OpenAPI-Specification VS dredd

And I'll be using the OpenAPI Pet Store spec file as an example.

I saw your sibling comment about "keeping it simple," however that is a bit counter to "generates OpenAPI specifications" since those for sure are not limited to just application/json request/response bodies

I wanted to draw your attention to "normal" POST application/x-www-form-urlencoded <https://github.com/OAI/OpenAPI-Specification/blob/3.1.0/vers...> and its multipart/form-data friend <https://github.com/OAI/OpenAPI-Specification/blob/3.1.0/vers...>

The latter is likely problematic, but the former is in wide use still, including, strangely enough, the AWS API, although some of their newer services do have an application/json protocol

I know that's a lot of words, but the tl;dr would be that if you want your extension to be application/json only, then changing the description to say "OpenAPI specifications for application/json handshakes" would help the consumer be on the same page with your goals

Since FastAPI is based on OpenAPI, at this point you can also use the automatically generated docs. There are multiple options, and two are included by default. Try them out by accessing the following URLs:

This approach requires a constant context switch and is clearly not productive. Here, the OpenAPI Specification can help; you might already have it, but is it scalable? In this article, we’ll learn how to create an OpenAPI Specification document that is readable, scalable, and follows the principle of extension without modifying the existing document.

Phil Sturgeon, who along with Ben Hutton and Henry Andrews from the JSON Schema community, helped drive the push to full JSON Schema Draft 2020-12 compliance, has written a blog post for the official OpenAPIs.org website on how to transition your OAS documents from v3.0.x to v3.1.0.

In this article, we will be learning how to document API written in Node.js using a tool called Swagger. Swagger allows you to describe the structure of your APIs so that machines can read them. The ability of APIs to describe their own structure is the root of all awesomeness in Swagger. Why is it so great? Well, by reading our API’s structure, swagger can automatically build beautiful and interactive API documentation. It can also automatically generate client libraries for your API in many languages and explore other possibilities like automated testing. Swagger does this by asking our API to return a YAML or JSON that contains a detailed description of your entire API. This file is essentially a resource listing of our API which adheres to OpenAPI Specifications.

You may encounter APIs described as RESTful that do not meet these criteria. This is often the result of bottom-up coding, where top-down design should have been used. Another thing to watch out for is the absence of a schema. There are alternatives, but OpenAPI is a common choice with good tools support. If you don't have a schema, you can create one by building a Postman collection.

The principle behind the OpenAPI Specification (OAS – the industry’s most popular API specification format) is similar. It’s supposed to act as a blueprint for describing RESTful APIs.

OpenAPI 3.1 supports webhooks. It's not widely supported yet by implementations, but it's definitely there. https://github.com/OAI/OpenAPI-Specification/blob/main/examples/v3.1/webhook-example.yaml

The Fastly API is huge. We have lots of customers who want to interact with it using their chosen programming language but our small set of manually maintained clients was not sufficient to handle the job of our ever-evolving API. We needed a way to scale up our API client support, and OpenAPI was the answer.

Dredd: used to test APIs based on the API blueprint or OpenAPI specification, to ensure implementation matches the specification.

Here are three tools that you can use to generate example API requests and responses from OpenAPI specifications. These tools should work well even if your schemas are deeply nested: Nswag (Command Line and GUI): Nswag is a Swagger/OpenAPI toolchain for .NET, TypeScript, and other platforms. It supports code generation, client generation, and API documentation. You can use NswagStudio, which is a graphical interface, or you can use the command line tool called "NSwag.exe" for generating example API requests and responses. GitHub: https://github.com/RicoSuter/NJsonSchema NswagStudio: https://github.com/RicoSuter/NSwag/wiki/NSwagStudio Dredd (Command Line): Dredd is a language-agnostic command-line tool for validating API descriptions against backend implementations. It supports OpenAPI, Swagger, and API Blueprint formats. Dredd can generate example requests and responses and validate whether your API implementation conforms to the API description. GitHub: https://github.com/apiaryio/dredd Documentation: https://dredd.org/en/latest/ Stoplight Studio (GUI): Stoplight Studio is a modern API design and documentation platform that supports OpenAPI and JSON Schema. It allows you to create, edit, and validate OpenAPI specifications and provides a powerful visual interface for generating example API requests and responses. Website: https://stoplight.io/studio/ GitHub: https://github.com/stoplightio/studio These tools should provide you with the ability to generate example API requests and responses from your OpenAPI specifications and handle deeply nested schemas.

If you want to make sure the server implements a certain contract like there's an handler responding to a GET request to /API/what/ever I'd rather use something else. To be completely honest this is a topic I'm currently also searching for a really good solution but what I found so far (and looks promising) is https://dredd.org/ or https://microcks.io/ Both support OpenAPI testing so you can specify the contract as an OpenAPI spec and validate your server against it.

Consolidating the API specification with OpenAPI was a turning point for the project. From that moment we were able to run mock servers to build and test the UI before integrating with the backend, and we were able to validate the backend implementation against the specification. We used prism to run mock servers, and Dredd to validate the server implementation (these days I’d rather use schemathesis).

In this approach, you produce an API specification first, then you build the API against the specification, and then you validate your implementation against the specification using automated API testing tools. This is the most reliable approach for building API servers, since it’s the only one that holds the server accountable and validates the implementation against the source of truth. Unfortunately, this approach isn’t as common as it should be. One of the reasons why it isn’t so common is because it requires you to produce the API specification first, which, as we saw earlier, puts off many developers who don’t know how to work with OpenAPI. However, like I said before, generating OpenAPI specifications doesn’t need to be painful since you can use tools for that. In this approach, you use automated API testing tools to validate your implementation. Tools like Dredd and schemathesis. These tools work by parsing your API specification and automatically generating tests that ensure your implementation complies with the specification. They look at every aspect of your API implementation, including use of headers, status codes, compliance with schemas, and so on. The most advanced of these tools at the moment is schemathesis, which I highly encourage you to check out.

It's missing the greatest API testing classic Dredd! Other than that the best API testing tool I've used so far is schemathesis. It works by looking at your API specification and automatically launching hundreds of tests per endpoint. It also leverages advanced OpenAPI documentation strategies such as links to test the relationship between various endpoints.

One more tip for the backend developers: make sure the API implementation is tested against the API specification using contract-testing tools such as Dredd or Schemathesis. I specially recommend schemathesis as it's a lot more comprehensive. I recommend you run those tests in the CI and require them to pass before they can merge their API changes. This is the only reliable way to ensure the API works as expected.

The other thing you want to make sure is that the server is implementing the API correctly. In this space, you can use tools such as Dredd and schemathesis, which look at the API specification and automatically test the server implementation against it.

Schemaless schemas make testing difficult. Tools like Dredd and Schemathesis rely on your API documentation to generate tests and validate your API responses. A collection of free-form arrays like the above model will pass nearly every test, even if the length of the arrays or their contents are wrong. Schemaless schemas are also useless for API mocking, which is a fundamental part of building reliable API integrations.

Dredd: this is the classic API testing tool and it's been around for years. Dredd works by looking at your API specification and figuring out what tests need to be generated to validate your API implementation. You don't need to write any additional code, although you may want to create your own custom hooks to customise Dredd's behaviour. Dredd hooks are useful for example to test resource endpoints (the likes of /todo/{todo_id}) and to clean up your database from any resources created during the test suite. I wrote a tutorial on how to write Dredd hooks which you may find useful.