101
0/273
Loading content...
Not every API change requires a new version. Understanding the distinction between breaking changes (which require version management) and non-breaking changes (which don't) is crucial for API evolution. Master this distinction, and you can evolve your API continuously without disrupting consumers. Misunderstand it, and you'll either break things unexpectedly or version too aggressively, fragmenting your ecosystem.
A breaking change is any modification that could cause existing client code to fail when interacting with the updated API. A non-breaking change (also called backward-compatible change) is one that existing clients can absorb without modification—they may not benefit from new features, but they won't break.
The challenge is that "breaking" isn't always obvious. Some changes that seem innocuous to developers are devastating to consumers. Other changes that appear major are actually safe. This page provides the framework to distinguish them reliably.
By the end of this page, you will be able to categorize any API change as breaking or non-breaking, understand the subtle cases that trip up even experienced engineers, and apply defensive design patterns that minimize breaking changes in your APIs.
Breaking changes fall into several categories, each with different severity and detection characteristics:
1. Structural Breaking Changes
2. Semantic Breaking Changes
3. Behavioral Breaking Changes
4. Contract Breaking Changes
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354
// Comprehensive Examples of Breaking Changes // ❌ STRUCTURAL BREAKING CHANGES // 1. Removing a fieldinterface UserV1 { id: string; name: string; email: string; }interface UserV2 { id: string; email: string; } // 'name' removed! // 2. Renaming a field interface OrderV1 { orderId: string; total: number; }interface OrderV2 { id: string; amount: number; } // Fields renamed! // 3. Changing field typesinterface ProductV1 { price: number; } // price: 1999 (cents)interface ProductV2 { price: string; } // price: "19.99" (formatted) // 4. Changing from value to objectinterface AddressV1 { country: string; } // country: "US"interface AddressV2 { country: { code: string; name: string; }; } // ❌ SEMANTIC BREAKING CHANGES // 5. Changing enum valuestype StatusV1 = 'active' | 'inactive';type StatusV2 = 'enabled' | 'disabled'; // Same meaning, different values! // 6. Stricter validation// V1: email can be any string// V2: email must match RFC 5322// Previously valid requests now fail! // 7. Changed defaults// V1: sortOrder defaults to "asc"// V2: sortOrder defaults to "desc"// Same request, different results! // ❌ BEHAVIORAL BREAKING CHANGES // 8. Changed operation semantics// V1: DELETE /users/:id soft-deletes (preserves data)// V2: DELETE /users/:id hard-deletes (removes data)// Same endpoint, catastrophically different behavior! // 9. Added required authentication// V1: GET /public/products (no auth)// V2: GET /public/products (requires API key)// Existing integrations break! // 10. Changed rate limits// V1: 1000 requests/minute// V2: 100 requests/minute// High-traffic integrations fail!Semantic and behavioral changes are the most dangerous because they don't cause immediate errors. A client might call the API successfully but act on incorrect assumptions about what the data means. Users experience incorrect behavior, corrupted data, or subtle bugs that are hard to trace back to API changes.
Many changes can be made safely without versioning if clients follow robust integration patterns. Understanding these non-breaking changes helps you evolve APIs confidently:
1. Additive Changes to Responses
2. Relaxed Validation
3. Performance Improvements
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970
// Examples of Non-Breaking Changes // ✅ ADDITIVE CHANGES (Safe) // 1. Adding new optional fieldsinterface UserV1 { id: string; email: string; }interface UserV2 { id: string; email: string; phone?: string; // New optional field - safe! preferences?: object; // New optional field - safe!} // 2. Adding new endpoints// V1: GET /users, POST /users// V2: GET /users, POST /users, GET /users/:id/activity // New endpoint - safe! // 3. Adding new optional query parameters// V1: GET /users?status=active// V2: GET /users?status=active&sort=name&limit=50 // New params - safe! // 4. Adding new HTTP methods// V1: GET /reports/:id// V2: GET /reports/:id, DELETE /reports/:id // New method - safe! // ✅ RELAXED VALIDATION (Safe) // 5. Making required fields optionalinterface CreateUserV1 { name: string; email: string; phone: string; }interface CreateUserV2 { name: string; email: string; phone?: string; } // Safe! // 6. Accepting additional formats// V1: date must be "YYYY-MM-DD"// V2: date accepts "YYYY-MM-DD", ISO 8601, or Unix timestamp// Existing clients unaffected! // 7. Widening accepted values// V1: quantity must be 1-100// V2: quantity must be 1-1000// Existing valid requests still valid! // ✅ PERFORMANCE IMPROVEMENTS (Safe) // 8. Better response times - always safe// 9. Higher rate limits - always safe// 10. More efficient pagination - safe if backward compatible // ⚠️ CONDITIONALLY SAFE // Adding enum values - safe IF clients handle unknown valuestype PaymentStatusV1 = 'pending' | 'completed' | 'failed';type PaymentStatusV2 = 'pending' | 'completed' | 'failed' | 'refunded'; // Safe if client has:function handleStatus(status: string) { switch (status) { case 'pending': return 'Waiting...'; case 'completed': return 'Done!'; case 'failed': return 'Error'; default: return 'Unknown status'; // Handles new values gracefully! }} // BREAKS if client has:function handleStatusBroken(status: PaymentStatusV1) { // TypeScript enum exhaustiveness - 'refunded' causes error!}Postel's Law states: 'Be conservative in what you send, be liberal in what you accept.' Clients following this principle ignore unknown fields and handle unknown enum values gracefully. APIs following this principle accept variations in input format. When both sides apply this principle, additive changes are always safe.
Some changes exist in a gray area—whether they're breaking depends on client implementation patterns, documentation, or contractual expectations. These require careful evaluation:
Adding New Enum Values
Adding 'refunded' to a payment status enum is non-breaking if clients handle unknown values. But many clients use exhaustive switches or strict deserialization that fail on unknown values. In practice, treat enum additions as potentially breaking.
Changing Null Handling
If a field was never null but now can be null, clients that don't check for null will break. Technically this is a type change (string → string|null), but many consider it additive.
Changing Error Responses
Many clients parse error responses. Changing from { error: string } to { error: { code: string, message: string } } breaks error parsing even if successful responses remain unchanged.
| Change | Technically Breaking? | Practically Breaking? | Recommendation |
|---|---|---|---|
| Add enum value | No (additive) | Often yes | Treat as breaking or document strict handling requirements |
| Field now nullable | Yes (type change) | Depends on clients | Treat as breaking |
| Longer response times | No | Can break timeouts | Communicate changes, provide guidance |
| Change error format | Debatable | Usually yes | Version error format separately or treat as breaking |
| Reorder JSON fields | No (JSON is unordered) | Can break naive parsers | Non-breaking, but document that order isn't guaranteed |
| Change number precision | Debatable | Can break comparisons | Document precision guarantees explicitly |
| Add response header | No | No | Non-breaking |
| Remove response header | No (headers optional) | Can break if relied upon | Depends on documented contract |
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263
// Deep Dive: The Enum Addition Problem // Scenario: Your API currently returns order statustype OrderStatusV1 = 'pending' | 'processing' | 'shipped' | 'delivered'; // You want to add a new status for returnstype OrderStatusV2 = OrderStatusV1 | 'returned'; // Why this can break clients: // 1. TypeScript exhaustive switch (compile error in strict mode)function getStatusMessageBad(status: OrderStatusV1): string { switch (status) { case 'pending': return 'Waiting for confirmation'; case 'processing': return 'Being prepared'; case 'shipped': return 'On the way'; case 'delivered': return 'Complete'; // No default - TypeScript ensures all cases handled // If 'returned' arrives, this doesn't compile! }} // 2. Serialization/deserialization failuresinterface Order { id: string; status: 'pending' | 'processing' | 'shipped' | 'delivered'; // Strict type} // Strongly-typed languages may reject unknown values:// Java: JsonMappingException// C#: JsonException // Go: json: cannot unmarshal // 3. Database constraints// CREATE TABLE orders (// status ENUM('pending', 'processing', 'shipped', 'delivered')// );// 'returned' value causes insert failure! // Safe patterns for clients: // 1. Always include default casefunction getStatusMessageSafe(status: string): string { switch (status) { case 'pending': return 'Waiting for confirmation'; case 'processing': return 'Being prepared'; case 'shipped': return 'On the way'; case 'delivered': return 'Complete'; default: return `Status: ${status}`; // Handle unknown gracefully }} // 2. Use string types with known constantsconst ORDER_STATUSES = ['pending', 'processing', 'shipped', 'delivered'] as const;type OrderStatus = typeof ORDER_STATUSES[number] | string; // Open for extension // 3. Document unknown value handling in API contract/** * @property status - Order status. New values may be added * without notice. Clients MUST handle * unknown values gracefully. */If you're unsure whether a change is breaking, treat it as breaking. The cost of unnecessary versioning is manageable. The cost of unexpectedly breaking production clients is severe. Err on the side of caution.
Preventing accidental breaking changes requires tooling, processes, and design patterns working together.
Automated Schema Comparison
Tools can compare API schemas between versions to detect breaking changes before deployment.
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677
// Automated Breaking Change Detection import { compareOpenAPISchemas } from 'openapi-diff'; interface BreakingChangeReport { breaking: Change[]; nonBreaking: Change[]; unknown: Change[];} interface Change { type: 'added' | 'removed' | 'modified'; path: string; description: string; severity: 'breaking' | 'warning' | 'info';} async function detectBreakingChanges( currentSchema: OpenAPISpec, proposedSchema: OpenAPISpec): Promise<BreakingChangeReport> { const diff = await compareOpenAPISchemas(currentSchema, proposedSchema); const report: BreakingChangeReport = { breaking: [], nonBreaking: [], unknown: [], }; for (const change of diff.changes) { if (isBreakingChange(change)) { report.breaking.push(formatChange(change, 'breaking')); } else if (isNonBreakingChange(change)) { report.nonBreaking.push(formatChange(change, 'info')); } else { report.unknown.push(formatChange(change, 'warning')); } } return report;} function isBreakingChange(change: DiffChange): boolean { // Removals are always breaking if (change.type === 'removed') return true; // Type changes are breaking if (change.type === 'type-changed') return true; // Making optional required is breaking if (change.type === 'required-added') return true; // Narrowing validation is breaking if (change.type === 'validation-stricter') return true; return false;} // CI/CD Integrationasync function ciBreakingChangeCheck() { const current = await loadSchema('main'); const proposed = await loadSchema('pr-branch'); const report = await detectBreakingChanges(current, proposed); if (report.breaking.length > 0) { console.error('❌ Breaking changes detected!'); report.breaking.forEach(c => console.error(` - ${c.description}`)); // Require explicit acknowledgment if (!process.env.BREAKING_CHANGE_ACKNOWLEDGED) { process.exit(1); } } console.log('✅ No breaking changes detected');}Contract Testing
Contract tests verify that new versions maintain backward compatibility with existing consumer expectations.
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465
// Contract Testing for Backward Compatibility // Consumer contract defines what the consumer expectsconst consumerContract = { name: 'mobile-app-v3.2', expectations: [ { description: 'Get user returns expected fields', request: { method: 'GET', path: '/users/123' }, response: { status: 200, bodyMatches: { id: 'string', email: 'string', name: 'string', // Consumer expects 'name' field }, }, }, { description: 'Create order accepts current format', request: { method: 'POST', path: '/orders', body: { productId: 'abc', quantity: 2 }, // Current format }, response: { status: 201, bodyMatches: { orderId: 'string', status: 'string', }, }, }, ],}; // Run contract tests against new API versionasync function verifyContract(contract: ConsumerContract): Promise<TestResult[]> { const results: TestResult[] = []; for (const expectation of contract.expectations) { const response = await callApi(expectation.request); const passed = response.status === expectation.response.status && matchesShape(response.body, expectation.response.bodyMatches); results.push({ description: expectation.description, passed, details: passed ? null : { expected: expectation.response, actual: response, }, }); } return results;} // Pact-style consumer-driven contract testing// 1. Consumers publish their contracts (expectations)// 2. Provider runs all consumer contracts before release// 3. Failing contracts block deployment// 4. Provides clear visibility into consumer dependenciesThe best way to handle breaking changes is to design APIs that minimize the need for them. These defensive patterns create room for evolution:
1. Extensible Enums
Document that enum values may be added and clients must handle unknown values. Make this explicit in the API contract.
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273
// Defensive API Design Patterns // 1. EXTENSIBLE ENUMS// Document explicitly in OpenAPI/JSON Schemaconst orderStatusSchema = { type: 'string', enum: ['pending', 'processing', 'shipped', 'delivered'], description: `Order status. WARNING: New values may be added. Clients MUST handle unknown values gracefully.`, 'x-extensible-enum': true, // Custom extension for tooling}; // 2. CONSISTENT ENVELOPE PATTERN// Wrap responses in consistent structure with room for evolution interface ApiResponse<T> { data: T; // The actual payload meta?: ResponseMeta; // Pagination, timing, etc. links?: HateoasLinks; // Navigation links warnings?: Warning[]; // Non-fatal issues} // This envelope can gain new top-level fields without breaking 'data'interface ResponseMeta { requestId: string; processingTime: number; // Future: add new meta fields here} // 3. OPTIONAL BY DEFAULT// Make new fields optional, alwaysinterface User { id: string; // Required, immutable email: string; // Required, core field phone?: string; // Optional preferences?: Preferences; // Optional (can add fields inside) metadata?: Record<string, unknown>; // Catch-all for custom data} // 4. PRESERVE DEPRECATED FIELDS// Instead of removing, mark deprecated and return both interface ProductV1 { price: number; // cents - deprecated} interface ProductV2 { price: number; // Still returned for compatibility priceAmount: number; // Same value, new name priceCurrency: string; // New field for currency} // Transition period: return both until old clients migrate // 5. USE FORWARD-COMPATIBLE VALUE TYPES// Prefer strings over numbers for IDs (can add prefixes later)// Prefer ISO dates over custom formats// Prefer maps over fixed object structures when structure may evolve // Bad: Forces structural change if limits changeinterface LimitsV1 { maxItems: number; maxSize: number;} // Good: Can add limits without structural changeinterface LimitsV2 { limits: Record<string, number>; // { maxItems: 100, maxSize: 1000, maxConnections: 50 }}2. Request Tolerance
Be liberal in what you accept—ignore unknown fields in requests so clients can prepare for future versions.
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061
// Request Tolerance Patterns // IGNORE UNKNOWN FIELDS// Don't reject requests with extra fields function parseCreateUserRequest(body: unknown): CreateUserInput { const parsed = body as Record<string, unknown>; // Extract only known fields, ignore extras return { name: validateString(parsed.name), email: validateEmail(parsed.email), // Unknown fields like 'futureField' are silently ignored };} // BAD: Strict parsing that rejects unknown fieldsfunction parseStrictly(body: unknown): CreateUserInput { const knownFields = ['name', 'email']; for (const key of Object.keys(body)) { if (!knownFields.includes(key)) { throw new Error(`Unknown field: ${key}`); // Breaks forward compat! } } // ...} // ACCEPT MULTIPLE FORMATS// Support common variations of the same value function parseDate(value: unknown): Date { if (value instanceof Date) return value; if (typeof value === 'number') return new Date(value * 1000); // Unix if (typeof value === 'string') { // Try multiple formats const iso = Date.parse(value); if (!isNaN(iso)) return new Date(iso); const formats = ['YYYY-MM-DD', 'DD/MM/YYYY', 'MM-DD-YYYY']; for (const format of formats) { const parsed = parseWithFormat(value, format); if (parsed) return parsed; } } throw new Error('Invalid date format');} // CASE-INSENSITIVE ENUMS// Accept 'ACTIVE', 'active', 'Active' for status values function parseStatus(value: string): Status { const normalized = value.toLowerCase(); const validStatuses = ['active', 'inactive', 'pending']; if (validStatuses.includes(normalized)) { return normalized as Status; } throw new Error(`Invalid status: ${value}`);}Every time you add a required field, remove a field, or change a type, you create future version debt. Invest in flexible designs upfront. The slight overhead of optional fields and extensible structures pays dividends in reduced versioning complexity.
Sometimes breaking changes are unavoidable—security fixes, major redesigns, or correcting fundamental mistakes. When they must happen, manage them carefully:
| Phase | Duration | Activities | Consumer Action |
|---|---|---|---|
| Announcement | 3-6 months before | Document changes, publish migration guide, notify stakeholders | Review upcoming changes |
| Parallel Operation | Release to sunset | Both versions active, new version promoted | Develop migration plan |
| Migration Window | 1-3 months | Old version deprecated, warnings active | Complete migration |
| Sunset | End date | Old version returns 410 or redirects | Must be on new version |
| Post-Sunset | Ongoing | Old version fully removed | No action needed |
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657
// Breaking Change Communication System interface BreakingChangeAnnouncement { id: string; title: string; description: string; affectedEndpoints: string[]; currentBehavior: string; newBehavior: string; reason: string; migrationGuide: string; timeline: { announced: Date; newVersionAvailable: Date; deprecationStart: Date; deprecationEnd: Date; // Sunset }; impact: 'high' | 'medium' | 'low';} // Example announcementconst announcement: BreakingChangeAnnouncement = { id: 'BC-2024-001', title: 'User name field split', description: 'The `name` field is being replaced with `firstName` and `lastName`', affectedEndpoints: ['GET /users/:id', 'POST /users', 'PATCH /users/:id'], currentBehavior: 'User resource has single `name` field', newBehavior: 'User resource has `firstName` and `lastName` fields', reason: 'Better internationalization support and clearer data model', migrationGuide: 'https://docs.example.com/migration/name-split', timeline: { announced: new Date('2024-01-15'), newVersionAvailable: new Date('2024-02-01'), deprecationStart: new Date('2024-04-01'), deprecationEnd: new Date('2024-07-01'), }, impact: 'high',}; // Notify affected consumersasync function notifyAffectedConsumers(announcement: BreakingChangeAnnouncement) { // 1. Email registered developers const affectedUsers = await getAffectedConsumers(announcement.affectedEndpoints); await sendEmail(affectedUsers, formatAnnouncementEmail(announcement)); // 2. Post to developer blog await publishBlogPost(formatBlogPost(announcement)); // 3. Update status page await updateStatusPage('planned-change', announcement); // 4. Add in-API warnings (deprecation headers) await scheduleDeprecationHeaders(announcement); // 5. Update documentation await markEndpointsDeprecated(announcement.affectedEndpoints);}Security and critical bug fixes sometimes require immediate breaking changes without full migration windows. Have a documented fast-track process for emergencies, but use it sparingly. Every emergency breaking change erodes trust that took months to build.
Use these checklists to evaluate changes before implementation:
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465
// Automated Change Evaluation interface ProposedChange { type: 'add' | 'remove' | 'modify' | 'rename'; target: 'field' | 'endpoint' | 'parameter' | 'type'; location: string; // e.g., "POST /users request.body.email" before?: schema; after?: schema;} function evaluateChange(change: ProposedChange): ChangeEvaluation { const evaluation: ChangeEvaluation = { change, isBreaking: false, reason: '', mitigation: '', }; // Rule 1: Removals are always breaking if (change.type === 'remove') { evaluation.isBreaking = true; evaluation.reason = 'Removal of existing API element'; evaluation.mitigation = 'Deprecate first, maintain for migration period'; return evaluation; } // Rule 2: Renames are breaking (they're remove + add) if (change.type === 'rename') { evaluation.isBreaking = true; evaluation.reason = 'Rename is effectively removal of old name'; evaluation.mitigation = 'Add new name, deprecate old, support both temporarily'; return evaluation; } // Rule 3: Type changes are breaking if (change.type === 'modify' && typeChanged(change.before, change.after)) { evaluation.isBreaking = true; evaluation.reason = 'Type change breaks existing serialization'; evaluation.mitigation = 'Add new field with new type, deprecate old'; return evaluation; } // Rule 4: New required fields in requests are breaking if (change.type === 'add' && change.target === 'field' && isRequestLocation(change.location) && isRequired(change.after)) { evaluation.isBreaking = true; evaluation.reason = 'Required field breaks existing requests'; evaluation.mitigation = 'Make optional with default, or version bump'; return evaluation; } // Rule 5: Stricter validation is breaking if (change.type === 'modify' && validationStricter(change.before, change.after)) { evaluation.isBreaking = true; evaluation.reason = 'Stricter validation rejects previously valid requests'; evaluation.mitigation = 'Apply to new version only'; return evaluation; } // Non-breaking: additions to responses, relaxed validation, etc. evaluation.reason = 'Additive or relaxing change'; return evaluation;}Integrate breaking change detection into your CI/CD pipeline. Every pull request should automatically evaluate API changes against these rules. Human review can focus on judgment calls in gray areas while automation catches the clear violations.
Understanding breaking vs non-breaking changes is foundational to API versioning discipline. Let's consolidate the key insights:
What's Next:
With breaking changes understood, we now turn to the final piece of the versioning puzzle: Deprecation Strategies. We'll explore how to gracefully retire API versions, communicate sunset timelines, and manage the transition from old to new without losing consumer trust.
You now have a comprehensive framework for classifying API changes, detecting breaking changes automatically, and designing APIs that minimize version churn. This knowledge is essential for maintaining backward compatibility while enabling continuous evolution.