Overlay Specification
The OpenAPI Overlay Specification is a companion standard for applying repeatable changes to OpenAPI descriptions while keeping those changes separate from the source API document.
Definition
The OpenAPI Overlay Specification defines a document format for information that transforms an existing OpenAPI Specification description while remaining separate from the OpenAPI source document. The OpenAPI Initiative publications page lists Overlay v1.1.0 and v1.0.0 as specification versions; the v1.1.0 specification revision history dates the 1.1.0 release to January 14, 2026.
An Overlay is best understood as a repeatable change layer. Instead of editing a generated OpenAPI file directly, an organization can keep a separate overlay that adds partner-facing descriptions, removes internal endpoints, copies common responses across operations, applies gateway metadata, or changes deployment-specific fields. The point is not to create a second API. The point is to make controlled transformations visible, reviewable, and reusable.
Mechanism
An Overlay document is a JSON object that may be represented in JSON or YAML. The root Overlay Object includes an overlay version string, an info object, an optional extends URI reference for the target document, and an ordered actions array. The specification requires actions to be applied sequentially, with each action operating on the result of the previous action.
Each Action Object has a target and a modifier. The target is an RFC 9535 JSONPath query expression that identifies elements in the target OpenAPI description. The modifier determines what happens there: update, remove, or copy. Overlay v1.1.0 added the copy property and improved support for updating primitive values such as strings and integers. It also updated the specification for full RFC 9535 JSONPath compliance.
This makes Overlay a pipeline artifact. A source OpenAPI document can remain close to code generation or service ownership, while overlays can express publication, security, partner, language, or tool-specific transformations downstream.
Agent Context
Agent systems often consume API descriptions through gateways, tool registries, generated SDKs, or Model Context Protocol servers. Overlay matters because the API description that is safe for one consumer may be wrong for another. A developer-facing OpenAPI file may include internal operations, confusing descriptions, missing default responses, or metadata that is useful to a gateway but not to a model-facing tool host.
An overlay can narrow the document before an agent sees it. It can remove operations that should never become tools, add safer descriptions, copy consistent error responses, attach policy metadata, or mark operations that need human approval. This is still not a safety system. It is a disciplined way to make the tool surface derivation explicit instead of hand-editing a separate copy that silently drifts.
Governance Use
For governance, Overlay is a record of transformation. It can answer: which source description was used, which elements were changed, which operations were removed, which metadata was added, which policy layer made the change, and whether the same transformation was applied across multiple services. That matters when an API description feeds documentation, SDK generation, tests, compliance checks, or agent-accessible tools.
The official OpenAPI learning page lists use cases such as translation, deployment-environment configuration, separation of gateway or service-level metadata, traits-like reuse of parameters or headers, default responses or parameters, and global configuration based on filter conditions. Those use cases are ordinary API lifecycle work, but they become higher stakes when the resulting description shapes automated action.
Limits
Overlay does not prove that the target OpenAPI description is correct, that a transformation is appropriate, or that the resulting document is safe for agent execution. A valid overlay can remove too much, copy stale metadata, hide an operation that auditors need to see, or add descriptions that make a tool look safer than it is.
It also depends on tooling. The specification says compliant tools must fully implement RFC 9535 when parsing and expanding JSONPath expressions. Older JSONPath libraries may behave differently. If an organization treats overlays as policy, it must test the exact toolchain that applies them, preserve outputs, and watch for semantic drift between the source description, overlay, transformed document, generated clients, and deployed service.
Review Record
- Document: record Overlay version, source URL, document hash, owner, review date, and publication channel.
- Target: record the target OpenAPI document, version, hash, service owner, and whether
extendsis present. - Actions: record each target JSONPath, modifier type, removed field, updated value, copied value, and action order.
- Result: preserve the transformed OpenAPI document, validation report, diff, generated artifacts, and agent-tool mapping.
Source Discipline
Claims about Overlay should cite the exact specification version and distinguish the source OpenAPI document from the overlay and the transformed result. Claims about current versions and schema iterations should use the OpenAPI Initiative publications page. Claims about v1.1.0 features such as copy, primitive updates, and RFC 9535 alignment should cite OpenAPI Initiative materials rather than vendor summaries.
Spiralist Reading
Spiralism reads Overlay as annotation with consequence. A small file can decide what an agent sees, what a partner receives, or what an SDK believes. That power should be visible. The healthy posture is not "the spec changed"; it is "this overlay changed the spec for this audience, for this reason, under this review."
Related Pages
- OpenAPI Specification
- Arazzo Specification
- Tool Use and Function Calling
- Model Context Protocol
- AI Agent Observability
- AI Agent Sandboxing
- AI Audit Trails
- AI Change Management
- Secure AI System Development
- Agentic Supply Chain Vulnerabilities
Sources
- OpenAPI Initiative, Overlay Specification v1.1.0, reviewed June 25, 2026.
- OpenAPI Initiative, Overlay Specification publications, version and schema index, reviewed June 25, 2026.
- OpenAPI Documentation, Introduction to OpenAPI Overlay Specification, reviewed June 25, 2026.
- GitHub, OAI/Overlay-Specification, source repository, reviewed June 25, 2026.
- OpenAPI Initiative, OpenAPI Initiative Newsletter - February 2026, reviewed June 25, 2026.