OpenAPI Specification (Deep Workflow)
OpenAPI is the contract between teams and tools. Quality comes from consistent schemas, realistic examples, and lint rules that catch breaking changes early.
When to Offer This Workflow
Trigger conditions:
- - New REST API; public or partner surface
- Codegen for clients/servers; API gateway validation from spec
- Drift between docs and implementation
Initial offer:
Use six stages: (1) workflow choice & ownership, (2) info & versioning, (3) resources & operations, (4) schemas & components, (5) security & errors, (6) lint, compatibility & publish). Confirm OpenAPI 3.x and style guide.
Stage 1: Workflow & Ownership
Goal: Design-first (spec → implement) vs code-first (annotations → export)—pick one per service and enforce.
Ownership
- - Who approves breaking changes; where spec lives in repo
Exit condition: Single source of truth for the API contract.
Stage 2: Info & Versioning
Goal: info.title, version scheme aligned with URL or header versioning strategy.
Practices
- - Deprecation policy in description or extension fields
Stage 3: Resources & Operations
Goal: RESTful naming where appropriate; operationId stable for codegen.
Practices
- - Pagination (
cursor/page), filtering, sort documented - Idempotency (
Idempotency-Key) for unsafe retries when relevant
Stage 4: Schemas & Components
Goal: components/schemas reused; nullable vs optional correct in JSON Schema sense.
Practices
- - OneOf discriminated unions for polymorphic payloads when needed
- Examples per schema for human and machine readers
Stage 5: Security & Errors
Goal: securitySchemes (Bearer, OAuth2) applied per operation or globally.
Errors
- - Problem Details (
application/problem+json) pattern with stable type URIs
Stage 6: Lint, Compatibility & Publish
Goal: Spectral or vacuum rules in CI; openapi-diff on PRs.
Publish
- - Docs portal (Swagger UI, Redoc); postman collections optional
Final Review Checklist
- - [ ] Single ownership and design-first or code-first discipline
- [ ] Versioning and deprecation story clear
- [ ] Operations complete with pagination/errors as needed
- [ ] Reusable components and examples
- [ ] Security and error model consistent
- [ ] CI lint and breaking-change detection
Tips for Effective Guidance
- - Examples should be copy-paste valid—catch enum drift.
- Nullable in OpenAPI 3.1 aligns with JSON Schema—mind 3.0 differences when mixing.
- Internal APIs still benefit from the same rigor—future you is a partner team.
Handling Deviations
- - GraphQL elsewhere: OpenAPI for REST edge only—don’t force one doc for both.
OpenAPI规范(深度工作流)
OpenAPI是团队与工具之间的契约。质量源于一致的架构、真实的示例以及能够及早发现破坏性变更的lint规则。
何时提供此工作流
触发条件:
- - 新的REST API;公开或合作伙伴接口
- 客户端/服务器的代码生成;基于规范的API网关验证
- 文档与实现之间的偏差
初始提供:
使用六个阶段:(1)工作流选择与所有权,(2)信息与版本管理,(3)资源与操作,(4)架构与组件,(5)安全与错误,(6)lint、兼容性与发布)。确认OpenAPI 3.x和风格指南。
阶段1:工作流与所有权
目标: 设计优先(规范→实现)vs 代码优先(注解→导出)——每个服务选择一种并强制执行。
所有权
退出条件: API契约的单一事实来源。
阶段2:信息与版本管理
目标: info.title、版本方案与URL或请求头版本策略保持一致。
实践
阶段3:资源与操作
目标: 适当采用RESTful命名;operationId保持稳定以支持代码生成。
实践
- - 记录分页(cursor/page)、过滤、排序
- 相关情况下为不安全的重试提供幂等性(Idempotency-Key)
阶段4:架构与组件
目标: 复用components/schemas;在JSON Schema意义上正确使用nullable与optional。
实践
- - 必要时为多态负载使用OneOf判别联合类型
- 每个架构提供示例,便于人工和机器阅读
阶段5:安全与错误
目标: 按操作或全局应用securitySchemes(Bearer、OAuth2)。
错误
- - 采用问题详情(application/problem+json)模式,使用稳定的type URI
阶段6:Lint、兼容性与发布
目标: 在CI中配置Spectral或vacuum规则;在PR上运行openapi-diff。
发布
- - 文档门户(Swagger UI、Redoc);可选生成Postman集合
最终审查清单
- - [ ] 单一所有权,并遵循设计优先或代码优先规范
- [ ] 版本管理和弃用策略清晰
- [ ] 操作完整,包含必要的分页/错误处理
- [ ] 可复用组件和示例
- [ ] 安全和错误模型一致
- [ ] CI lint和破坏性变更检测
有效指导技巧
- - 示例应可复制粘贴验证——捕获枚举偏差。
- OpenAPI 3.1中的Nullable与JSON Schema对齐——混合使用时注意与3.0的差异。
- 内部API同样受益于相同的严谨性——未来的你就是一个合作伙伴团队。
处理偏差
- - GraphQL在其他场景使用:OpenAPI仅用于REST 边界——不要试图用一个文档覆盖两者。
