Skip to main content
nestrs-openapi generates an OpenAPI 3.1 specification from the routes registered in RouteRegistry and serves a Swagger UI at a configurable path. Enable it with a single call to NestApplication::enable_openapi() or enable_openapi_with_options(options).

Quick start

After starting the server:
  • GET /openapi.json — the generated OpenAPI 3.1 JSON spec
  • GET /docs — Swagger UI (served via CDN from unpkg.com/swagger-ui-dist)

OpenApiOptions

Configures titles, paths, servers, security, and more.
title
String
The info.title field in the generated spec.
version
String
The info.version field. Defaults to the value of CARGO_PKG_VERSION at compile time.
json_path
String
The path where the OpenAPI JSON spec is served. Defaults to "/openapi.json".
docs_path
String
The path where Swagger UI is served. Defaults to "/docs".
servers
Option<Vec<Value>>
OpenAPI Server Objects. Pass a JSON array.
components
Option<Value>
OpenAPI Components Object for security schemes, schemas, and other reusable definitions.
security
Option<Vec<Value>>
Root-level Security Requirement Objects applied to all operations by default.
infer_route_security_from_roles
bool
When true, routes with #[roles] metadata get an operation-level security entry referencing roles_security_scheme. Requires that scheme to be declared in components.securitySchemes.

enable_openapi vs enable_openapi_with_options

#[openapi] macro

Annotate individual route handlers to override the auto-generated summary, set a tag, and declare response status codes.
summary
&str (optional)
Human-readable summary for the operation. Defaults to a humanized version of the handler function name (e.g., find_one"Find one").
tag
&str (optional)
Groups the operation in Swagger UI. Defaults to the first meaningful path segment after an optional version segment (e.g., /v1/users/1"users").
responses
((status, description), ...) (optional)
Declares response status codes and their descriptions. Defaults to 200 OK only when not specified.

What is generated automatically

For each route registered in RouteRegistry, nestrs-openapi generates:
  • operationId — the full Rust module path + handler name (e.g., my_app::controllers::UsersController::find_one)
  • summary — humanized handler name or the #[openapi(summary = ...)] override
  • tags — inferred from the URL path or the #[openapi(tag = ...)] override
  • responses200 OK by default, or the list from #[openapi(responses = ...)]

Security scheme documentation

Add a bearerAuth scheme to components.securitySchemes and enable infer_route_security_from_roles to show the Swagger lock icon on routes protected with #[roles]:
The /api/private operation will include security: [{ "bearerAuth": [] }] in the generated spec, rendering the lock icon in Swagger UI.

Accessing the generated spec

The spec is served as JSON at the json_path (default: /openapi.json) and is not mounted under set_global_prefix or enable_uri_versioning. You can fetch it directly:

What nestrs-openapi does not do

nestrs-openapi does not generate JSON schemas from Rust types. Unlike @nestjs/swagger with @ApiProperty, there is no runtime type reflection. To add schemas to components.schemas, either hand-author them in OpenApiOptions::components or use a separate schema generation crate such as utoipa or okapi and merge the output.
The NestJS vs nestrs-openapi parity table: