Analyseur Diff OpenAPI

Comparez deux spécifications OpenAPI et détectez les breaking changes

What Is OpenAPI Diff Analysis?

OpenAPI Diff Analysis compares two versions of an OpenAPI specification to detect structural changes between API releases. As APIs evolve, endpoints are added, parameters change, response schemas are modified, and deprecated fields are removed. Each change carries a compatibility classification — breaking or non-breaking — that determines whether existing API consumers will continue to function or require updates. Automated diff analysis catches breaking changes before they reach production, preventing integration failures across distributed teams and third-party consumers who depend on stable API contracts.

This tool parses both OpenAPI 3.x specifications, compares them path by path, and classifies every detected change. Breaking changes — such as removing an endpoint, adding a required parameter, or changing a response type — are highlighted with severity levels so API teams can make informed versioning decisions. Non-breaking additions like new optional parameters or expanded enum values are tracked for changelog documentation without blocking releases.

Types of Breaking Changes in APIs

Breaking changes are modifications that can cause existing API consumers to fail. The diff analyzer detects these categories:

  • Endpoint removal: A path or method that existed in the previous version is missing from the new version
  • Required parameter addition: A new parameter marked as required: true that existing clients do not send
  • Response schema narrowing: Removing properties from response objects that clients may depend on
  • Type changes: Changing a field from string to integer or modifying array item types
  • Enum value removal: Removing allowed values from an enum that clients may be sending
  • Status code removal: Removing a documented response status code
  • Authentication requirement addition: Adding security schemes to previously unauthenticated endpoints

Each breaking change type carries different severity — removing an endpoint affects all consumers immediately, while narrowing a response schema only affects clients that read the removed field. The analyzer assigns severity levels to help teams prioritize which changes need migration guides versus simple changelog entries.

Non-Breaking Changes and Additive Evolution

Non-breaking changes expand API capabilities without disrupting existing consumers. Following additive evolution principles, these modifications are safe to release without version bumps:

  • New endpoints: Adding paths that did not previously exist
  • Optional parameters: New query, header, or body parameters with defaults
  • Response expansion: Adding new properties to response objects (existing clients ignore them)
  • Enum expansion: Adding new allowed values to response enums
  • New response codes: Documenting additional success or error responses
  • Description updates: Improving documentation without changing behavior

Tracking non-breaking changes is still valuable for generating changelogs, notifying consumers about new capabilities, and maintaining API documentation accuracy across releases.

API Versioning Strategies Informed by Diff Analysis

Diff analysis directly informs versioning decisions. When the analyzer detects zero breaking changes, the release qualifies as a minor or patch version increment. When breaking changes are found, teams must decide between several versioning strategies:

  • URL path versioning: /v1/users/v2/users — simple to understand but leads to endpoint proliferation as versions accumulate
  • Header versioning: Accept: application/vnd.api+json; version=2 — cleaner URLs but harder to test in browsers
  • Deprecation periods: Mark breaking changes as deprecated in v1 for a sunset period while v2 runs in parallel, giving consumers time to migrate

The diff analyzer's output feeds directly into these workflows by providing the exact list of changes that necessitate a version bump, enabling precise deprecation notices that reference specific endpoints and fields rather than blanket version upgrades.

Integrating Diff Analysis into CI/CD Pipelines

Automated diff analysis becomes most powerful when integrated into continuous integration pipelines. Teams configure checks that run whenever the OpenAPI specification file is modified in a pull request:

  • Compare the PR's spec against the main branch spec to detect changes
  • Fail the build if breaking changes are introduced without a version bump
  • Auto-generate changelog entries from the detected non-breaking additions
  • Notify downstream teams when endpoints they consume are modified
  • Block merges that remove deprecated endpoints before the sunset date

This shift-left approach catches API contract violations at PR review time rather than after deployment, when consumer failures are already impacting users. The diff report becomes part of the PR description, giving reviewers full visibility into the compatibility impact of their schema modifications.

Code Examples

Example Diff Output: Breaking and Non-Breaking Changes

{
  "breaking": [
    {
      "type": "endpoint-removed",
      "path": "/users/{id}/preferences",
      "method": "DELETE",
      "severity": "high"
    },
    {
      "type": "required-parameter-added",
      "path": "/orders",
      "method": "POST",
      "parameter": "billing_address",
      "severity": "medium"
    }
  ],
  "nonBreaking": [
    {
      "type": "endpoint-added",
      "path": "/users/{id}/notifications",
      "method": "GET"
    },
    {
      "type": "optional-parameter-added",
      "path": "/products",
      "method": "GET",
      "parameter": "sort_by"
    }
  ],
  "summary": {
    "totalChanges": 4,
    "breakingCount": 2,
    "nonBreakingCount": 2
  }
}

CI Pipeline Check for Breaking Changes

#!/bin/bash
# Check for breaking API changes in PR
MAIN_SPEC="openapi-main.yaml"
PR_SPEC="openapi.yaml"

# Generate diff report
diff_result=$(npx openapi-diff "$MAIN_SPEC" "$PR_SPEC" --format json)
breaking_count=$(echo "$diff_result" | jq '.breaking | length')

if [ "$breaking_count" -gt 0 ]; then
  echo "ERROR: $breaking_count breaking changes detected"
  echo "$diff_result" | jq '.breaking[] | "- \(.type): \(.method) \(.path)"'
  echo ""
  echo "Please bump the API version or add a deprecation period."
  exit 1
fi

echo "No breaking changes detected. Safe to merge."

Standards & Specifications