Overview
SpecVault is a fully hosted API contract registry that versions your OpenAPI specs and automatically notifies consumer teams when a new release breaks something they depend on.
What is SpecVault?
SpecVault solves a specific problem: producer teams publish API changes that break consumers, and nobody finds out until something fails in production. The traditional fix — "communicate changes over Slack" — doesn't scale when you have multiple services, multiple consuming teams, and weekly releases.
SpecVault gives every API a version history backed by its OpenAPI spec. When you publish a new spec version, SpecVault automatically diffs it against the previous one, identifies breaking changes, and emails every subscribed consumer team with a detailed report — before the release ships.
How it works
SpecVault operates in three steps:
Key capabilities
Version history
Every spec version is stored with its full content, endpoint count, publish date, and the user or API token that published it. You can view the diff between any two versions directly in the dashboard.
Breaking change detection
SpecVault's diff engine compares consecutive spec versions and flags changes that would break existing consumers:
- Removed endpoints (path + method combinations that no longer exist)
- Removed required request parameters
- New required request parameters added without a default
- Removed response fields
- Type changes on existing fields
Additive changes — new optional parameters, new endpoints, new optional response fields — are not flagged, because they don't break existing consumers.
Email alerts
Subscriber alerts are sent immediately on spec publish when breaking changes are detected. Each alert includes the service name, version number, and a detailed list of breaking changes with HTTP method, path, and change description.
API tokens
Generate machine-readable tokens for publishing specs from CI/CD pipelines. Tokens are bcrypt-hashed at storage; the plain value is shown only once on creation. Any pipeline with a valid token can publish a spec via a simple POST request.
Audit log
Every significant action — spec publish, service create/update, token create/revoke, login — is recorded in the audit log with timestamp and actor. The log is viewable in the dashboard and exportable as JSON.
Fully hosted
SpecVault runs as a fully managed service — there is nothing to install, deploy, or maintain. Sign in at specvault.sentinelflux.in, register your services, and start publishing specs. We handle hosting, TLS, upgrades, and backups for you.
Hosted SaaS. SpecVault is a hosted product, not a self-hosted or open-source package. Your data is isolated per account on infrastructure we operate and back up. Access the app any time at specvault.sentinelflux.in.
Where to go next
- Quick Start — create a service, publish a spec, and set up a subscriber in under 10 minutes
- Hosting & Security — how SpecVault is hosted, isolated, and secured
- Breaking Changes — exactly what SpecVault flags and why
- GitHub Actions — automate spec publishing from your pipeline