DEV Community

Cover image for If Swagger Works but Your SDK Fails, Your SDK Is Lying
Anthony Nwaizuzu
Anthony Nwaizuzu

Posted on

If Swagger Works but Your SDK Fails, Your SDK Is Lying

#fastapi #python #sdk #database

I spent hours debugging my backend, my database, and my auth logic — only to discover none of them were broken.

The Setup

I was building a feature flag / runtime config service.(just a fun thing to do during the holidays)

The idea was simple:

  • Backend exposes config values per environment
  • SDK fetches them at runtime
  • Same token, same environment, same key

Swagger UI worked perfectly.

The SDK?

ConfigNotFoundError: config not found in environment 'development'
Enter fullscreen mode Exit fullscreen mode

Step 1: Trust Swagger First

Swagger wasn’t lying.

It showed:

  • The request
  • The headers
  • The resolved environment
  • The correct response

Mistake #1: The SDK Route Didn’t Match the API

If you're not careful you can literally spend days trying to figure out what the issue is and meanwhile all you had to do is make sure both routes are the same

The backend exposed this route:

GET /api/v1/sdk/configs/{key}
Enter fullscreen mode Exit fullscreen mode

But my SDK was building URLs like this:

/api/v1/config/{key}
Enter fullscreen mode Exit fullscreen mode

The annoying part is when it happens, it comes with No expection, No warning, just a clean 404

Lesson
Your SDK must match your backend routes character for character.

Mistake #2: Key Normalization Was Inconsistent

This part sounds ordinary, right?......just make sure you don't forget about it. If it requires you setting a reminder to do it, please do because i don't think you will want to shed invisible tears...lol

Configs were stored as:
FEATURE_CHECKOUT_ENABLED

But SDK users could pass:
"feature_checkout_enabled"
"Feature_Checkout_Enabled "

That caused:

  • Cache misses
  • False “not found” errors
  • Inconsistent results

Used:

  • Before API calls
  • Before caching
  • Before comparisons Normalize input once — and enforce it everywhere.

What This Experience Taught Me

  • Swagger is your contract
  • SDKs lie by omission
  • Route mismatches are silent killers
  • Normalization prevents phantom bugs
  • If Swagger works, your backend is innocent

The Rule I Follow Now

Swagger first. SDK second. Database last.

Every time!!!

Top comments (2)

Collapse
 
cyber8080 profile image
Cyber Safety Zone

This really resonates. Another thing I’ve seen is API contract drift — where the spec and actual backend behavior slowly diverge over time unless you enforce them as a single source of truth. Tools like contract testing or schema-driven development can help catch these mismatches early in CI/CD rather than when SDK users hit them

Some comments may only be visible to logged-in visitors. Sign in to view all comments.