API Testing Guide
Complete guide for testing API endpoints.
Testing Tools
cURL
Installation: Pre-installed on macOS/Linux, download for Windows
Basic Usage:
curl -X GET https://your-domain.com/api/endpoint
Postman
Download: Postman
Features:
- GUI for API testing
- Collection management
- Environment variables
- Automated testing
HTTPie
Installation: pip install httpie
Usage:
http GET https://your-domain.com/api/endpoint
Endpoint Testing
Analytics Endpoint
POST /api/analytics
curl -X POST https://your-domain.com/api/analytics \
-H "Content-Type: application/json" \
-d '{
"event": "page_view",
"properties": {
"page": "/home",
"userId": "user-123"
}
}'
Expected Response:
{
"success": true,
"eventId": "event-123"
}
Errors Endpoint
POST /api/errors
curl -X POST https://your-domain.com/api/errors \
-H "Content-Type: application/json" \
-d '{
"error": {
"message": "Test error",
"stack": "Error stack trace"
},
"severity": "high",
"context": {
"userId": "user-123"
}
}'
Events Endpoint
POST /api/events
curl -X POST https://your-domain.com/api/events \
-H "Content-Type: application/json" \
-d '{
"name": "button_click",
"category": "interaction",
"properties": {
"buttonId": "submit-button"
}
}'
Metrics Endpoint
POST /api/metrics
curl -X POST https://your-domain.com/api/metrics \
-H "Content-Type: application/json" \
-d '{
"name": "page_load_time",
"value": 1500,
"unit": "ms"
}'
Testing Scenarios
Success Cases
# Valid request
curl -X POST /api/analytics \
-H "Content-Type: application/json" \
-d '{"event": "page_view"}'
Error Cases
# Missing required field
curl -X POST /api/analytics \
-H "Content-Type: application/json" \
-d '{}'
# Invalid JSON
curl -X POST /api/analytics \
-H "Content-Type: application/json" \
-d '{invalid json}'
Rate Limiting
# Test rate limiting (make 100+ requests quickly)
for i in {1..110}; do
curl -X POST /api/analytics \
-H "Content-Type: application/json" \
-d '{"event": "test"}'
done
Postman Collection
Import Collection
{
"info": {
"name": "AI Store API",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
},
"item": [
{
"name": "Analytics",
"request": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"event\": \"page_view\",\n \"properties\": {}\n}"
},
"url": {
"raw": "{{baseUrl}}/api/analytics",
"host": ["{{baseUrl}}"],
"path": ["api", "analytics"]
}
}
}
]
}
Environment Variables
{
"name": "Development",
"values": [
{
"key": "baseUrl",
"value": "http://localhost:3000"
}
]
}
Automated Testing
Jest Tests
import { POST } from '@/app/api/analytics/route';
describe('POST /api/analytics', () => {
it('should accept valid request', async () => {
const request = new Request('http://localhost/api/analytics', {
method: 'POST',
body: JSON.stringify({
event: 'page_view',
properties: {},
}),
});
const response = await POST(request);
const data = await response.json();
expect(response.status).toBe(200);
expect(data.success).toBe(true);
});
});
Testing Checklist
Functional Testing
- [ ] Valid requests return 200
- [ ] Invalid requests return 400
- [ ] Missing fields return 400
- [ ] Rate limiting works
- [ ] Authentication works (if applicable)
Performance Testing
- [ ] Response time < 200ms
- [ ] Handles concurrent requests
- [ ] No memory leaks
- [ ] Proper error handling
Security Testing
- [ ] Input validation works
- [ ] XSS prevention
- [ ] SQL injection prevention
- [ ] Rate limiting prevents abuse