Skip to content

Data types

The request has been accepted for processing, but processing has not yet completed.

model TypeSpec.Http.AcceptedResponse
NameTypeDescription
statusCode202The status code.

An API key is a token that a client provides when making API calls. The key can be sent in the query string:

GET /something?api_key=abcdef12345

or as a request header

GET /something HTTP/1.1
X-API-Key: abcdef12345

or as a cookie

GET /something HTTP/1.1
Cookie: X-API-KEY=abcdef12345
model TypeSpec.Http.ApiKeyAuth<Location, Name>
NameDescription
LocationThe location of the API key
NameThe name of the API key
NameTypeDescription
typeTypeSpec.Http.AuthType.apiKey
inLocation
nameName

Authorization Code flow

model TypeSpec.Http.AuthorizationCodeFlow
NameTypeDescription
typeTypeSpec.Http.OAuth2FlowType.authorizationCodeauthorization code flow
authorizationUrlstringthe authorization URL
tokenUrlstringthe token URL
refreshUrl?stringthe refresh URL
scopes?string[]list of scopes for the credential

The server could not understand the request due to invalid syntax.

model TypeSpec.Http.BadRequestResponse
NameTypeDescription
statusCode400The status code.

Basic authentication is a simple authentication scheme built into the HTTP protocol. The client sends HTTP requests with the Authorization header that contains the word Basic word followed by a space and a base64-encoded string username:password. For example, to authorize as demo / p@55w0rd the client would send

Authorization: Basic ZGVtbzpwQDU1dzByZA==
model TypeSpec.Http.BasicAuth
NameTypeDescription
typeTypeSpec.Http.AuthType.httpHttp authentication
scheme"Basic"basic auth scheme

Bearer authentication (also called token authentication) is an HTTP authentication scheme that involves security tokens called bearer tokens. The name “Bearer authentication” can be understood as “give access to the bearer of this token.” The bearer token is a cryptic string, usually generated by the server in response to a login request. The client must send this token in the Authorization header when making requests to protected resources:

Authorization: Bearer <token>
model TypeSpec.Http.BearerAuth
NameTypeDescription
typeTypeSpec.Http.AuthType.httpHttp authentication
scheme"Bearer"bearer auth scheme

Defines a model with a single property of the given type, marked with @body.

This can be useful in situations where you cannot use a bare type as the body and it is awkward to add a property.

model TypeSpec.Http.Body<Type>
NameDescription
TypeThe type of the model’s body property.
NameTypeDescription
bodyType

Client credentials flow

model TypeSpec.Http.ClientCredentialsFlow
NameTypeDescription
typeTypeSpec.Http.OAuth2FlowType.clientCredentialsclient credential flow
tokenUrlstringthe token URL
refreshUrl?stringthe refresh URL
scopes?string[]list of scopes for the credential

The request conflicts with the current state of the server.

model TypeSpec.Http.ConflictResponse
NameTypeDescription
statusCode409The status code.

Cookie Options.

model TypeSpec.Http.CookieOptions
NameTypeDescription
name?stringName in the cookie.

The request has succeeded and a new resource has been created as a result.

model TypeSpec.Http.CreatedResponse
NameTypeDescription
statusCode201The status code.

A file in an HTTP request, response, or multipart payload.

Files have a special meaning that the HTTP library understands. When the body of an HTTP request, response, or multipart payload is effectively an instance of TypeSpec.Http.File or any type that extends it, the operation is treated as a file upload or download.

When using file bodies, the fields of the file model are defined to come from particular locations by default:

  • contentType: The Content-Type header of the request, response, or multipart payload (CANNOT be overridden or changed).
  • contents: The body of the request, response, or multipart payload (CANNOT be overridden or changed).
  • filename: The filename parameter value of the Content-Disposition header of the response or multipart payload (MAY be overridden or changed).

A File may be used as a normal structured JSON object in a request or response, if the request specifies an explicit Content-Type header. In this case, the entire File model is serialized as if it were any other model. In a JSON payload, it will have a structure like:

{
"contentType": <string?>,
"filename": <string?>,
"contents": <string, base64>
}

The contentType within the file defines what media types the data inside the file can be, but if the specification defines a Content-Type for the payload as HTTP metadata, that Content-Type metadata defines how the file is serialized. See the examples below for more information.

NOTE: The filename and contentType fields are optional. Furthermore, the default location of filename (Content-Disposition: <disposition>; filename=<filename>) is only valid in HTTP responses and multipart payloads. If you wish to send the filename in a request, you must use HTTP metadata decorators to describe the location of the filename field. You can combine the metadata decorators with @visibility to control when the filename location is overridden, as shown in the examples below.

model TypeSpec.Http.File<ContentType, Contents>
NameDescription
ContentTypeThe allowed media (MIME) types of the file contents.
ContentsThe type of the file contents. This can be string, bytes, or any scalar that extends them.
// Download a file
@get op download(): File;
// Upload a file
@post op upload(@bodyRoot file: File): void;
// Upload and download files in a multipart payload
op multipartFormDataUpload(
@multipartBody fields: {
files: HttpPart<File>[];
},
): void;
op multipartFormDataDownload(): {
@multipartBody formFields: {
files: HttpPart<File>[];
};
};
// Declare a custom type of text file, where the filename goes in the path
// in requests.
model SpecFile extends File<"application/json" | "application/yaml", string> {
// Provide a header that contains the name of the file when created or updated
@header("x-filename")
@path
filename: string;
}
@get op downloadSpec(@path name: string): SpecFile;
@post op uploadSpec(@bodyRoot spec: SpecFile): void;
// Declare a custom type of binary file
model ImageFile extends File {
contentType: "image/png" | "image/jpeg";
@path filename: string;
}
@get op downloadImage(@path name: string): ImageFile;
@post op uploadImage(@bodyRoot image: ImageFile): void;
// Use a File as a structured JSON object. The HTTP library will warn you that the File will be serialized as JSON,
// so you should suppress the warning if it's really what you want instead of a binary file upload/download.
// The response body is a JSON object like `{"contentType":<string?>,"filename":<string?>,"contents":<string>}`
@get op downloadTextFileJson(): {
@header contentType: "application/json",
@body file: File<"text/plain", string>,
};
// The request body is a JSON object like `{"contentType":<string?>,"filename":<string?>,"contents":<base64>}`
@post op uploadBinaryFileJson(
@header contentType: "application/json",
@body file: File<"image/png", bytes>,
): void;
#### Properties
| Name | Type | Description |
|------|------|-------------|
| contentType? | `ContentType` | The allowed media (MIME) types of the file contents.<br /><br />In file bodies, this value comes from the `Content-Type` header of the request or response. In JSON bodies,<br />this value is serialized as a field in the response.<br /><br />NOTE: this is not _necessarily_ the same as the `Content-Type` header of the request or response, but<br />it will be for file bodies. It may be different if the file is serialized as a JSON object. It always refers to the<br />_contents_ of the file, and not necessarily the way the file itself is transmitted or serialized. |
| filename? | `string` | The name of the file, if any.<br /><br />In file bodies, this value comes from the `filename` parameter of the `Content-Disposition` header of the response<br />or multipart payload. In JSON bodies, this value is serialized as a field in the response.<br /><br />NOTE: By default, `filename` cannot be sent in request payloads and can only be sent in responses and multipart<br />payloads, as the `Content-Disposition` header is not valid in requests. If you want to send the `filename` in a request,<br />you must extend the `File` model and override the `filename` property with a different location defined by HTTP metadata<br />decorators. |
| contents | `Contents` | The contents of the file.<br /><br />In file bodies, this value comes from the body of the request, response, or multipart payload. In JSON bodies,<br />this value is serialized as a field in the response. |
### `ForbiddenResponse` {#TypeSpec.Http.ForbiddenResponse}
Access is forbidden.
```typespec
model TypeSpec.Http.ForbiddenResponse
NameTypeDescription
statusCode403The status code.

Header options.

model TypeSpec.Http.HeaderOptions
NameTypeDescription
name?stringName of the header when sent over HTTP.
explode?booleanEquivalent of adding * in the path parameter as per RFC-6570

| Style | Explode | Primitive value = 5 | Array = [3, 4, 5] | Object = {“role”: “admin”, “firstName”: “Alex”} |
| ------ | ------- | ------------------- | ----------------- | ----------------------------------------------- |
| simple | false | 5 | 3,4,5 | role,admin,firstName,Alex |
| simple | true | 5 | 3,4,5 | role=admin,firstName=Alex |
model TypeSpec.Http.HttpPart<Type, Options>
NameDescription
Type
Options

None

model TypeSpec.Http.HttpPartOptions
NameTypeDescription
name?stringName of the part when using the array form.

Implicit flow

model TypeSpec.Http.ImplicitFlow
NameTypeDescription
typeTypeSpec.Http.OAuth2FlowType.implicitimplicit flow
authorizationUrlstringthe authorization URL
refreshUrl?stringthe refresh URL
scopes?string[]list of scopes for the credential
model TypeSpec.Http.Link
NameTypeDescription
targeturl
relstring
attributes?Record<unknown>

The Location header contains the URL where the status of the long running operation can be checked.

model TypeSpec.Http.LocationHeader
NameTypeDescription
locationstringThe Location header contains the URL where the status of the long running operation can be checked.

Create a MergePatch Request body for creating or updating the given resource Model. The MergePatch request created by this template provides a TypeSpec description of a JSON MergePatch request that can successfully create or update the given resource. The transformation follows the definition of JSON MergePatch requests in rfc 7396: https://www.rfc-editor.org/rfc/rfc7396, applying the merge-patch transform recursively to keyed types in the resource Model.

Using this template in a PATCH request body overrides the implicitOptionality setting for PATCH operations and sets application/merge-patch+json as the request content-type.

model TypeSpec.Http.MergePatchCreateOrUpdate<T, NameTemplate>
NameDescription
TThe type of the resource to create a MergePatch update request body for.
NameTemplateA StringTemplate used to name any models created by applying
the merge-patch transform to the resource. The default name template is {name}MergePatchCreateOrUpdate,
for example, the merge patch transform of model Widget is named WidgetMergePatchCreateOrUpdate.
// An operation updating a 'Widget' using merge-patch
@patch op update(@body request: MergePatchCreateOrUpdate<Widget>): Widget;
// An operation updating a 'Widget' using merge-patch
@patch op update(@bodyRoot request: MergePatchCreateOrUpdate<Widget>): Widget;
// An operation updating a 'Widget' using merge-patch
@patch op update(...MergePatchCreateOrUpdate<Widget>): Widget;

None

Create a MergePatch Request body for updating the given resource Model. The MergePatch request created by this template provides a TypeSpec description of a JSON MergePatch request that can successfully update the given resource. The transformation follows the definition of JSON MergePatch requests in rfc 7396: https://www.rfc-editor.org/rfc/rfc7396, applying the merge-patch transform recursively to keyed types in the resource Model.

Using this template in a PATCH request body overrides the implicitOptionality setting for PATCH operations and sets application/merge-patch+json as the request content-type.

model TypeSpec.Http.MergePatchUpdate<T, NameTemplate>
NameDescription
TThe type of the resource to create a MergePatch update request body for.
NameTemplateA StringTemplate used to name any models created by applying
the merge-patch transform to the resource. The default name template is {name}MergePatchUpdate,
for example, the merge patch transform of model Widget is named WidgetMergePatchUpdate.
// An operation updating a 'Widget' using merge-patch
@patch op update(@body request: MergePatchUpdate<Widget>): Widget;
// An operation updating a 'Widget' using merge-patch
@patch op update(@bodyRoot request: MergePatchUpdate<Widget>): Widget;
// An operation updating a 'Widget' using merge-patch
@patch op update(...MergePatchUpdate<Widget>): Widget;

None

The URL of the requested resource has been changed permanently. The new URL is given in the response.

model TypeSpec.Http.MovedResponse
NameTypeDescription
statusCode301The status code.
locationstringThe Location header contains the URL where the status of the long running operation can be checked.

This authentication option signifies that API is not secured at all. It might be useful when overriding authentication on interface of operation level.

model TypeSpec.Http.NoAuth
NameTypeDescription
typeTypeSpec.Http.AuthType.noAuth

There is no content to send for this request, but the headers may be useful.

model TypeSpec.Http.NoContentResponse
NameTypeDescription
statusCode204The status code.

The server cannot find the requested resource.

model TypeSpec.Http.NotFoundResponse
NameTypeDescription
statusCode404The status code.

The client has made a conditional request and the resource has not been modified.

model TypeSpec.Http.NotModifiedResponse
NameTypeDescription
statusCode304The status code.

OAuth 2.0 is an authorization protocol that gives an API client limited access to user data on a web server.

OAuth relies on authentication scenarios called flows, which allow the resource owner (user) to share the protected content from the resource server without sharing their credentials. For that purpose, an OAuth 2.0 server issues access tokens that the client applications can use to access protected resources on behalf of the resource owner. For more information about OAuth 2.0, see oauth.net and RFC 6749.

model TypeSpec.Http.OAuth2Auth<Flows, Scopes>
NameDescription
FlowsThe list of supported OAuth2 flows
ScopesThe list of OAuth2 scopes, which are common for every flow from Flows. This list is combined with the scopes defined in specific OAuth2 flows.
NameTypeDescription
typeTypeSpec.Http.AuthType.oauth2
flowsFlows
defaultScopesScopes

The request has succeeded.

model TypeSpec.Http.OkResponse
NameTypeDescription
statusCode200The status code.

OpenID Connect (OIDC) is an identity layer built on top of the OAuth 2.0 protocol and supported by some OAuth 2.0 providers, such as Google and Azure Active Directory. It defines a sign-in flow that enables a client application to authenticate a user, and to obtain information (or “claims”) about that user, such as the user name, email, and so on. User identity information is encoded in a secure JSON Web Token (JWT), called ID token. OpenID Connect defines a discovery mechanism, called OpenID Connect Discovery, where an OpenID server publishes its metadata at a well-known URL, typically

https://server.com/.well-known/openid-configuration
model TypeSpec.Http.OpenIdConnectAuth<ConnectUrl>
NameDescription
ConnectUrl
NameTypeDescription
typeTypeSpec.Http.AuthType.openIdConnectAuth type
openIdConnectUrlConnectUrlConnect url. It can be specified relative to the server URL

Resource Owner Password flow

model TypeSpec.Http.PasswordFlow
NameTypeDescription
typeTypeSpec.Http.OAuth2FlowType.passwordpassword flow
tokenUrlstringthe token URL
refreshUrl?stringthe refresh URL
scopes?string[]list of scopes for the credential

Options for PATCH operations.

model TypeSpec.Http.PatchOptions
NameTypeDescription
implicitOptionality?booleanIf set to false, disables the implicit transform that makes the body of a
PATCH operation deeply optional.
model TypeSpec.Http.PathOptions
NameTypeDescription
name?stringName of the parameter in the uri template.
explode?booleanWhen interpolating this parameter in the case of array or object expand each value using the given style.
Equivalent of adding * in the path parameter as per RFC-6570
style?"simple" | "label" | "matrix" | "fragment" | "path"Different interpolating styles for the path parameter.
- simple: No special encoding.
- label: Using . separator.
- matrix: ; as separator.
- fragment: # as separator.
- path: / as separator.
allowReserved?booleanWhen interpolating this parameter do not encode reserved characters.
Equivalent of adding + in the path parameter as per RFC-6570

Produces a new model with the same properties as T, but with @query, @header, @body, and @path decorators removed from all properties.

model TypeSpec.Http.PlainData<Data>
NameDescription
DataThe model to spread as the plain data.

None

Query parameter options.

model TypeSpec.Http.QueryOptions
NameTypeDescription
name?stringName of the query when included in the url.
explode?booleanIf true send each value in the array/object as a separate query parameter.
Equivalent of adding * in the path parameter as per RFC-6570

| Style | Explode | Uri Template | Primitive value id = 5 | Array id = [3, 4, 5] | Object id = {“role”: “admin”, “firstName”: “Alex”} |
| ------ | ------- | -------------- | ---------------------- | ----------------------- | -------------------------------------------------- |
| simple | false | /users{?id} | /users?id=5 | /users?id=3,4,5 | /users?id=role,admin,firstName,Alex |
| simple | true | /users{?id*} | /users?id=5 | /users?id=3&id=4&id=5 | /users?role=admin&firstName=Alex |

Describes an HTTP response.

model TypeSpec.Http.Response<Status>
NameDescription
StatusThe status code of the response.
NameTypeDescription
statusCodeStatus

Access is unauthorized.

model TypeSpec.Http.UnauthorizedResponse
NameTypeDescription
statusCode401The status code.

Describes the location of the API key

enum TypeSpec.Http.ApiKeyLocation
NameValueDescription
headerAPI key is a header value
queryAPI key is a query parameter
cookieAPI key is found in a cookie

Authentication type

enum TypeSpec.Http.AuthType
NameValueDescription
httpHTTP
apiKeyAPI key
oauth2OAuth2
openIdConnectOpenID connect
noAuthEmpty auth

Describes the OAuth2 flow type

enum TypeSpec.Http.OAuth2FlowType
NameValueDescription
authorizationCodeauthorization code flow
implicitimplicit flow
passwordpassword flow
clientCredentialsclient credential flow
scalar TypeSpec.Http.LinkHeader