-
Notifications
You must be signed in to change notification settings - Fork 9.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enhanced Operation Deprecation and versioning #782
Comments
Hmm, maybe also a field indicating until when an API will be supported? |
@ePaul It would be nice if we can provide that information. However, how reliable is it going to be? And should it be a date, or should it be a version when it will be removed? Anyway, I think support for this might have to wait, as we have higher priority breaking changes that we want to get resolved ASAP. We can always experiment with x- properties for stuff like this. I just wanted to get the idea on record before I forgot it :-) |
We would like to also be able to mark an entire API as deprecated. Repeating some internal discussion: The simplest change to support this would be to add the "deprecated" property at the top level (the "root document object"). If the property is true, the API is deprecated; if not, it's still active. For API deprecation, some additional information might be useful:
|
Came here to upvote this point. The scenario is all too common that you want to phase out v1 of an API end of next year in favor of v2 being released today. We should be able to mark this in the v1 spec document so contract-first clients and API generators can issue a loud warning pointing to the correct and supported API version. |
|
I have been dealing with a similar thing in something I'm working on. To add some of my thoughts: Lots of APIs don't have a single version, and imposing one would be tough. This should work for an evolving API with a version like "4.0.342" as suggested, but it also needs to work for URL versioned/namespaced APIs (as much as we hate em). This is why date and version are both important. Replacements are also interesting, because whilst it would often be ideal to say "this field is gone, use this one", sometimes fields just go without a replacement, or split or change fundamentally. Pointing callers to the replacement field or the replacement endpoint is one thing, but we gotta send people somewhere when that is not an option... URL to docs? /shrug |
just for completeness: while OpenAPI is about design time, it might be interesting to also consider runtime issues. for deprecating complete APIs, the HTTP |
i would refine @dret's comment above. There are two relevant HTTP headers for deprecation: Deprecation (https://tools.ietf.org/html/draft-dalal-deprecation-header-00) and Sunset. To inform about the deprecation, the Deprecation HTTP header should be used. To inform about sunset of the deprecated resource, the Sunset header should be used in addition to the Deprecation header. This is described in section #5 https://tools.ietf.org/html/draft-dalal-deprecation-header-00#section-5. Draft #11 https://tools.ietf.org/html/draft-wilde-sunset-header-11 of the Sunset header clarifies this aspect as well in section 1.4 https://tools.ietf.org/html/draft-wilde-sunset-header-11#section-1.4. |
yes, completely agree with @sdatspun2 here: HTTP |
Yep, now that both Sunset and Deprecation exist, there is not much need for further work on this. With OpenAPI mostly being used for design time, simply being able to say "This is now deprecated" is enough, as runtime code will sniff for deprecation. For example, your OpenAPI generated Ruby SDK can just reference faraday-sunset and you will have an error in your logs or bug reporting system if an endpoint is suddenly sunset. Sniffing for deprecations is equally possible. I think all of this is more powerful than trying to get super specific about what might go away when in design time. :) |
Allowing a |
It's a long time since my previous comment and for some reason I now love the idea of I can already imagine it being used in the new Stoplight docs we're cooking up, it'd be amazing for helping folks power through API evolution. |
Design time is often considered something that happens first, then you build, then you run it, but that progression is not linear. In the design-first workflow, design happens first as the name suggests, but also the entire way through the lifecycle, with every new endpoint or property being added to the design over time. As such it's perfectly normal for runtime code to emit deprecation and sunset headers, those headers could even be powered by a middleware that looks for these deprecation flags in OpenAPI. Seeing as The Stoplight Way is to have your OpenAPI and code in the same repo, this would be incredibly easy to do, and stop the duplication of information between having to add the deprecation flag in the description and then also add it in the code... 🤔 What do folks think? |
Hi all 👋 openapi: 3.1.0
info:
version: 1.0.313
paths:
/foo:
get:
deprecated: true
sunset: 4.0.0 This allows:
By the way, in order to improve docs and make the 3rd item easier, what about adding the version history or the release planning in the Should we keep this here, or should I open a distinct issue for the |
Could you help me with a use-case? What is the benefit of having sunset (a runtime HTTP header that talks about removal) in OpenAPI specifically? You can already use I'm just not sure I see the value personally. My brain runs on use-cases so if you could talk through a concrete instance where this would help I could come around? What I like specifically about the Maybe we do need a new issue so we don't overlap the ideas. |
(Side note: https://datatracker.ietf.org/doc/html/rfc8594 specifies that the Sunset header contains a date, not a version.)
I would use this to have my HTTP server automatically inject a Sunset header into the response when it sees this in the openapi document. Another way to do it would be to tailor the application to look for this in the operation spec:
..and inject the header based on that, but it's more verbose. (An openapi validator could also warn if the sunset date is in the past, indicating that the endpoint should be removed entirely.) |
Thanks @philsturgeon for your quick reply. Here is the use case, say I've deprecated a couple of things in my specification: The benefits of this approach are that:
|
Instead of
or something like that. Using an array supports situations where one endpoint is split into two. By using JSON ref or similar, we provide a resolvable link to the new endpoint(s) |
Currently, OpenAPI allows us to identify the version of the API being described and deprecate operations using a Boolean value.
I would like to propose some additional metadata that makes it easier to track changes to APIs.
In addition to the existing
deprecated
flag, there is now adeprecatedVersion
andreplacementOperationId
property.Consider the following API and two of its operations:
The
deprecatedVersion
property indicates the API version in which this operation was deprecated. ThereplacementOperationId
provides a pointer to a new operation that replaces the functionality of the deprecated operation.These new properties enable a variety of useful capabilities:
The text was updated successfully, but these errors were encountered: