Problems with Swagger

My problem with Swagger is almost the opposite... it solves the problem (APIs are very complicated to use!) by embracing this complexity with more complexity and more tools. Rather, I believe the solution is a push to just have simpler APIs.<p>It&#x27;s crazy to me that it&#x27;s harder to write a Swagger file than it is to write the API itself. And there&#x27;s a lot of tooling that benefits from Swagger, but... I&#x27;ve found they all work 80%. Codegen, documentation, etc get 80% of the way there.<p>(Also, OAS 3 has linking, which is very similar to your hypermedia complaint)

I&#x27;ve found swagger codegen to be really, really inconsistent between different implementations. A few of them - I recall we had a team using Qt - didn&#x27;t even generate compilable code. When I looked into the infrastructure of the codegen project, I found... mustache.<p>Check it out yourself: <a href="https:&#x2F;&#x2F;github.com&#x2F;swagger-api&#x2F;swagger-codegen&#x2F;tree&#x2F;master&#x2F;modules&#x2F;swagger-codegen&#x2F;src&#x2F;main&#x2F;resources" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;swagger-api&#x2F;swagger-codegen&#x2F;tree&#x2F;master&#x2F;m...</a><p>Mustache is fine for doing a little view rendering, but for language generation... it&#x27;s really obnoxious to use. Say you want to customize the output. Well, now you&#x27;re basically replacing one of those magic .mustache files. And what&#x27;s the model you use to generate those mustache files? Well, you got to look through the codebase for that.<p>I ended up just not using swagger-codegen, and created my own StringTemplate based system, which got the job done a lot faster. The swagger core model was really janky to build logic around, however, so this system was really implementation specific.<p>In the end, were I to do it all over again, I would have probably just built a different mechanism. And honestly, building your own damn little DSL and code generators for your use case will probably be faster then integrating Swagger. <i>Especially</i> if you do not use the JVM as part of your existing toolchain.<p>I&#x27;ve not found anything to support multiple languages easily. If I were to do something today, I&#x27;d probably create a custom API DSL, custom code generators, with an output for asciidoctor (which is awesome) and example and test projects that test the generated code. Once you get the pipeline going the work is pretty straightforward.

While Swagger might not be perfect (some pain points are addressed with OpenAPI v3) it works IMHO pretty well for us (Zalando) and myself doing API first:<p>* use a decent editor to write the YAML e.g. <a href="https:&#x2F;&#x2F;github.com&#x2F;zalando&#x2F;intellij-swagger" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;zalando&#x2F;intellij-swagger</a> * do not write any boilerplate code and do not generate code (if that&#x27;s possible in your env), e.g. by using <a href="https:&#x2F;&#x2F;github.com&#x2F;zalando&#x2F;connexion" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;zalando&#x2F;connexion</a> (Python API-first) * follow best practices and guidelines to have a consistent API experience, e.g. <a href="https:&#x2F;&#x2F;zalando.github.io&#x2F;restful-api-guidelines&#x2F;" rel="nofollow">https:&#x2F;&#x2F;zalando.github.io&#x2F;restful-api-guidelines&#x2F;</a><p>Most importantly Swagger&#x2F;OpenAPI gives us a &quot;simple&quot; (everything is relative!) language to define APIs and discuss&#x2F;review them independent of languages as teams use different ones across Zalando Tech.

I really like the idea of HATEOAS but I have never seen hypermedia controls done in the wild across any companies I&#x27;ve worked for nor on any client projects. I think it&#x27;s very cool but a lot of development patterns don&#x27;t consider it.

TL;DR version:<p>The first problem is that Swagger encourages codegen, and in static languages, said codegen is often unnecessarily restrictive when parsing input data. Adding a new enum member, and what that does to an existing Java client (that maps it to Java enum, which now has a missing member), is given as an example.<p>The second and third problems are actually one and the same, and that is that Swagger doesn&#x27;t do Hypermedia. If you don&#x27;t know what that and HATEOAS is, this entire part is irrelevant to you. If you do know, and you believe it&#x27;s a fad, then you wouldn&#x27;t agree with any points in that complaint. If you do know and like it, then you already know what it is about (it&#x27;s basically just rehashing the usual &quot;why HATEOAS is the only proper way to do REST&quot; narrative, with Swagger as an example).<p>The last problem is that if you do API first (rather than YAML first), it&#x27;s overly verbose, and can potentially leak implementation details into your spec.

This seems more like, &quot;issues with how Swagger is used in Java&quot;. A lot of Java developers are used to the SOAP APIs of yesteryear, and thus try to create clients with Swagger when they should be using gRPC or Thrift.<p>In other language paradigms, I haven&#x27;t faced this issue. Swagger is _just_ documentation, and a nice front-end on top. The Java annotations definitely make it easy to generate, though, I&#x27;ll give it that.

In my team we established a process where our first step is to write down the spec of the API, in swagger format.<p>The spec is the source of thruth, and is written manually in yaml (that&#x27;s not that painful). The implementation comes later. Unit tests check that it conforms with the spec. [1] We also have a fake API almost completely autogenerated from the spec that&#x27;s quite useful for preliminary testing of the clients.<p>Client code generation wasn&#x27;t up to my expectations, but I&#x27;ve experimented with applying an handwritten template to a parsed spec and that seems viable.<p>Swagger as a format might have its quirks, but the tooling is there and having it as the authoritive source of thruth paid off for Us.<p>[1] <a href="https:&#x2F;&#x2F;bitbucket.org&#x2F;atlassian&#x2F;swagger-request-validator" rel="nofollow">https:&#x2F;&#x2F;bitbucket.org&#x2F;atlassian&#x2F;swagger-request-validator</a>

We use swagger heavily and I can say the following: 1) We use the tolerant reader pattern. It is entirely possible to generate tolerant client code where the enum and adding new element does not cause issues. The problem here is not swagger but poor code gen.<p>2) We use hypermedia in all of our APIs extensively, I don&#x27;t see how this is impacted by swagger? Hypermedia is a runtime discovery mechanism and so other than declaring the link structures in your schema, has no place in swagger. We don&#x27;t use HAL, and wouldn&#x27;t recommend it either.

I&#x27;m surprised RAML isn&#x27;t suggested as na alternative. <a href="http:&#x2F;&#x2F;raml.org&#x2F;" rel="nofollow">http:&#x2F;&#x2F;raml.org&#x2F;</a>

&gt; To mitigate this problem just stop generating code and doing automatic deserialisation.<p>No! WTF?! Just use generators that produce code that is resilient to a changing API. Why would you get rid of a huge productivity boost because the generator doesn&#x27;t produce code you like? That&#x27;s trading two hours of work to change the generator, for many multiple hours of reproducing the proper API, especially if you have many to support.<p>I stopped reading right there. My personal biggest issue with swagger is that they threw the baby out with the bath water, reproducing XSD in Yaml, for no good reason. The UI they produced was nice, and that is probably the best feature of swagger. But the data format doesn&#x27;t solve a new problem IMO, it just created a new standard that we all have to deal with.<p>What is that now? Corba IDL, XSD, protobuf, thrift, avro, Swagger, Raml... I&#x27;m sure because of the flaws in each of those, we really should just use the new OpenAPI.<p>Or just get rid of them all and go bare metal with Cap&#x27;n Proto. Oh but don&#x27;t use code generators for any of those, because that would make it way too easy to support all of them with a single API &lt;&#x2F;sarcasm&gt;.

&gt; The rest of the URIs are provided by Hypermedia.<p>I know this sounds awesome but in practice, it&#x27;s really useful to have my swagger UI exposing the endpoints for our front-end developers to consume. What a pain it&#x27;d be for me to tell them &quot;hit &#x2F; and see what you get!&quot;<p>Having HAL links between resources is great and this discovery aspect of HATEOAS makes a lot of sense in development. But having a single entrypoint &quot;homepage&quot; to the API, when it comes to swagger, doesn&#x27;t make sense.<p>I ran into this when I asked another department for the endpoint to hit for certain data. I was given a swagger page with a bunch of &quot;&#x2F;status&quot; endpoints that would then reveal additional endpoints. Who knows what rabbit hole I was sent down. I just needed the endpoint and the necessary parameters.<p>If I were a third party or some outside developer consuming the API, it kind of makes sense. But our internal swagger docs really should reveal endpoints. I would feel like a big asshole if I asked my front-end co-worker to just &quot;hit &#x2F;status&quot; and see if you get what you need!<p>Disclosure: I don&#x27;t use Swagger codegen. I only use the Docblock markup to document my API and generate the swagger.json that I display on our docs page.

An alternative is to just ditch these complicated documentation formats altogether. Put down your pitchforks, I&#x27;ll explain.<p>The author of REST, Roy Fielding stated that only the entry URL and media type should be necessary to know in advance. Swagger would be considered out-of-band information, if it&#x27;s necessary to have this documentation beforehand then it doesn&#x27;t follow this constraint. Interactions must be driven by hypermedia, an idea which has a very unmarketable acronym.<p>The alternative that is suggested is to <i>document media types, not APIs</i>. If HTML were not a standard and every web page had to define its own technical specifications, the web wouldn&#x27;t have taken off, because it wouldn&#x27;t have been interoperable. Interoperability is key, it reduces friction from transitioning between web pages on different servers. How HTTP APIs are built today is wasteful, there are vendor-specific tooling costs up front and it doesn&#x27;t scale.

I would never write Swagger by hand; why should I when I can have it generated? We are using Swashbuckle[0] to generate Swagger for our ASP.NET Web API, which have been a great experience. We can explore and test the API in Swagger UI. I have been sprinkling a bit of hypermedia on top of this with HAL, mainly just for having links. I have never met anyone wanting to go the full HATEOAS route, but simple links can go a long wa. Swagger UI have been great for this, as HAL alone isn&#x27;t really expressive enough to document what a link means. On the consumer side, I have been using NSwag[1] to generate clients with good results.<p>[0] <a href="https:&#x2F;&#x2F;github.com&#x2F;domaindrivendev&#x2F;Swashbuckle" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;domaindrivendev&#x2F;Swashbuckle</a> [1] <a href="https:&#x2F;&#x2F;github.com&#x2F;NSwag&#x2F;NSwag" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;NSwag&#x2F;NSwag</a>

So many problems in programming are caused by trying to replace code with configuration. I&#x27;ve learned over time that the DRY principle can be harmful. Avoiding repetition is only good when it remains equally readable and powerful.<p>Defining a DSL is almost alway a better idea (but more difficult) than defining a configuration format.

People often don&#x27;t make a crucial distinction: Are you developing an API that happens to be accessible via HTTP or are you developing a Web Service.<p>For an API where you control both the server and the client, you don&#x27;t need to use REST.<p>For a Web Service, where you don&#x27;t control which clients are using, you are better off with a RESTful implementation supporting hypermedia. Especially if you are interested in keeping clients happy and not give them the middle-finger shaped like a incompatible-v2 version of your service.

API Blueprint is much, much cleaner: <a href="https:&#x2F;&#x2F;apiblueprint.org" rel="nofollow">https:&#x2F;&#x2F;apiblueprint.org</a><p>Here&#x27;s a renderer: <a href="https:&#x2F;&#x2F;github.com&#x2F;danielgtaylor&#x2F;aglio" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;danielgtaylor&#x2F;aglio</a><p>It&#x27;s less feature-rich than Swagger but the format is much less of a nightmare.

I stopped reading after the author&#x27;s silly interpretation of enums and why they &quot;weren&#x27;t&quot; useful. The rantings of a beginner don&#x27;t make for a good critique.

I read &quot;YAML, which I call XML for lazy people&quot;... and closed the tab.

So here&#x27;s something I&#x27;ve never quite understood when reading about HATEOAS:<p>&gt; Without hypermedia, the clients would probably have to parse the payload to see if there are some kind of status and then evaluate that status to take a decision whether the order may or not be canceled.<p>In the given example, wouldn&#x27;t the client still need to check whether there actually is a `cancel` link (and know that it _can_ be there), and decide whether or not to call it? In other words, isn&#x27;t it unavoidable that there&#x27;s business logic in the clients?

&quot;..swagger repeats itself a lot with redundant annotations, it also leads to having more annotations than actual code.&quot;<p>(Shameless plug) For this exact problem, we developed a Java library that makes easy to create RESTFul services that&#x27;s highly integrated with Swagger. Here it is: <a href="https:&#x2F;&#x2F;github.com&#x2F;buremba&#x2F;netty-rest" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;buremba&#x2F;netty-rest</a><p>We also tried hard to stick with Swagger-codegen but it&#x27;s far from being stable so eventually we ended up creating a Slate documentation that demonstrates the usage of API with high level HTTP libraries for various programming languages.<p>We convert Swagger spec to HAR representation, create the example usage of the endpoint with httpsnippet from the HAR (<a href="https:&#x2F;&#x2F;www.npmjs.com&#x2F;package&#x2F;httpsnippet" rel="nofollow">https:&#x2F;&#x2F;www.npmjs.com&#x2F;package&#x2F;httpsnippet</a>) and embed it in our Slate documentation using our Slate documentation generator. (<a href="https:&#x2F;&#x2F;github.com&#x2F;buremba&#x2F;swagger-slate" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;buremba&#x2F;swagger-slate</a>)<p>Here is an example: <a href="http:&#x2F;&#x2F;api.rakam.io&#x2F;" rel="nofollow">http:&#x2F;&#x2F;api.rakam.io&#x2F;</a>

&gt; The original problem swagger tries to solve is: API documentation. So, if you need to document an API, use a format that is created for that purpose. I highly recommend using Asciidoctor for writing documentation. There are some tools for Java that help you with this. However they are somehow technology specific. For instance Spring REST Docs works very well if you are using Spring &#x2F; Spring Boot.<p>I have used Asciidoctor + Spring REST Doc to document a complex REST API and my experience was almost complete the opposite for a number of reasons.<p>1.) Asciidoctor is powerful but exceedingly tedious to edit. It&#x27;s especially painful to use for documenting an API in advance--wikis like Confluence are far easier to use and also allow commenting.<p>2.) Spring REST Doc generates snippets of asciidoc text that you must laboriously incorporate into the parent asciidoc. It&#x27;s particular painful when combined with maven (another source of pain for some of us). Anybody who has asked the question &quot;where do I look in target to find my output?&quot; as well as &quot;now that I found the output how do I make it go somewhere else instead?&quot; knows what I mean.<p>3.) The unit tests that Spring REST Doc depends on to generate output are hard to maintain for anything beyond trivial cases. I&#x27;ve spent countless hours debugging obscure bugs caused by Spring IoC problems. Also, the DSL format used to define output of examples is hard to understand--just getting URLs to show https schemes and paths takes time.<p>Finally, I would disagree that Swagger is purely designed to document existing REST interfaces. We&#x27;re using it to design the interfaces in advance. It&#x27;s not perfect but works better than other tools I have found let alone informal specification via a wiki. Spring REST Doc is close to useless for design.

It looks like the perfect workaround is to use some middleware to autogenerate the Swagger docs, at least to keep code and documentation in sync. After a while I found myself doing the opposite, using Swagger to autoconfigure endpoints (<a href="https:&#x2F;&#x2F;github.com&#x2F;krakenjs&#x2F;swaggerize-express" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;krakenjs&#x2F;swaggerize-express</a>) and even mongodb models (<a href="https:&#x2F;&#x2F;github.com&#x2F;pblabs&#x2F;swaggering-mongoose" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;pblabs&#x2F;swaggering-mongoose</a>). Here is my actual reference architecture: <a href="https:&#x2F;&#x2F;github.com&#x2F;pibi&#x2F;swagger-rest-api-server" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;pibi&#x2F;swagger-rest-api-server</a><p>Best thing about this approach is the clean separation between API definitions and the implementation (all over the stack), so the teams can just discuss about how to organize the resources and how to use them.

Here is a cached version as the site is currently giving me an HTTP 500: <a href="http:&#x2F;&#x2F;webcache.googleusercontent.com&#x2F;search?q=cache:uQABqVCV2b0J:blog.novatec-gmbh.de&#x2F;the-problems-with-swagger&#x2F;+&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us" rel="nofollow">http:&#x2F;&#x2F;webcache.googleusercontent.com&#x2F;search?q=cache:uQABqVC...</a>

To be honest I didn&#x27;t knew that Swagger could generate API - still i wouldn&#x27;t use anything that generates code from some description (attempts I heard of didn&#x27;t worked out well in the past).<p>In projects I worked in Swagger was used to generate callable API from existing implementation: add annotations (which are ugly :&#x2F;, especially in Scala, where such javaism hurts eyes even more), generate json, open it in Swagger UI and let devs play with API.<p>What hurt me recently was 3.0 release - basePath got broken so, I got calls generated with double slash (`host&#x2F;&#x2F;api&#x2F;call` etc.), and oauth2 is completely broken and I cannot authenticate requests. 2.0 works with no issues, though I find it sad that the vanilla version I downloaded uses hardcoded client_id and client_secret.

My problem with Swagger is the Swagger editor. It just works sometimes, but sometimes everything is just red for no reason. Tried with Safari, ChrOme, Ff on different Macs. Am I the only one who thinks this tool is unusable?<p>Edit: Cheers to you guys at Novatec, have to take a look on InspectIT again.

I think Swagger is nice--codegen makes it simple to generate API clients for various languages&#x2F;frameworks. Saves a lot of time and potential sources of errors. If there is something easier&#x2F;better&#x2F;more reliable, then I am all ears, but Swagger keeps getting better.

Why are folks using Swagger or other tools for supposedly simple REST services at all? It&#x27;s not like Swagger is a &quot;standard&quot; or something, and from the comments it appears using tooling for REST is a zero-sum game or even net loss.

Most of developers use Swagger wrong. But this is the right approach: <a href="https:&#x2F;&#x2F;github.com&#x2F;swagger-api&#x2F;swagger-node&#x2F;" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;swagger-api&#x2F;swagger-node&#x2F;</a><p>Swagger is a contract. From contract you can generate documentation, client, input&#x2F;output data validation, mock responses, integration tests, and something else, I&#x27;m sure.<p>If you start development from swagger — you can get everything in sync. That way you can&#x27;t forget to update documentation, validation rules, tests, or whatever you generate from swagger. That way you can do work once! No work multiplication!<p>It makes development So Much Easier!

I also looked at swagger but found it needlessly complex for my needs. I opted for blueprint api coupled with aglio to generate html docs and also provided a nicely prepped postman collection including testing :)

I think Koa (or Express) are the best tools for developing an API spec&#x2F;mock&#x2F;doc that&#x27;s useable and useful from the get go. You can have an endpoint working in seconds, and it&#x27;s easy to add all the different scenarios you need. Dropping in middleware is easy too. And if you write your code well, it&#x27;s self documenting.<p>And ultimately, it&#x27;s documentation for developers. I think it&#x27;s as easy for a non-js dev to parse and understand an endpoint controller than it is to parse whatever freaky-deaky API documentation someone has cobbled together.

Whilst Swagger Codegen doesn&#x27;t create perfect libraries and some of the generators don&#x27;t support all the features, once it&#x27;s set up, it&#x27;s just as easy to create a client for every language as it is for just one.<p>For example, we create multiple client libraries, HTML documentation and a partial server (so we don&#x27;t have to manually write the parameter parsing and models serializers).<p>Another advantage is you can start consuming the API as soon as the API design is agreed, by using a generated mock server instead of waiting for the real one to be implemented.

In terms of API documentation, the biggest problem is making sure the documentation is in sync with the actual code. I&#x27;m looking into using JSON Schema [1] along with Swagger and Dredd [2]. Making it all language-agnostic is a key. If anyone is doing anything similar, please, share your experience.<p>[1] <a href="http:&#x2F;&#x2F;json-schema.org&#x2F;" rel="nofollow">http:&#x2F;&#x2F;json-schema.org&#x2F;</a><p>[2] <a href="http:&#x2F;&#x2F;dredd.readthedocs.io&#x2F;en&#x2F;latest&#x2F;" rel="nofollow">http:&#x2F;&#x2F;dredd.readthedocs.io&#x2F;en&#x2F;latest&#x2F;</a>

This is a bit off topic, but I feel that Swagger etc... and actually most API docs are to human centric. You can&#x27;t auto chain APIs together without a lot of developer intervention. The one thing I saw that allowed that was SADI services [1]. An awesomely pragmatic use of the semantic web. Pity it did not get picked up by Google etc...<p>[1] <a href="http:&#x2F;&#x2F;sadiframework.org&#x2F;" rel="nofollow">http:&#x2F;&#x2F;sadiframework.org&#x2F;</a>

I with there was a way to easily generate a swagger spec from a java project as a build artifact out of the box, instead of having to serve the spec as a dedicated API endpoint. There are some plugins, such as swagger-maven-plugin [0], that do give you this functionality, though.<p>[0]: <a href="https:&#x2F;&#x2F;github.com&#x2F;kongchen&#x2F;swagger-maven-plugin" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;kongchen&#x2F;swagger-maven-plugin</a>

Agreed with some and not all. In essence anythung can be abused. Seagger being URI is well documented well argued problem. And no support for hypermedia too. Asciidoc and Spring Rest Docs shine there.<p>But annotations is not IMHO. Swagger also doesny make thing more complex, they already are. Swagger also doesnt amke reading docs difficult as such *apart from URI problem above.<p>Also Spring Rest learnt from mistakes of Swagger so its a bit unfair on swagger.

Checkout Spring REST Docs <a href="http:&#x2F;&#x2F;docs.spring.io&#x2F;spring-restdocs&#x2F;docs&#x2F;current&#x2F;reference&#x2F;html5&#x2F;" rel="nofollow">http:&#x2F;&#x2F;docs.spring.io&#x2F;spring-restdocs&#x2F;docs&#x2F;current&#x2F;reference...</a> . Always uptodate docummentation, which double serves as tests, support HATOAS and more..

For those that find it tedious to write swagger by hand, I&#x27;ve been using Stoplight[1] at work and it&#x27;s been working pretty well. You can create the spec from scratch, or use their proxy to auto-document your api.<p>[1]: <a href="https:&#x2F;&#x2F;stoplight.io&#x2F;" rel="nofollow">https:&#x2F;&#x2F;stoplight.io&#x2F;</a>

I am working on auto generating clients with built in service subscription based discovery, shock absorbers and circuit breakers based on open api (swagger). We design our APIs with customer focus and therefore haven&#x27;t run into some of these problems so far.

Problems with Swagger, it is really unfortunately named. I have never used Swagger, to me it projects an aura that it is a quickly hacked weekend project its authors did not put any effort to at least name properly. Yes, I know it is irrational.

Swagger is also a partial solution. I&#x27;d rather provide an API client library and clearly document how to use the client library and not the underlying REST API.

XSD is bulletproof. Why don&#x27;t we just keep using XSD?

One problem... it takes Swagger thirty-freakin-seconds to load its auto-generated whatever for Magento Community, and it has to do this every freakin time!

Oh, man. There is so much wrong with this article. Here we go:<p>&gt; The documents are written in YAML, which I call XML for lazy people<p>No. That&#x27;s ridiculous. XML (and JSON, for that matter) is designed to be read and written by machines, not humans. (If the design goal was actually primarily for humans to read and write it, the designers failed. Miserably.) YAML is a nice middle ground, in that it can be unambiguously parsed by a machine, but is also fairly pleasant and forgiving for humans to write.<p>&gt; The enum thing<p>This is a problem with the code generators, not with Swagger as a spec. Any API definition format that allows enums (and IMO, all should) will have this &quot;problem&quot;.<p>Language-native enums are way better to deal with than stringly-typed things. An alternative might be to generate the enum with an extra &quot;UNKNOWN&quot; value that can be used in the case that a new value is added on the server but the client doesn&#x27;t know about it.<p>However, I would consider adding a value to an enum to be a breaking API change, regardless of how you look at it. What is client code expected to do with an unknown value? In some cases it might be benign, and just ignoring the unknown value is ok, but I&#x27;d think there are quite a few cases where not handling a case would be bad.<p>I agree with the author that &quot;adding a new element to the structure of the payload should NEVER break your code&quot;, but that&#x27;s not what adding an enum value is. Adding a new element to the structure is like adding a brand-new property on the response object that gives you more information. The client should of course ignore properties it doesn&#x27;t recognize, and a properly-written codegen for a Swagger definition should do just that.<p>&gt; Nobody reads the documentation anymore.<p>The author admits this issue isn&#x27;t specific to Swagger, and yet harps on it anyway. What?<p>&gt; No Hypermedia support ... Which means, you can change that business logic whenever you want without having to change the clients... Swagger is URI Centric<p>Oh god. I don&#x27;t care what Roy Fielding says. No one has embraced hypermedia. It&#x27;s irrelevant. Move on.<p>Being able to change biz logic has nothing to do with hypermedia. That&#x27;s just called &quot;good design&quot;. That&#x27;s the entire point of an API: to abstract business logic and the implementation thereof from the client.<p>Regardless, the entire idea of being able to change your API without changing the clients is just silly. If you&#x27;re changing the API purely for cosmetic reasons, just stop, and learn how to be a professional. If you&#x27;re changing the API&#x27;s actual functionality or behavior, the code that <i>calls</i> the client needs to know what the new functionality or behavior is before it can make use of it, or if it&#x27;s even safe to make use of it. I imagine there are some small number of cases where doing this &quot;automatically&quot; is actually safe, but the incidences of it are so vanishingly small that it&#x27;s not worth all the extra complexity and overhead in designing and building a hypermedia API.<p>APIs are not consumed by &quot;smart&quot; clients that know how to recurse a directory tree. They are consumed by humans who need to intelligently decide what API endpoints they need to use to accomplish their goals. Being able to write a dumb recursing client that is able to spit out a list of API endpoints (perhaps with documentation) is a cute trick, but... why bother when you can just post API docs on the web somwehere?<p>This section is irrelevant given my objections to the last section.<p>&gt; YAML generation (default Java codegen uses annotations, codegen via this way will leak implementation details)<p>Well, duh, don&#x27;t do it that way. Do API-first design, or at least write out your YAML definition by hand after the fact. If nothing else, it&#x27;s a good exercise for you to validate that the API you&#x27;ve designed is sane and consistent.<p>&gt; Swagger makes a very good first impression<p>Yes, and for me, that impression has mostly remained intact as I continue to work with it.<p>&gt; What are the alternatives?<p>Having worked with both Spring and JAX-RS, I find it hard to take someone seriously if they&#x27;re strongly recommending it as a better alternative to something as fantastic as Swagger. Also note that the author previously railed on the reference impl Java tool for its reliance on annotations... which... same deal with Spring and JAX-RS.

&gt; The Problems with Swagger<p>&gt; This is a Swagger misusage problem, not a problem from Swagger per sé.<p>The TL;DR is a list of gotchas and best practices the author has learned from using Swagger.