Skip to main content
These pages document exactly which OpenAPI fields MCP Blacksmith processes during generation — field by field, with support status and behavior notes. Use them to check whether a specific feature in your spec will be reflected in the generated server. This page covers OpenAPI 3.0 (all patch versions 3.0.0–3.0.4). The OAS 3.1 and OAS 3.2 pages document only what changed relative to this baseline.
Swagger 2.0 specs are automatically converted to OAS 3.0 before generation.

Data Types

OAS 3.0 defines primitive data types based on JSON Schema with format modifiers.
Type / FormatSupportBehavior
integer / int32Maps to int with runtime overflow validation
integer / int64Maps to int with runtime overflow validation
number / floatMaps to float
number / doubleMaps to float
stringMaps to str
string / byteMaps to str with Base64 encoding validation
string / binaryMaps to bytes with binary validation
booleanMaps to bool
string / dateMaps to str with RFC 3339 full-date validation
string / date-timeMaps to str with RFC 3339 date-time validation
string / passwordMaps to str; no special validation (UI hint only per specification)

Extended Formats

MCP Blacksmith supports all 49 formats defined in the OAS Format Registry with runtime validators, plus additional formats commonly found in real-world API specifications. See the OAS 3.2 Format Registry section for the full registry breakdown.The following formats extend beyond what is defined in the OAS 3.0 base Data Types table above:
FormatSupportBehavior
int8Signed 8-bit range validation (-128 to 127)
int16Signed 16-bit range validation (-32,768 to 32,767)
uint8Unsigned 8-bit range validation (0 to 255)
uint16Unsigned 16-bit range validation (0 to 65,535)
uint32Unsigned 32-bit range validation (protobuf/gRPC convention)
uint64Unsigned 64-bit range validation (protobuf/gRPC convention)
double-intInteger storable in IEEE 754 double without precision loss (±2^53-1)
decimalArbitrary-precision decimal validation
decimal128IEEE 754 decimal128 validation (≤34 significant digits)
timeRFC 3339 time validation
durationISO 8601 duration validation
date-time-localRFC 3339 date-time without timezone
time-localRFC 3339 time without timezone
http-dateRFC 7231 HTTP-date (IMF-fixdate, RFC 850, asctime)
unixtimeUnix timestamp range validation
emailRFC 5322 email validation
idn-emailRFC 6531 internationalized email validation
hostnameRFC 1123 hostname validation
idn-hostnameRFC 5890 internationalized hostname validation
ipv4Dotted-decimal IPv4 validation
ipv6IPv6 address validation
uriRFC 3986 URI validation
uri-referenceRFC 3986 URI-reference validation
uri-templateRFC 6570 URI template validation
iriRFC 3987 IRI validation
iri-referenceRFC 3987 IRI-reference validation
uuidUUID format validation
json-pointerRFC 6901 JSON Pointer validation
relative-json-pointerRelative JSON Pointer validation
regexRegular expression validation
commonmarkCommonMark-formatted text (string type check)
htmlHTML-formatted text (string type check)
charSingle character validation
media-rangeRFC 9110 media-range validation (e.g., text/html, */*)
base64urlURL-safe Base64 validation (alias for byte)
sf-integerRFC 8941 Structured Fields integer (±15 digits)
sf-decimalRFC 8941 Structured Fields decimal (12+3 digits)
sf-stringRFC 8941 Structured Fields string (printable ASCII)
sf-tokenRFC 8941 Structured Fields token
sf-booleanRFC 8941 Structured Fields boolean (?0 / ?1)
sf-binaryRFC 8941 Structured Fields binary (:base64:)

Custom Formats (not in OAS registry)

These additional formats are not part of the OAS Format Registry but are commonly found in real-world API specifications:
FormatSupportBehavior
unix-timeUnix timestamp range validation (alias: unixtime is the registry name)
date-time-rfc-2822RFC 2822 date-time validation
date-time-rfc1123RFC 1123 date-time validation
phone-numberE.164 phone number validation
timestampAlias for unix-time
urlAlias for uri
Unknown format strings are kept as metadata on the generated field (visible to AI agents) but have no runtime validation.

OpenAPI Object (Root)

FieldSupportBehavior
openapiSelects version-specific validation and processing rules (3.0, 3.1, and 3.2 each have dedicated handling)
infoTitle becomes the server name; description and version appear in the server docstring and .env
serversThree-level cascade: root → BASE_URL, path-item/operation → per-tool URL overrides in .env
pathsEach operation becomes an MCP tool with typed parameters, authentication, and response models
componentsSchemas become Pydantic models; parameters, request bodies, and responses are resolved via $ref into tool definitions
securityGenerates authentication classes applied to all tools unless overridden per-operation

Info Object

FieldSupportBehavior
titleUsed as fallback server name when no override provided
descriptionUsed as generated server description
termsOfServiceRendered in generated server docstring and README
contactContact name, email, URL rendered in server docstring and README
licenseLicense name and URL rendered in server docstring and README
versionAppears in the generated server docstring

Server Object

All three server levels are supported (operation > pathItem > root). The first entry at each level is used; you can override any resolved URL via SERVER_URL_* environment variables.
FieldSupportBehavior
urlResolved with variable default substitution; trailing slashes stripped. At root level, becomes BASE_URL. At path-item/operation level, stored as per-tool override when it differs from root
variablesDefaults substituted into URL at all three levels. Root-level variables become SERVER_* entries in .env — editable by the user to switch environments without code changes

Server Variable Object

FieldSupportBehavior
enumDocumented as allowed values in .env comments (root-level variables)
defaultSubstituted into server URL; used as env var default value (root-level variables)
descriptionRendered as .env comment (root-level variables)
Only servers[0] is used at each level. Multiple server entries (e.g., production vs sandbox) are accepted but alternates beyond the first are not exposed. Users can override any resolved URL via the corresponding SERVER_URL_* or BASE_URL environment variable.

Paths Object

FeatureSupportBehavior
/{path} entriesAll path entries processed for MCP tool generation
Path templatingTemplate variables (e.g., /users/{id}) become path parameters on generated tools

Path Item Object

FieldSupportBehavior
$refShared path items resolved — multiple paths can reference the same definition
getGenerates an MCP tool
putGenerates an MCP tool
postGenerates an MCP tool
deleteGenerates an MCP tool
optionsGenerates an MCP tool
headGenerates an MCP tool
patchGenerates an MCP tool
traceGenerates an MCP tool
serversPer-path server override applied to all operations under this path item
parametersInherited by all operations; overridden by operation-level parameters with same name+location

Operation Object

FieldSupportBehavior
summaryPreferred as the tool description shown to AI agents
descriptionUsed as the tool description when summary is absent
operationIdPrimary tool name identifier; auto-synthesized from method + path when missing
parametersEach parameter becomes a typed argument on the generated tool function
requestBodyBody schema properties are flattened into tool function arguments
responsesSuccess response schema generates a Pydantic model used as the tool’s return type
tagsRendered as comments in generated server code and used for operation grouping
deprecatedDeprecated operations optionally filtered out during generation
securityPer-operation authentication requirements override global security
serversPer-operation server override; takes priority over path-item and root servers
callbacksNot supported. Planned for a future release

Parameter Object

Core Fields

FieldSupportBehavior
nameUsed as parameter identifier; collision-safe renaming applied when names conflict across locations
inAll four locations supported: path, query, header, cookie
descriptionBecomes Field(description=...) on the generated parameter, visible to AI agents
requiredControls whether parameter has a default value; always true for path params
deprecatedDeprecated parameters optionally filtered out during generation
allowEmptyValueNot processed (flagged NOT RECOMMENDED since OAS 3.0.2)

Serialization Fields

FieldSupportBehavior
styleRead for query and path parameters; non-default styles generate serialization transforms
explodeRead for query and path parameters; non-default values generate serialization transforms
schemaDetermines the Python type annotation for the generated tool parameter
exampleEmitted in generated Field(examples=[...])
examplesNamed Example Objects read and emitted in Field(examples=[...]). When both example and examples present, examples takes priority
contentSupported for all locations. Content-encoded values are JSON-serialized for application/json and *+json media types. Non-JSON encodings pass through as-is
allowReservedNot supported — httpx always percent-encodes query parameters; most servers decode transparently

Serialization Style Values

StyleSupportBehavior
matrixPath params: ;name=value serialization for primitives, arrays, and objects with explode control
labelPath params: .value serialization for primitives, arrays, and objects with explode control
formDefault for query/cookie; explode: false generates comma-joined serialization
simpleDefault for path/header; primitives pass through, arrays/objects comma-joined
spaceDelimitedQuery params: space-joined serialization for arrays
pipeDelimitedQuery params: pipe-joined serialization for arrays
deepObjectQuery params: key[subkey]=value serialization for objects

Request Body Object

FieldSupportBehavior
descriptionUsed as docstring on generated body model classes
contentContent type selected by priority: application/jsonapplication/xmlmultipart/form-data*/* → first available. Each tool uses the correct HTTP encoding for its content type
requiredWhen false, all body parameters become optional. When true, optionality follows the schema’s required array

Media Type Object

FieldSupportBehavior
schemaGenerates the Pydantic model for this request or response body
exampleFor flat body schemas, emitted in Field(examples=[...]). For multi-property schemas, property-level examples are used instead
examplesSame as example. Named Example Objects normalized to list format. externalValue not fetched
encodingNot processed. Per-property serialization for form and multipart bodies
Media type range matching (e.g., application/* per RFC 7231) is not implemented. Content type keys are matched literally.

Encoding Object

FieldSupportBehavior
contentTypePer-field media type override for multipart parts
headersAdditional headers per multipart part
styleSerialization style for form-encoded fields
explodeExplode flag for form-encoded fields
allowReservedReserved character encoding control
The Encoding Object is not supported. Generated servers send form and multipart bodies using standard encoding — per-property overrides (contentType, headers, style) are rarely needed in practice.

Responses

FeatureSupportBehavior
Status codesEach status code’s schema generates a Pydantic response model
defaultSupported but not semantically distinguished as fallback
1XX, 2XX, etc.Range codes accepted but no semantic range interpretation

Response Object

FieldSupportBehavior
descriptionBecomes the docstring on the generated Pydantic response model
contentSchema from the matched media type generates the response model fields
headersNot applicable — MCP tools return structured data, not raw HTTP responses
linksNot applicable — operation chaining is handled by the AI agent at runtime

Schema Object

JSON Schema Keywords

FieldSupportBehavior
titleUsed as context during model class naming. Final class names are derived from the schema’s location path
multipleOfGenerates Field(multiple_of=...)
maximumGenerates Field(le=...)
exclusiveMaximumWhen true, combined with maximum to produce Field(lt=...)
minimumGenerates Field(ge=...)
exclusiveMinimumWhen true, combined with minimum to produce Field(gt=...)
maxLengthGenerates Field(max_length=...)
minLengthGenerates Field(min_length=...)
patternGenerates Field(pattern=...); incompatible regex patterns are not processed
maxItemsGenerates Field(max_length=...) on list fields
minItemsGenerates Field(min_length=...) on list fields
uniqueItemsRuntime uniqueness validation; handles unhashable items via equality comparison
maxPropertiesGenerates Field(max_length=...) on dict fields
minPropertiesGenerates Field(min_length=...) on dict fields
requiredControls field optionality in generated models
enumGenerates Literal["a", "b", ...] type annotation
typeMaps to the corresponding Python type. When omitted, inferred from properties or composition keywords
allOfAll variant properties merged into a single Pydantic model
anyOfGenerates Union[A, B, ...] type annotation
itemsGenerates list[ItemType] annotation
propertiesEach property becomes a typed field on the generated Pydantic model
additionalPropertiesBoolean or schema. true → permissive model, false → strict model, schema → dict[str, ValueType]
descriptionGenerates Field(description=...)
formatAll 49 OAS Format Registry formats plus custom extensions generate runtime validators; unknown formats kept as metadata for AI visibility
defaultGenerates Field(default=...) with type-aware coercion
oneOfGenerates Union[A, B, ...]. Exclusivity not enforced without explicit discriminator
notOnly not: {required: [...]} mutual exclusivity pattern handled

OAS Extension Keywords

FieldSupportBehavior
nullableProduces T | None type annotation. Parameters accept None values but explicit null cannot be sent to the upstream API
discriminatorGenerates Field(discriminator="field") when viable; validates all variants
readOnlyRead-only parameters optionally filtered out during generation
writeOnlyWrite-only parameters kept (request-only fields)
exampleConverted to Field(examples=[...]) format
deprecatedDeprecated parameters and operations optionally filtered out during generation
Nullable type annotations (T | None) are generated correctly, but explicit null values cannot be sent to the upstream API. The MCP protocol implementation does not distinguish between an omitted parameter and one explicitly set to null — both arrive as None in the tool function. This is an MCP ecosystem limitation, not a generation issue.

Discriminator Object

FieldSupportBehavior
propertyNameValidated against all variants; generates Field(discriminator=...)
mappingNot processed. Union variants are built from the oneOf/anyOf array directly

Components Object

FieldSupportBehavior
schemasEach schema becomes a Pydantic model class, used as request/response types across tools
responsesShared response definitions resolved into Pydantic models wherever referenced
parametersShared parameter definitions resolved into typed tool arguments wherever referenced
requestBodiesShared body definitions resolved into tool arguments wherever referenced
securitySchemesEach referenced scheme generates a dedicated authentication class with .env configuration
headersNot applicable — request headers are handled via in: header parameters instead
linksNot applicable — operation chaining is handled by the AI agent
callbacksNot supported. Planned for a future release

Reference Object

FeatureSupportBehavior
Local $refFull JSON Pointer resolution (#/...) within the specification
External $refExternal file/URL references not resolved. Planned for multi-file bundle support
In OAS 3.0, sibling properties alongside $ref should be ignored. MCP Blacksmith implements OAS 3.1 superset behavior — select siblings (description, summary, default, deprecated, readOnly, writeOnly) are honored alongside $ref.

Security Scheme Object

FieldSupportBehavior
typeAll four types: apiKey, http, oauth2, openIdConnect
nameAPI key parameter name used in the generated authentication class
inAll three locations: query, header, cookie
schemebasic → BasicAuth; bearer → BearerTokenAuth; other schemes → generic bearer fallback
bearerFormatWhen "JWT", generates a dedicated JWT auth class with algorithm/token configuration
flowsAll four OAuth2 flows supported
openIdConnectUrlUsed in generated OpenID Connect authentication configuration

OAuth Flows Object

FieldSupportBehavior
implicitSupported (lowest priority among flows)
passwordSupported (third priority)
clientCredentialsSupported (second priority)
authorizationCodeSupported (highest priority; preferred when available)
OAS 3.2 adds a fifth flow, deviceAuthorization, which slots between clientCredentials and password in the priority order.
When a specification defines multiple OAuth2 flows on the same security scheme, the generator selects one flow based on security priority: authorizationCode > clientCredentials > deviceAuthorization > password > implicit. This ensures the server always uses the most secure available grant type. See Flow Selection for details.

OAuth Flow Object

FieldSupportBehavior
authorizationUrlUsed in the generated OAuth2 auth class for the authorization redirect
tokenUrlUsed in the generated OAuth2 auth class for token exchange
refreshUrlUsed in the generated OAuth2 auth class for automatic token refresh
scopesPer-operation scopes are passed to the auth class during token requests

Security Requirement Object

FeatureSupportBehavior
OR logicEach array entry is an OR alternative, sorted by security: mutualTLS > oauth2 > openIdConnect > http > apiKey
AND logicMultiple schemes within a single entry treated as AND
Empty ([])Recognized as “no auth required”
GlobalDefault security applied to all operations
Per-operationOperation-level security overrides global

Example Object

FieldSupportBehavior
valueInline and $ref both supported; emitted in Field(examples=[...])
externalValueExternal example URLs not fetched

Specification Extensions

FeatureSupportBehavior
x-* extension fieldsIgnored during generation. Their presence does not cause errors

Additional Generator Capabilities

Features that go beyond per-field processing of the OAS 3.0 specification:
FeatureSupportBehavior
Circular $ref handlingSelf-references, mutual references, and deep chains all detected and handled with forward references
Inline schema discoveryUnnamed schemas within request/response bodies automatically become generated classes
Name collision resolutionSame-name parameters across locations and duplicate operationId values across operations get collision-safe renaming
Multiple OAuth2 mergingIdentical-scope schemes merged into a single auth class
Content type negotiationMultiple media types with different schemas generate separate tools. Identical schemas use highest-priority type
Strict/Permissive modelsModels with additionalProperties: false or unevaluatedProperties: false use strict mode (extra='forbid'); all others use permissive (extra='allow')

Found an issue?

Generated server doesn’t match this reference? Let us know — we’ll fix it.