New Vault OSS Now Includes Multi-factor Authentication! Learn more
  • Overview
    • Automated PKI Infrastructure
    • Data Encryption & Tokenization
    • Database Credential Rotation
    • Dynamic Secrets
    • Identity-based Access
    • Key Management
    • Kubernetes Secrets
    • Secrets Management
  • Enterprise
  • Tutorials
  • Docs
  • API
  • Community
GitHubTry Cloud
Download
    • v1.10.x (latest)
    • v1.9.x
    • v1.8.x
    • v1.7.x
    • v1.6.x
    • v1.5.x
    • v1.4.x
  • Overview
  • Client Libraries
  • Related Tools

    • Overview
    • Active Directory
    • AliCloud
    • AWS
    • Azure
    • Cassandra
    • Consul
    • Cubbyhole
      • Overview
      • Cassandra
      • Couchbase
      • Elasticsearch
      • Influxdb
      • HanaDB
      • MongoDB
      • MongoDB Atlas
      • MSSQL
      • MySQL/MariaDB
      • Oracle
      • PostgreSQL
      • Redshift
      • Snowflake
    • Google Cloud
    • Google Cloud KMS
      • Overview
      • Azure Key Vault
      • AWS KMS
      • GCP Cloud KMS
    • KMIP ENTERPRISE
      • Overview
      • K/V Version 1
      • K/V Version 2
      • Overview
      • Entity
      • Entity Alias
      • Group
      • Group Alias
      • Identity Tokens
      • Lookup
      • OIDC Provider
        • Overview
        • Duo
        • Okta
        • PingID
        • TOTP
        • Login Enforcement
    • MongoDB Atlas
    • Nomad
    • OpenLDAP
    • PKI
    • RabbitMQ
    • SSH
    • Terraform Cloud
    • TOTP
    • Transform ENTERPRISE
    • Transit
    • Overview
    • AliCloud
    • AppRole
    • AWS
    • Azure
    • Cloud Foundry
    • GitHub
    • Google Cloud
    • JWT/OIDC
    • Kerberos
    • Kubernetes
    • LDAP
    • OCI
    • Okta
    • RADIUS
    • TLS Certificates
    • Tokens
    • Username & Password
    • App ID DEPRECATED
    • Overview
    • /sys/audit
    • /sys/audit-hash
    • /sys/auth
    • /sys/capabilities
    • /sys/capabilities-accessor
    • /sys/capabilities-self
    • /sys/config/auditing
    • /sys/config/control-group
    • /sys/config/cors
    • /sys/config/reload
    • /sys/config/state
    • /sys/config/ui
    • /sys/control-group
    • /sys/generate-recovery-token
    • /sys/generate-root
    • /sys/health
    • /sys/host-info
    • /sys/in-flight-req
    • /sys/init
    • /sys/internal/counters
    • /sys/internal/specs/openapi
    • /sys/internal/ui/feature-flags
    • /sys/internal/ui/mounts
    • /sys/internal/ui/namespaces
    • /sys/internal/ui/resultant-acl
    • /sys/key-status
    • /sys/ha-status
    • /sys/leader
    • /sys/leases
    • /sys/license
    • /sys/managed-keys ENT
    • /sys/metrics
      • Overview
      • /sys/mfa/method/duo
      • /sys/mfa/method/okta
      • /sys/mfa/method/pingid
      • /sys/mfa/method/totp
      • /sys/mfa/validate
    • /sys/monitor
    • /sys/mounts
    • /sys/namespaces
    • /sys/plugins/reload/backend
    • /sys/plugins/catalog
    • /sys/policy
    • /sys/policies
    • /sys/policies/password
    • /sys/pprof
    • /sys/quotas/config
    • /sys/quotas/rate-limit
    • /sys/quotas/lease-count
    • /sys/raw
    • /sys/rekey
    • /sys/rekey-recovery-key
    • /sys/remount
      • Overview
      • /sys/replication/performance
      • /sys/replication/dr
    • /sys/rotate
    • /sys/rotate/config
    • /sys/seal
    • /sys/seal-status
    • /sys/sealwrap/rewrap
    • /sys/step-down
      • Overview
      • /sys/storage/raft
      • /sys/storage/raft/autopilot
      • /sys/storage/raft/snapshot-auto
    • /sys/tools
    • /sys/unseal
    • /sys/version-history
    • /sys/wrapping/lookup
    • /sys/wrapping/rewrap
    • /sys/wrapping/unwrap
    • /sys/wrapping/wrap
Type '/' to Search

»/sys/internal/specs/openapi

The /sys/internal/specs/openapi endpoint is used to generate an OpenAPI document of the mounted backends. The response conforms to the OpenAPI V3 specification, with path names matching the mount names used by the Vault server (i.e. customizations with -path will be reflected). The set of included paths is based on the permissions of the request token.

The response may include Vault-specific extensions. Three are currently defined:

  • x-vault-sudo - Endpoint requires sudo privileges.
  • x-vault-unauthenticated - Endpoint is unauthenticated.
  • x-vault-create-supported - Endpoint allows creation of new items, in addition to updating existing items.

Basic documentation will be generated for all paths, but a newer path definition structure now allows for more detailed documentation to be added. At this time the /sys endpoints have been updated to use the new structure, and other endpoints will be modified incrementally.

»Get OpenAPI Document

This endpoint returns a single OpenAPI document describing all paths visible to the requester.

MethodPath
GET/sys/internal/specs/openapi

»Sample Request

$ curl http://127.0.0.1:8200/v1/sys/internal/specs/openapi
$ curl http://127.0.0.1:8200/v1/sys/internal/specs/openapi

»Sample Response

{
  "openapi": "3.0.2",
  "info": {
    "title": "HashiCorp Vault API",
    "description": "HTTP API that gives you full access to Vault. All API routes are prefixed with `/v1/`.",
    "version": "1.0.0",
    "license": {
      "name": "Mozilla Public License 2.0",
      "url": "https://www.mozilla.org/en-US/MPL/2.0"
    }
  },
  "paths": {
    "/auth/token/create": {
      "description": "The token create path is used to create new tokens.",
      "post": {
        "summary": "The token create path is used to create new tokens.",
        "tags": [
          "auth"
        ],
        "responses": {
          "200": {
            "description": "OK"
          }
        }
      }
    },
    ...
{
  "openapi": "3.0.2",
  "info": {
    "title": "HashiCorp Vault API",
    "description": "HTTP API that gives you full access to Vault. All API routes are prefixed with `/v1/`.",
    "version": "1.0.0",
    "license": {
      "name": "Mozilla Public License 2.0",
      "url": "https://www.mozilla.org/en-US/MPL/2.0"
    }
  },
  "paths": {
    "/auth/token/create": {
      "description": "The token create path is used to create new tokens.",
      "post": {
        "summary": "The token create path is used to create new tokens.",
        "tags": [
          "auth"
        ],
        "responses": {
          "200": {
            "description": "OK"
          }
        }
      }
    },
    ...
github logoEdit this page
DocsAPILearnCommunityPrivacySecurityPress KitConsent Manager