Frequently asked questions
- What is the purpose of an API deprecation policy?
- It tells customers how long an API will remain supported, what changes are coming, and how much time they have to migrate safely.
- Should every API change create a new version?
- No. Many changes can be made in a backward-compatible way without a new version. New versions are usually for breaking changes.
- How long should a deprecated API stay available?
- There is no universal rule, but many SaaS teams use a notice period of 90 to 180 days depending on customer impact and migration complexity.
- What should Indonesian SaaS companies communicate during deprecation?
- They should explain what is changing, which endpoints or fields are affected, the timeline, migration steps, and where customers can get support.
- Can APLINDO help with API governance?
- Yes. APLINDO supports SaaS engineering and governance work, including applied AI, Fractional CTO advisory, and compliance-oriented operating practices.
Time information: This article was automatically generated on May 23, 2026 at 9:15 AM (Asia/Jakarta, 2026-05-23T02:15:17.248Z).
Why API versioning matters for SaaS
For SaaS companies, APIs are not just technical interfaces. They are contracts with customers, partners, internal teams, and sometimes regulators. When an API changes without a clear versioning and deprecation policy, the result is usually avoidable: broken integrations, support tickets, delayed releases, and lost trust.
This matters even more for Indonesian SaaS teams serving funded startups and enterprises. Many products in Jakarta and across Indonesia depend on integrations with payment providers, ERP systems, logistics tools, WhatsApp workflows, and customer data platforms. A single breaking change can affect revenue operations, customer service, or compliance workflows.
A good policy does two things at once: it lets your engineering team evolve the product, and it gives customers enough predictability to adapt.
What counts as a breaking change?
Not every API change is equally risky. The first step is to define what your team considers breaking.
Common breaking changes include:
- Removing an endpoint
- Renaming a field
- Changing a field type, such as string to number
- Making a previously optional field required
- Changing authentication behavior
- Altering response semantics in a way that affects client logic
- Tightening validation rules without warning
Backward-compatible changes are usually safer. These include adding new optional fields, adding new endpoints, or extending responses in ways that do not disrupt existing clients.
The key is consistency. If one team treats a field rename as minor and another treats it as major, your versioning policy becomes unreliable.
Should you use URI versions, headers, or both?
There is no single correct answer, but most SaaS teams should choose one primary strategy and document it clearly.
URI versioning
Examples: /v1/orders, /v2/orders
This is easy to understand, simple to test, and straightforward for external customers. It is often the most practical choice for B2B SaaS in Indonesia because it reduces ambiguity and support friction.
The downside is that versions can multiply quickly if teams create a new version for every small change.
Header-based versioning
Examples: version negotiated through request headers
This can keep URLs cleaner and allow more flexibility, but it is harder for some clients to inspect and debug. It also tends to be less friendly for partner integrations and manual testing.
Hybrid approach
Some teams use URI versioning for major releases and header-based feature negotiation for smaller compatibility controls. That can work, but only if your team has strong discipline.
For most growing SaaS companies, especially those with mixed customer maturity, URI versioning is usually the simplest and safest starting point.
What should a deprecation policy include?
A deprecation policy should be written as an operational rule, not a vague promise. At minimum, it should define:
- What qualifies as deprecation
- Who approves deprecation decisions
- How customers are notified
- How long the notice period lasts
- What support is provided during migration
- When the old version will be shut down
- How exceptions are handled for strategic customers
A practical policy also includes ownership. If no one is responsible for communicating with customers, updating docs, and coordinating support, the policy will not be followed.
For APLINDO’s Jakarta-based, remote-first engineering environment, this kind of ownership is especially important because distributed teams need shared rules to avoid release confusion.
How long should you support an old version?
There is no universal timeline, but there should be a predictable one.
Many SaaS teams use a support window of 90 to 180 days for deprecated APIs. The right duration depends on:
- Customer migration effort
- Contract commitments
- Integration complexity
- Whether the API is public or partner-only
- Risk to operational continuity
Shorter timelines can work for internal APIs or early-stage products with few integrations. Longer timelines are often necessary for enterprise customers, especially when procurement, security review, and release cycles are involved.
The important part is not the exact number. It is that the number is published, realistic, and enforced consistently.
How do you keep backward compatibility?
Backward compatibility is a design habit, not just a policy document. To reduce the need for breaking versions, teams should design APIs with change in mind.
Useful practices include:
- Add fields instead of replacing them
- Make new fields optional by default
- Avoid overloading field meanings
- Use stable identifiers instead of user-facing labels
- Return structured error codes, not only human-readable messages
- Reserve room for future expansion in schemas
- Test clients against contract changes before release
This is where API governance becomes part of architecture. If product managers, engineers, and customer-facing teams all understand the cost of breaking changes, the organization will make better tradeoffs.
How should you communicate deprecation to customers?
Communication is often the difference between a smooth migration and a support crisis.
A strong deprecation notice should include:
- What is being deprecated
- Why the change is happening
- Which version or endpoints are affected
- The exact timeline
- Migration steps or documentation links
- Contact channels for support
For Indonesian SaaS teams, communication should be clear and practical. Many enterprise customers prefer concise technical notices, while startup customers may need examples and code snippets. If you serve both, segment the message.
Do not rely on a single email. Use multiple channels such as dashboard banners, developer docs, changelogs, customer success outreach, and direct account communication for high-value accounts.
What governance model works best for growing teams?
As SaaS teams scale, API decisions should stop being ad hoc. A lightweight governance model is usually enough.
A good model includes:
- An API owner or platform lead
- A change review process
- A release checklist for breaking changes
- A deprecation calendar
- Documentation ownership
- Customer notification templates
This does not need to become bureaucracy. The goal is to reduce surprises. For funded startups, this is especially valuable because growth pressure can push teams to ship too fast. For enterprises, it helps align engineering with security, procurement, and support teams.
APLINDO often sees that the best governance systems are simple, written down, and actually used.
Key takeaways
- API versioning should protect customer integrations, not just organize code.
- Deprecation policies work best when they are explicit, published, and enforced.
- Backward-compatible design reduces the frequency and cost of breaking changes.
- Clear communication is essential for SaaS teams serving Indonesian and global customers.
- Lightweight governance helps teams scale without turning API management into bureaucracy.
A practical policy template
If you are building or revising an API policy, start with these questions:
- What is a breaking change for our product?
- Which versioning method will we use by default?
- How much notice will customers receive before deprecation?
- Who approves and communicates the change?
- How will we support migrations?
Answering these questions early saves time later. It also creates a more stable foundation for SaaS growth, especially when your platform supports critical workflows like billing, messaging, authentication, or compliance.
For teams in Jakarta and across Indonesia, the best API policy is one that balances speed with trust. That is how you keep shipping without surprising the people who depend on your software.
When to get outside help
If your API surface is growing quickly, or if you support enterprise integrations, it can help to bring in outside review. A Fractional CTO, architecture advisor, or compliance-oriented engineering partner can help you define versioning rules, deprecation timelines, and release governance that fit your business.
APLINDO, based in Jakarta and working remote-first, supports SaaS engineering, applied AI, Fractional CTO advisory, and ISO/compliance consulting. For teams that need structured change management, that combination can help align architecture with operational reality.
If your product is already live, do not wait for a breaking incident to write the policy. The best time to define API versioning and deprecation is before customers feel the pain.