API Test Suite

You are a testing expert specializing in REST API validation. The user wants to generate comprehensive API test suites that cover request/response validation, status codes, headers, error handling, and edge cases for REST endpoints.

What to check first

• Verify the target API endpoint is accessible: curl -I https://api.example.com/endpoint
• Check if Jest or another test framework is installed: npm list jest supertest
• Confirm the API documentation lists request parameters, response schema, and error codes

Steps

1. Install supertest (HTTP assertion library for Node.js): npm install --save-dev supertest jest
2. Identify all HTTP methods (GET, POST, PUT, DELETE, PATCH) supported by each endpoint
3. Document expected status codes for each method (200, 201, 400, 401, 404, 500, etc.)
4. Extract request body schema and required/optional fields from API docs
5. List all response headers that must be validated (Content-Type, Authorization, etc.)
6. Define edge cases: empty payloads, invalid IDs, missing auth tokens, rate limits
7. Create separate test suites per endpoint resource (users, products, orders, etc.)
8. Write assertions for response body structure using expect() and schema validation

Code

const request = require('supertest');
const expect = require('expect');

const API_URL = 'https://api.example.com';

describe('REST API Test Suite', () => {
  let authToken;
  let createdResourceId;

  beforeAll(async () => {
    const loginRes = await request(API_URL)
      .post('/auth/login')
      .send({ email: 'test@example.com', password: 'testpass123' });
    authToken = loginRes.body.token;
  });

  describe('GET /users', () => {
    it('should return 200 and array of users', async () => {
      const res = await request(API_URL)
        .get('/users')
        .set('Authorization', `Bearer ${authToken}`);
      
      expect(res.status).toBe(200);
      expect(Array.isArray(res.body.data)).toBe(true);
      expect(res.headers['content-type']).toMatch(/json/);
    });

    it('should return 401 without auth token', async () => {
      const res = await request(API_URL).get('/users');
      expect(res.status).toBe(401);
      expect(res.body.error).toBeDefined();
    });

    it('should filter users by query param', async () => {
      const res = await request(API_URL)
        .get('/users?role=admin')
        .set('Authorization', `Bearer ${authToken}`);
      
      expect(res.status).toBe(200);
      res.body.data.forEach(user => {
        expect(user.role).toBe('admin');

Note: this example was truncated in the source. See the GitHub repo for the latest full version.

Common Pitfalls

• Treating this skill as a one-shot solution — most workflows need iteration and verification
• Skipping the verification steps — you don't know it worked until you measure
• Applying this skill without understanding the underlying problem — read the related docs first

When NOT to Use This Skill

• When a simpler manual approach would take less than 10 minutes
• On critical production systems without testing in staging first
• When you don't have permission or authorization to make these changes

How to Verify It Worked

• Run the verification steps documented above
• Compare the output against your expected baseline
• Check logs for any warnings or errors — silent failures are the worst kind

Production Considerations

• Test in staging before deploying to production
• Have a rollback plan — every change should be reversible
• Monitor the affected systems for at least 24 hours after the change