API Release Checklist
Use this checklist before merging or deploying an API change. Everything runs in your browser — your spec, sample responses, and notes never leave this page.
When to use this
- Before merging a PR that adds or changes a public endpoint.
- Before promoting a build from staging to production.
- During pre-release review with QA or security.
How this checklist works
Some items run a quick local check (e.g. scanning sample responses for secrets or PII). Others are manual confirmations or open another tool. When you finish, copy the report as Markdown to paste into your PR description, ticket, or Slack.
Privacy
This page is a static HTML file. The checklist component runs locally in your browser. The raw text you paste into the Run boxes stays in memory and is never saved. Your progress — checked items, notes, owner/reviewer, and each check's verdict and trimmed output — is saved to localStorage in this browser so you can resume, and you can remove it any time with Reset or the footer's "Clear local data" action.
Related tools
- OpenAPI Client Snippets
- Secrets Scanner
- PII Detector / Redactor
- JSON Diff
- HTTP Security Headers Analyzer
Other release checklists
What to capture during this API release
Use the checklist as a release note template, not just a pass/fail list. Capture OpenAPI parse result, representative response samples, auth notes, security-header observations, and the person who approved release readiness. This gives reviewers enough context to understand what changed and what still needs follow-up.
Common blockers
- Evidence is copied from staging but the production path, host, or namespace is different.
- A secret, token, cookie, or personal field appears in an example that will be shared outside the team.
- The release owner signs off without a clear rollback note or known-risk comment.
Helpful next checks
- OpenAPI Diff for the hands-on artifact review.
- API Debugging Studio for a second pass before sharing or deployment.