Documentation

API Testing Guide

Master REST API testing with TestAuto.app's three API versions: Simple (V1), Authenticated (V2), and Buggy API. The current contract includes labels, comments, updatedAt, and the URGENT priority level.

API V1 - Simple (No Authentication)

Perfect for beginners. No authentication required - start testing immediately.

Base URL

bash
https://api.testauto.app/api/v1

Available Endpoints

  • GET /tasks - List all tasks (with pagination)
  • GET /tasks/{id} - Get task by ID
  • POST /tasks - Create new task
  • PUT /tasks/{id} - Update task
  • DELETE /tasks/{id} - Delete task
  • POST /tasks/{id}/comments - Add comment
  • PUT /tasks/{id}/comments/{commentId} - Update comment
  • DELETE /tasks/{id}/comments/{commentId} - Delete comment
  • GET /tasks/summary - Get task statistics

Example: List Tasks

bash
curl https://api.testauto.app/api/v1/tasks

# Response
{
  "content": [...],
  "totalElements": 21,
  "totalPages": 1,
  "currentPage": 0
}

Example: Create Task

bash
curl -X POST https://api.testauto.app/api/v1/tasks \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Write API tests",
    "description": "Create automated tests for REST API",
    "status": "TODO",
    "priority": "URGENT",
    "labels": ["api", "phase-4.8"]
  }'

Pagination & Filtering

bash
# Get page 2, with 10 items per page
https://api.testauto.app/api/v1/tasks?page=1&size=10

# Filter by status
https://api.testauto.app/api/v1/tasks?status=TODO

# Filter by priority (LOW, MEDIUM, HIGH, URGENT)
https://api.testauto.app/api/v1/tasks?priority=URGENT

# Search by title, description, or labels
https://api.testauto.app/api/v1/tasks?search=api

# Sort by priority or updated timestamp
https://api.testauto.app/api/v1/tasks?sort=priority,desc

Current Contract Snapshot

  • No PATCH endpoint: Task updates are full PUT operations.
  • Comments use text: Comment request bodies are shaped as {"text":"..."}, not content.
  • Search includes labels: API search is not limited to title and description.
  • updatedAt is part of the public response: Successful updates refresh it.

Example: Comment Lifecycle

bash
# Create a comment
curl -X POST https://api.testauto.app/api/v1/tasks/43/comments \
  -H "Content-Type: application/json" \
  -d '{"text":"Document the verified payload shape"}'

# Update a comment
curl -X PUT https://api.testauto.app/api/v1/tasks/43/comments/7 \
  -H "Content-Type: application/json" \
  -d '{"text":"Document the verified payload shape clearly"}'

# Delete a comment
curl -X DELETE https://api.testauto.app/api/v1/tasks/43/comments/7

API V2 - Authenticated (JWT)

Practice testing secured APIs with JWT token authentication.

Test Users

  • admin / admin123
  • user / user123
  • testuser / test123

Step 1: Login

bash
curl -X POST https://api.testauto.app/api/v2/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "username": "user",
    "password": "user123"
  }'

# Response
{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "username": "user",
  "expiresIn": 3600
}

Step 2: Use Token

bash
curl https://api.testauto.app/api/v2/tasks \
  -H "Authorization: Bearer YOUR_TOKEN_HERE"

# All task and comment endpoints require a valid JWT token

Authenticated Comment Example

bash
curl -X POST https://api.testauto.app/api/v2/tasks/43/comments \
  -H "Authorization: Bearer YOUR_TOKEN_HERE" \
  -H "Content-Type: application/json" \
  -d '{"text":"Authenticated note"}'

Token Refresh

bash
curl -X POST https://api.testauto.app/api/v2/auth/refresh \
  -H "Authorization: Bearer YOUR_OLD_TOKEN"

Buggy API - Error Testing

Intentionally flawed API for testing error handling and resilience.

Known Issues

  • 🐌 Random delays: Some requests take 2-5 seconds
  • πŸ’₯ Intermittent 500 errors: ~10% failure rate
  • πŸ”’ Off-by-one pagination: Page numbers sometimes wrong
  • πŸ“¦ Missing fields: Responses occasionally missing data
  • 🎲 Wrong status codes: Returns 200 instead of 201
  • πŸ“… Inconsistent dates: Multiple date formats
  • πŸ” Case sensitivity bugs: Search doesn't always work
  • πŸ—’οΈ Comment and label flows may inherit the same instability: Use the same retry and schema-validation patterns there too

Testing Strategy

javascript
// Test retry logic
async function getTasksWithRetry(maxRetries = 3) {
  for (let i = 0; i < maxRetries; i++) {
    try {
      const response = await fetch('https://api.testauto.app/api/buggy/tasks');
      if (response.ok) return await response.json();
    } catch (error) {
      if (i === maxRetries - 1) throw error;
      await sleep(1000 * (i + 1)); // Exponential backoff
    }
  }
}

// Test timeout handling
const controller = new AbortController();
const timeout = setTimeout(() => controller.abort(), 5000);
fetch('https://api.testauto.app/api/buggy/tasks', { signal: controller.signal });

Testing Frameworks

JavaScript/TypeScript

typescript
// Using Axios
import axios from 'axios';

describe('Task API Tests', () => {
  test('should list tasks', async () => {
    const response = await axios.get('https://api.testauto.app/api/v1/tasks');
    expect(response.status).toBe(200);
    expect(response.data.content).toBeInstanceOf(Array);
  });
  
  test('should create task', async () => {
    const task = {
      title: 'Test task',
      status: 'TODO'
    };
    const response = await axios.post('https://api.testauto.app/api/v1/tasks', task);
    expect(response.status).toBe(201);
    expect(response.data.title).toBe(task.title);
  });
});

Python

python
import requests
import pytest

BASE_URL = 'https://api.testauto.app/api/v1'

def test_list_tasks():
    response = requests.get(f'{BASE_URL}/tasks')
    assert response.status_code == 200
    assert 'content' in response.json()

def test_create_task():
    task = {
        'title': 'Test task',
        'status': 'TODO'
    }
    response = requests.post(f'{BASE_URL}/tasks', json=task)
    assert response.status_code == 201
    assert response.json()['title'] == task['title']

Java (RestAssured)

java
import static io.restassured.RestAssured.*;
import static org.hamcrest.Matchers.*;

public class TaskApiTest {
    @Test
    public void testListTasks() {
        given()
            .baseUri("https://api.testauto.app/api/v1")
        .when()
            .get("/tasks")
        .then()
            .statusCode(200)
            .body("content", notNullValue());
    }
    
    @Test
    public void testCreateTask() {
        String task = "{\"title\": \"Test\", \"status\": \"TODO\"}";
        
        given()
            .baseUri("https://api.testauto.app/api/v1")
            .contentType("application/json")
            .body(task)
        .when()
            .post("/tasks")
        .then()
            .statusCode(201)
            .body("title", equalTo("Test"));
    }
}

Best Practices

  • βœ… Validate status codes: Check 200, 201, 404, 500, etc.
  • βœ… Verify response schema: Ensure all expected fields exist
  • βœ… Test error scenarios: Invalid data, missing fields, auth failures
  • βœ… Check response times: Performance regression testing
  • βœ… Clean up test data: Delete tasks created during tests
  • βœ… Use test data builders: Create reusable test fixtures
  • βœ… Test pagination edge cases: Empty results, last page, etc.
PreviousSSR vs SPANextUI Testing Guide