10x DevEx �Shift-Left API Governance = CycleTime/2

© 2025 All Rights Reserved

Misconceptions about API Design, Tooling and Governance

© 2025 All Rights Reserved

© 2025 All Rights Reserved

How about �HTTP REST and OpenAPI’s DevEx?

Given how widely they are used,

we should expect great developer experience by now, right?

© 2025 All Rights Reserved

© 2025 All Rights Reserved

© 2025 All Rights Reserved

© 2025 All Rights Reserved

Seamless, easy, frictionless (drive autonomy and self-service)

© 2025 All Rights Reserved

Efficient, performant and reliable at scale

© 2025 All Rights Reserved

Shift-left (early feedback) and avoid late surprises

© 2025 All Rights Reserved

Safe-fail experimentation – key for learning & growing

© 2025 All Rights Reserved

Integrated & Unified (no context switching/jumping thru hoops)

© 2025 All Rights Reserved

Customizable and Extensible (plugin/extension architecture)

© 2025 All Rights Reserved

Observability for data-driven decision making

© 2025 All Rights Reserved

Time & space independence for creative problem solving

© 2025 All Rights Reserved

Trust, transparency and clear accountability

© 2025 All Rights Reserved

What could be a much better DevEx?

© 2025 All Rights Reserved

© 2025 All Rights Reserved

Contract Driven Development – In a nutshell

API Design First

• Shift Left all the way to Design

• Reduced time-to-market due to Parallel Development

• Enhanced DevEx with improved Collaboration

• Resilient API Building Blocks

© 2025 All Rights Reserved

© 2025 All Rights Reserved

This is a common problem for anyone in the

microservices and micro-frontend hell-hole

© 2025 All Rights Reserved

© 2025 All Rights Reserved

23

© 2025 All Rights Reserved

24

© 2025 All Rights Reserved

Why are we finding these issues so late in the game?

Let’s understand what was happening?

© 2025 All Rights Reserved

Issues we discovered �(even though the team thought everything was under control)

• Even though there is a CI step to generate and push the latest OAS file in dev portal, in some cases, it was out of sync
• Even though OAS is generated from code using CodeGen, when we ran contract tests against the code, it would fail
• Consumers would have done development using request/response pairs, hoping that they would get the service in dev env to test before the release, but often that would come very late and real testing would happen in SIT
• Between design and development, as more knowledge and constraints are revealed, the API schema and design would evolve, but the same would not be captured and communicated explicitly to the Architect and Consumers
• While updating existing APIs, the changes would break backward compatibility - but would only identify this during regression testing with an older version of the consumer
• Test data management across 100s of systems was extremely difficult
• External dependencies (payment gateways, service subscription integration) not available for testing
• Perf testing and chaos testing in Staging env would surface issues with back-pressure (circuit breaker) or empty state and error state handling

© 2025 All Rights Reserved

© 2025 All Rights Reserved

Contract Testing using Pact

What did we discover…

© 2025 All Rights Reserved

© 2025 All Rights Reserved

Due to these mismatches & the steep learning curve

Pact did not work out for us

© 2025 All Rights Reserved

What is an API contract?

Based on this learning, what are the key attributes of an API Contract?

© 2025 All Rights Reserved

Our criteria for a viable API contract included:

• Standards based; machine parse-able (OpenAPI, ASyncAPI, WSDL)
• Tech stack and programming language agnostic
• Friendly to all the stakeholders (Devs, SDETs/QAs, Architects)
• Established ecosystem with a strong community
• Something the team is already using at Design time

© 2025 All Rights Reserved

Hand-rolling mocks using request/response pairs is a bad idea

Wiremock (MockLab) to rescue

© 2025 All Rights Reserved

© 2025 All Rights Reserved

Wiremock - Challenges

• You can feed spec incompatible examples, wiremock would happily serve them
• there were no validation of examples to make sure your test data is spec compliant
• Wiremock does not have any built-in checks to make sure the spec you have given it, is correct and the provider is adhering to it

© 2025 All Rights Reserved

API Provider

Contract Test the API provider using the same OpenAPI Spec that the API consumer is using with Wiremock

© 2025 All Rights Reserved

Dredd

• Project was not seeing active updates at the time
• Lack of support for OpenAPI 3
• Very NPM heavy and difficult to easily integrate into the Java tech ecosystem

​

We also looked at a few other tools including ReadyAPI which did not support contract testing and was a paid tool.

© 2025 All Rights Reserved

Decided to build an inhouse tool with the following expectations…

© 2025 All Rights Reserved

Support specification standards like OpenAPI, WSDL, AsyncAPI

​

© 2025 All Rights Reserved

Same tool for service virtualization and contract testing��API Specifications as Executable Contracts

© 2025 All Rights Reserved

Collaborative at heart - forcing function for collaboration

© 2025 All Rights Reserved

No Code solution - language and tech stack agnostic

© 2025 All Rights Reserved

Great UX for Architects, Devs (Provider and Consumers), Testers

© 2025 All Rights Reserved

Independent development and deployment

© 2025 All Rights Reserved

CI native - runs everywhere from local to CI to test envs

© 2025 All Rights Reserved

Contract Driven Development – In a nutshell

API Design First

• Shift Left all the way to Design

• Reduced time-to-market due to Parallel Development

• Enhanced DevEx with improved Collaboration

• Resilient API Building Blocks

© 2025 All Rights Reserved

https://insights.specmatic.io/

© 2025 All Rights Reserved

Hit me up!

naresh.jain@specmatic.io

https://linkedin.com/in/nareshjain/

nashjain

https://nareshjain.in

© 2025 All Rights Reserved