MCP HubMCP Hub
スキル一覧に戻る

api-testing-patterns

proffesor-for-testing
更新日 Today
117 閲覧
99
21
99
GitHubで表示
その他apirestgraphqlcontract-testingpactintegrationmicroservices

について

このClaudeスキルは、契約テスト、REST/GraphQL検証、統合テストのための包括的なAPIテストパターンを提供します。APIテスト戦略を設計する際や、CI/CDパイプラインで自動化されたAPIテストを実装する際にご利用ください。開発者が契約の検証、認証テスト、エラー処理、本番APIのドリフト監視を行うのに役立ちます。

クイックインストール

Claude Code

推奨
プラグインコマンド推奨
/plugin add https://github.com/proffesor-for-testing/agentic-qe
Git クローン代替
git clone https://github.com/proffesor-for-testing/agentic-qe.git ~/.claude/skills/api-testing-patterns

このコマンドをClaude Codeにコピー&ペーストしてスキルをインストールします

ドキュメント

API Testing Patterns

<default_to_action> When testing APIs or designing API test strategy:

  1. IDENTIFY testing level: contract, integration, or component
  2. TEST the contract, not implementation (consumer perspective)
  3. VALIDATE auth, input, errors, idempotency, concurrency
  4. AUTOMATE in CI/CD with schema validation
  5. MONITOR production APIs for contract drift

Quick Pattern Selection:

  • Microservices → Consumer-driven contracts (Pact)
  • REST APIs → CRUD + pagination + filtering tests
  • GraphQL → Query validation + complexity limits
  • External deps → Mock with component testing
  • Performance → Load test critical endpoints

Critical Success Factors:

  • APIs are contracts - test from consumer perspective
  • Always test error scenarios, not just happy paths
  • Version your API tests to prevent breaking changes </default_to_action>

Quick Reference Card

When to Use

  • Testing REST or GraphQL APIs
  • Validating microservice contracts
  • Designing API test strategies
  • Preventing breaking API changes

Testing Levels

LevelPurposeDependenciesSpeed
ContractProvider-consumer agreementNoneFast
ComponentAPI in isolationMockedFast
IntegrationReal dependenciesDatabase, servicesSlower

Critical Test Scenarios

ScenarioMust TestExample
Auth401/403 handlingExpired token, wrong user
Input400 validationMissing fields, wrong types
Errors500 graceful handlingDB down, timeout
IdempotencyDuplicate preventionSame idempotency key
ConcurrencyRace conditionsParallel checkout

Tools

  • Contract: Pact, Spring Cloud Contract
  • REST: Supertest, REST-assured, Playwright
  • Load: k6, Artillery, JMeter

Agent Coordination

  • qe-api-contract-validator: Validate contracts, detect breaking changes
  • qe-test-generator: Generate tests from OpenAPI spec
  • qe-performance-tester: Load test endpoints
  • qe-security-scanner: API security testing

Contract Testing

Pattern: Consumer-Driven Contracts

// Consumer defines expectations
const contract = {
  request: { method: 'POST', path: '/orders', body: { productId: 'abc', quantity: 2 } },
  response: { status: 201, body: { orderId: 'string', total: 'number' } }
};

// Provider must fulfill
test('order API meets contract', async () => {
  const response = await api.post('/orders', { productId: 'abc', quantity: 2 });

  expect(response.status).toBe(201);
  expect(response.body).toMatchSchema({
    orderId: expect.any(String),
    total: expect.any(Number)
  });
});

When: Microservices, distributed systems, third-party integrations

Critical Test Patterns

Authentication & Authorization

describe('Auth', () => {
  it('rejects without token', async () => {
    expect((await api.get('/orders')).status).toBe(401);
  });

  it('rejects expired token', async () => {
    const expired = generateExpiredToken();
    expect((await api.get('/orders', { headers: { Authorization: `Bearer ${expired}` } })).status).toBe(401);
  });

  it('blocks cross-user access', async () => {
    const userAToken = generateToken({ userId: 'A' });
    expect((await api.get('/orders/user-B-order', { headers: { Authorization: `Bearer ${userAToken}` } })).status).toBe(403);
  });
});

Input Validation

describe('Validation', () => {
  it('validates required fields', async () => {
    const response = await api.post('/orders', { quantity: 2 }); // Missing productId
    expect(response.status).toBe(400);
    expect(response.body.errors).toContain('productId is required');
  });

  it('validates types', async () => {
    expect((await api.post('/orders', { productId: 'abc', quantity: 'two' })).status).toBe(400);
  });

  it('validates ranges', async () => {
    expect((await api.post('/orders', { productId: 'abc', quantity: -5 })).status).toBe(400);
  });
});

Idempotency

it('prevents duplicates with idempotency key', async () => {
  const key = 'unique-123';
  const data = { productId: 'abc', quantity: 2 };

  const r1 = await api.post('/orders', data, { headers: { 'Idempotency-Key': key } });
  const r2 = await api.post('/orders', data, { headers: { 'Idempotency-Key': key } });

  expect(r1.body.orderId).toBe(r2.body.orderId); // Same order
});

Concurrency

it('handles race condition on inventory', async () => {
  const promises = Array(10).fill().map(() =>
    api.post('/orders', { productId: 'abc', quantity: 1 })
  );
  const responses = await Promise.all(promises);
  const successful = responses.filter(r => r.status === 201);

  const inventory = await db.inventory.findById('abc');
  expect(inventory.quantity).toBe(initialQuantity - successful.length);
});

REST CRUD Pattern

describe('Product CRUD', () => {
  let productId;

  it('CREATE', async () => {
    const r = await api.post('/products', { name: 'Widget', price: 10 });
    expect(r.status).toBe(201);
    productId = r.body.id;
  });

  it('READ', async () => {
    const r = await api.get(`/products/${productId}`);
    expect(r.body.name).toBe('Widget');
  });

  it('UPDATE', async () => {
    const r = await api.put(`/products/${productId}`, { price: 12 });
    expect(r.body.price).toBe(12);
  });

  it('DELETE', async () => {
    expect((await api.delete(`/products/${productId}`)).status).toBe(204);
    expect((await api.get(`/products/${productId}`)).status).toBe(404);
  });
});

Best Practices

✅ Do This

  • Test from consumer perspective
  • Use schema validation (not exact values)
  • Test error scenarios extensively
  • Version API tests
  • Automate in CI/CD

❌ Avoid This

  • Testing implementation, not contract
  • Ignoring HTTP semantics (status codes)
  • No negative testing
  • Asserting on field order or extra fields
  • Slow tests (mock external services)

Agent-Assisted API Testing

// Validate contracts
await Task("Contract Validation", {
  spec: 'openapi.yaml',
  endpoint: '/orders',
  checkBreakingChanges: true
}, "qe-api-contract-validator");

// Generate tests from spec
await Task("Generate API Tests", {
  spec: 'openapi.yaml',
  coverage: 'comprehensive',
  include: ['happy-paths', 'input-validation', 'auth-scenarios', 'error-handling']
}, "qe-test-generator");

// Load test
await Task("API Load Test", {
  endpoint: '/orders',
  rps: 1000,
  duration: '5min'
}, "qe-performance-tester");

// Security scan
await Task("API Security Scan", {
  spec: 'openapi.yaml',
  checks: ['sql-injection', 'xss', 'broken-auth', 'rate-limiting']
}, "qe-security-scanner");

Agent Coordination Hints

Memory Namespace

aqe/api-testing/
├── contracts/*        - API contract definitions
├── generated-tests/*  - Generated test suites
├── validation/*       - Contract validation results
└── performance/*      - Load test results

Fleet Coordination

const apiFleet = await FleetManager.coordinate({
  strategy: 'contract-testing',
  agents: ['qe-api-contract-validator', 'qe-test-generator', 'qe-test-executor'],
  topology: 'mesh'
});

await apiFleet.execute({
  services: [
    { name: 'orders-api', consumers: ['checkout-ui', 'admin-api'] },
    { name: 'payment-api', consumers: ['orders-api'] }
  ]
});

Related Skills

Remember

API testing = verifying contracts and behavior, not implementation. Focus on what matters to consumers: correct responses, proper error handling, acceptable performance.

With Agents: Agents automate contract validation, generate comprehensive test suites from specs, and monitor production APIs for drift. Use agents to maintain API quality at scale.

GitHub リポジトリ

proffesor-for-testing/agentic-qe
パス: .claude/skills/api-testing-patterns
agenticqeagenticsfoundationagentsquality-engineering

関連スキル

creating-opencode-plugins

メタ

This skill provides the structure and API specifications for creating OpenCode plugins that hook into 25+ event types like commands, files, and LSP operations. It offers implementation patterns for JavaScript/TypeScript modules that intercept and extend the AI assistant's lifecycle. Use it when you need to build event-driven plugins for monitoring, custom handling, or extending OpenCode's capabilities.

スキルを見る

evaluating-llms-harness

テスト

This Claude Skill runs the lm-evaluation-harness to benchmark LLMs across 60+ standardized academic tasks like MMLU and GSM8K. It's designed for developers to compare model quality, track training progress, or report academic results. The tool supports various backends including HuggingFace and vLLM models.

スキルを見る

polymarket

メタ

This skill enables developers to build applications with the Polymarket prediction markets platform, including API integration for trading and market data. It also provides real-time data streaming via WebSocket to monitor live trades and market activity. Use it for implementing trading strategies or creating tools that process live market updates.

スキルを見る

cloudflare-turnstile

メタ

This skill provides comprehensive guidance for implementing Cloudflare Turnstile as a CAPTCHA-alternative bot protection system. It covers integration for forms, login pages, API endpoints, and frameworks like React/Next.js/Hono, while handling invisible challenges that maintain user experience. Use it when migrating from reCAPTCHA, debugging error codes, or implementing token validation and E2E tests.

スキルを見る