Step one of your journey towards becoming a mature API provider is having an API spec.
You can be API-first which means generating code from specs, or do it the other way round.
Each of these approaches has pros and cons which we will discuss separately.

Once you have an API spec you can use various tools to automate different aspects of the API lifecycle.
One of these tools is oasdiff which allows you to check for breaking changes.
Ideally, you should run oasdiff in the CI pipeline to enable a fully automated process which stops the build whenever a breaking change is detected.

When breaking changes are detected there are several options to handle them:

1. Disallow the change and ask the developer to revert it

2. Defer the change to a future API version, for example v2. This may require a project manager approval for changing to the roadmap.

3. Allow the breaking change as an exception (see below).

There are two versioning conventions:

1. Semver: v1.0, v2.0...

2. Date based: Jan2024, 24-1 etc.

When you release a new API version you should keep the older version(s) alive for a while, this gives clients time to adapt.
Use the `Deprecated` OpenAPI keyword to mark older versions of the endpoints that are going to be removed and announce their sunset date with the `x-sunset` extension which is supported by oasdiff.

Removing endpoints without `Deprecated` and `x-sunset` keywords is considered a breaking change.

When releasing a new API version you should also publish a comprehensive changelog highlighting breaking changes alongside the new version to help clients plan and implement the migration.

Tell your clients how long they can expect API versions to be supported, for example, one year from release, or three major versions forward.

Oasdiff requires a minimal grace period before an endpoint can be removed.

While breaking APIs should be minimized you still need the liberty to evolve your APIs for the benefit of your business.
To achieve this, you can mark endpoints with an `x-stability-level` extension and one of: draft, alpha, beta and stable.
Each maturity level can have a different grace period, for example, draft and alpha endpoints may be removed without notice, beta and stable endpoints may be removed after a certain grace period.
You can customize the grace periods by specifying the `--deprecation-days-beta` and `--deprecation-days-stable` flags when running oasdiff.

Sometimes you need to allow breaking changes, for example, for security reasons.
You should define a process to get relevant approvals for such exceptions.

Oasdiff supports exceptions with the `--warn-ignore` and `--err-ignore` flags.

Once your API change process is in place, document it and publish it so your clients know what to expect.

Remember: changing APIs is okay, just don't surprise your clients and they will be happy.