OpenMicrofrontends Specification 1.0.0

More details about this document
This version:
https://www.open-microfrontends.org/specs/1.0.0.html
Latest published version:
none
Editors:
Daniel Schwarz
David Strohmaier
Jürgen Kofler (nonblocking.at gmbh)
Vladimir Nisevic

© OpenMicrofrontends Contributors.

Abstract

Then OpenMicrofrontends project aims to provide a formal specification for Microfrontends provided by a server. Think of it as OpenAPI for Microfrontends.

This specification defines how to describe, serve, and interact with Microfrontends in a standardized way.

The specification makes it possible to decouple Microfrontend development from their integration and to treat Microfrontends exactly like Microservices with only a different formal description.

1. Conformance

As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.

The key words MAY, MUST, MUST NOT, OPTIONAL, RECOMMENDED, REQUIRED, SHALL, SHOULD, and SHOULD NOT in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

2. OpenMicrofrontends Specification 1.0.0

3. Why Microfrontends

With Microfrontends, developers can build and deploy components independently, allowing for greater flexibility and scalability in web application development.

4. Introduction

The OpenMicrofrontends project aims to provide a formal specification for Microfrontends provided by a server. Think of it as OpenAPI for Microfrontends.

This specification defines how to describe, serve, and interact with Microfrontends in a standardized way.

The specification includes:

The specification makes it possible to decouple Microfrontend development from their integration into applications, and to treat Microfrontends exactly like Microservices with only a different formal description.

5. Terminology

Terminology overview and used component names in the specification.

5.1 Component Overview

A complete setup with Host Backend integration looks like this:

Components

If the Microfrontends do not require a Host Backend integration (everything is publicly available, no security, no proxying required, no SSR), here a simplified, Browser Standalone, setup:

Browser Standalone Components

5.2 Microfrontend

A Microfrontend is a JavaScript frontend bundled into JS and CSS files.

It MUST be possible to start the Microfrontend within an arbitrary DOM element.

A Microfrontend SHOULD NOT affect anything outside that host element, in particular:

A Microfrontend SHOULD be themable and provide a way to align the Look&Feel to the Host Application.

A Microfrontend MAY support Server-Side Rendering (SSR).

A Microfrontend MAY receive a config object during startup, and it MAY support asynchronous, pub/sub-based, communication with other Microfrontends on the same page.

A Microfrontend MAY use Backend APIs to send and receive data.

A Microfrontend MAY share common libraries and code with other Microfrontends and the Host Application.

5.3 Microfrontend Server

A Microfrontend Server serves the Microfrontend assets, according to the OpenMicrofrontend Description.

A Microfrontend Server SHOULD expose the OpenMicrofrontend Description (microfrontends.yaml or microfrontends.json), so Host Applications can dynamically register Microfrontends and react to changes after new deployments.

A Microfrontend Server MAY provide a route for server-side rendering.

A Microfrontend Server MAY provide an internal Backend API, commonly referred to as a Backend For Frontend (BFF).

5.4 Host Application

A Host Application is any Web Application that hosts one or more Microfrontends.

It can be built in arbitrary frontend and backend technologies, such as Express.js with a template engine, Next.js, PHP, ASP.NET, Java Servlet, or Spring WebMVC. It its simplest form, it could be a simple single-page application (SPA) without a dedicated backend if the Microfrontends don't need security or proxying of Backend APIs.

5.5 Host Backend

The backend part of the Host Application, which can be used to provide security, proxying of Backend APIs and Server-Side Rendering (SSR).

5.6 Host Frontend

The frontend part of the Host Application, which is used to start Microfrontends and provide means to interact with them.

5.7 Backend API

The API Microfrontends use to fetch data or perform actions. This can be a REST API, GraphQL, or any other type of API that Microfrontends need to function correctly.

5.8 Backend for Frontend (BFF)

A Backend API which runs on Microfrontend Server and is only used internally by Microfrontends hosted there.

5.9 OpenMicrofrontends Specification

A Meta Specification to describe Microfrontends and how to load and interact with them, i.e., this document.

5.10 OpenMicrofrontends Description

A formal description of a set of Microfrontends on a Microfrontend Server based on this Specification.

It is used to generate type-safe Renderers, Starters, and Host Backend Integrations.

5.11 OpenMicrofrontends Renderer

A JavaScript function with a specified signature that needs to be implemented by the Microfrontend, so it can be loaded by OpenMicrofrontends compatible Host Applications.

The function MUST conform to the signature described in this Specification document.

A generator (such as OpenMicrofrontends Generator) SHOULD be used to create type-safe signatures based on a given OpenMicrofrontends Description.

5.12 OpenMicrofrontends Server-Side Renderer

A server-side route with a specified interface that needs to be implemented by the Microfrontend, so a server-side rendered HTML can be fetched by OpenMicrofrontends compatible Host Applications.

The function MUST conform to the interface described in this Specification document.

A generator (such as OpenMicrofrontends Generator) SHOULD be used to create type-safe signatures based on a given OpenMicrofrontends Description.

5.13 Host Frontend Starter

A function in the Host Frontend that starts Microfrontends.

This function is not covered by this Specification, but is essential for integrating Microfrontends into the Host Application.

A generator (such as OpenMicrofrontends Generator) SHOULD be used to create type-safe starters based on a given OpenMicrofrontends Description.

5.14 Host Backend Integration

Host Backend components for security, proxying, SSR, etc. used to provide the necessary infrastructure for Microfrontends to interact with backend services in a secure and efficient way.

This integration is not covered by this Specification and might work differently for different backend technologies.

A generator (such as OpenMicrofrontends Generator) SHOULD be used to create type-safe backend integrations based on a given OpenMicrofrontends Description.

6. Specification

6.1 Versions

The OpenMicrofrontend Specification is versioned using a major.minor.patch versioning scheme. The major.minor portion of the version string (for example, 1.0) SHALL designate the Specification feature set. .patch versions address errors in, or provide clarifications to, this document, not the feature set. Tooling which supports Specification 1.1 SHOULD be compatible with all OMS 1.1.* versions. The patch version SHOULD NOT be considered by tooling, making no distinction between 1.1.0 and 1.1.1 for example.

6.2 OpenMicrofrontend Description Structure

An OpenMicrofrontend Description MAY be made up of a single JSON or YAML document, or it MAY be divided into multiple, connected parts at the author’s discretion. In the latter case, Schema Object $ref fields are used to identify the referenced elements.

Host Applications MAY ignore referenced schema objects and only process the main document.

6.3 Minimal Description Example

openMicrofrontends: 1.0.0
microfrontends:
  - name: My First Microfrontend
    assets:
      initial:
        js:
          - app.js
    rendererFunctionName: startMyFirstMicrofrontend

6.4 Schema

6.4.1 OpenMicrofrontends Object

The root object of the OpenMicrofrontends Description.

Fields:

Field Name Type Description
openMicrofrontends string REQUIRED. This string MUST be the version number of the OpenMicrofrontend Specification the document uses.
The openMicrofrontends field SHOULD be used by tooling to interpret the document.
info Info Object OPTIONAL. Provides metadata about the Microfrontends. The metadata MAY be used by tooling as required.
servers Server Object OPTIONAL. An array of Server Objects, which provide connectivity information to a target server.
securitySchemes Map[string, SecurityScheme Object] OPTIONAL. A declaration of security mechanisms, which MAY be referenced across the OpenMicrofrontend Description.
microfrontends [Microfrontend Object] REQUIRED. The list of exposed Microfrontends. At least one MUST be given.

6.4.2 Info Object

The Info Object provides metadata about the Microfrontends. The metadata MAY be used by the clients if needed, and MAY be presented in editing or documentation generation tools for convenience.

Fields:

Field Name Type Description
title string REQUIRED. The title of the OpenMicrofrontends Description.
description string OPTIONAL. A description of the exposed Microfrontends
version string REQUIRED. The version of the OpenMicrofrontends Description document
contact Contact Object OPTIONAL. Contact information for the exposed OpenMicrofrontends Description

Example:

title: OpenMicrofrontends Example
description: Example Microfrontends
version: 1.0.0
contact:
  author: OpenMicrofrontends
  email: test@test.com
  organization: OpenMicrofrontends

6.4.3 Contact Object

Contact information for the exposed Microfrontends.

Field Name Type Description
author string REQUIRED. The identifying name of the contact person/organization.
email string OPTIONAL. The URI for the contact information. This MUST be in the form of a URI.
organization string REQUIRED. The email address of the contact person/organization. This MUST be in the form of an email address.

Example:

author: The Author
email: test@test.com
organization: The Organization

6.4.4 Server Object

The Server Object describes a single Microfrontend Server.

Fields:

Field Name Type Description
url string REQUIRED. A URL to the Microfrontend Server host.
description string OPTIONAL. Description of the host.

Example:

url: http://my-test-server.com
description: Test Server

6.4.5 SecurityScheme Object

The SecurityScheme Object defines a reusable security scheme, which MAY be used throughout the specification wherever applicable.

It is derived from the Security Scheme Object as defined by OpenAPI and MUST be interpreted as per OpenAPI’s definition.

Example:

ApiKeyAuth:
  type: apiKey
  in: header
  name: X-API-Key

6.4.6 Microfrontend Object

Field Name Type Description
name string REQUIRED. The identifying name of the Microfrontend
title string | MultiLanguageText Object OPTIONAL. A single- or multi-language title, which MAY be used as a representative title of this Microfrontend to the end-user
description string OPTIONAL. A human-readable description, which provides additional information and context about this Microfrontend
assets [Assets Object] REQUIRED. Defines all static assets of this Microfrontend, which have to be loaded and are needed to correctly display it in the browser
ssr SSR Object OPTIONAL. Defines whether and how server-side and hybrid rendering are supported by the Microfrontend
userPermissions UserPermissions Object OPTIONAL. Defines user permissions used by the Microfrontend
rendererFunctionName string REQUIRED. Defines the name of the OpenMicrofrontend Renderer function
apiProxies ApiProxy Object OPTIONAL. Defines API services, which MAY be consumed by the Microfrontend
config Config Object OPTIONAL. Defines the structure of the Microfrontend’s config object, which MUST be passed to the Renderer
messages Map[string, Message Object] OPTIONAL. Defines in- and outgoing messages for communicating with other Microfrontends or the Host Frontend in the browser
annotations Annotations Object OPTIONAL. Additional meta-data for the Microfrontend, which is not further defined by this specification, and MAY be used for custom integrations

6.4.7 MultiLanguageText Object

The MultiLanguageText Object maps a text from ISO 639 language codes to its corresponding translation.

Example:

en: Hello World
de: Hallo Welt
es: Hola Mundo

6.4.8 UserPermissions Object

The User Permissions object defines permission keys used by the Microfrontend to disable and hide components the user is not permitted to use.

The Microfrontend MUST NOT rely on those User Permissions to protect sensitive data or APIs from being called, because they can easily be changed in the browser. But they SHOULD match the authorization checks performed by the APIs.

There are two ways to calculate the actual permissions for the Microfrontend:

  1. The Microfrontend Server provides a route to calculate the actual permissions based on some Authentication mechanism.
  2. The Host Application derives the permissions itself from user roles or user attributes. This might be the preferred way for internal Microfrontends in an enterprise environment, where Microfrontends are used in different contexts and the actual authorization checks are performed by some backends.
Field Name Type Description
permissions [UserPermissionKey Object] REQUIRED. A list of permission keys that MUST be provided by the Host Application.
provided UserPermissionsProvider Object OPTIONAL. An endpoint on the Microfrontend Server that calculates the permissions for a given security content.

Example:

permissions:
  - name: showDetails
    description: User is permitted to see details
  - name: deletePermitted
    description: User is permitted to delete items
provided:
  path: /permissions
security:
  - ApiKeyAuth: [ ]

6.4.9 UserPermissionKey Object

Defines a single user permission key.

Field Name Type Description
name string REQUIRED. The name of the permission,
description string OPTIONAL. An optional description.

6.4.10 UserPermissionsProvider Object

Defines a Microfrontend Server route that can provide the User Permissions.

Field Name Type Description
path Absolute path REQUIRED. The absolute path to the route on the Microfrontend Server.
A GET request to the route MUST return a JSON object that contains all defined permissions with a boolean value.
security [SecurityRequirement Object] as defined in the OpenAPI Specification OPTIONAL. Defines the required security to access the endpoint.

6.4.11 Assets Object

The Assets Object defines static assets, which are provided by the Microfrontend Server and are necessary for correct browser rendering.

  • At least one JavaScript asset MUST be defined, which provides the OpenMicrofrontend Renderer of the Microfrontend.
  • Microfrontends SHOULD define a build manifest path. Build Manifests MUST be served as either JSON or YAML. The JSON or YAML must contain a top-level property version or timestamp. The Host Application SHOULD use the version or timestamp for browser cache invalidation (e.g., by appending ?v=version to every delivered asset).
  • Assets MUST be served for HTTP GET requests
  • The path to any asset MUST be interpreted as relative to the Microfrontend Server URL (as listed in the top-level servers), and it must be combined with the basePath.
  • Assets MUST be relocatable, the Host Application MAY serve them under another base path. So, all asset references within the initial assets MUST be relative.
Field Name Type Description
basePath Absolute path OPTIONAL. Base path to any asset defined in this section. Defaults to “/”
js JSAssets Object REQUIRED. Defines all JavaScript assets, which are REQUIRED for initial rendering of the Microfrontend in the browser.
css [Relative Path] OPTIONAL. Lists all required CSS assets as paths to their location.
The Host Application MUST load all listed CSS files. The CSS stylesheets MUST be attached to the HTML head in order of their appearance in this list.
buildManifestPath Absolute Path OPTIONAL. Path to the build manifest of the Microfrontend.

Example:

basePath: /public
buildManifest: build.yaml
js:
  initial:
    - scripts/index.js
    - scripts/utils.js
  moduleSystem: ESM
  importMap:
    imports:
      externalModule1: https://ga.jspm.io/npm:externalModule1@1.2.2/index.js
      externalModule2: https://ga.jspm.io/npm:externalModule2@5.1.8/index.js
css:
  - styles/colors.css
  - styles/layout.css

6.4.12 JSAssets Object

The JS Assets object defines all JavaScript assets required to initially render a Microfrontend in the browser.

If a module system is specified, all JavaScript assets MUST adhere to this module system. By default, no module system is presumed.

The listed JavaScript assets MUST provide the OpenMicrofrontends Renderer of the Microfrontend. If no module system is specified, the Renderer MUST be attached to the global window object under the name, as defined in the Microfrontend’s rendererFunctionName property.

Alternatively, if a module system is specified, one of the JavaScript assets MAY export the OpenMicrofrontends Renderer either as

  • a named export with the identifier rendererFunctionName
  • as property of the default export with the name rendererFunctionName

If a module system is used, an importMap MAY be defined for resolving external (shared) module dependencies. The Host Application MUST apply the importMap before loading the initial assets. It MUST solve conflicting module references in different Microfrontends by defining scopes.

An Host Application MAY not support Microfrontends with the module system ESM and an importMap, because some browsers still do not support dynamically adding importMaps, which in turn makes it impossible to dynamically load the Microfrontend.

Field Name Type Description
initial [Relative Path] REQUIRED. Lists all required JavaScript assets (as paths) for initially rendering the Microfrontend.
The Host Frontend MUST load all listed JavaScript assets.
The JavaScript assets MUST be imported (or attached to the HTML head) in order of their appearance in this list.
moduleSystem “ESM” | “SystemJS” | “none” OPTIONAL. Defines the used module system. Defaults to none.
importMap ImportMap Object OPTIONAL. Defines an importMap which MUST be applied by the Host Application so external module dependencies can be resolved

6.4.13 ImportMap Object

The Import Map Object is based on the official JavaScript import map.

As of this version, the Import Map object supports only the imports property of JavaScript import maps.

Field Name Type Description
imports Map[string, URL] REQUIRED. Defines for each external dependency its location as a URL.

Example:

imports:
  externalModule1: https://ga.jspm.io/npm:externalModule1@1.2.2/index.js
  externalModule2: https://ga.jspm.io/npm:externalModule2@5.1.8/index.js

6.4.14 SSR Object

The SSR object provides information about server-side and hybrid rendering capabilities of a Microfrontend. A Microfrontend MAY offer SSR in addition to traditional client-side rendering.

Field Name Type Description
path Absolute Path REQUIRED. An absolute path pointing to an endpoint on the Microfrontend Server for server-side rendering.
The endpoint MUST serve HTTP POST requests for server-side rendering.
The actual request structure for the SSR endpoint is explained in more detail here)
security [SecurityRequirement Object] as defined in the OpenAPI Specification OPTIONAL. Defines the required security to access the endpoint.

Example:

path: /ssr
security:
  - ApiKeyAuth: []

6.4.15 APIProxy Object

The API Proxy object defines a proxy to a backend API that MUST be provided by the Host Application. A proxy is typically required when:

  • The API is not publicly available
  • The endpoint requires security measures the frontend cannot provide
  • CORS problems want to be avoided

Security schemes MAY be used to describe security mechanisms of the API server.

Field Name Type Description
path string REQUIRED if targets is not present.
A relative path to an API provided by the Microfrontend itself (a Backend-For-Frontend).
The Host Application MUST prepend the Microfrontend base URL.
targets [APIProxyTarget Object] REQUIRED if path is not present. A list of APIProxyTarget objects.
The list can be empty or incomplete.
The Host Application MUST provide the correct URL.
security [SecurityRequirement Object] as defined in the OpenAPI Specification OPTIONAL. Defines the required security to access the endpoint.

Example:

proxy1:
  description: Proxy for the internal BFF API
  path: /api
  security:
    - ApiKeyAuth: []
proxy2:
  description: A proxy for an external API
  targets:
    - url: https://localhost:1234/api
      description: Local
    - url: http://my-api.my-namespace:1234/api
      description: Test environment

6.4.16 APIProxyTarget Object

Describes an API proxy target.

Field Name Type Description
url string REQUIRED. A target URL
description string OPTIONAL. A description of the target (e.g., the environment)

6.4.17 Config Object

The Config Object defines the expected structure of the Microfrontend’s config.

The structure of the config object MUST be defined with JSON Schema (2020-12), and MUST specify an object-type at its root.

A default config MUST be defined, and MUST validate against the config structure.

Host Applications MUST supply the config to client-side and server-side Renderer functions, but MAY use the default config (or parts of it). Any config provided by the Host Application MUST validate against the specified schema.

Field Name Type Description
schema JSON Schema (2020-12) REQUIRED. Defines the expected structure of the config object
default object REQUIRED. Defines the default value of the config.

Example:

schema:
  type: object
  properties:
    customerId:
      type: string
  required:
    - customerId
  additionalProperties: false
default:
  customerId: '1000'

6.4.18 Message Object

The Message Object defines the structure of a single message, which MAY be exchanged with other Microfrontends or with the Host Frontend in the browser.

Messages MUST be exchanged via publish/subscribe. A Microfrontend MAY publish messages or subscribe to messages, or do both or none.

The Host Frontend MUST provide a publish/subscribe mechanism to the Microfrontend for exchanging messages.

The validity of published messages MUST be guaranteed by Microfrontends, i.e., any published message MUST validate against its schema.

The Host Frontend MAY validate messages, and block them if validation fails. As this is OPTIONAL, it is RECOMMENDED that Microfrontends validate any incoming messages against their schema.

Field Name Type Description
schema JSON Schema (2020-12) REQUIRED. Defines the expected structure of the message
publish boolean OPTIONAL. Indicates whether the Microfrontend MAY publish this message. Defaults to false
subscribe boolean OPTIONAL. Indicates whether the Microfrontend MAY subscribe to this message. Defaults to false

Example:

ping:
  publish: true
  subscribe: true
  schema:
    type: object
    properties:
      ping:
        const: true
    required:
      - ping

6.4.19 Annotations Object

An object with arbitrary meta-data that MAY be used by tooling and Host Applications to gather additional information and enable capabilities outside this specification.

6.5 OpenMicrofrontends Renderer Signature

type UndefinedToOptional = {
  [K in keyof T as T[K] extends undefined ? never : K]: T[K];
} & Partial;

type MessageBus<
  MESSAGES_PUBLISH extends Record | undefined,
  MESSAGES_SUBSCRIBE extends Record | undefined
> = {
  publish(topic: T, data: MESSAGES_PUBLISH[T]): void;
  subscribe(topic: T, cb: (data: MESSAGES_SUBSCRIBE[T]) => void): void;
  unsubscribe(topic: T, cb: (data: MESSAGES_SUBSCRIBE[T]) => void): void;
};

export type OpenMicrofrontendLifecycleHooks = {
  /**
   * Lifecycle callbacks.
   * MAY be provided by the Renderer.
   * MUST be called by the Host Application when the Microfrontend is going to be removed.
   */
  readonly onRemove?: () => void | Promise;
};

export type OpenMicrofrontendsClientContext<
  CONFIG extends Record,
  PERMISSIONS extends Record | undefined,
  API_PROXY_PATHS extends Record | undefined,
  MESSAGES_PUBLISH extends Record | undefined,
  MESSAGES_SUBSCRIBE extends Record | undefined
> = UndefinedToOptional<{
  /**
   * The unique ID of this Microfrontend instance.
   * MUST be provided by the Host Application, because it MAY be used to store prefetched state.
   */
  readonly id: string;
  /**
   * Two-letter language code.
   * SHOULD be provided by the Host Application for internationalization.
   */
  readonly lang?: string;
  /**
   * Some basic user information.
   * SHOULD be provided by the Host Application (if a user is logged in).
   */
  readonly user?: {
    readonly username: string;
    readonly displayName: string;
    readonly [otherProp: string]: unknown;
  };
  /**
   * Evaluated user permissions.
   * MUST be provided by the Host Application if *userPermissions* are defined in the Microfrontend Description.
   */
  readonly permissions: PERMISSIONS;
  /**
   * Evaluated API proxy paths.
   * MUST be provided by the Host Application if *apiProxies* are defined in the Microfrontend Description.
   */
  readonly apiProxyPaths: API_PROXY_PATHS;
  /**
   * The Microfrontend config.
   * MUST be provided by the Host Application. The Host Application MAY use the default config.
   */
  readonly config: CONFIG;
  /**
   * A message bus for communication between Microfrontends.
   * MUST be provided by the Host Application if *messages* are defined in the Microfrontend Description.
   */
  readonly messageBus: MESSAGES_PUBLISH extends undefined
    ? MESSAGES_SUBSCRIBE extends undefined
      ? undefined
      : MessageBus
    : MessageBus;

  /**
   * The Microfrontend was rendered server-side, and the host element already contains the initial HTML.
   * MUST be provided by the Host Application if the Microfrontend was rendered server-side.
   */
  readonly serverSideRendered?: boolean;
  /**
   * Some Host Application context.
   * MAY be provided by the Host Application.
   */
  readonly hostContext?: {
    readonly hostApplicationName: string;
    readonly [propName: string]: any;
  };
}>;

export type OpenMicrofrontendsRenderer<
  CONFIG extends Record,
  PERMISSIONS extends Record | undefined = undefined,
  API_PROXY_PATHS extends Record | undefined = undefined,
  MESSAGES_PUBLISH extends Record | undefined = undefined,
  MESSAGES_SUBSCIBE extends Record | undefined = undefined
> = (
  hostEl: HTMLElement,
  context: OpenMicrofrontendsClientContext
) => Promise;

The generic type-parameters CONFIG, PERMISSIONS, API_PROXY_PATHS, MESSAGES_PUBLISH, and MESSAGES_SUBSCRIBE of the OpenMicrofrontendsRenderer MUST be derived from their respective definition in the Microfrontend Description.

6.6 OpenMicrofrontends Server-Side Renderer Signature

type UndefinedToOptional = {
  [K in keyof T as T[K] extends undefined ? never : K]: T[K];
} & Partial;

export type OpenMicrofrontendsSSRResponse = {
  /**
   * The rendered HTML.
   * MUST be delivered by the Renderer.
   */
  readonly html: string;
  /**
   * JavaScript code to be injected into the  of the Host Application page.
   * MAY be delivered by the Renderer.
   */
  readonly injectHeadScript?: string;
};

export type OpenMicrofrontendsServerContext<
  CONFIG extends Record,
  PERMISSIONS extends Record | undefined
> = UndefinedToOptional<{
  /**
   * The unique ID of this Microfrontend instance.
   * MUST be provided by the Host Application, because it MAY be used to store prefetched state.
   */
  readonly id: string;
  /**
   * Two-letter language code.
   * SHOULD be provided by the Host Application for internationalization.
   */
  readonly lang?: string;
  /**
   * Some basic user information.
   * SHOULD be provided by the Host Application (if a user is logged in).
   */
  readonly user?: {
    readonly username: string;
    readonly displayName: string;
    readonly [otherProp: string]: unknown;
  };
  /**
   * Evaluated user permissions.
   * MUST be provided by the Host Application if *userPermissions* are defined in the Microfrontend Description.
   */
  readonly permissions: PERMISSIONS;
  /**
   * The Microfrontend config.
   * MUST be provided by the Host Application. The Host Application MAY use the default config.
   */
  readonly config: CONFIG;
  /**
   * Some Host Application context.
   * MAY be provided by the Host Application.
   */
  readonly hostContext?: {
    readonly hostApplicationName: string;
    readonly [propName: string]: any;
  };
}>;

export type OpenMicrofrontendsServerSideRenderer<
  CONFIG extends Record,
  PERMISSIONS extends Record | undefined = undefined
> = (requestBody: OpenMicrofrontendsServerContext) => Promise;

The generic type-parameters CONFIG, and PERMISSIONS, of the OpenMicrofrontendsServerRenderer MUST be derived from their respective definition in the Microfrontend Description.

The request and response structure of the JSON payload to an SSR endpoint MUST follow the argument- and return-type of the OpenMicrofrontendsServerSiderRendererFunction type.

7. Implementation Hints

You can find some useful hints about some specific aspects in the Microfrontend development and what to consider for Host Applications here: https://www.open-microfrontends.org/implementation-hints.

8. Full Example

openMicrofrontends: 1.0.0
info:
  title: OpenMicrofrontends Example
  description: Example Microfrontends
  version: 1.0.0
  contact:
    author: OpenMicrofrontends
    email: test@test.com
    organization: OpenMicrofrontends
servers:
  - url: http://my-test-server.com
    description: Test Server
securitySchemes:
  ApiKeyAuth:
    type: apiKey
    in: header
    name: X-API-Key
microfrontends:
  - name: My First Microfrontend
    title:
      en: My First Microfrontend
      de: Mein erstes Microfrontend
    description: An example microfrontend that shows all the features of the OpenMicrofrontends schema
    assets:
      basePath: /
      buildManifestPath: /build.yaml
      js:
        moduleSystem: ESM
        initial:
          - Microfrontend.js
        importMap:
          imports:
            externalModule1: https://ga.jspm.io/npm:externalModule1@1.2.2/index.js
            externalModule2: https://ga.jspm.io/npm:externalModule2@5.1.8/index.js
      css:
        - styles.css
    rendererFunctionName: startMyFirstMicrofrontend
    ssr:
      path: /ssr
      security:
        - ApiKeyAuth: []
    userPermissions:
      permissions:
        - name: showDetails
          description: The authenticated user is permitted to see details
        - name: deletePermitted
          description: The authenticated user is permitted to delete items
      provided:
        path: /permissions
        security:
          - ApiKeyAuth: []
    apiProxies:
      proxy1:
        description: Proxy for the internal BFF API
        path: /api
        security:
          - ApiKeyAuth: []
      proxy2:
        description: A proxy for an external API
        targets:
          - url: https://localhost:1234/api
            description: Local
          - url: http://my-api.my-namespace:1234/api
            description: Test environment
    config:
      schema:
        type: object
        properties:
          customerId:
            type: string
        required:
          - customerId
        additionalProperties: false
      default:
        customerId: '1000'
    messages:
      ping:
        publish: true
        subscribe: true
        schema:
          type: object
          properties:
            ping:
              const: true
          required:
            - ping
    annotations:
      MY_COCKPIT_CAPABILITIES:
        businessEntity: Customer
        contentType: overview

9. JSON Schema

The corresponding JSON Schema is available here: https://open-microfrontends.org/schemas/1-0-0

A. References

A.1 Normative references

[RFC2119]
Key words for use in RFCs to Indicate Requirement Levels. S. Bradner. IETF. March 1997. Best Current Practice. URL: https://www.rfc-editor.org/rfc/rfc2119
[RFC8174]
Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words. B. Leiba. IETF. May 2017. Best Current Practice. URL: https://www.rfc-editor.org/rfc/rfc8174