You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

api

Package Overview
Dependencies
Maintainers
8
Versions
142
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

api

Generate an SDK from an OpenAPI definition

2.0.1
Source
npmnpm
Version published
Weekly downloads
70K
-2.13%
Maintainers
8
Weekly downloads
 
Created
Source

🚀 api

npm Build

Automatic SDK generation from an OpenAPI definition.

Installation

npm install api --save

Usage

Using api is as simple as supplying it an OpenAPI and using the SDK as you would any other!

const sdk = require('api')('https://raw.githubusercontent.com/readmeio/oas/master/packages/examples/3.0/json/petstore.json');

sdk.listPets().then(res => res.json()).then(res => {
  console.log(`My pets name is ${res[0].name}!`);
});

The OpenAPI definition is automatically downloaded, cached, and transformed into a chainable fetch Promise that you can use to make API requests.

Authentication

api supports API authentication through an .auth() method that you can chain to your requests, as such:

sdk.auth('myApiToken').listPets().then(...);

With the exception of OpenID, it supports all forms of authentication supported by the OpenAPI specification! Just give .auth() your credentials and it'll figure out how to use it according to the API you're using.

For example:

  • HTTP Basic auth: sdk.auth('username', 'password')
  • Bearer tokens (HTTP or OAuth 2): sdk.auth('myBearerToken')
  • API Keys: sdk.auth('myApiKey')

Parameters and Payloads

When supplying parameters and/or request body payloads to an API request, you don't need to explicitly define what goes where since the API definition contains all that information. All you need to do is supply either one or two objects:

  • body: This will contain all data required for a request body payload for a POST, PUT, etc. request. It can either be an array or an object — whichever you need to use the API operation you're using.
  • metadata: This is an object where all parameters (path, query, header, cookie) go. Again, don't worry about telling the SDK that a path parameter is for the path, that's all handled for you.

For example, if you wanted to make a simple GET request:

sdk.showPetById({ petId: 1234 }).then(...)

Since petId matches up with the petId path parameter, the SDK here will issue a GET request against /pets/1234.

What about a POST request?

sdk.createPets({ name: 'Buster' }).then(...)

Since name here would correspond on createPets to request body payload, this will issue a POST request against /pets to make a new pet named "Buster".

What about operations that require both? Well you can mix them too!

sdk.updatePet({ name: 'Buster 2' }, { petId: 1234 }).then(...)

Since we've supplied two objects here, the SDK automatically knows that you're supplying both a body and metadata, and can make a PUT request against /pets/1234 for you.

HTTP requests

If the API you're using doesn't have any documented operation IDs, you can make requests with HTTP verbs instead:

sdk.get('/pets/{petId}', { petId: 1234 }).then(...)

The SDK supports GET, PUT, POST, DELETE, OPTIONS, HEAD, and TRACE requests.

How does it work?

Behind the scenes, api will:

  • Download the supplied OpenAPI definition, either from a publically accessible URLs or an absolute/relative path.
  • Dereference the definition so it's easier for us to handle.
  • Hash the definition and cache it into a directory in node_modules/.cache/api/.
  • Process the definition and instantiate chainable methods for HTTP verbs and operation IDs the API contains via a JS Proxy.

On subsequent requests, api will look in its cache, and if the supplied definition exists there, it'll retrieve it from the cache instead of re-retrieving it again.

Interested in contributing?

Welcome! Have a look at CONTRIBUTING.md.

FAQ

Does this support YAML definitions?

Yes! YAML definitions will be automatically converted to JSON before they're cached and loaded as an SDK.

Does this support Swagger 2.0 definitions?

At the moment it does not. If you wish to use an API that has a Swagger 2.0 file, you'll need to first convert it to an OpenAPI 3 definition.

Does this support traditional OAuth 2 flows of creating tokens?

Not yet, unfortunately. For APIs that use OAuth 2, you'll need a fully-qualified token already for api to make requests.

Does this support APIs that use multiple forms of authentication on a single request?

Not yet! This is something we're thinking about how to handle, but it's difficult with the simple nature of the .auth() method as it currently does not require the user to inform the SDK of what kind of authentication scheme the token they're supplying it should match up against.

Will this work in browsers?

Not sure! If you'd like to help us out in making this compatible with browsers we'd love to help you out on a pull request.

Will this validate my data before it reaches the API?

Not yet! This is something we've got planned down the road.

Does this support OpenAPI definitions that require authentication to download?

Not yet! The URL that you give the module must be publicy accessible. If it isn't, you can download it to your computer/server and then use the absolute path to that file instead.

const sdk = require('api')('/path/to/downloaded.json');

FAQs

Package last updated on 26 May 2020

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Crates.io Implements Trusted Publishing Support

Security News

Crates.io Implements Trusted Publishing Support

Crates.io adds Trusted Publishing support, enabling secure GitHub Actions-based crate releases without long-lived API tokens.

By Sarah Gooding  -  Jul 16, 2025