2 min read
18. Deprecation Process
Every endpoint eventually reaches the end of its useful life. A well-managed deprecation process protects your consumers and keeps trust intact. Removing endpoints abruptly — without warning — is one of the fastest ways to destroy confidence in an API.
Step 1: Signal Deprecation in the API
Before you tell anyone externally, make the deprecation visible in the API itself. Two mechanisms work well:
- The
SunsetHTTP header — an IETF-standardised header that indicates the date after which the endpoint will no longer be available:Sunset: Sat, 01 Jan 2027 00:00:00 GMT
- A
deprecatedflag in response metadata — useful when your envelope already carries ametaobject:{ "meta": { "deprecated": true, "sunset_date": "2027-01-01", "replacement": "/v2/users" } }
Step 2: Communicate the Timeline
Notify all known consumers — via email, a developer portal, release notes, or all of the above — well in advance. Six months is a reasonable minimum. Include:
- Which endpoints are being deprecated.
- The exact sunset date.
- The alternative endpoint or approach they should migrate to.
- A link to a migration guide.
Step 3: Provide a Migration Guide
Write a clear, concrete guide that maps old endpoints to their new equivalents. Show before-and-after request and response examples. Highlight any behavioural differences so consumers are not surprised.
Step 4: Monitor Usage
Track traffic to the deprecated endpoints right up to the sunset date. If usage is still significant close to the deadline, reach out to the remaining consumers directly. You may need to extend the deadline — that is far better than breaking someone's integration without warning.
Step 5: Remove
Once traffic reaches zero and you have confirmed with any remaining consumers, remove the endpoint. Return a 410 Gone response for a transitional period so that any stragglers receive a clear signal rather than a confusing 404.