Skip to main content
HackGATE uses your OpenAPI schema to power API coverage tracking in the analytics dashboard. Upload your schema once; HackGATE rewrites the servers field to point to the site’s hackgatedName subdomain so coverage data aligns with proxied traffic.

Upload a schema

Uploads an OpenAPI schema file for a site. The file is validated before being stored.

Request

POST https://api-admin.hackgate.io/api/sites/uploadOpenAPISchema
This endpoint accepts a multipart/form-data body.

Headers

Authorization
string
required
Bearer token. Example: Bearer <token>
Content-Type
string
required
Must be multipart/form-data.

Form fields

file
file
required
The OpenAPI schema file to upload. Accepted formats:
  • .json — OpenAPI JSON
  • .yaml or .yml — OpenAPI YAML
The file must be a valid OpenAPI 2.x or 3.x document. Files that fail OpenAPI validation are rejected with a 400 error.
siteId
string
required
The UUID of the site to attach the schema to.

Validation rules

ConditionStatusDescription
File extension is not .json, .yaml, or .yml400Unsupported file type
File is not a valid OpenAPI document400Schema validation failure
siteId does not exist404Site not found

Response

Returns 200 on success. No body is returned.

Example

curl -X POST https://api-admin.hackgate.io/api/sites/uploadOpenAPISchema \
  -H "Authorization: Bearer <token>" \
  -F "file=@openapi.json;type=application/json" \
  -F "siteId=a1b2c3d4-e5f6-7890-abcd-ef1234567890"

{}

Retrieve the schema

Returns the stored OpenAPI schema for a site. The servers field in the returned document is rewritten to use the site’s hackgatedName subdomain.

Request

GET https://api-admin.hackgate.io/api/sites/getAPIdefinition/{id}

Headers

Authorization
string
required
Bearer token. Example: Bearer <token>

Path parameters

id
string
required
The UUID of the site.

Response

string
required
The OpenAPI document as a JSON string, with the servers field set to the site’s hackgatedName subdomain (e.g. https://www-myorg.hackgate.io). Returns 404 if no schema has been uploaded for the site.

Example

curl https://api-admin.hackgate.io/api/sites/getAPIdefinition/a1b2c3d4-e5f6-7890-abcd-ef1234567890 \
  -H "Authorization: Bearer <token>"

"{\"openapi\":\"3.0.0\",\"info\":{\"title\":\"Example API\",\"version\":\"1.0.0\"},\"servers\":[{\"url\":\"https://www-myorg.hackgate.io\"}],\"paths\":{...}}"
The response is a JSON string, not an object. Parse it with JSON.parse() before using it as an OpenAPI document.