Configure your SDKs
Stainless automatically generates idiomatic yet flexible SDKs for your API. But every API is different. Create the perfect SDK for your API and your users by configuring the Stainless Generator.
When you first generate an SDK with Stainless, we create a reasonable draft configuration for you. You can see and edit it in the SDK Studio.
Resources
The most important consideration when designing an SDK is having the correct names for your resources and CRUD operations. The Stainless configuration defines resources as models and methods, grouped by primitive.
Consider the following:
resources:
accounts:
models:
account: '#/components/schemas/Account'
methods:
list: get /accounts
create: post /accounts
retrieve: get /accounts/{account_id}
delete: delete /accounts/{account_id}
update: put /accounts/{account_id}
subresources:
friends:
models:
friends: '#/components/schemas/Friends'
methods:
list: get /accounts/{account_id}/friends
create: post /accounts/{account_id}/friends
delete: delete /accounts/{account_id}/friends/{friend_id}
In this example, we have an accounts resource and an accounts.friends resource nested within. The resulting SDK usage is:
# `foo` is the instantiation of the library.
account = foo.accounts.create(...)
friends = foo.accounts.friends.list(...)
Depending on the constraints and how you want your users to reason about your API, you may want to restructure the resources to look like:
resources:
accounts:
models:
account: '#/components/schemas/Account'
friends: '#/components/schemas/Friends' # Moved here
methods:
list: get /accounts
create: post /accounts
retrieve: get /accounts/{account_id}
delete: delete /accounts/{account_id}
update: put /accounts/{account_id}
# Below items were moved here and renamed
list_friends: get /accounts/{account_id}/friends
add_friend: post /accounts/{account_id}/friends
remove_friend: delete /accounts/{account_id}/friends/{friend_id}
That resulting SDK usage is:
# `foo` is the instantiation of the library.
account = foo.accounts.create(...)
friends = foo.accounts.listFriends(...)
Which approach is better is ultimately up to how you want the user to reason about your API. In general, a good resource is a conceptually distinct, representational object in your API.
Models
A model is a schema that Stainless generates as a distinct, named type. Consider the following configuration:
resources:
accounts:
methods:
list: get /accounts
create: post /accounts
retrieve: get /accounts/{account_id}
By default, the Stainless generator creates methods with roughly the following signatures, even if they
all reference the same #/components/schemas/Account in their response. (Note the return types.)
class Accounts extends APIResource {
list(...): AccountListResponse[];
create(...): AccountCreateResponse;
retrieve(...): AccountRetrieveResponse;
}
// usage:
const account: AccountRetrieveResponse = client.accounts.retrieve()
We do not consider $ref to be part of a public-facing API. OpenAPI specs are difficult to deal with and
$ref is often used to circumvent that complexity, which may not perfectly align with the API
you want your users to have. For example, changing a $ref for internal organization purposes should never
cause a backwards-breaking change to the users of your SDK.
Alternatively, you can configure a model to belong within a resource:
resources:
accounts:
models:
account: '#/components/schemas/Accounts'
methods:
list: get /accounts
create: post /accounts
retrieve: get /accounts/{account_id}
That configuration creates these methods:
class Accounts extends APIResource {
list(...): Account[];
create(...): Account;
retrieve(...): Account;
}
// usage:
const account: Account = client.accounts.retrieve()
In general, a model belongs under the most closely related resource, and each resource should have at least one model. All of our SDKs are designed so that you can put a model where it most logically belongs without worrying about dependency issues.
There are cases where a model doesn't belong under one resource. A common example of
that might be something like #/components/schemas/Address or #/components/schemas/Contact. We have a
special resource called $shared where these kinds of models should be defined.
resources:
$shared:
models:
address: '#/components/schemas/Address'
contact: '#/components/schemas/Contact'
Models need not only fall under #/components/schemas/*. You may specify any valid JSON Reference from the root.
Finally, the model configuration can also accept an object rather than just a string for even more options, if you need them. Please check out our full reference docs here.
Methods
Methods most commonly define how an endpoint maps to a resource, by providing a string value:
resources:
accounts:
methods:
list: get /accounts
You can configure the method in more detail by providing an object:
resources:
accounts:
methods:
list:
type: http
endpoint: get /accounts
deprecated: Use the /user endpoint instead
Authentication
The Stainless Generator defines your SDK's authentication using the #/security and #/components/securitySchemes particulars from your OpenAPI spec. By default, Stainless SDKs are set to authenticate using an environment variable:
client_settings:
opts:
auth_token:
type: string
# Whether this client option is required to instantiate the client:
nullable: false
# Whether this value should be read from an env:
read_env: ORG_AUTH_TOKEN
auth: { security_scheme: BearerAuth }
# optional, overrides the OpenAPI spec's top-level security key, required if it isn't present
security:
- BearerAuth: []
For more complicated authentication schemes, or should the Stainless Generator fail to configure yours correctly, see the examples below.
The Stainless generator uses the top-level security as the security configuration supported by the SDKs, but
you may want to specify a different combination of security than the one used in your OpenAPI spec. The
security and security_schemes in the Stainless config overrides the values in the spec.
HTTP Bearer Authorization: Bearer <bearer-token>
The HTTP Bearer authentication method is configured like so:
# OpenAPI
components:
security_schemes:
MyBearerAuth:
type: http
scheme: bearer
# optional, documentation purpose only
bearerFormat: JWT
security:
- MyBearerAuth: {}
# Stainless config
client_settings:
opts:
my_bearer_token: # or `token`, `bearer_token`, `api_key`, etc.
type: string
read_env: ORG_BEARER_TOKEN
auth: { security_scheme: MyBearerAuth }
HTTP Basic Authorization: Basic <base64(username:password)>
The HTTP Basic authentication method is configured like so:
# OpenAPI
components:
security_schemes:
MyBasicAuth:
type: http
scheme: basic
security:
- MyBasicAuth: {}
# Stainless config
client_settings:
opts:
my_username:
type: string
read_env: ORG_MY_USERNAME_TOKEN
auth: { security_scheme: MyBasicAuth, role: 'username' }
my_password:
type: string
read_env: ORG_MY_PASSWORD_TOKEN
auth: { security_scheme: MyBasicAuth, role: 'password' }
API Key <Header>: <API Key>
An API key in a header authentication method is configured like so:
# OpenAPI
components:
security_schemes:
MyApiKeyAuth:
type: apiKey
name: My-Api-Key
in: header
security:
- MyApiKeyAuth: {}
# Stainless config
client_settings:
opts:
my_api_key: # or `token`, `auth_token`, etc.
type: string
read_env: ORG_API_KEY_TOKEN
auth: { security_scheme: MyApiKeyAuth }
Optional Auth
To specify that you accept no authentication, declare a security configuration with no properties like so:
security:
- BearerAuth: {}
- {}
OAuth2
We do not support OAuth2 flows or manage tokens in our SDKs. We suggest using HTTP Bearer Auth and including your OAuth flows in your OpenAPI spec.
README.md configuration
We currently support configuration of the various code snippets in the README.md of a generated SDK.
readme:
example_requests:
default:
type: request
endpoint: post /cards
params:
type: SINGLE_USE
headline:
type: request
endpoint: put /cards
params:
type: SINGLE_USE
account_id: 123
pagination:
type: request
endpoint: list /cards
params:
limit: 30
The headline example is the first usage of the API that your users see in the README.md, so it should
be the most 'important' endpoint in your API.
The pagination example is required if you have configured pagination, and should point to a paginated
endpoint.
The default example is inherited by all other example requests, though you can manually override them if
there is a need to do so. Because of this, we suggest that you choose the most 'standard' endpoint in your
API.
Pagination
Configuring pagination with Stainless SDKs generates a helper to fetch the next page and an auto-iterator to easily loop through items in your API. The helper makes it easy to manually paginate when needed and the auto-iterator makes consuming a list as natural as a for loop, with the iterator automatically fetching the next page when needed:
const iter: OffsetPage<Account> = await client.accounts.list()
for await (const account in iter) {
if (account.name === 'Michael') {
console.log(account.id)
}
}
Pagination Scheme
To configure pagination, you need to first define a pagination scheme. A pagination scheme is closely related to the pagination class that is generated in the SDKs, and is made up of:
pagination:
- name: <name of page class>
type: <offset, cursor, cursor_id, hypermedia, etc.>
request:
<name of request parameter>: <schema of request parameter>
response:
<name of response field>: <schema of response field>
- the type of pagination (
offset,cursor,cursor_id, etc...), - the parameters in the
request, - and the fields in the
responsethat you expect to see on every paginated method of this type.
The request and response sections are used to generate the pagination classes which depending on the
language is represented as a generic class, interface, or object. They should respectively contain keys of the
request parameters and response JSON in your API, for example in the header, query, or the body.
You should include request parameters that are necessary for pagination, such as page_number, page_size,
after, limit, and properties that should always be present in the response, like data or items (which
contains the list of elements you have).
You may also include parameters that aren't strictly necessary for pagination to work. For example, it might
be appropriate to add a request parameter like sort_by, which might be an enum of the ways you can sort
across your API.
pagination:
- name: my_offset_page
type: offset
request:
my_offset:
type: integer
description: The number of elements to skip.
# this tells us to modify this param when getting the next page
x-stainless-pagination-property:
purpose: offset_count_param
my_limit:
type: integer
description: The maximum number of elements to fetch.
response:
my_data:
type: array
items: {}
my_total:
type: integer
x-stainless-pagination-property:
purpose: offset_total_count_field
my_count:
type: integer
x-stainless-pagination-property:
purpose: offset_count_start_field
Example OpenAPI Specification
openapi: 3.1.0
paths:
/accounts:
get:
parameters:
- name: my_offset
in: query
type: integer
- name: my_limit
in: query
type: integer
responses:
'200':
content:
application/json:
schema:
type: object
properties:
my_data:
type: array
items: { $ref: '#/components/schema/Account' }
my_total:
type: integer
my_count:
type: integer
Multiple pagination schemes
The pagination section accepts multiple pagination schemes. We match each endpoint against the defined
pagination schemes by making sure the relevant request parameters/response fields exist for that endpoint
and have the correct type.
In cases where it's ambiguous or you want to explicitly assert that a method matches my_offset_page, you can
provide paginated: my_offset_page and the generator reports an error if it doesn't match that specific page.
See the config reference for pagination for various examples and edge cases.
Miscellaneous
Extra client arguments
You can define extra client arguments, which generally appears as an extra argument on the client
constructor of each SDK (in Go, it appears as an extra RequestOption). These are generally used for
supplying values for authentication methods, but can be also used for extra headers and
more.
client_settings:
opts:
pet_store_version:
type: string # can be a string, boolean, or a number
nullable: true # makes this an optional argument
default: v3 # the default pet store version to use
read_env: PETSTORE_VERSION
send_in_header: 'X-Petstore-Version'
const client = new Petstore({
apiKey: '...',
petStoreVersion: 'v2', // sends 'X-Petstore-Version: v2'
});
Default headers
Default headers are headers we add to every request made by the SDK. We send platform headers so that you can collect metrics on the languages and platforms your users use. For all SDKs, we send the following
| Headers | Description |
|---|---|
X-Stainless-Lang | The language, such as go, node, java, kotlin, python. |
X-Stainless-Package-Version | The package version such as v2.3.1. |
X-Stainless-OS | The OS, such as Android, MacOS, Windows, FreeBSD, OpenBSD, Linux, Other:xxx. |
X-Stainless-Arch | The architecture, such as x32, x64, arm, aarch64, other:xxx. |
We also send some extra headers for each language:
| Node Headers | Description |
|---|---|
X-Stainless-Runtime | Which JS runtime was used. |
X-Stainless-Runtime-Version | The version that was used to make the request. |
| Python Headers | Description |
|---|---|
X-Stainless-Async | Whether or not the `AsyncClient` was used by the user. |
X-Stainless-Runtime | Which python runtime was used. |
X-Stainless-Runtime-Version | The python version that was used to make the request. |
| Java/Kotlin Headers | Description |
|---|---|
X-Stainless-Runtime-Version | The Java version that was used to make the request. |
| Go Headers | Description |
|---|---|
X-Stainless-Runtime | Which Go runtime was used. |
X-Stainless-Runtime-Version | The version of Go that was used to make the request. |
Retries
Our clients retry connection errors (for example, a network connectivity problem), 408 Request Timeout, 409 Conflict, 429 Rate Limit, and >=500 Internal errors.
By default, our clients retry 2 times (so a total of 3 requests) using the exponential backoff strategy with an initial delay of 0.5s and a max delay of 8s. We also add a jitter of 25% to spread out requests.
This can be configured by you for your users:
client_settings:
default_retries:
# 5 retries are made, with the interval [1, 2, 4, 8, 10 (capped by the max)]
# not accounting for jitter
max_retries: 5
initial_delay_seconds: 1
max_delay_seconds: 10
Or it can be changed by the user in each language's SDK:
client = new Petstore({
maxRetry: 0, // Doesn't retry at all
});
Our SDKs also respect the Retry-After
header sent by the API, which defines
in integers how many seconds we should wait before making another request. We also support the Retry-After-Ms header which is less standard but gives more fine-grained control over timings in milliseconds.
Timeouts
In addition to retries, our clients also have a default timeout of 60 seconds, which can be configured.
client_settings:
default_timeout: PT60S # ISO8601 or number of milliseconds. This is 60 seconds
Idempotency key
Idempotency Keys can prevent errors where multiple retried requests are interpreted as separate requests. Our clients retry connection errors and certain status codes by default to create robust integrations, so we recommend that your API supports idempotency keys, especially for critical endpoints.
You can configure idempotency keys by specifying client_settings.idempotency like so:
client_settings:
idempotency:
header: 'Idempotency-Key' # or a header you prefer, like 'X-Request-Id'
We send the configured header with a value in the format stainless-retry-{random_uuid} on all
non-GET requests. This header is also possible to override in every SDK that we generate.
Enterprise
OpenAPI transformations
If your OpenAPI is not perfect and/or hard to modify because it's generated, we can work with you to identify problems in your OpenAPI spec and fix issues on our end with OpenAPI transforms. Contact our sales.
SSE streaming
Configuring SSE streaming is supported by Stainless for enterprise customers. When configured, we will generate ergonomics bindings for your users to
consume streams ergonomically and conveniently, for example in for await loops and more. Contact our
sales.
We can also help write and design helpers to make your streamed APIs more powerful for your users.