@hono/zod-openapi
Advanced tools
Zod OpenAPI Hono is an extended Hono class that supports OpenAPI. With it, you can validate values and types using Zod and generate OpenAPI Swagger documentation. This is based on Zod to OpenAPI (thanks a lot!). For details on creating schemas and defining routes, please refer to the "Zod to OpenAPI" resource.
Note: This is not standalone middleware but is hosted on the monorepo "github.com/honojs/middleware".
You can install it via npm. It should be installed alongside hono and zod.
npm i hono zod @hono/zod-openapi
First, define your schemas with Zod. The z object should be imported from @hono/zod-openapi:
import { z } from '@hono/zod-openapi'
const ParamsSchema = z.object({
id: z
.string()
.min(3)
.openapi({
param: {
name: 'id',
in: 'path',
},
example: '1212121',
}),
})
const UserSchema = z
.object({
id: z.string().openapi({
example: '123',
}),
name: z.string().openapi({
example: 'John Doe',
}),
age: z.number().openapi({
example: 42,
}),
})
.openapi('User')
Next, create a route:
import { createRoute } from '@hono/zod-openapi'
const route = createRoute({
method: 'get',
path: '/users/{id}',
request: {
params: ParamsSchema,
},
responses: {
200: {
content: {
'application/json': {
schema: UserSchema,
},
},
description: 'Retrieve the user',
},
},
})
Finally, set up the app:
import { OpenAPIHono } from '@hono/zod-openapi'
const app = new OpenAPIHono()
app.openapi(route, (c) => {
const { id } = c.req.valid('param')
return c.jsonT({
id,
age: 20,
name: 'Ultra-man',
})
})
// The OpenAPI documentation will be available at /doc
app.doc('/doc', {
openapi: '3.0.0',
info: {
version: '1.0.0',
title: 'My API',
},
})
You can start your app just like you would with Hono. For Cloudflare Workers and Bun, use this entry point:
export default app
Validation errors can be handled as follows:
First, define the error schema:
const ErrorSchema = z.object({
code: z.number().openapi({
example: 400,
}),
message: z.string().openapi({
example: 'Bad Request',
}),
})
Then, add the error response:
const route = createRoute({
method: 'get',
path: '/users/{id}',
request: {
params: ParamsSchema,
},
responses: {
400: {
content: {
'application/json': {
schema: ErrorSchema,
},
},
description: 'Returns an error',
},
},
})
Finally, add the hook:
app.openapi(
route,
(c) => {
const { id } = c.req.valid('param')
return c.jsonT({
id,
age: 20,
name: 'Ultra-man',
})
},
// Hook
(result, c) => {
if (!result.success) {
return c.jsonT(
{
code: 400,
message: 'Validation Error',
},
400
)
}
}
)
In the case that you have a common error formatter, you can initialize the OpenAPIHono instance with a defaultHook.
const app = new OpenAPIHono({
defaultHook: (result, c) => {
if (!result.success) {
return c.jsonT(
{
ok: false,
errors: formatZodErrors(result),
source: 'custom_error_handler',
},
422
)
}
},
})
You can still override the defaultHook by providing the hook at the call site when appropriate.
// uses the defaultHook
app.openapi(createPostRoute, (c) => {
const { title } = c.req.valid('json')
return c.jsonT({ title })
})
// override the defaultHook by passing in a hook
app.openapi(
createBookRoute,
(c) => {
const { title } = c.req.valid('json')
return c.jsonT({ title })
},
(result, c) => {
if (!result.success) {
return c.jsonT(
{
ok: false,
source: 'routeHook' as const,
},
400
)
}
}
)
You can generate OpenAPI v3.1 spec using the following methods:
app.doc31('/docs', {openapi: '3.1.0'}) // new endpoint
app.getOpenAPI31Document(, {openapi: '3.1.0'}) // raw json
You can access the OpenAPIRegistry object via app.openAPIRegistry:
const registry = app.openAPIRegistry
Zod OpenAPI Hono is an extension of Hono, so you can use Hono's middleware in the same way:
import { prettyJSON } from 'hono/pretty-json'
//...
app.use('/doc/*', prettyJSON())
You can configure middleware for each endpoint from a route created by createRoute as follows.
import { prettyJSON } from 'hono/pretty-json'
import { cache } from 'honoc/cache'
app.use(route.getRoutingPath(), prettyJSON(), cache({ cacheName: 'my-cache' }))
app.openapi(route, handler)
Zod OpenAPI Hono supports Hono's RPC mode. You can define types for the Hono Client as follows:
import { hc } from 'hono/client'
const appRoutes = app.openapi(route, (c) => {
const data = c.req.valid('json')
return c.jsonT({
id: data.id,
message: 'Success',
})
})
const client = hc<typeof appRoutes>('http://localhost:8787/')
Be careful when combining OpenAPIHono instances with plain Hono instances. OpenAPIHono will merge the definitions of direct subapps, but plain Hono knows nothing about the OpenAPI spec additions. Similarly OpenAPIHono will not "dig" for instances deep inside a branch of plain Hono instances.
If you're migrating from plain Hono to OpenAPIHono, we recommend porting your top-level app, then working your way down the router tree.
MIT
FAQs
A wrapper class of Hono which supports OpenAPI.
We found that @hono/zod-openapi demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.