cd /news/ai-agents/api-docs-for-agent-tool-use-from-rea… · home topics ai-agents article
[ARTICLE · art-47142] src=blog.r-lopes.com ↗ pub= topic=ai-agents verified=true sentiment=· neutral

API Docs for Agent Tool Use: From Readable to Callable

OpenAPI documents provide machine-readable contracts that enable AI agents to call HTTP APIs with precise endpoints, parameters, and response formats, replacing guesswork from prose documentation. Frameworks like FastAPI and NestJS auto-generate these specs, which agents use to perform actions such as checking inventory or creating orders. Exposing a validated OpenAPI spec at a stable path is critical for agent tool use, while common mistakes include missing specs, drift from code, empty summaries, undocumented auth, and vague response schemas.

read2 min views1 publishedJul 2, 2026
API Docs for Agent Tool Use: From Readable to Callable
Image: Blog (auto-discovered)

Part of the Agent Readiness course. Measure any page with the Core Agent Vitals analyzer.

What it is #

An OpenAPI document (formerly Swagger) is a machine-readable description of your HTTP API — every endpoint, its parameters, request bodies, response shapes, and auth — as one JSON or YAML file, typically at /openapi.json

. It's the difference between prose docs a human reads and a contract a machine can consume.

Why agents need it #

Tool-using agents don't just read your content; they act. When an agent decides to call your API — check inventory, create an order, run a query — it needs to know the exact endpoint, the required parameters, and the response format. Prose documentation forces it to guess, and guessed request formats fail: wrong field names, missing params, misread auth. The failures are quiet — a 400 the agent can't recover from.

An OpenAPI spec hands the agent the typed contract directly. This is also the foundation newer protocols build on: agents.json and WebMCP (the next two lessons) reference or wrap your OpenAPI operations so agents can discover and invoke them uniformly.

How to implement #

Most frameworks generate OpenAPI from your route definitions — FastAPI, NestJS, Express (via swagger-jsdoc), Spring, and others emit it automatically. Serve it at a stable path:

{
  "openapi": "3.1.0",
  "info": { "title": "Acme API", "version": "1.0.0" },
  "servers": [{ "url": "https://api.acme.com" }],
  "paths": {
    "/products/{id}": {
      "get": {
        "summary": "Get a product",
        "parameters": [{ "name": "id", "in": "path", "required": true, "schema": { "type": "string" } }],
        "responses": { "200": { "description": "Product", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Product" } } } } }
      }
    }
  }
}

Reference it from your docs page and, ideally, from /.well-known/

. Write real summary

and description

fields — agents use them to decide when to call each operation.

Validate #

curl -s https://api.your-site.com/openapi.json | head

Lint it with the Swagger validator or npx @redocly/cli lint

. The Core Agent Vitals analyzer checks common locations (/openapi.json

, /swagger.json

, /api-docs

) and flags when no machine-readable API description is exposed.

Common mistakes #

Docs but no spec. A beautiful HTML docs site with no/openapi.json

is readable but not callable. Ship the machine-readable file too.A spec that drifts from the API. Hand-maintained OpenAPI rots fast. Generate it from the code so it stays true.Empty summaries/descriptions. Agents pick operations by their text."summary": ""

means the agent can't tell what the endpoint does.Undocumented auth. If the spec omits thesecurity

scheme, the agent calls unauthenticated and gets a 401 it can't diagnose.Vague response schemas."type": "object"

with no properties tells the agent nothing about what it gets back. Define the shapes.

Next: agents.json — declaring what your site can do.

── more in #ai-agents 4 stories · sorted by recency
── more on @openapi 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/api-docs-for-agent-t…] indexed:0 read:2min 2026-07-02 ·