What is OpenAPI?
The OpenAPI Specification (OAS) provides a consistent means to carry information through each stage of the API lifecycle. It is a specification language for HTTP APIs that defines structure and syntax in a way that is not wedded to the programming language the API is created in. API specifications are typically written in YAML or JSON, allowing for easy sharing and consumption of the specification.
With OAS, you can quickly discover how an API works. As it is programming-language agnostic you can quickly identify and understand service capabilities. You can also use OAS to configure infrastructure, generate client code and create test cases for your APIs. OAS can therefore support your endeavors throughout the API lifecycle, and help you communicate with developer communities both inside and outside your organization.
What is OpenAPI?
Having the ability to provide a definition of your API to other people – your colleagues, companies you partner with or organizations who you provide APIs to – is vital to doing business. The success of the API economy is predicated on doing this repeatedly, succinctly and deterministically, using a vernacular that is relevant to the API consumer.
API specification languages provide a standardized means to do this. Your APIs can be described in agnostic terms, decoupling them from any specific programming language. Consumers of your API specification do not need to understand the guts of your application or try to learn Lisp or Haskell if that’s what you chose to write it in. They can understand exactly what they need from your API specification, written in a simple and expressive language.
The OpenAPI Specification (OAS) enables exactly this transfer of knowledge from API provider to API consumer. It is an open standard for describing your APIs, allowing you to provide an API specification encoded in a JSON or YAML document. It provides a comprehensive dictionary of terms that reflects commonly-understood concepts in the world of APIs, embedding the fundamentals of HTTP and JSON. When teamed up with supporting tools it can provide a rich experience based on a simple document.
OAS in the API Lifecycle
Providing and using an OAS document is not, however, a point-in-time activity. It is fundamental to the API lifecycle, providing affordances for all activities from the inception of the design right through to deployment and support. If an API lifecycle is a transport network then OAS should be considered an arterial road, providing the means to efficiently transfer large amounts of pertinent information quickly and efficiently.
When one considers the API lifecycle it starts to become clear how useful an OpenAPI document is. Consider the simple API lifecycle below. It is based on the idea of API-first design, where the interface is designed without writing a stitch of implementation code. OAS can be used at each stage in this lifecycle.
An API lifecycle within an organization clearly has more nuances than the steps described above, and will undoubtedly be tailored towards the software development lifecycle in use. An agile methodology may, for example, iterate over the steps shown above many times. However, for the purposes of exemplar this simplified view has merit as it shows the utility of OAS at each stage.
Using OAS to help elicit requirements
The first step in our conceptional lifecycle is Requirements, where ideas about an API start to take shape. “Taking shape” covers a multitude of different activities – some technical, some not. Requirements gathering in most organizations stretches back into the business, working with the product team to define what the API should provide for its consumers and that support a holistic view of the product features.
Technologists working on bringing those requirements need some means to convey them. OAS provides the means to support this in an agnostic and portable way. It also provides the means to do this quickly and be able to socialize their ideas with other stakeholders with minimal set-up.
Having a sketch of your API design in OAS when gathering requirements gives you a headstart when starting design.
OAS for design
The design stage of our conceptual API lifecycle is when we take requirements – sketched out in an OpenAPI document or not – and turn them into something tangible. Whatever your starting point – a blank sheet of (virtual) paper, stubbed and annotated controller classes in your code base, a graphical representation in your design tool of choice – being able to create an OAS for consumption of others is vitally important. Given our conceptual lifecycle is based on API-first design the tool of choice is more likely to be an OpenAPI editor or an IDE with an OpenAPI plugin. In the majority of organizations we can also add a number of artifacts that might support this activity: design patterns, Schema objects based on industry standards, organizational data models and so on.
Whatever the tool and artifacts used at the API provider, OAS provides a tangible output from the design process. Having a well-defined and versionable artifact to work with is critical to the accuracy and efficiency of the subsequent steps of the API lifecycle. An OpenAPI document – source controlled using an appropriate mechanism – allows this to happen in a sensible way, and provides a clear and unequivocal input to development.
OAS in development
Once an API design has been created the time has come to write some code and create an implementation of that API in software. Acting on the output design process means working with the OpenAPI document to help bring your application to life.
Our conception lifecycle assumes an API-first design approach, where the OpenAPI document is created upfront and code is then written to create the implementation. There is, of course, the “code-first” approach where the implementation is created and then (typically) annotated so an OpenAPI document can then be generated.
The pros and cons of both approaches are beyond the scope of this post, but if you take the API first approach then having the design detailed in an OpenAPI document is critical to your implementation. The OAS has a rich tooling ecosystem and using the OpenAPI document to generate server-side code is a common approach to automating the creation of controller classes. This speeds up the delivery of the implementation and helps ensure the interface design and the implementation are closely-matched.
Implementing your API in code is, however, only one of the subsequent steps in the lifecycle. Other activities rely on OAS to be completed successfully.
Configuring your infrastructure with OAS
The vast majority of organizations exposing APIs internally or externally use infrastructure to protect the API from malicious intent or provide standardized patterns of deployment.
API management is arguably the most common architecture component in this context. Its function is to protect the APIs of an API provider and provide lifecycle-based functions that help organizations operate their APIs seamlessly. The majority of API management tools provide support for using an OpenAPI document as an input to configuration, using it to build – for example – an API gateway configuration that observes the structure of the API and implements path and parameter validation, request body validation and provides callouts to security systems associated with the function of the APIs.
The point here is one of efficiency. Having an OpenAPI document available to facilitate this process turns it from a lengthy configuration exercise to a button-click operation. By using the same artifact created at design time OAS reduces the administration overhead for API providers, all done using a single version of the truth expressed in the OpenAPI document.
Creating a developer experience with OAS
The point about efficiency also rings true when we talk about developer experience. Having the means to communicate to developers – publicly or with partners, internally or externally – through the same means we used to design our implementation massively accelerates our means to publish relevant information.
Many developers want just the raw OpenAPI document to use in their own tooling. Obviously this is available – often embellished with copy written documentation which can be embedded in the OpenAPI document itself – but API providers can also deliver a rich developer experience through their own choice of tools. There are countless tools compatible with OAS that can provide a developer portal from a button-click, an interactive experience to “try” a provider’s APIs and software development kits in multiple languages generated from an OpenAPI document.
OAS cannot do it all on its own of course. The majority of API providers look to create an immersive experience with content particular to their product and unique selling points. This takes the talents of many creative individuals and the tools they use. OAS does, however, provide a structure that can help bind the experience together.
Testing with OAS
Developer experience often focuses on OAS from the perspective of the API consumer as a user of the product or service offered up by the API provider. There are, however, other consumers who can make use of an OpenAPI document to understand an API and perform activities pertinent to them.
One area of particular importance is in testing an API. API providers need assurance that the APIs they put in the market meet their acceptable levels of quality and accuracy. Testing APIs requires the same insight as consuming it due to the same need to understand the structure, parameters and request and response definitions. Writing and executing test cases relies on the same level of understanding as an API consumer.
API testing is an area where tooling has become heavily invested in OAS as an input. For example, using tools to perform contract tests to check that design and implementation match is a common activity for API providers. The same is true for security tools, which test the API footprint for weaknesses in the implementation. Having an OpenAPI document provides a definition of what is API is *supposed* to offer and therefore a baseline what might have been unintentionally exposed or implement weak security practices.
Testing is therefore a stage in our conceptual API lifecycle that significantly benefits from leverage OAS. Using an OpenAPI document as an input both accelerates this activity and provides a deterministic mechanism for executing tests.
💡 Final Thoughts
The last stage in our API cycle is about making the API available to API consumers. Deploying the API obviously covers more than just installing our software implementation. API management and the developer experience all need to come together to provide the API that an API consumers want to deliver them a particular product or service with what they need to understand how it works and what they need to do to build their software.
In this article we’ve tried to explain how useful OAS is at every stage of getting an API to this point. OAS ties the lifecycle together by providing a consistent means to carry information through each stage. When this is done right OAS provides a valuable mechanism for API providers to ensure consistency and quality in their endeavors.
Want to know more about OAS? Please check out our Getting Started with OpenAPI Specification guide for a detailed overview of the specification. Please also visit our tooling catalog, which provides details of open source and commercial tools that support OAS.