Catching Breaking API Changes Before They Reach Production

#api #devops #opensource #githubactions

Breaking API changes are one of the easiest ways to accidentally disrupt production systems.

They often slip through code review because the service itself still works — but client integrations fail immediately after deployment.

A Common Example

Consider a small change in an OpenAPI specification:

age: integer → age: string

From the service's perspective, everything still works.

But any client expecting an integer now receives a string, which can break applications consuming the API.

These types of issues are easy to miss during pull request reviews, especially when OpenAPI specs grow large.

Some examples of changes that can break API consumers include:

Even small modifications can break downstream systems that depend on the API contract.

One approach to preventing these issues is comparing OpenAPI specifications directly in CI and failing the build when breaking changes are detected.

Example CI output:

❌ Breaking API change detected
Removed endpoint: DELETE /users/{id}

By validating API changes automatically during pull requests, teams can catch compatibility issues before deployment.

A simple implementation using GitHub Actions is available here:

It compares OpenAPI or Swagger specifications between commits and flags breaking changes during CI runs.

APIs often serve as contracts between teams, services, and external integrations.

Automated contract validation helps ensure that changes to the API remain compatible with existing clients.

As APIs grow larger and more interconnected, having automated guardrails becomes increasingly important for maintaining stability.

How do your teams handle API contract validation?

Curious to hear what approaches others are using.

A lot of teams rely on manual OpenAPI reviews, but those can be difficult once specs get large.

Curious if anyone here is using contract testing or schema diff tools in CI.