Series/Learn Java API Contract Engineering, Event Contract Engineering & Schema Governance

Build CoreOrdered learning track

API Client Contract Engineering: Generated Clients, SDKs, Resilience, and Consumer Ergonomics

Learn Java API Contract Engineering, Event Contract Engineering & Schema Governance - Part 011

API client contract engineering for Java: generated clients, SDK wrappers, resilience semantics, error mapping, pagination, idempotency, and consumer ergonomics.

[2026-06-29]15 min read2902 words

In This Lesson

Tujuan Pembelajaran 1. Kaufman Skill Slice 2. Client Is Also a Contract Surface

PrevNext

Lesson 1132 lesson track07–18 Build Core

#java#api-contract#openapi-generator#sdk+3 more

Part 011 — API Client Contract Engineering: Generated Clients, SDKs, Resilience, and Consumer Ergonomics

Tujuan Pembelajaran

Pada banyak organisasi, API contract engineering berhenti di provider: OpenAPI dibuat, endpoint berjalan, dokumentasi muncul di portal. Itu belum cukup. API contract baru benar-benar berguna ketika consumer dapat memanggilnya secara aman, konsisten, resilient, dan mudah dipahami.

Part ini membahas sisi consumer:

Bagaimana mengubah API contract menjadi client experience yang reliable, type-safe, evolvable, dan tidak membuat setiap consumer menulis ulang error handling, retry, pagination, idempotency, dan observability sendiri.

Setelah part ini, kamu harus mampu:

membedakan raw generated client, typed client, dan product-grade SDK;
menentukan kapan generated client cukup dan kapan perlu wrapper SDK;
mendesain boundary antara OpenAPI-generated model dan domain model consumer;
membuat error mapping yang stabil dan tidak bergantung pada message text;
menerapkan resilience semantics sesuai contract, bukan asal retry;
mendukung pagination, filtering, idempotency, ETag, correlation, dan timeout;
menjaga compatibility SDK ketika OpenAPI berubah;
mendesain release model untuk Java client library;
membuat consumer ergonomics yang menurunkan integration friction tanpa menyembunyikan contract penting.

1. Kaufman Skill Slice

Skill utamanya:

“Mampu membangun client library/SDK Java yang membuat consumer memakai API dengan benar secara default.”

Sub-skill:

Sub-skill	Output praktis
Generated client evaluation	Bisa membaca generated code dan menilai apakah aman dipakai langsung
Boundary design	Generated model tidak bocor ke domain consumer tanpa alasan
Error mapping	Problem Details/API errors menjadi typed exception atau result
Resilience semantics	Retry, timeout, circuit breaker, backoff mengikuti contract
Pagination helpers	Consumer tidak salah loop atau parse cursor
Idempotency support	Mutating call bisa diretry dengan aman
Observability propagation	correlation/trace/client-id konsisten
SDK compatibility	Release SDK tidak membuat consumer compile/runtime break tanpa sadar
Developer ergonomics	API mudah digunakan tanpa menghilangkan explicitness

Praktik Kaufman-style untuk part ini: ambil satu OpenAPI spec, generate raw Java client, lalu desain wrapper SDK yang memperbaiki 10 kelemahan penggunaan langsung.

2. Client Is Also a Contract Surface

Provider contract:

HTTP method + path + headers + request schema + response schema + errors

Consumer-facing SDK contract:

Java method + input type + output type + exception model + retry behavior + timeout + telemetry + upgrade path

Keduanya harus selaras, tapi tidak identik.

Raw generated client adalah mechanical artifact. SDK adalah consumer product.

3. Raw Generated Client vs SDK

3.1 Raw Generated Client

Generated from OpenAPI.

Typical generated shape:

CustomersApi api = new CustomersApi(apiClient);
CustomerResponse response = api.getCustomer("cus_123");

Pros:

fast;
aligned with spec shape;
avoids manual boilerplate;
supports many languages;
good for internal low-risk use;
helps compile-time discovery.

Cons:

often exposes HTTP/tooling details;
error handling can be generic;
generated exceptions may be awkward;
retry/timeout defaults may be weak;
pagination not ergonomic;
nullable/optional semantics can be clumsy;
generator upgrades can break source compatibility;
domain-friendly types usually absent;
authentication integration may be primitive;
generated model names may be unstable.

3.2 SDK Wrapper

SDK wraps generated client.

CustomerClient client = CustomerClient.builder()
    .baseUrl("https://api.acme.com")
    .credentials(credentials)
    .timeout(Duration.ofSeconds(3))
    .build();

Customer customer = client.getCustomer(CustomerId.of("cus_123"));

Pros:

stable Java API;
domain-friendly types;
typed exceptions/results;
built-in resilience;
consistent telemetry;
pagination helpers;
idempotency support;
backward-compatible wrapper even if generated code changes;
security defaults;
easier consumer onboarding.

Cons:

more engineering effort;
wrapper can hide too much;
needs release discipline;
needs tests against contract;
must track provider changes.

Rule:

For strategic APIs, do not expose raw generated client as the primary consumer experience.

4. Client Layering Model

Recommended Java client architecture:

Package layout:

customer-sdk-java/
├── src/main/java/com/acme/customer/sdk/
│   ├── CustomerClient.java
│   ├── CustomerClientBuilder.java
│   ├── model/
│   │   ├── Customer.java
│   │   ├── CustomerId.java
│   │   ├── Money.java
│   │   └── Page.java
│   ├── exception/
│   │   ├── CustomerApiException.java
│   │   ├── CustomerNotFoundException.java
│   │   ├── CustomerNotEligibleException.java
│   │   └── RateLimitExceededException.java
│   ├── internal/
│   │   ├── GeneratedClientFactory.java
│   │   ├── ProblemMapper.java
│   │   ├── CustomerDtoMapper.java
│   │   └── RetryPolicyFactory.java
│   └── generated/
│       └── ...
└── src/test/java/

Rule:

Public SDK API lives outside internal and generated.
Generated code is implementation detail.
Consumer should not import generated classes in normal use.

5. Consumer-Friendly API Design

Raw generated method:

CustomerResponse getCustomer(String customerId);

SDK method:

Customer getCustomer(CustomerId customerId);

Better for optional not found:

Optional<Customer> findCustomer(CustomerId customerId);

Or separate semantics:

Customer getCustomer(CustomerId customerId) throws CustomerNotFoundException;

Optional<Customer> findCustomer(CustomerId customerId);

Do not make every method return Optional if not found is exceptional for that use case.

5.1 Method Naming

Raw/generated	Better SDK
`customersCustomerIdGet`	`getCustomer`
`createCustomerWithHttpInfo`	`createCustomer` / `createCustomerWithResponse`
`listCustomers` returning raw response	`searchCustomers` returning `Page<Customer>`
`postCasesCaseIdApprove`	`approveCase`
`getCustomerByIdUsingGET`	`getCustomer`

OperationId stability from OpenAPI helps, but SDK should still expose domain-friendly names.

5.2 Separate Simple and Advanced Methods

Customer customer = client.getCustomer(customerId);

Advanced:

Customer customer = client.getCustomer(
    GetCustomerRequest.builder()
        .customerId(customerId)
        .include(CustomerInclude.ACCOUNTS)
        .ifNoneMatch(etag)
        .build()
);

Avoid forcing every consumer into low-level request object for common paths.

6. SDK Model vs Generated Model

Generated model:

public class CustomerResponse {
    private String customerId;
    private String lifecycleStatus;
    private OffsetDateTime createdAt;
}

SDK model:

public record Customer(
    CustomerId customerId,
    CustomerLifecycleStatus lifecycleStatus,
    Instant createdAt
) {}

Value objects:

public record CustomerId(String value) {
    public CustomerId {
        if (value == null || value.isBlank()) {
            throw new IllegalArgumentException("customerId must not be blank");
        }
    }

    public static CustomerId of(String value) {
        return new CustomerId(value);
    }
}

Status:

public enum CustomerLifecycleStatus {
    ACTIVE,
    SUSPENDED,
    CLOSED,
    PENDING_REVIEW,
    UNKNOWN
}

Why include UNKNOWN?

If provider adds value and contract allows open enum, SDK should not crash.
SDK can preserve raw value if needed.

Alternative:

public record CustomerLifecycleStatus(String value) {
    public boolean isKnown() {
        return switch (value) {
            case "ACTIVE", "SUSPENDED", "CLOSED", "PENDING_REVIEW" -> true;
            default -> false;
        };
    }
}

For truly open enums, string-backed value object may be better than Java enum.

7. Error Mapping

Raw generated clients often throw generic exceptions.

Example:

try {
    api.openCustomerAccount(customerId, request);
} catch (ApiException ex) {
    // status, body, headers
}

SDK should map Problem Details into typed exception or result.

7.1 Base Exception

public abstract class CustomerApiException extends RuntimeException {
    private final int status;
    private final String code;
    private final String reasonCode;
    private final boolean retryable;
    private final String correlationId;

    protected CustomerApiException(
        String message,
        int status,
        String code,
        String reasonCode,
        boolean retryable,
        String correlationId
    ) {
        super(message);
        this.status = status;
        this.code = code;
        this.reasonCode = reasonCode;
        this.retryable = retryable;
        this.correlationId = correlationId;
    }

    public int status() {
        return status;
    }

    public String code() {
        return code;
    }

    public String reasonCode() {
        return reasonCode;
    }

    public boolean retryable() {
        return retryable;
    }

    public String correlationId() {
        return correlationId;
    }
}

Specific exception:

public final class CustomerNotEligibleException extends CustomerApiException {
    public CustomerNotEligibleException(ApiProblem problem) {
        super(
            problem.detail(),
            problem.status(),
            problem.code(),
            problem.reasonCode(),
            problem.retryable(),
            problem.correlationId()
        );
    }
}

7.2 Problem Mapper

final class ProblemMapper {
    CustomerApiException map(int status, String responseBody) {
        ApiProblem problem = parseProblem(responseBody);

        return switch (problem.code()) {
            case "CUSTOMER_NOT_FOUND" ->
                new CustomerNotFoundException(problem);
            case "CUSTOMER_NOT_ELIGIBLE" ->
                new CustomerNotEligibleException(problem);
            case "RATE_LIMIT_EXCEEDED" ->
                new RateLimitExceededException(problem);
            case "VALIDATION_FAILED" ->
                new ValidationFailedException(problem);
            default ->
                new UnknownCustomerApiException(problem);
        };
    }
}

Key rule:

Map by stable error code, not title/detail/message.

7.3 Unknown Error Fallback

Never assume provider will only return known errors.

public final class UnknownCustomerApiException extends CustomerApiException {
    public UnknownCustomerApiException(ApiProblem problem) {
        super(
            problem.detail(),
            problem.status(),
            problem.code(),
            problem.reasonCode(),
            problem.retryable(),
            problem.correlationId()
        );
    }
}

If response body is not Problem Details:

public final class UnparseableApiErrorException extends CustomerApiException {
    // preserve status, response snippet, correlation header if present
}

8. Exception vs Result Type

Two styles:

8.1 Exception Style

try {
    Customer customer = client.getCustomer(customerId);
} catch (CustomerNotFoundException ex) {
    // handle
}

Pros:

idiomatic for many Java APIs;
simple happy path;
integrates with existing code.

Cons:

expected business outcomes may become exception-heavy;
control flow hidden;
harder for batch processing.

8.2 Result Style

CustomerResult result = client.findCustomer(customerId);

switch (result) {
    case CustomerFound found -> use(found.customer());
    case CustomerMissing missing -> handleMissing(missing);
    case CustomerAccessDenied denied -> handleDenied(denied);
}

Java sealed interface:

public sealed interface GetCustomerResult
    permits CustomerFound, CustomerMissing, CustomerAccessDenied {}

public record CustomerFound(Customer customer) implements GetCustomerResult {}
public record CustomerMissing(CustomerId customerId) implements GetCustomerResult {}
public record CustomerAccessDenied(String correlationId) implements GetCustomerResult {}

Pros:

explicit expected outcomes;
better for workflows;
safer for business branching.

Cons:

more verbose;
less natural for unexpected failures;
requires careful design.

8.3 Recommended Hybrid

Use result for expected domain outcomes, exception for technical/unexpected failures.

Example:

GetCustomerResult getCustomerResult(CustomerId customerId);

Customer getCustomer(CustomerId customerId) throws CustomerNotFoundException;

9. Resilience Semantics

SDK should not blindly retry every failure.

9.1 Timeout

Always set timeouts.

CustomerClient client = CustomerClient.builder()
    .connectTimeout(Duration.ofMillis(500))
    .readTimeout(Duration.ofSeconds(3))
    .build();

Expose sane defaults but allow override.

Timeout policy should be documented:

Operation type	Example timeout
read small resource	1-3 seconds
search/list	3-10 seconds
mutating command	3-10 seconds
async command submit	shorter, because processing is async
file/batch operation	explicit long timeout or async API

Do not hide infinite timeouts.

9.2 Retry

Retry only when:

operation is idempotent;
error is retryable;
HTTP method/contract allows it;
idempotency key is present for mutating operation;
backoff is used;
retry budget is bounded.

Bad:

retryOn(Exception.class);

Better:

boolean shouldRetry(ApiFailure failure, OperationMetadata operation) {
    return failure.retryable()
        && operation.isIdempotent()
        && failure.status() != 400
        && failure.status() != 403
        && failure.status() != 422;
}

9.3 Backoff and Jitter

Use exponential backoff with jitter for transient failures.

Pseudo:

Duration delayForAttempt(int attempt) {
    long baseMillis = Math.min(1000L * (1L << attempt), 10_000L);
    long jitter = ThreadLocalRandom.current().nextLong(0, baseMillis / 2 + 1);
    return Duration.ofMillis(baseMillis + jitter);
}

Do not synchronize thundering herd retries.

9.4 Circuit Breaker

Circuit breaker is appropriate when:

dependency has repeated failures;
failure is expensive;
fallback exists or fail-fast is better;
consumer can tolerate temporary blocking.

Do not make circuit breaker hide business rejections.

9.5 Bulkhead

For high-throughput clients, isolate:

thread pools;
connection pools;
rate limits;
semaphores.

SDK should allow configuration, but platform usually owns defaults.

10. Idempotency Support

Mutating APIs should support safe retry where appropriate.

Raw consumer usage:

api.createCustomer(request, "idem_123");

SDK ergonomic usage:

CreateCustomerCommand command = CreateCustomerCommand.builder()
    .externalReference("CRM-928812")
    .fullName("Ayu Lestari")
    .birthDate(LocalDate.parse("1994-05-18"))
    .idempotencyKey(IdempotencyKey.random())
    .build();

Customer customer = client.createCustomer(command);

Or auto-generated:

Customer customer = client.createCustomer(
    CreateCustomerCommand.builder()
        .externalReference("CRM-928812")
        .fullName("Ayu Lestari")
        .birthDate(LocalDate.parse("1994-05-18"))
        .build()
);

SDK can generate idempotency key if operation contract allows, but must document:

key scope;
key lifetime;
retry behavior;
replay behavior;
conflict behavior when same key used with different payload.

10.1 Idempotency Conflict Mapping

catch (IdempotencyKeyConflictException ex) {
    // do not retry with same key and different payload
}

This error must not be treated as transient.

11. Pagination Helpers

Raw API:

CustomerSearchResponse page = api.searchCustomers(cursor, 50);

Consumer may write broken loops.

SDK can provide:

Page<Customer> page = client.searchCustomers(
    CustomerSearchRequest.builder()
        .lifecycleStatus(CustomerLifecycleStatus.ACTIVE)
        .limit(50)
        .build()
);

Page type:

public record Page<T>(
    List<T> items,
    String nextCursor,
    boolean hasMore
) {}

Auto-pagination:

Stream<Customer> customers = client.streamCustomers(
    CustomerSearchRequest.builder()
        .lifecycleStatus(CustomerLifecycleStatus.ACTIVE)
        .pageSize(100)
        .build()
);

Important: streaming should not hide failure semantics.

Document:

each page is separate HTTP request;
stream may fail mid-way;
duplicates/missing items possible if dataset mutates;
cursor is opaque;
backpressure behavior;
max page size;
retry per page.

11.1 Avoid Infinite Auto-Pagination Defaults

Bad:

List<Customer> all = client.listAllCustomers();

This can accidentally load millions.

Better:

Stream<Customer> streamCustomers(CustomerSearchRequest request);

or require explicit limit:

List<Customer> firstCustomers(CustomerSearchRequest request, int maxItems);

12. Conditional Requests and ETags

SDK can make optimistic concurrency easier.

API contract:

GET /customers/{customerId}
ETag: "customer-42-rev-19"

Update:

PATCH /customers/{customerId}
If-Match: "customer-42-rev-19"

SDK model:

public record Versioned<T>(
    T value,
    String etag
) {}

Usage:

Versioned<Customer> current = client.getCustomerVersioned(customerId);

client.updateCustomerProfile(
    UpdateCustomerProfileCommand.builder()
        .customerId(customerId)
        .displayName("Ayu L.")
        .ifMatch(current.etag())
        .build()
);

Conflict mapping:

catch (VersionMismatchException ex) {
    Versioned<Customer> refreshed = client.getCustomerVersioned(customerId);
}

Do not hide ETag entirely if consumer workflow needs concurrency control.

13. Authentication and Token Handling

SDK may integrate token provider.

CustomerClient client = CustomerClient.builder()
    .baseUrl(baseUrl)
    .tokenProvider(tokenProvider)
    .build();

Token provider interface:

@FunctionalInterface
public interface AccessTokenProvider {
    String currentToken();
}

Better:

public interface AccessTokenProvider {
    AccessToken getToken(Set<String> scopes);
}

SDK responsibilities:

attach Authorization header;
refresh token if configured;
not log token;
not expose token in exception message;
distinguish 401 and 403;
allow consumer-managed credentials;
support mTLS/proxy if enterprise requires.

SDK should not become identity platform unless intentionally designed.

14. Correlation, Tracing, and Consumer Identity

SDK should propagate:

correlation ID;
request ID;
trace context;
client application ID;
tenant/jurisdiction headers if contract requires.

Builder:

CustomerClient client = CustomerClient.builder()
    .clientId("case-management-service")
    .correlationIdProvider(CorrelationIdProvider.mdc("correlationId"))
    .build();

Request interceptor:

headers.put("X-Correlation-Id", correlationIdProvider.currentOrCreate());
headers.put("X-Client-Id", clientId);

Do not create high-cardinality logs by default.

Log:

operation=getCustomer status=404 code=CUSTOMER_NOT_FOUND correlationId=corr_...

Do not log:

nationalId=...
accessToken=...
fullPayload=...

15. SDK Observability

SDK should expose metrics where appropriate.

Example metrics:

customer_sdk_request_total{operation="getCustomer", status="200"}
customer_sdk_request_total{operation="getCustomer", status="404", code="CUSTOMER_NOT_FOUND"}
customer_sdk_latency_seconds{operation="searchCustomers"}
customer_sdk_retry_total{operation="createCustomer", reason="DEPENDENCY_UNAVAILABLE"}
customer_sdk_circuit_state{operationGroup="customer-api"}

Avoid labels:

customerId;
raw URL with ID;
exception message;
correlationId;
tenant if high cardinality unless carefully bounded.

SDK should integrate with Micrometer/OpenTelemetry but not force one runtime if library is general-purpose.

16. Configuration Surface

A good SDK exposes configuration without making consumer configure everything.

CustomerClient client = CustomerClient.builder()
    .baseUrl("https://api.acme.com")
    .tokenProvider(tokenProvider)
    .connectTimeout(Duration.ofMillis(500))
    .readTimeout(Duration.ofSeconds(3))
    .maxRetries(2)
    .userAgent("case-management-service/1.4.2")
    .build();

Recommended config categories:

Category	Examples
endpoint	baseUrl
auth	token provider, mTLS
timeouts	connect, read, call
resilience	retry, backoff, circuit breaker
observability	metrics/tracing/logging
headers	correlation, client id, tenant
serialization	object mapper/custom modules
compatibility	API version/capability flags

Do not expose every generated client knob directly. Curate.

17. Java HTTP Client Choices

OpenAPI Generator Java client supports multiple libraries depending on generator configuration, such as OkHttp, Jersey, Retrofit, Feign, WebClient, RestClient, and others depending on version/options.

Decision criteria:

Client	Consideration
Java `HttpClient`	JDK-native, less dependency
OkHttp	mature, widely used, interceptors
WebClient	reactive stack, Spring ecosystem
RestClient/RestTemplate style	Spring MVC compatibility
Feign	declarative, ecosystem integration
Jersey	JAX-RS ecosystem

Pick based on:

organization stack;
blocking vs reactive;
instrumentation support;
connection pooling;
TLS/proxy needs;
generated code maturity;
dependency footprint;
operational familiarity.

Do not let generator default choose architecture silently.

18. Handling Null and Optional in SDK

OpenAPI nullable/optional semantics can be awkward in Java.

Example PATCH semantics:

absent = no change;
null = clear.

A Java method with nullable string cannot express absent vs clear safely:

updateProfile(String displayName, String middleName)

Better command object:

public record UpdateCustomerProfileCommand(
    CustomerId customerId,
    FieldUpdate<String> displayName,
    FieldUpdate<String> middleName
) {}

Field update:

public sealed interface FieldUpdate<T>
    permits FieldUpdate.Absent, FieldUpdate.Set, FieldUpdate.Clear {

    record Absent<T>() implements FieldUpdate<T> {}
    record Set<T>(T value) implements FieldUpdate<T> {}
    record Clear<T>() implements FieldUpdate<T> {}

    static <T> FieldUpdate<T> absent() {
        return new Absent<>();
    }

    static <T> FieldUpdate<T> set(T value) {
        return new Set<>(value);
    }

    static <T> FieldUpdate<T> clear() {
        return new Clear<>();
    }
}

Usage:

client.updateCustomerProfile(
    new UpdateCustomerProfileCommand(
        customerId,
        FieldUpdate.set("Ayu L."),
        FieldUpdate.clear()
    )
);

This is much safer than relying on null.

19. Handling Open Enums

If provider may add enum values, Java SDK must not crash.

Bad:

public enum RiskBand {
    LOW,
    MEDIUM,
    HIGH
}

If provider sends CRITICAL, deserialization fails.

Safer:

public record RiskBand(String value) {
    public static final RiskBand LOW = new RiskBand("LOW");
    public static final RiskBand MEDIUM = new RiskBand("MEDIUM");
    public static final RiskBand HIGH = new RiskBand("HIGH");

    public boolean isKnown() {
        return value.equals("LOW")
            || value.equals("MEDIUM")
            || value.equals("HIGH");
    }
}

Or enum with raw fallback:

public record ParsedEnum<E extends Enum<E>>(
    Optional<E> knownValue,
    String rawValue
) {}

SDK docs must tell consumer how to handle unknown values.

20. Backward Compatibility of SDK

SDK public API is its own contract.

Breaking changes:

remove public method;
rename method;
change return type;
change exception type hierarchy;
change package names;
remove model field;
make constructor stricter;
change default timeout/retry drastically;
change null behavior;
change generated classes if exposed publicly.

Safe-ish changes:

add method overload;
add optional model field if construction remains compatible;
add specific subclass exception while preserving base exception;
add builder option;
improve docs;
add support for new error code with fallback preserved.

20.1 Semantic Versioning for SDK

Suggested:

Change	SDK version
bug fix, no API change	patch
add method/model field	minor
add support for new endpoint	minor
change generated internal code only	patch/minor depending risk
remove method	major
change exception hierarchy incompatibly	major
change default retry behavior	major or documented minor if safe
drop Java runtime version support	major

21. Generated Code Isolation

If generated code is public, generator changes become consumer breaking changes.

Avoid:

public com.acme.customer.generated.model.CustomerResponse getCustomer(String id)

Prefer:

public com.acme.customer.sdk.model.Customer getCustomer(CustomerId id)

If you expose generated models for speed, accept the cost:

generator version pinned;
generated public API diff checked;
migration guide for generator changes;
no inline schemas;
stable operationId/schema names.

22. Client Contract Tests

SDK must be tested against provider contract.

Types:

compile tests against generated code;
mock server tests from OpenAPI examples;
Pact consumer tests;
provider sandbox tests;
replay tests with golden responses;
error mapping tests;
unknown enum/error tests;
timeout/retry tests.

22.1 Golden Response Mapping Test

@Test
void mapsCustomerResponseToSdkModel() {
    CustomerResponse dto = json.readValue("""
        {
          "customerId": "cus_01J2T7Q7BSM8PV8K4J6JYQH7TR",
          "lifecycleStatus": "ACTIVE",
          "createdAt": "2026-06-29T02:15:00Z"
        }
        """, CustomerResponse.class);

    Customer customer = mapper.toSdk(dto);

    assertThat(customer.customerId().value())
        .isEqualTo("cus_01J2T7Q7BSM8PV8K4J6JYQH7TR");
    assertThat(customer.lifecycleStatus())
        .isEqualTo(CustomerLifecycleStatus.ACTIVE);
}

22.2 Unknown Enum Test

@Test
void preservesUnknownRiskBand() {
    CustomerResponse dto = json.readValue("""
        {
          "customerId": "cus_123",
          "riskBand": "CRITICAL"
        }
        """, CustomerResponse.class);

    Customer customer = mapper.toSdk(dto);

    assertThat(customer.riskBand().value()).isEqualTo("CRITICAL");
    assertThat(customer.riskBand().isKnown()).isFalse();
}

22.3 Error Mapping Test

@Test
void mapsCustomerNotEligibleProblem() {
    ApiProblem problem = json.readValue("""
        {
          "type": "https://api.acme.com/problems/customer-not-eligible",
          "title": "Customer is not eligible",
          "status": 422,
          "code": "CUSTOMER_NOT_ELIGIBLE",
          "reasonCode": "KYC_NOT_VERIFIED",
          "retryable": false,
          "correlationId": "corr_123"
        }
        """, ApiProblem.class);

    CustomerApiException ex = mapper.map(problem);

    assertThat(ex).isInstanceOf(CustomerNotEligibleException.class);
    assertThat(ex.code()).isEqualTo("CUSTOMER_NOT_ELIGIBLE");
    assertThat(ex.retryable()).isFalse();
}

23. SDK Release Pipeline

Minimum gates:

OpenAPI validation;
generator pinned;
generated diff reviewed;
SDK public API diff;
error mapping tests;
example mapping tests;
generated client compile;
sample consumer compile;
changelog.

24. SDK Changelog

Bad changelog:

Updated client.

Good changelog:

## 3.8.0

### Added

- Added `CustomerClient.searchCustomers(...)`.
- Added `Customer.kycStatus`.
- Added typed exception `CustomerNotEligibleException`.

### Changed

- Internal generated OpenAPI client updated from contract `customer-api` 1.18.0 to 1.19.0.
- Default read timeout remains 3 seconds.

### Compatibility

- No source-breaking public SDK changes.
- Unknown `lifecycleStatus` values continue to map to `CustomerLifecycleStatus.UNKNOWN`.

### Migration

- Prefer `Customer.lifecycleStatus()` over deprecated `Customer.status()`.

Consumer needs actionable upgrade info.

25. Consumer Usage Patterns

25.1 Simple Read

Customer customer = customerClient.getCustomer(CustomerId.of("cus_123"));

25.2 Not Found Handling

Optional<Customer> customer = customerClient.findCustomer(CustomerId.of("cus_123"));

customer.ifPresentOrElse(
    this::useCustomer,
    () -> log.info("Customer not found")
);

25.3 Business Rejection Handling

try {
    customerClient.openPremiumAccount(command);
} catch (CustomerNotEligibleException ex) {
    if ("KYC_NOT_VERIFIED".equals(ex.reasonCode())) {
        workflow.routeToKycRemediation(command.customerId());
    } else {
        workflow.routeToManualReview(command.customerId(), ex.reasonCode());
    }
}

25.4 Pagination

try (Stream<Customer> customers = customerClient.streamCustomers(
    CustomerSearchRequest.builder()
        .lifecycleStatus(CustomerLifecycleStatus.ACTIVE)
        .pageSize(100)
        .build()
)) {
    customers.forEach(this::processCustomer);
}

25.5 Conditional Update

Versioned<Customer> current = customerClient.getCustomerVersioned(customerId);

customerClient.updateProfile(
    UpdateCustomerProfileCommand.builder()
        .customerId(customerId)
        .displayName(FieldUpdate.set("Ayu L."))
        .middleName(FieldUpdate.clear())
        .ifMatch(current.etag())
        .build()
);

26. Consumer Anti-Patterns

26.1 Parsing Error Message

Bad:

if (ex.getMessage().contains("KYC")) {
    routeToKyc();
}

Use code and reasonCode.

26.2 Catching Generic Exception

Bad:

catch (Exception ex) {
    retry();
}

This retries validation/business errors.

26.3 Infinite Pagination

Bad:

while (true) {
    page = client.search(cursor);
    cursor = page.nextCursor();
}

Need hasMore, max items, and failure handling.

26.4 Exposing Generated Models in Domain

Bad:

public class CaseWorkflow {
    void handle(CustomerResponse generatedCustomer) {}
}

This couples business logic to provider schema and generator.

26.5 Assuming Enum Exhaustiveness

Bad:

switch (status) {
    case ACTIVE -> ...
    case SUSPENDED -> ...
    case CLOSED -> ...
}

without unknown handling if enum is extensible.

26.6 Blind Retry POST

Bad:

retry(() -> api.createPayment(request));

without idempotency key.

26.7 Default Timeout from HTTP Library

Bad because often unknown/infinite/unfit.

27. SDK Governance Checklist

27.1 Public API

Are public classes stable and documented?
Are generated classes hidden?
Are method names domain-friendly?
Are advanced options available without burdening common use?
Are null/absent/clear semantics explicit?

27.2 Error Handling

Are Problem Details parsed?
Are stable codes mapped?
Is unknown error handled?
Does SDK preserve correlation ID?
Does SDK avoid branching on message text?
Are sensitive details not logged?

27.3 Resilience

Are timeouts set?
Are retries bounded?
Are retries idempotency-aware?
Is Retry-After honored where relevant?
Are 4xx business/validation errors not retried?
Are metrics/traces emitted?

27.4 Compatibility

Is generator version pinned?
Is public SDK diff checked?
Are generated changes isolated?
Are examples tested?
Are unknown enum values tolerated where contract requires?
Is changelog useful?

27.5 Consumer Experience

Is common usage simple?
Is pagination safe?
Is ETag/concurrency usable?
Is auth integration clear?
Are builder defaults sensible?
Are docs based on real examples?

28. Practice Lab

Lab 1 — Wrap a Generated Client

Given raw generated API:

CustomerResponse getCustomer(String customerId);
CustomerResponse createCustomer(CreateCustomerRequest request, String idempotencyKey);
CustomerSearchResponse searchCustomers(String cursor, Integer limit);

Design SDK:

public facade;
SDK models;
mappers;
typed exceptions;
pagination helper;
idempotency strategy;
timeout/retry config.

Lab 2 — Error Mapping

Given Problem Details:

{
  "status": 422,
  "code": "CUSTOMER_NOT_ELIGIBLE",
  "reasonCode": "KYC_NOT_VERIFIED",
  "retryable": false,
  "correlationId": "corr_123"
}

Design:

exception class;
mapping logic;
consumer handling code;
unknown error fallback.

Lab 3 — PATCH Semantics in SDK

API PATCH semantics:

absent = no change;
null = clear;
value = set.

Design Java command type that avoids ambiguous null.

Lab 4 — SDK Compatibility Review

Classify changes:

expose generated model as return type;
remove findCustomer;
add searchCustomers;
change default retry count from 0 to 3;
add Customer.kycStatus;
change CustomerId from string wrapper to UUID;
change exception base class;
update generator version causing package rename;
add unknown enum fallback;
make timeout required in builder.

Lab 5 — Consumer-Safe Pagination

Design a method to process all active customers with:

bounded page size;
failure handling;
backoff;
duplicate tolerance;
max item guard;
observable progress.

29. Senior Engineer Heuristics

A generated client is not automatically an SDK.
The SDK is a contract surface; version it seriously.
Generated code should be implementation detail for strategic APIs.
Typed errors reduce consumer guesswork.
Retry policy must follow contract semantics, not exception classes.
Every mutating retry needs idempotency reasoning.
Pagination helpers should prevent accidental unbounded reads.
Unknown enum handling is mandatory for open taxonomies.
Do not hide ETags if consumer workflows need concurrency control.
Timeout defaults are part of client contract.
SDK logs must be useful but never leak secrets.
OpenAPI compatibility and SDK compatibility are related but different.
A good SDK makes the correct path the easiest path.
Consumer ergonomics is reliability engineering.
If every consumer writes retry/error/pagination logic independently, the platform failed.

30. Summary

API client contract engineering turns provider contracts into safe consumer experience. Raw generated clients are useful, but strategic APIs often need SDK wrappers that stabilize Java API shape, map errors, enforce resilience semantics, handle pagination/idempotency, and preserve compatibility despite generator churn.

Main takeaways:

raw generated clients are mechanical artifacts;
SDKs are consumer-facing products;
generated models should usually stay at the boundary;
error mapping must use stable codes, not text;
retry must be idempotency-aware;
pagination must be explicit and bounded;
null/absent/clear semantics need dedicated Java types;
open enums need unknown handling;
SDK compatibility needs its own release discipline;
client-side observability and defaults strongly influence production reliability.

Part berikutnya membahas API contract testing: provider verification, consumer expectations, drift detection, Pact, Spring Cloud Contract, and CI gates.

Lesson Recap

You just completed lesson 11 in build core. Use the series map if you want to review the broader track, or continue directly into the next lesson while the context is still warm.

Back To Series Next Lesson

Continue The Track

Keep the momentum while the lesson is still fresh. Move backward for review or continue forward into the next concept.

Previous Lesson

Lesson 10

OpenAPI in Java: Spring Boot, JAX-RS, Swagger Core, springdoc, and Generator Boundaries

Next Lesson

Lesson 12

API Contract Testing: Provider Verification, Consumer Expectations, and Drift Detection