
---

# 📐 Contract Tests & Schema Snapshots

> **Intent** → Prove your API **hasn’t broken clients** by locking down **response shapes** and **OpenAPI schema** over time.

---

## 🧭 What Are Contract Tests?

* Tests that verify the **public contract** (status codes, fields, types, enums)
* Focus on **responses and errors**, not internal implementation
* Fail when a change would **break consumers** (web, mobile, partners)

---

## 🧾 Schema Snapshots (OpenAPI)

* Export current **OpenAPI JSON** and store as a **snapshot**
* On CI, compare new schema → snapshot
* If diff is unintended, tests fail → prevents accidental changes

---

## 🎯 What to Lock Down

* **Routes** and **methods** (no surprise renames/removals)
* **Response models** (required fields, types, nullability)
* **Error shapes** (`detail`, codes, field errors)
* **Enums & examples** (don’t silently change meanings)
* **Security schemes** (auth flows, scopes)

---

## 🧪 Golden Responses

* Save **known-good JSON** for key endpoints (happy + error paths)
* Compare future responses against goldens (stable order/format)
* Normalize time/IDs to avoid flaky diffs (e.g., mask or freeze)

---

## 🔁 Versioning Strategy

* For **breaking changes**, bump API version (e.g., `/v2`)
* Keep **v1** contract unchanged until fully deprecated
* Communicate deprecations via headers and docs

---

## 🧯 Managing Expected Changes

* When intentional change: update **snapshot** and **changelog**
* Add **compat adapters** during migrations (old → new shape)
* Provide **feature flags** or **preview headers** for early adopters

---

## 📊 CI Integration

* Run contract tests on every PR
* Produce a **human-readable diff** (routes added/removed, fields changed)
* Block merges on unexpected schema diffs

---

## 🔐 Safety & Compliance

* Don’t snapshot **sensitive data**; use sanitized fixtures
* Ensure error bodies don’t leak internals (stack traces, SQL)

---

## ✅ Outcome

Your API stays **predictable and backward compatible**. Contract tests and schema snapshots **catch breaking changes early**, protecting client apps and enabling safe, iterative evolution.
