Design

The most comprehensive OpenAPI implementation in any HTTP client. Your project is the spec — bi-directionally synced, version-fluent (Swagger 2.0, 3.0, 3.1, 3.2), with visual + code editing, Try It Out, full OAuth 2.0 / OIDC, contract validation, and zero vendor lock-in.

Bi-Directional Sync

Edit the YAML, the spec updates the project. Edit the project, the YAML updates. Conflict resolution built in — source-wins, target-wins, deep-merge, or ask. No drift, ever.

Every Version, Native

Swagger 2.0 imports auto-upgrade to 3.0.3. 3.0 ↔ 3.1 conversion in both directions. 3.2 read & edit. Pure OpenAPI on the way out — your spec works with any other tool that reads the standard.

Design + Test Together

Designer mode (Code, Split, Preview) and Area mode share state. Edit a path, hit Try It Out — request fires from the same workspace. No context switching, no separate tools, no CI/local mismatch.

Visual Designer

Build full OpenAPI specs without writing a single line of YAML. Form-based editors for Info, Servers, Tags, Paths, Parameters, Schemas, Security Schemes, Webhooks, and Callbacks — every field guided, no syntax to memorize, never produces invalid output. Collapse sections to focus, expand to compose.

Code Editor + Live Preview

Power-user mode: full Monaco editor with YAML or JSON, real-time validation, error count in toolbar, instant Cmd/Ctrl+S to sync. Split view shows Swagger UI-style preview on the right that updates as you type. Visual Designer and Code Editor edit the same spec — switch any time, both stay in sync.

Area Mode — Test While You Design

Don't leave the designer to test endpoints. Area mode shows your endpoints organized by tag, opens them in tabs, and gives you the full HTTP panel — params, headers, auth, body, assertions, responses. Edit the spec, test the endpoint, repeat. Two contexts, one workspace.

Contract Validation, Built In

Every response is automatically checked against your OpenAPI schema — content type, required fields, types, enums, formats, schema composition. Pass / fail visible in the Contract tab the moment a response lands. Catch breaking changes the second they appear, not after the consumer breaks.

All Four OpenAPI Generations

Whether your spec is 12 years old or shipped last quarter, Atrahasis reads it, edits it, and exports it without rewriting a line by hand.

Spec

Swagger 2.0

Auto-converts to 3.0.3 on import

Spec

OpenAPI 3.0.x

Full support (3.0.0 – 3.0.4)

Spec

OpenAPI 3.1.x

Full support (3.1.0 – 3.1.2), full JSON Schema

Spec

OpenAPI 3.2.0

Read & edit (latest version)

Conversion that just works

Swagger 2.0 → 3.0.3 automatic on import — host+basePath+schemes folded into servers, definitions → components/schemas, body params → requestBody, consumes/produces → content negotiation
3.0 ↔ 3.1 bidirectional — nullable, exclusiveMinimum/Maximum, examples vs example, type arrays, JSON Schema 2020-12 features
Toolbar shows the spec version (or Swagger 2.0 → 3.0 if upgraded) so you always know what you're editing

The hard parts, not skipped

Full JSON Schema 2020-12 in 3.1 — $id, $anchor, type arrays, conditional keywords
$ref resolution — internal, external file, URL, JSON Pointer paths, circular-reference safe
All 7 parameter serialization styles — form, simple, spaceDelimited, pipeDelimited, deepObject, matrix, label — plus explode and allowReserved
Server variables with defaults & enum, operation-level server overrides
Webhooks (3.1+) and callbacks (3.0+) with runtime expressions like $request.body#/id
Discriminator mapping — explicit type → schema lookups for polymorphic responses

Project ⟷ Spec, Always in Sync

In every other tool, the spec is an artifact you import and forget. Here, the spec is the project. Four change sources, eight tracked sections, real conflict resolution.

Source

Code Editor

YAML / JSON edits in Monaco

Source

Visual Designer

Form-based field updates

Source

Import

URL / file / paste replaces spec

Source

Project Actions

Endpoint creation, module moves

Sections that stay in sync

info

servers

Conflict resolution, your call

source-winsEditor changes override (default)
target-winsVisual / project changes override
mergeDeep-merge both — paths and schemas reconciled at the property level
askPrompt you with a side-by-side diff and let you pick

Smart defaults: update beats delete (preserve the item), paths/schemas attempt deep merge, others fall back to source-wins.

Authentication That Actually Authenticates

Five OpenAPI security types. Four OAuth 2.0 flows. PKCE for public clients. OpenID Connect with discovery URL. Token refresh, expiration countdown, per-operation overrides, lock icons that mean something.

API Key

in header / query / cookie — pick the location, name the field, done.

HTTP Basic

username + password, Base64-encoded into the Authorization header.

HTTP Bearer

JWTs and access tokens. bearerFormat hint preserved on round-trip.

OAuth 2.0 — 4 flows

Authorization Code (with PKCE), Client Credentials, Implicit, Password (ROPC). Browser-based authorize popup, scopes, token + refresh token capture.

OpenID Connect

Drop in the discovery URL. Atrahasis fetches /.well-known/openid-configuration, lists supported scopes, runs the OAuth2 dance, returns access + ID token.

Status

Live token indicator

Valid / Expiring / Expired with a human-readable countdown. Auto-refresh kicks in before the cliff.

Lock

Per-operation lock icons

Closed (authorized), open (needs auth), or none (security: []). Click to authorize that one endpoint.

Sync

Authorize once, work everywhere

Credentials sync between Authorize modal, Area Mode, Try It Out, and Preview. Memory-only — never on disk.

Try It Out, Done Right

The Preview is Swagger UI's interactive feel — but every clever thing you wished Swagger UI did, baked in.

Smart Example Generation

Type-aware defaults — date-time → 2024-01-15T10:30:00Z, email → [email protected], uuid → 550e8400-…, enum → first value. Circular references are detected and short-circuited so self-referential schemas don't blow up the form.

Environment Variables in Parameters

Drop {{base_url}}, {{api_token}}, or any var into a parameter value. Resolved against the active environment at send time. The Authorize button and Try It Out share state — no double-entry.

Multi-format Body Editor

JSON in a Monaco editor with auto-format, urlencoded and form-data as labeled inputs (with required markers), binary upload (image/audio/video/PDF/octet-stream) via native file picker.

atra CLI Export

After any execution, copy the request as a one-liner: atra -X 'GET' 'https://api.example.com/...' -H 'Authorization: Bearer …'. Paste in your terminal, run in CI, share with teammates.

Per-operation Lock Icons

Each endpoint shows Authorized (closed lock), Needs Auth (open lock), or Public (security: []) at a glance. Click the lock to authorize for just that operation.

Token Auto-Refresh

OAuth 2.0 / OIDC tokens with a refresh_token are automatically refreshed before they expire. Long sessions stay live without re-authorizing. Status indicator shows Valid / Expiring / Expired with countdown.

Real Schema Composition

Inheritance, polymorphism, union types — all four OpenAPI keywords supported, both in the visual editor and in the runtime contract validator.

allOfAND

Inheritance and traits. Dog extendsAnimal; Pet = Named + Owned + Aged.

oneOfXOR

Polymorphism. Pet = Cat | Dog | Bird — exactly one shape.

anyOfOR

Union of traits. Body matches one or more of the listed shapes — flexible inputs without exploding the schema count.

discriminatorType tag

Pair with oneOf/anyOf to identify the variant by a property value (petType: cat). Validator picks the right branch automatically.

x-atrahasis-* Extensions

Test assertions, per-endpoint auth, environment bindings — preserved inside your spec as standard x-* extensions. Other tools ignore them. Round-trip safe through every import / export / sync.

Extension	Where	What it does
x-atrahasis-project-id	root	Stable project identity across re-imports
x-atrahasis-module-id	tag	Module lineage when tags get renamed
x-atrahasis-endpoint-id	operation	Endpoint lineage for sync + reports
x-atrahasis-assertions	operation	Test assertions live inside the spec
x-atrahasis-auth	operation	Per-endpoint auth override
x-atrahasis-enabled	parameter	Toggle a param off without deleting it
x-atrahasis-env-id	server	Stable environment binding
x-atrahasis-env-name	server	Custom display name per environment
x-atrahasis-version	root	Atrahasis format version

Round-trip guarantee: unknown x-* extensions from other tools are also preserved. Atrahasis only manages its ownx-atrahasis-* namespace. Nothing of yours gets dropped silently.

From Designer to Terminal, Same Spec

Every spec you design is runnable with the atra CLI. Same assertions, same auth, same environments. Your design becomes your test, your monitor, your CI gate.

One spec, every surface

Try It Out exports any executed request as a one-line atra command — paste in your terminal, run in CI
Same headers, same auth, same body — what you tested in the designer is what runs from the shell
Built-in assertions (-a) gate exit codes — turn any quick request into a smoke test
Exports as YAML or JSON in any supported version — feed into codegen, docs, governance
Pure OpenAPI on the way out — no proprietary format trap

# Copy-as-atra from any executed Try It Out

atra -X 'GET' \

'https://api.example.com/users/123' \

-H 'Authorization: Bearer eyJhbG...'

# Re-run the same request with built-in assertions

atra GET https://api.example.com/users/123 \

-a "status eq 200" \

-a "response_time lt 500"

Explore the atra CLI guide

Your Specs, Your Freedom

Industry standards in, industry standards out. Bring your existing OpenAPI file and pick up where the last tool left off, or design from scratch and export anywhere — Stoplight, Postman, codegen, governance, AWS API Gateway, Apigee. We don't hold your work hostage.

Swagger 2.0, OpenAPI 3.0, 3.1, 3.2

JSON & YAML in/out

Local-first, no cloud sync, no telemetry

Pure OpenAPI, no proprietary lock-in

Ready to design your API?

Download Atrahasis and ship a spec the rest of your team will actually want to read.

Download Read the Guide