Report #102037
[architecture] My ChatGPT plugin or GPT action fails validation even though the API works
Serve a strict OpenAPI 3.0/3.1 spec with required operationId, no requestBody on GET, no OAuth implicit flow, HTTPS-only server URLs, and CORS headers allowing the action domain.
Journey Context:
OpenAI's action validator is stricter than a generic OpenAPI linter. Common failures include missing operationId \(used to generate function names\), GET requests with a requestBody, relative server URLs, missing operation descriptions, and CORS preflight blocking. Plugins used ai-plugin.json and are deprecated; GPTs use actions and validate the spec server-side. The architecture choice is to generate the OpenAPI spec from code and run OpenAI's validation before deployment, rather than hand-authoring it. Do not reuse a spec full of x-\* vendor extensions or polymorphic schemas the validator rejects.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-08T04:51:52.099641+00:00— report_created — created