Testing

API Backward Compatibility Testing: Preventing Breaking Changes in Microservices

HelpMeTest

HelpMeTest

7 min read
API Backward Compatibility Testing: Preventing Breaking Changes in Microservices

API backward compatibility testing is one of the most critical — and most overlooked — disciplines in microservices engineering. A single breaking change pushed to a shared API can cascade into production failures across a dozen downstream services, and the failure often surfaces hours after the deployment in a way that's hard to trace back to the root cause. This guide covers what constitutes a breaking change, the tools that catch them automatically, and how to integrate compatibility checks into your CI pipeline so breaking changes never reach production.

What Constitutes a Breaking Change?

Not every API change is a breaking change. Understanding the difference between additive, non-breaking changes and destructive, breaking changes is the foundation of API versioning discipline.

Breaking Changes (Never Ship Without a Version Bump)

Field removal. Removing a JSON field that consumers currently read breaks deserialization in strictly-typed clients (Go, Java, Rust) and causes silent null-pointer issues in dynamic languages. Removing user.address from a response when a downstream billing service reads it to generate invoices is catastrophic.

Type changes. Changing a field from string to integer, or from integer to object, is always breaking. Even widening changes like int32 to int64 can overflow clients that haven't been updated. Changing "active": true (boolean) to "active": "yes" (string) breaks every client that does a boolean equality check.

Required fields added to request bodies. If you add a required field to a POST or PUT request body, every existing client that doesn't send that field will start receiving 400 Bad Request. This is one of the most common accidental breaking changes.

Enum value removal. Removing a value from an enum that existing clients may be sending or receiving breaks validation and switch-statement logic. Removing status: "PENDING_REVIEW" when a workflow engine is actively routing on that value will silently drop tasks.

Endpoint removal or path changes. Changing /api/v1/users/{id} to /api/v1/accounts/{id} without maintaining the old path breaks every client that hasn't been updated.

Authentication requirement changes. Making a previously public endpoint require authentication, or changing the token format, breaks clients immediately.

Non-Breaking Changes (Safe to Ship Anytime)

  • Adding optional fields to response bodies
  • Adding new optional fields to request bodies
  • Adding new endpoints
  • Adding new enum values (though clients must handle unknown values gracefully)
  • Relaxing validation constraints (e.g., allowing longer strings)
  • Adding new HTTP methods to existing paths

Tools for Detecting Breaking Changes

openapi-diff

openapi-diff is a command-line tool that compares two OpenAPI (Swagger) specifications and classifies every difference as compatible or breaking.

# Install
npm install -g openapi-diff

<span class="hljs-comment"># Compare two specs
openapi-diff old-api.yaml new-api.yaml

<span class="hljs-comment"># JSON output for CI parsing
openapi-diff old-api.yaml new-api.yaml --json > diff-report.json

<span class="hljs-comment"># Exit with non-zero if breaking changes found
openapi-diff old-api.yaml new-api.yaml --fail-on-incompatible

The output classifies changes into COMPATIBLE, INCOMPATIBLE, and UNKNOWN categories:

Changes between old-api.yaml and new-api.yaml:

INCOMPATIBLE changes:
  - [REQUEST_BODY_REQUIRED_PROPERTY_ADDED] POST /users: required property 'phone' added
  - [RESPONSE_PROPERTY_REMOVED] GET /users/{id}: response property 'address' removed

COMPATIBLE changes:
  - [RESPONSE_OPTIONAL_PROPERTY_ADDED] GET /users/{id}: optional property 'metadata' added

The --fail-on-incompatible flag makes the tool exit with code 1 when breaking changes are detected, which is what you want in CI.

Optic

Optic is a more sophisticated API diff tool that integrates with Git and provides a web dashboard for reviewing changes. It can also learn from your API traffic to detect undocumented behavior.

# Install
npm install -g @useoptic/optic

<span class="hljs-comment"># Add to your repo
optic init

<span class="hljs-comment"># Check for breaking changes against a baseline
optic diff openapi.yaml --base main --check

Pact for Consumer-Driven Contract Testing

openapi-diff is great for spec-level checking, but Pact goes further: it captures what consumers actually use and verifies the provider against those recorded contracts.

Consumer side (e.g., a Node.js order service consuming a user API):

const { PactV3, MatchersV3 } = require('@pact-foundation/pact');
const { like, eachLike } = MatchersV3;

const provider = new PactV3({
  consumer: 'OrderService',
  provider: 'UserService',
  dir: path.resolve(process.cwd(), 'pacts'),
});

describe('UserService contract', () => {
  it('returns user details for a valid ID', async () => {
    await provider
      .given('user 123 exists')
      .uponReceiving('a request for user 123')
      .withRequest({
        method: 'GET',
        path: '/users/123',
        headers: { Accept: 'application/json' },
      })
      .willRespondWith({
        status: 200,
        headers: { 'Content-Type': 'application/json' },
        body: like({
          id: 123,
          email: 'user@example.com',
          name: 'Alice Smith',
          // NOTE: we depend on 'name' — removing it is a breaking change for us
        }),
      })
      .executeTest(async (mockServer) => {
        const client = new UserServiceClient(mockServer.url);
        const user = await client.getUser(123);
        expect(user.name).toBe('Alice Smith');
      });
  });
});

The Pact file generated by this test becomes an artifact that the UserService must verify against:

// Provider verification (runs in UserService CI)
const { Verifier } = require('@pact-foundation/pact');

new Verifier({
  provider: 'UserService',
  providerBaseUrl: 'http://localhost:3000',
  pactBrokerUrl: 'https://your-pact-broker.example.com',
  publishVerificationResult: true,
  providerVersion: process.env.GIT_SHA,
}).verifyProvider();

If the UserService removes the name field, the Pact verification fails and the CI pipeline blocks the deployment.

CI Pipeline Integration

The goal is to block any PR that introduces a breaking change. Here is a GitHub Actions workflow that covers both spec-level and contract-level checking:

# .github/workflows/api-compat.yml
name: API Compatibility Check

on:
  pull_request:
    paths:
      - 'openapi.yaml'
      - 'src/**'

jobs:
  openapi-diff:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Get baseline spec from main
        run: git show origin/main:openapi.yaml > old-api.yaml

      - name: Install openapi-diff
        run: npm install -g openapi-diff

      - name: Check for breaking changes
        run: openapi-diff old-api.yaml openapi.yaml --fail-on-incompatible

  pact-verification:
    runs-on: ubuntu-latest
    services:
      app:
        image: your-registry/user-service:${{ github.sha }}
        ports:
          - 3000:3000
    steps:
      - uses: actions/checkout@v4

      - name: Verify Pact contracts
        run: |
          npx pact-broker can-i-deploy \
            --pacticipant UserService \
            --version ${{ github.sha }} \
            --to-environment production \
            --broker-base-url ${{ secrets.PACT_BROKER_URL }}
        env:
          PACT_BROKER_TOKEN: ${{ secrets.PACT_BROKER_TOKEN }}

The can-i-deploy Pact Broker command is the final gate: it checks whether every consumer that has a Pact with UserService has verified the current version. If any consumer's contract fails, the deployment is blocked.

Semantic Versioning for APIs

APIs should follow a modified SemVer:

Change Type Version Bump Example
Breaking change Major (v1 → v2) Remove a field, change a type
New feature (non-breaking) Minor (v1.1 → v1.2) Add optional field
Bug fix Patch (v1.1.0 → v1.1.1) Fix validation logic

For REST APIs, version in the URL path (/v1/, /v2/) is the most practical approach. Header-based versioning (Accept: application/vnd.api+json;version=2) is cleaner but harder to test and debug.

API Evolution Patterns

Additive Changes Pattern

Always add new fields as optional. Consumers that don't know about the field ignore it; consumers that want it can start reading it after upgrading.

# Before
components:
  schemas:
    User:
      required: [id, email]
      properties:
        id:
          type: integer
        email:
          type: string

# After — adding 'phone' as optional (non-breaking)
components:
  schemas:
    User:
      required: [id, email]
      properties:
        id:
          type: integer
        email:
          type: string
        phone:
          type: string
          description: "Optional phone number, may be null"

Deprecation Cycle Pattern

Before removing any field or endpoint, mark it deprecated and give consumers a migration window (typically 3-6 months for internal APIs, 12+ months for public APIs):

paths:
  /users/{id}/address:
    get:
      deprecated: true
      description: >
        Deprecated as of 2025-01-01. Use /users/{id} which now includes
        the address object inline. Will be removed in v3 (scheduled 2026-01-01).

Emit a deprecation header from the server:

app.get('/users/:id/address', (req, res) => {
  res.set('Deprecation', 'true');
  res.set('Sunset', 'Sat, 01 Jan 2026 00:00:00 GMT');
  res.set('Link', '</users/{id}>; rel="successor-version"');
  // ... return response
});

Log all calls to deprecated endpoints and alert when call volume drops below a threshold — that's your signal that consumers have migrated and it's safe to remove the endpoint.

Practical Test Examples with OpenAPI Specs

Beyond automated diff tools, write explicit compatibility tests that encode your invariants:

# test_api_compatibility.py
import pytest
import jsonschema
import requests

# Load the v1 schema (your "contract" to consumers)
V1_USER_SCHEMA = {
    "type": "object",
    "required": ["id", "email", "name", "created_at"],
    "properties": {
        "id": {"type": "integer"},
        "email": {"type": "string", "format": "email"},
        "name": {"type": "string"},
        "created_at": {"type": "string", "format": "date-time"},
    },
    "additionalProperties": True,  # Allow new fields (non-breaking additions)
}

def test_user_response_schema_backward_compatible():
    """Verify the current API response satisfies the v1 contract."""
    response = requests.get("http://localhost:3000/users/1",
                            headers={"Authorization": "Bearer test-token"})
    assert response.status_code == 200
    
    # Validate against the minimum required schema
    jsonschema.validate(response.json(), V1_USER_SCHEMA)


def test_required_fields_not_added_to_request():
    """POST /users should still work with only the original required fields."""
    minimal_payload = {
        "email": "newuser@example.com",
        "name": "New User",
        # NOTE: do not add 'phone' here — this tests that phone is truly optional
    }
    response = requests.post("http://localhost:3000/users",
                             json=minimal_payload,
                             headers={"Authorization": "Bearer test-token"})
    assert response.status_code == 201, \
        f"Adding required fields to POST /users is a breaking change: {response.text}"


def test_enum_values_not_removed():
    """All v1 status enum values must still be accepted."""
    v1_status_values = ["active", "inactive", "pending"]
    for status in v1_status_values:
        response = requests.get(f"http://localhost:3000/users?status={status}",
                                headers={"Authorization": "Bearer test-token"})
        assert response.status_code != 400, \
            f"status={status} was a valid v1 enum value but now returns 400 — breaking change"

Summary: Breaking Change Prevention Checklist

Gate Tool When
Spec-level diff openapi-diff / Optic Every PR touching openapi.yaml or API code
Consumer contracts Pact Broker can-i-deploy Before every deployment
Backward-compat tests pytest / Jest schema validation Every PR, every test run
Deprecation header audit Custom middleware log Weekly review
API changelog review Manual PR review step Every release

Breaking API changes in microservices are not just a technical problem — they erode trust between teams and create invisible coupling. Investing in automated compatibility checking pays off immediately: once the pipeline blocks a breaking change before it reaches production, every engineer on the team understands why the process exists.

Platforms like HelpMeTest can run your Pact verification and compatibility test suites on every PR as part of continuous testing, giving you a permanent record of API compatibility across deployments without maintaining your own test infrastructure.

Read more