The easiest way to test your API using an OpenAPI 2.x / 3.x specification
OpenAPI Tester is an automated API testing service that uses the OpenAPI specification to automatically generate and run testcases against publicly accessible API endpoints.
We’ve designed OpenAPI Tester to be easy to integrate into your pipeline. If your API specification is in swagger.yaml, you can run the following command to generate and run testcases:
curl -XPOST -F spec=@swagger.yaml https://api.openapitester.io/v1/test
OpenAPI Tester can be called with a POST request, providing your specification and optional configuration variables as form fields.
If your specification is split across multiple files, provide a zip file in the field spec_zip and the filename of the main specification file in spec_zip_entrypoint:
# Create a zip file with swagger.yaml and the directories 'paths' and 'components'
zip -r spec.zip swagger.yaml paths/ components/
# Pass the zip file to OpenAPI Tester
curl -XPOST -F spec_zip=@spec.zip -F spec_zip_entrypoint=swagger.yaml https://api.openapitester.io/v1/test
The API provides a number of configuration variables. The configuration variables can be provided as YAML by uploading a file in the config field, and by passing individual configuration variables as additional fields in your test request.
curl -XPOST -F spec=@swagger.yaml -F config=@openapitester.yaml https://api.openapitester.io/v1/test
curl -XPOST \
-F spec=@swagger.yaml \
-F serverBasePath=https://api.my-service.co.uk/v2 \
https://api.openapitester.io/v1/test
All configuration variables are optional unless specified below.
| Variable | Description | Example value |
|---|---|---|
| auth.endpoint | Endpoint used for authentication (must be included in the specification). Required if any other auth. configuration variables are defined. | /token |
| auth.body | An object specifying the body of the authentication request. | { 'username': 'foo', 'password': 'bar' } |
| auth.bearerTokenFromAuthResponseBodyKey | If the authentication endpoint returns a JSON object, which key of it should be used as a bearer token in subsequent requests? | access_token |
| serverBasePath | The base path of the server to be used for testing. If undefined, the first server in the specification will be used. | https://api.my-service.co.uk/v1 |
The default assertion for all paths defined in the specification is that the return status code must be 200 when all required parameters are passed as defined in the example.
You can define other assertions in the configuration file. Example:
assertions:
/token:
statusCodes:
- 200
minContentLength: 50
contentIncludes: "access_token"
The following assertions can be defined for any path in the assertions section of the configuration file:
| Assertion | Description | Example value | Type |
|---|---|---|---|
| statusCodes | List of allowed statuscodes | [200] | list |
| minContentLength | Minimum length of returned content | 50 | integer |
| contentIncludes | A string which must be included in the returned content | access_token | string |
You can upload a configuration file and override certain values with additional fields, as follows:
curl -XPOST \
-F spec=@swagger.yaml \
-F config=@openapitester.yaml \
-F auth.body.username=foo \
-F auth.body.password=bar \
https://api.openapitester.io/v1/test
If you have found a bug, you can open an Issue in this repository.
For commercial support, reach out to Releaseworks: https://release.works