be used by tooling specifications and clients to interpret the OpenAPI document. This is not related to the API info.version string.
    info Info Object REQUIRED. Provides metadata about the API. The metadata MAY be used by tooling as required.
    servers Server Object An array of Server Objects, which provide connectivity information to a target server. If the servers property is not provided, or is an empty array, the default value would be a Server Object with a url value of /.
    paths Paths Object REQUIRED. The available paths and operations for the API.
    components Components Object An element to hold various schemas for the specification.
    security Security Requirement Object A declaration of which security mechanisms can be used across the API. The list of values includes alternative security requirement objects that can be used. Only one of the security requirement objects need to be satisfied to authorize a request. Individual operations can override this definition.
    tags Tag Object A list of tags used by the specification with additional metadata. The order of the tags can be used to reflect on their order by the parsing tools. Not all tags that are used by the Operation Object must be declared. The tags that are not declared MAY be organized randomly or based on the tools' logic. Each tag name in the list MUST be unique.
    externalDocs External Documentation Object Additional external documentation.


To add an OpenAPI file to an OpenAPI validation policy

For details about creating an OpenAPI validation policy, see Creating OpenAPI validation policies

  1. Go Web Protection > OpenAPI Validation > OpenAPI Validation Policy.
  2. Select the existing OpenAPI validation policy to which you want to add the OpenAPI file.
  3. Click Edit.
  4. Click .
  5. From the OpenAPI File drop-down list, select the OpenAPI file you want to include in the OpenAPI policy.

  6. You can click or right click the file to delete the file from the policy.

  7. Click OK.
  8. Repeat Steps 4-6 for as many OpenAPI files as you want to add to the OpenAPI validation policy.