OpenAPI as the Contract Between Teams
Why /openapi.json is the first stop for integrators, how to use it in CI, and why generated clients beat hand-maintained examples.
The problem with hand-written examples
Documentation examples go stale. Paths change, fields are renamed, auth moves from headers to cookies. The only artifact that stays honest is the running server's description of itself—typically OpenAPI at /openapi.json for FastAPI.
What integrators should do first
Download the spec from the environment you integrate with—staging, production, or a local dev process. Do not assume a checked-in copy in a docs folder matches a remote deployment.
Generate or hand-craft clients from that file. Typed clients catch breaking changes at compile time. They also remove debates about whether a field is optional: the schema decides.
Use the interactive docs sparingly. /docs is excellent for exploration. For automation and contracts, prefer the machine-readable JSON and your own tests.
CI-friendly checks
A lightweight pipeline step can:
- Fetch openapi.json and validate it parses as JSON.
- Assert required paths exist (for example health and a small set of critical operations your product depends on).
- Fail the build when the spec disappears or shrinks unexpectedly.
This is not a substitute for full contract tests, but it catches accidental doc drift early.
Security note
OpenAPI describes surface area. It does not grant access. Secured operations still need correct credentials. Keep tokens out of logs and out of the spec file itself—schemas describe shape, not secrets.
Build with proof, not promises
Join the developers compiling intent into deployable software with deterministic gates.