SpecVault Docs

Overview

SpecVault is a fully hosted API contract registry that versions your OpenAPI specs and automatically notifies consumer teams when a new release breaks something they depend on.

What is SpecVault?

SpecVault solves a specific problem: producer teams publish API changes that break consumers, and nobody finds out until something fails in production. The traditional fix — "communicate changes over Slack" — doesn't scale when you have multiple services, multiple consuming teams, and weekly releases.

SpecVault gives every API a version history backed by its OpenAPI spec. When you publish a new spec version, SpecVault automatically diffs it against the previous one, identifies breaking changes, and emails every subscribed consumer team with a detailed report — before the release ships.

How it works

SpecVault operates in three steps:

1
Register — Create a service
Add your API as a service in SpecVault. Give it a name, team owner, and base URL. One-time setup per API.
2
Publish — Upload or fetch a spec
Paste a URL to your spec or upload a YAML/JSON file. SpecVault stores the spec, counts endpoints, and automatically diffs against the previous version.
3
Get alerted — Subscribers receive email notifications
Consumer teams subscribe to services they depend on. When a publish detects breaking changes, every subscriber receives an email listing each breaking change with endpoint details.

Key capabilities

Version history

Every spec version is stored with its full content, endpoint count, publish date, and the user or API token that published it. You can view the diff between any two versions directly in the dashboard.

Breaking change detection

SpecVault's diff engine compares consecutive spec versions and flags changes that would break existing consumers:

  • Removed endpoints (path + method combinations that no longer exist)
  • Removed required request parameters
  • New required request parameters added without a default
  • Removed response fields
  • Type changes on existing fields

Additive changes — new optional parameters, new endpoints, new optional response fields — are not flagged, because they don't break existing consumers.

Email alerts

Subscriber alerts are sent immediately on spec publish when breaking changes are detected. Each alert includes the service name, version number, and a detailed list of breaking changes with HTTP method, path, and change description.

API tokens

Generate machine-readable tokens for publishing specs from CI/CD pipelines. Tokens are bcrypt-hashed at storage; the plain value is shown only once on creation. Any pipeline with a valid token can publish a spec via a simple POST request.

Audit log

Every significant action — spec publish, service create/update, token create/revoke, login — is recorded in the audit log with timestamp and actor. The log is viewable in the dashboard and exportable as JSON.

Fully hosted

SpecVault runs as a fully managed service — there is nothing to install, deploy, or maintain. Sign in at specvault.sentinelflux.in, register your services, and start publishing specs. We handle hosting, TLS, upgrades, and backups for you.

Hosted SaaS. SpecVault is a hosted product, not a self-hosted or open-source package. Your data is isolated per account on infrastructure we operate and back up. Access the app any time at specvault.sentinelflux.in.

Where to go next