- All public APIs must have OpenAPI documentation. Every public-facing API should be fully described using an OpenAPI specification (YAML or JSON). This guarantees clarity for consumers and supports integration, testing, and maintenance.
- Document internal APIs using OpenAPI. Where feasible, internal APIs should also be documented with OpenAPI specifications. This improves maintainability, supports onboarding, and helps prevent knowledge silos.
- Validate implementation against API specification.
Use tools like
league/openapi-psr7-validatoror similar to test your implementation against the OpenAPI spec. Automated validation reduces drift between code and documentation and ensures long-term reliability.