made changes based on the comments made by reviewrs

Signed-off-by: Jitesh Nair <jiteshnair@ibm.com>

Author: ja8zyjits

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "(?x)( package-lock\\.json$ |Cargo\\.lock$ |uv\\.lock$ |go\\.sum$ |mcpgateway/sri_hashes\\.json$ )|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2026-06-16T17:54:16Z",
+  "generated_at": "2026-06-17T14:01:31Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"

mcpgateway/main.py

@@ -12054,7 +12054,6 @@ async def cleanup_import_statuses(max_age_hours: int = 24, user=Depends(get_curr
 app.include_router(tag_router)
 app.include_router(export_import_router)
 app.include_router(openapi_schema_router)
-logger.info("OpenAPI schema generation router included")
 
 # Compliance report router (admin API)
 if settings.mcpgateway_admin_api_enabled:
@@ -12295,8 +12294,9 @@ async def cleanup_import_statuses(max_age_hours: int = 24, user=Depends(get_curr
     # Lazy import: mcpgateway.admin is a large module (~19k lines, ~120ms cold).
     # Only load it when the admin API is actually mounted.
     # First-Party
-    from mcpgateway.admin import admin_router, enforce_admin_csrf, validate_section_permissions  # pylint: disable=import-outside-toplevel
+    from mcpgateway.admin import admin_router, enforce_admin_csrf, set_logging_service, validate_section_permissions  # pylint: disable=import-outside-toplevel
 
+    set_logging_service(logging_service)
     app.include_router(admin_router)  # Admin routes imported from admin.py
 
     # Validate section-to-permission mapping consistency at startup

mcpgateway/routers/openapi_schema_router.py

@@ -16,12 +16,12 @@
 import urllib.parse
 
 # Third-Party
-from fastapi import APIRouter, Depends, Request
+from fastapi import APIRouter, Body, Depends
 from fastapi.responses import JSONResponse
 import httpx
+from pydantic import BaseModel, Field
 
 # First-Party
-from mcpgateway.admin import _read_request_json
 from mcpgateway.common.validators import SecurityValidator
 from mcpgateway.middleware.rbac import get_current_user_with_permissions, require_permission
 from mcpgateway.services.openapi_service import fetch_and_extract_schemas
@@ -32,10 +32,18 @@
 logger = logging.getLogger(__name__)
 
 
-@router.post("/generate-schema-from-openapi")
+class GenerateSchemaRequest(BaseModel):
+    """Request body for generating schemas from OpenAPI specification."""
+
+    url: str = Field(..., description="The tool URL (e.g., http://localhost:8100/calculate)")
+    request_type: str = Field("GET", description="HTTP method (GET, POST, etc.)")
+    openapi_url: str = Field("", description="Direct OpenAPI spec URL (optional, auto-discovered if empty)")
+
+
+@router.post("/generate-schemas-from-openapi")
 @require_permission("tools.create", allow_admin_bypass=False)
-async def generate_schema_from_openapi(
-    request: Request,
+async def generate_schemas_from_openapi(
+    body: GenerateSchemaRequest = Body(...),
     _user=Depends(get_current_user_with_permissions),
 ) -> JSONResponse:
     """
@@ -45,65 +53,24 @@ async def generate_schema_from_openapi(
     admin UI access. It delegates to the same service logic as the admin
     endpoint but without CSRF protection.
 
-    Expects JSON body with:
-      - url: The tool URL (e.g., http://localhost:8100/calculate)
-      - request_type: HTTP method (GET, POST, etc.) - defaults to GET
-      - openapi_url: (optional) Direct OpenAPI spec URL
-
     Args:
-        request: FastAPI Request object containing JSON body
+        body: Request body with url, request_type, and openapi_url
         _user: Authenticated user from RBAC dependency
 
     Returns:
         JSONResponse with generated schemas or error message.
     """
-    # Read and validate request body
-    try:
-        body = await _read_request_json(request)
-    except Exception:
-        return ORJSONResponse(
-            content={"message": "Invalid JSON in request body", "success": False},
-            status_code=400,
-        )
-
-    if not isinstance(body, dict):
-        return ORJSONResponse(
-            content={"message": "Request body must be a JSON object", "success": False},
-            status_code=400,
-        )
-
-    # Extract and validate fields
-    tool_url = body.get("url", "")
-    request_type = body.get("request_type", "GET")
-    openapi_url = body.get("openapi_url", "")
-
-    if not isinstance(tool_url, str) or not isinstance(request_type, str) or not isinstance(openapi_url, str):
-        return ORJSONResponse(
-            content={"message": "'url', 'request_type', and 'openapi_url' must be strings", "success": False},
-            status_code=400,
-        )
-
-    tool_url = tool_url.strip()
-    request_type = request_type.strip()
-    openapi_url = openapi_url.strip()
-
-    if not tool_url:
-        return ORJSONResponse(
-            content={"message": "'url' is required to identify the API path and base URL", "success": False},
-            status_code=400,
-        )
-
     # Security validation
     try:
-        SecurityValidator.validate_url(tool_url, "Tool URL")
+        SecurityValidator.validate_url(body.url, "Tool URL")
     except ValueError as e:
         return ORJSONResponse(
             content={"message": str(e), "success": False},
             status_code=400,
         )
 
     # Parse URL to extract base and path
-    parsed = urllib.parse.urlparse(tool_url)
+    parsed = urllib.parse.urlparse(body.url)
     base_url = f"{parsed.scheme}://{parsed.netloc}"
     tool_path = parsed.path
 
@@ -112,8 +79,8 @@ async def generate_schema_from_openapi(
         input_schema, output_schema, spec_url = await fetch_and_extract_schemas(
             base_url=base_url,
             path=tool_path,
-            method=request_type,
-            openapi_url=openapi_url,
+            method=body.request_type,
+            openapi_url=body.openapi_url or "",
             timeout=10.0,
         )
     except ValueError as e:
@@ -155,5 +122,3 @@ async def generate_schema_from_openapi(
         },
         status_code=200,
     )
-
-# Made with Bob