OpenAPI Diff Analyzer
Compare two OpenAPI specifications and detect breaking changes, added endpoints, and schema modifications
Enter the older version of your OpenAPI spec to use as the comparison base
Enter the newer version of your OpenAPI spec to compare against the base
What Is OpenAPI Diff Analysis?
OpenAPI Diff Analysis compares two versions of an OpenAPI specification to detect structural changes between API releases. As APIs evolve, endpoints are added, parameters change, response schemas are modified, and deprecated fields are removed. Each change carries a compatibility classification — breaking or non-breaking — that determines whether existing API consumers will continue to function or require updates. Automated diff analysis catches breaking changes before they reach production, preventing integration failures across distributed teams and third-party consumers who depend on stable API contracts.
This tool parses both OpenAPI 3.x specifications, compares them path by path, and classifies every detected change. Breaking changes — such as removing an endpoint, adding a required parameter, or changing a response type — are highlighted with severity levels so API teams can make informed versioning decisions. Non-breaking additions like new optional parameters or expanded enum values are tracked for changelog documentation without blocking releases.
Types of Breaking Changes in APIs
Breaking changes are modifications that can cause existing API consumers to fail. The diff analyzer detects these categories:
- Endpoint removal: A path or method that existed in the previous version is missing from the new version
- Required parameter addition: A new parameter marked as
required: truethat existing clients do not send - Response schema narrowing: Removing properties from response objects that clients may depend on
- Type changes: Changing a field from
stringtointegeror modifying array item types - Enum value removal: Removing allowed values from an enum that clients may be sending
- Status code removal: Removing a documented response status code
- Authentication requirement addition: Adding security schemes to previously unauthenticated endpoints
Each breaking change type carries different severity — removing an endpoint affects all consumers immediately, while narrowing a response schema only affects clients that read the removed field. The analyzer assigns severity levels to help teams prioritize which changes need migration guides versus simple changelog entries.
Non-Breaking Changes and Additive Evolution
Non-breaking changes expand API capabilities without disrupting existing consumers. Following additive evolution principles, these modifications are safe to release without version bumps:
- New endpoints: Adding paths that did not previously exist
- Optional parameters: New query, header, or body parameters with defaults
- Response expansion: Adding new properties to response objects (existing clients ignore them)
- Enum expansion: Adding new allowed values to response enums
- New response codes: Documenting additional success or error responses
- Description updates: Improving documentation without changing behavior
Tracking non-breaking changes is still valuable for generating changelogs, notifying consumers about new capabilities, and maintaining API documentation accuracy across releases.
API Versioning Strategies Informed by Diff Analysis
Diff analysis directly informs versioning decisions. When the analyzer detects zero breaking changes, the release qualifies as a minor or patch version increment. When breaking changes are found, teams must decide between several versioning strategies:
-
URL path versioning:
/v1/users→/v2/users— simple to understand but leads to endpoint proliferation as versions accumulate -
Header versioning:
Accept: application/vnd.api+json; version=2— cleaner URLs but harder to test in browsers - Deprecation periods: Mark breaking changes as deprecated in v1 for a sunset period while v2 runs in parallel, giving consumers time to migrate
The diff analyzer's output feeds directly into these workflows by providing the exact list of changes that necessitate a version bump, enabling precise deprecation notices that reference specific endpoints and fields rather than blanket version upgrades.
Integrating Diff Analysis into CI/CD Pipelines
Automated diff analysis becomes most powerful when integrated into continuous integration pipelines. Teams configure checks that run whenever the OpenAPI specification file is modified in a pull request:
- Compare the PR's spec against the main branch spec to detect changes
- Fail the build if breaking changes are introduced without a version bump
- Auto-generate changelog entries from the detected non-breaking additions
- Notify downstream teams when endpoints they consume are modified
- Block merges that remove deprecated endpoints before the sunset date
This shift-left approach catches API contract violations at PR review time rather than after deployment, when consumer failures are already impacting users. The diff report becomes part of the PR description, giving reviewers full visibility into the compatibility impact of their schema modifications.
Code Examples
Example Diff Output: Breaking and Non-Breaking Changes
{
"breaking": [
{
"type": "endpoint-removed",
"path": "/users/{id}/preferences",
"method": "DELETE",
"severity": "high"
},
{
"type": "required-parameter-added",
"path": "/orders",
"method": "POST",
"parameter": "billing_address",
"severity": "medium"
}
],
"nonBreaking": [
{
"type": "endpoint-added",
"path": "/users/{id}/notifications",
"method": "GET"
},
{
"type": "optional-parameter-added",
"path": "/products",
"method": "GET",
"parameter": "sort_by"
}
],
"summary": {
"totalChanges": 4,
"breakingCount": 2,
"nonBreakingCount": 2
}
}CI Pipeline Check for Breaking Changes
#!/bin/bash
# Check for breaking API changes in PR
MAIN_SPEC="openapi-main.yaml"
PR_SPEC="openapi.yaml"
# Generate diff report
diff_result=$(npx openapi-diff "$MAIN_SPEC" "$PR_SPEC" --format json)
breaking_count=$(echo "$diff_result" | jq '.breaking | length')
if [ "$breaking_count" -gt 0 ]; then
echo "ERROR: $breaking_count breaking changes detected"
echo "$diff_result" | jq '.breaking[] | "- \(.type): \(.method) \(.path)"'
echo ""
echo "Please bump the API version or add a deprecation period."
exit 1
fi
echo "No breaking changes detected. Safe to merge."Standards & Specifications
- OpenAPI Specification 3.1 — The specification standard that defines the structure being compared across versions
Frequently Asked Questions
What changes does the OpenAPI Diff Analyzer detect?
The analyzer detects added and removed endpoints, added and removed HTTP methods on existing paths, parameter changes (added, removed, type changes, required/optional changes), request body modifications, response changes, and schema modifications including property additions, removals, and type changes. Each change is classified as breaking or non-breaking.
What counts as a breaking change?
Breaking changes are modifications that could cause existing API consumers to fail. These include: removing an endpoint or HTTP method, removing a parameter, changing a parameter type, making an optional parameter required, removing a response status code, changing a schema type, and adding a new required property to a request body. These changes require API consumers to update their code.
What OpenAPI formats are supported?
Both JSON and YAML formats are supported. The tool accepts OpenAPI 3.x and Swagger 2.0 specifications. Paste the full spec content (not a URL) in each input field. The tool detects the format automatically.
Is my API specification sent to any server?
No. All comparison and analysis happens entirely in your browser using JavaScript. Your API specifications — which may contain internal endpoints, authentication details, and business logic — never leave your device. No data is stored, logged, or transmitted.
How does the tool handle large specifications?
For combined inputs under 100KB, processing happens on the main thread. When both specs together exceed 100KB, processing is automatically offloaded to a Web Worker to keep the UI responsive. The tool warns at 500KB per spec and rejects inputs larger than 5MB.
Why is removing an optional parameter considered breaking?
Removing a parameter from the API spec means consumers sending that parameter will receive an unexpected behavior or error. Even if the parameter was optional, existing clients may rely on it. The safest approach is to deprecate parameters before removing them.
How is this different from the OpenAPI Viewer?
The OpenAPI Viewer displays and navigates a single specification, showing endpoints, parameters, schemas, and responses in a readable format. The OpenAPI Diff Analyzer compares two versions of a specification to identify what changed between them, which is useful during API evolution and versioning.
Can I compare Swagger 2.0 with OpenAPI 3.x?
Yes, you can compare specs of different versions. The tool normalizes paths and operations from both formats before comparing. However, some structural differences between Swagger 2.0 and OpenAPI 3.x (like the requestBody vs body parameter change) may appear as modifications in the diff results.