OpenAPI Operation Coverage Checker

{{ field.label }}:

OpenAPI source:

Use the API contract that defines the operations expected to have tests.

Drop OpenAPI YAML, JSON, or TXT onto the textarea.

Test inventory:

The checker marks an operation covered when the inventory references its operationId or method/path.

Drop TXT, LOG, CSV, or JSON onto the textarea.

Review coverage inputs

{{ error }}

{{ header }}	Copy
{{ cell.value }} {{ displayCell(cell) }}
No rows for the current input.

No chartable OpenAPI operations for the current input.

Export to PDF Fullscreen

Embed:

Customize

Include current inputs

Size

Advanced

Width

Height

Aspect ratio

Max height

Collapsible embed

Allow fullscreen

Referrer policy

Sandbox tokens

OpenAPI operation coverage asks which documented HTTP operations have evidence in a test inventory and which documented operations still have no matching signal. In an OpenAPI description, operations sit under paths and HTTP methods, often with operationId values and tags that test suites, generated clients, and release reviews reuse.

A coverage gap can mean a new endpoint has no contract test yet, a test list uses an old path, a retired operation is still counted, or the API contract drifted away from the service. The percentage is useful, but the path-by-path ledger matters more because a single missing DELETE, PATCH, or webhook operation can carry more release risk than several covered read-only routes.

OpenAPI operation coverage flow from contract operations and test inventory through matching rules to coverage outputs.

Operation coverage is not the same as API quality. A match shows that the inventory referenced the operation through an identifier or a method and path. It does not prove that the test has useful assertions, checks every response status, covers authorization, or exercises the deployed service.

operationId evidence and method-path evidence complement each other. Operation identifiers survive base URL changes and path-parameter examples, while method and path evidence can be extracted from logs, cURL commands, CSV rows, and plain manifest lines. Mismatches between the two often reveal stale tests, renamed routes, or contract entries that need owner review.

Technical Details:

OpenAPI represents endpoint shape with path items and operation objects. A path item describes the HTTP operations available on one path, and each operation can carry an operationId, tags, summary text, response definitions, and a deprecation flag. The operationId value is intended to be unique and case-sensitive, which makes it useful for matching contract test manifests when teams keep identifiers stable.

The coverage denominator is the set of operations in scope for the review. Deprecated operations, top-level webhooks, and ignored HTTP methods can change that denominator before any coverage percentage is calculated. Path templates also matter because GET /orders/{orderId} should match a concrete inventory line such as GET /orders/ord_123, but it should not silently match a stale base path such as GET /v1/orders/ord_123 when the contract path is /orders/{orderId}.

Rule Core

The checker builds a documented operation set, parses inventory evidence, then marks each operation covered when at least one inventory entry maps to it under the selected match mode. Warnings stay separate from the percent because a high number can still be misleading when duplicate identifiers, duplicate operation keys, unresolved references, or unparsed inventory lines are present.

OpenAPI operation coverage rule inputs and cautions
Signal	How it is used	Review caution
Structured OpenAPI source	JSON or YAML is parsed for `paths`, HTTP methods, `operationId`, tags, deprecation, optional webhooks, and extra operation blocks when present.	Referenced path items are not resolved, so a path item that only points at `$ref` creates a warning instead of a hidden operation list.
Loose operation lines	When a structured operation list is not available, lines such as `GET /orders` or simple YAML-like path and method blocks can seed the operation set.	Loose parsing is useful for quick audits, but it cannot preserve the same tag, deprecation, webhook, and duplicate-detail context as a structured OpenAPI document.
Test inventory	Lines can reference `operationId`, method and path pairs, concrete URLs, cURL requests, CSV cells, log snippets, or one operation per line.	Unparsed or unmatched inventory rows may be stale tests, wrong base paths, wrong methods, or useful tests for operations missing from the contract.
Path templates	Template variables in braces match one concrete path segment, and query strings are removed before path comparison.	Server base paths and version prefixes must line up with the OpenAPI path being checked; the matcher does not infer deployment routing from the server URL.
Coverage filters	Deprecated operations, webhook path items, and ignored HTTP methods are applied before the denominator is counted.	Changing these controls can make a percentage rise or fall without adding any new tests, so keep settings stable across repeat reviews.

Coverage Formula

Coverage is a simple ratio after the operation scope has been built and filters have been applied.

coverage percent = \frac{covered operations}{total operations in scope} \times 100

Coverage match modes and their behavior
Coverage match mode	Matching behavior	Best fit
Operation ID or method + path	Uses `operationId` evidence when present and also accepts method-path matches from the same inventory entry.	Mixed manifests that contain operation IDs, access logs, cURL commands, and path-based test names.
Operation ID first, path fallback	Uses `operationId` when it finds a match, then falls back to method-path matching only when the identifier did not match.	Teams that treat operation IDs as the primary stable contract and want path evidence mainly for older inventory lines.
Method + path only	Ignores operation identifiers and matches only HTTP methods with exact or templated paths.	Access-log reviews, smoke-test lists, and inventories where operation IDs are missing, duplicated, or unreliable.

Operation coverage boundary conditions and output meaning
Condition	Output effect	What to verify
No operation set	OpenAPI operations are required appears, coverage stays at `0.0%`, and tables have no meaningful denominator.	Paste structured OpenAPI JSON/YAML or at least one usable `METHOD /path` operation line.
No inventory evidence	At least one test inventory entry is required appears, and all in-scope operations remain gaps.	Paste operation IDs, contract test names, log lines, cURL commands, CSV rows, or method-path entries from the test source.
Coverage target	The target is clamped from `0%` to `100%`. The summary badge becomes target met only when coverage is at or above the target and at least one operation exists.	Keep the target unchanged when comparing two releases, otherwise the gate result is not comparable.
Duplicate identifiers	Duplicate operation keys or duplicate `operationId` values create review rows even if the percent looks strong.	Make identifiers unique before relying on identifier-based coverage as release evidence.

Everyday Use & Decision Guide:

Start with the API contract you intend to hold tests against. Paste or drop OpenAPI YAML or JSON into OpenAPI source, then paste the test evidence into Test inventory. A useful first inventory can be a contract-test manifest, a small access-log sample, cURL commands from smoke tests, Newman output, CSV rows, or one operationId per line.

Use API name to label the run and Coverage target as the release gate. The default 90% target is a reasonable audit signal for many APIs, but high-risk interfaces often need every state-changing operation covered before release. For a first pass, keep Coverage match mode on Operation ID or method + path so both identifier-heavy manifests and path-heavy logs can contribute evidence.

Leave Deprecated operations included when retired endpoints still need regression protection or migration visibility.
Turn Deprecated operations off when retired endpoints are intentionally outside the active test gate and the release note explains that choice.
Turn Webhook path items on when incoming webhook templates should be checked with the same coverage gate as ordinary API paths.
Use Ignored HTTP methods for methods such as OPTIONS or HEAD only when they are generated by infrastructure and intentionally excluded from active coverage.
Use Normalize after dropping text with trailing spaces or mixed indentation; then confirm the source badge still reports the expected operation count.

Read the summary first, then move through Coverage Gate Metrics, Operation Coverage Ledger, and Coverage Gap Queue. The metrics table gives the percent, denominator, target gap, parser mode, deprecated count, inventory count, and warning count. The ledger ties each operation to status, evidence, and recommended action. The queue is where missing operations, unmatched inventory, duplicate keys, duplicate IDs, and parser warnings become work items.

Do not treat a strong percentage as approval by itself. A 100.0% run means every in-scope operation had at least one matching inventory entry under the current settings. It does not prove test depth, live endpoint health, authorization coverage, or schema assertions. Use the JSON tab or table rows as a handoff only after the queue rows match the story you want to tell in release review.

Step-by-Step Guide:

Review one API contract and one coherent test inventory at a time so the coverage target, ledger, queue, and method chart all describe the same release scope.

Enter API name, such as orders-api, so copied rows and JSON identify the service under review.
Set Coverage target. If the target is lower than the organization gate, the summary may say target met while the release still fails the real policy.
Choose Coverage match mode. Start with Operation ID or method + path, then switch to Method + path only if duplicate operation IDs are causing false comfort.
Paste, browse, or drop the API contract into OpenAPI source. The badge should show the expected operation count and a parser mode such as YAML document or JSON document.
Paste, browse, or drop evidence into Test inventory. The inventory badge should show parsed entries and unmatched entries; a high unmatched count usually means stale paths, wrong base paths, or tests for operations missing from the contract.
Open Advanced and set Deprecated operations, Webhook path items, and Ignored HTTP methods before comparing results. These controls change the denominator.
Check the warning area above the results. If OpenAPI operations are required or At least one test inventory entry is required appears, fix the missing source before relying on any percent.
Open Coverage Gap Queue and clear missing operations first. Then review unmatched inventory lines, duplicate operation keys, duplicate operationId values, and parser warnings.
Open Method Coverage Matrix when you need a quick method view. A missing PATCH, DELETE, or webhook-heavy group can be easier to spot there than in a long ledger.

A clean handoff has a nonzero operation count, coverage at or above the target, no unexplained parser warnings, and a gap queue that either has no rows or has owner-ready remediation notes.

Interpreting Results:

The most important output is the first unresolved row in Coverage Gap Queue. The percentage helps triage, but a queue item such as PATCH /orders/{orderId}, Duplicate operationId syncOrder, or Unmatched inventory line 17 tells you what must be fixed or explained.

OpenAPI operation coverage result cues and follow-up checks
Visible cue	Best first reading	What to verify next
target met	The coverage percentage is at or above the configured target and at least one operation was counted.	Confirm the queue has no unexplained parser warnings, unmatched critical tests, or duplicate identifiers.
coverage work queued	Coverage is below the target or the operation set is missing.	Open Coverage Gap Queue and add tests or reconcile the contract before release review.
Parser warnings	The source, duplicate handling, or inventory parsing may be incomplete.	Fix unresolved `$ref` path items, duplicate operation keys, duplicate operation IDs, or unparsed lines before treating the percent as authoritative.
Unmatched inventory entries	Some test evidence did not map to any in-scope operation.	Check for stale tests, deployment base paths, wrong HTTP methods, or contract paths missing from OpenAPI.
Covered deprecated	A deprecated operation is still in scope and has matching evidence.	Confirm the endpoint should remain in the active regression gate, or exclude deprecated operations consistently.

A perfect coverage percentage can still hide weak tests. Use it as a map of documented operations to test evidence, then review assertion depth, negative cases, authorization rules, schema checks, and production routing separately.

Worked Examples:

Orders API below a 90 percent gate

An orders contract defines GET /orders, POST /orders, GET /orders/{orderId}, PATCH /orders/{orderId}, and deprecated DELETE /orders/{orderId}. The inventory contains operationId=listOrders, POST /orders, a log line for GET /orders/ord_123, a dry-run delete URL, and GET /orders/search. Operation Coverage Gate shows 80.0%, Operation Coverage Ledger marks PATCH /orders/{orderId} as Coverage gap, and Coverage Gap Queue includes both the missing patch operation and the unmatched search line.

Retired endpoint changes the denominator

The same contract can read differently when Deprecated operations changes. If the inventory covers list, create, and get operations but omits both patch and deprecated delete, keeping deprecated operations included counts 3 covered out of 5. Turning the deprecated switch off removes delete from the denominator, so the run becomes 3 covered out of 4. The next action is still to decide whether PATCH /orders/{orderId} needs a test; the higher percent did not add coverage.

Duplicate operation ID needs cleanup

A contract with POST /orders/{orderId}/sync and POST /orders/{orderId}/resync both using operationId=syncOrder can make an identifier-based inventory look better than it should. A single inventory line operationId=syncOrder may map to more than one operation, while Coverage Gap Queue adds Duplicate operationId syncOrder. Switch to Method + path only for the review or make the identifiers unique before accepting the evidence.

Base path mismatch creates an unmatched row

A test log may contain GET /v1/orders/ord_123 while the OpenAPI path is /orders/{orderId} because the API gateway adds /v1. The concrete URL does not match the template in that run, so Inventory entries reports an unmatched entry and Coverage Gap Queue points at the stale or prefixed line. Fix the contract path, strip the gateway prefix before review, or paste inventory rows that use the same path basis as OpenAPI.

FAQ:

What counts as coverage evidence?

An inventory line can count when it names a matching operationId or when it contains a matching HTTP method and path, depending on Coverage match mode. Concrete paths such as /orders/ord_123 can match templates such as /orders/{orderId}.

Does 100 percent coverage mean the API is fully tested?

No. It means each in-scope operation had at least one matching inventory entry. It does not prove assertion quality, response schema checks, authorization coverage, negative cases, or live deployment behavior.

Why did a URL not match an OpenAPI path template?

The method must match, the path basis must match, and each template variable matches one path segment. Query strings are removed, but deployment prefixes such as /v1 are not inferred from server settings.

Why does the queue show parser warnings for a valid contract?

The checker can warn about valid structures it does not resolve, such as referenced path items, and about review hazards such as duplicate operation keys or duplicate operationId values. Use the warning as a cue to expand or normalize the contract before relying on the percent.

Is pasted contract text sent to a coverage service?

No. The coverage calculation reads pasted text and dropped files in the browser, and the checker does not make a server request with the OpenAPI source or test inventory.

Glossary:

Operation: An HTTP method on an OpenAPI path, such as GET /orders or PATCH /orders/{orderId}.
operationId: A case-sensitive identifier for an OpenAPI operation, often used by generated code, documentation systems, and test manifests.
Path template: An OpenAPI path with variable segments in braces, such as /orders/{orderId}, that can match concrete inventory paths.
Coverage denominator: The total number of operations counted after deprecated, webhook, and ignored-method settings are applied.
Inventory entry: One parsed line or row from the test evidence, such as an operation ID, method-path pair, log line, cURL command, or CSV row.
Parser warning: A review cue showing that part of the source or inventory needs attention before the coverage number should be trusted.

References:

OpenAPI Specification v3.1.2, OpenAPI Initiative.
API Endpoints, OpenAPI Learn.
Providing Webhooks, OpenAPI Learn.