Show HN: We made a tool to help developers improve OpenAPI specs (github.com)
Hey, I'm Martyn and I recently joined Zuplo. OpenAPI is a huge part of what we do, but getting a document up to scratch out of the gate, especially if you're not super well versed in the actual specification and what you should use and when.
So we built a suite of tools to help with this called Rate My OpenAPI. It will score your OpenAPI document out of 100, as well as giving you individual scores in 4 key areas; completeness, SDK generation, security and documentation.
Along with the score, you also get details of what the issues, or errors are, as well as guidance on what they actually mean and why they're important.
We exposed the API for it using Zuplo, and then built a CLI, and a GitHub Action on top of that so that you can add Rate My OpenAPI into your workflow however you like.
You can check it out and use all of this right now, for free. I've already found it extremely useful and I hope you do to.
Feedback is absolutely welcome!
21 comments
[ 4.7 ms ] story [ 72.0 ms ] threadIn general I get a feeling that it's just a small feature who wants to become a paid product.
Thanks for the feedback, appreciate you taking the time to try it out and comment.
We, some users, find that when there is no price for the service then we're paying with our data. It may be sold or used in unintended ways. It should be mentioned somewhere in ToS what you're going to do with the data, right? Oh wait, there is no ToS...
1. Its fine to implement this as a web service. It makes it much more flexible to implement in multiple locations. (CLI, website, other backend)
2. Its something someone spent time making, that could help you, that theyre giving away at no cost. Future aside thats a nice gesture that should be celebrated.
3. OpenAPI specs on average are not precious, not very valuable to other parties.
4. If yours is, and contains super secret proprietary information you can't afford to leak, thats ok, you do not have to use this.
Rating an API specification using a set of rules based on opensource linter is a trivial task which can be easily implemented in such a way so it can be used both offline and online. Relying on a service adds additional latency.
> 2. Its something someone spent time making, that could help you, that theyre giving away at no cost. Future aside thats a nice gesture that should be celebrated.
Feedback was asked, feedback was received. Running the service which does server side processing costs money. There is no free lunch. They are providing the CLI so why not implement it directly there to save the costs?
> 3. OpenAPI specs on average are not precious, not very valuable to other parties. >4. If yours is, and contains super secret proprietary information you can't afford to leak, thats ok, you do not have to use this.
That's why there should be Terms of Service - they need to say how they are going to use/process my data on their servers. I know how much value my data has and I want to know what I am signing for.
btw. maybe it might be better if this was integrated into the linter of your framework that builds the OpenAPI specification?
Zuplo is has an Api Manager product "designed for developers". How would they be able to market and sell their product if it was just a CLI tool? Or gather developers' contact information for sending ads? This service is a good honeypot.
Sorry for being salty but it smells a bit fishy here - there are a lot of representatives in comments thanking for feedback but avoiding all interesting questions
When I originally looked at it, I assumed that there was going to be some collaboration or other form of discussion tool to help others navigate your spec file and provide feedback. As it is, it doesn't feel like its adding the much value.
RateMyOpenAPI is really designed as a quick litmus test to help people get their OpenAPI doc (and thus their documentation) in a good shape quickly, vs the hassle of setting up of individual rules.
People find it quite helpful to quickly build a todolist of things to do with their OpenAPI doc to get it into a much better state.
Spectral is a JSON/YAML linter with custom rulesets, with out of the box support of OpenAPI and AsyncAPI.
I use it Spectral for OpenAPI feature analysis, much as described here: https://github.com/stoplightio/spectral-documentation
What I was seeing in OpenAPI docs is that everyone seemed stuck on Swagger for most interop. And if you really wanted generated clients/servers, you were likely using a framework where the fact that it also generated a swagger doc was a bit of a side benefit that didn't actually matter.
Back in the day, the best feature of SOAP API's was that they were documented in a machine readable fashion. Point your IDE at the WSDL endpoint and it would autogenerate an API client for you. OpenAPI and the various tooling around it finally offer us something similarly convenient for REST API's.
In an example[1], three paragraphs start with "Oh boy" and "Oh dear". There are also "whopping 272 invalid schema examples" (twice), "whopping 334 rate limit responses", and a recommendation to "add rate limiting to a whopping 173 operations".
The prompts[2] contain "You like chatting in a playful, and a somewhat snarky manner.", "Keep the tone casual and playful, and a bit snarky.", so this seems partly intentional.
But even without the snark the AI summary looks unhelpful to me and I'd prefer a tool without LLM. So, Spectral[3] I guess.
[1]: https://ratemyopenapi.com/report/31bae2fb-bda1-471b-8c1d-142...
[2]: https://github.com/zuplo/rate-my-openapi/blob/0fcef3702592d8...
[3]: https://github.com/stoplightio/spectral