Last updated

response-mime-type

OASCompatibility
2.0
3.0
3.1

API design principles

All of my mime jokes have been edited out of here. I guess they didn't say much.

(get it?)

A good idea for response mime-types here is consistency.

Say, application/json anyone?

Keep it consistent across your entire API if possible.

"Keep em guessing" (but not in your API design).

Configuration

OptionTypeDescription
severitystringREQUIRED. Possible values: off, warn, error.
allowedValues[string]REQUIRED. List of allowed response mime types.

An example configuration:

rules:
  response-mime-type:
    severity: error
    allowedValues:
      - application/json
      - image/png

Examples

Given this configuration:

rules:
  response-mime-type:
    severity: error
    allowedValues:
      - application/json
      - image/png

Example of an incorrect response mime type:

paths:
  /customers/{id}:
    post:
      responses:
        '200':
          description: OK
          content:
            application/xml:
              # ...

Example of a correct response mime type:

paths:
  /customers/{id}:
    post:
      responses:
        '200':
          description: OK
          content:
            application/json:
              # ...

Resources