I'm currently working at a company where there is an API first approach, using REST with open API. It seems a great idea, especially to control the public APIs. However, especially compared to GraphQL there are several things not so nice.
If your using advanced features, the Java generation doesn't always produce the correct result. Which means you need go back to a simpler way, less well describing the API.
Although we put authorizations in the definition, they are not shown in the tool used to inspect the API. Also because of the authorizations you can't test the endpoints from the tool. Worse is, besides testing, there is no enforcement on implementing the correct authentications.
If you want to know what's available at a certain environment, you need to know which version of the generated API is used there. While with GraphQL you could just inspect the endpoint.
I also worked with REST without using either OpenAPI or swagger, and that was a lot worse. As we had to make sure the manual written documentation was kept in sync with the actual implementation.
Awful would be great. But as soon as you start using things like anyof etc. it becomes unusable. I might give it a try some day to make it better. It would be very nice if it was better supported, and for example when creating GraphQL based on OpenApi it could also use all of this information.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I'm currently working at a company where there is an API first approach, using REST with open API. It seems a great idea, especially to control the public APIs. However, especially compared to GraphQL there are several things not so nice.
If your using advanced features, the Java generation doesn't always produce the correct result. Which means you need go back to a simpler way, less well describing the API.
Although we put authorizations in the definition, they are not shown in the tool used to inspect the API. Also because of the authorizations you can't test the endpoints from the tool. Worse is, besides testing, there is no enforcement on implementing the correct authentications.
If you want to know what's available at a certain environment, you need to know which version of the generated API is used there. While with GraphQL you could just inspect the endpoint.
I also worked with REST without using either OpenAPI or swagger, and that was a lot worse. As we had to make sure the manual written documentation was kept in sync with the actual implementation.
Yes, I also read that the generated code is often awful.
Awful would be great. But as soon as you start using things like anyof etc. it becomes unusable. I might give it a try some day to make it better. It would be very nice if it was better supported, and for example when creating GraphQL based on OpenApi it could also use all of this information.