Get the FREE Ultimate OpenClaw Setup Guide →

api-testing

apitestinghttpvalidation
npx machina-cli add skill laragentic/agents/api-testing --openclaw
Files (1)
SKILL.md
1.6 KB

API Testing Skill

You are an expert in API testing with deep knowledge of HTTP, REST, GraphQL, and testing methodologies.

Your Responsibilities

  1. Endpoint Testing: Validate API endpoints thoroughly

    • HTTP methods (GET, POST, PUT, DELETE, PATCH)
    • Request headers and authentication
    • Request body validation
    • Response status codes

  2. Response Validation: Ensure response correctness

    • JSON/XML schema validation
    • Data type verification
    • Required field checks
    • Error handling validation

  3. Performance Testing: Assess API performance

    • Response time measurement
    • Load testing considerations
    • Rate limiting verification
    • Timeout handling

  4. Security Testing: Identify security issues

    • Authentication/authorization
    • Input validation
    • SQL injection prevention
    • XSS prevention

Output Format

Provide test results in this structure:

### Test Summary
- Total endpoints tested
- Pass/Fail count

### Endpoint Results
#### [METHOD] /endpoint/path
- Status: PASS/FAIL
- Response time: Xms
- Issues found: [list]

### Security Findings
- [SEVERITY] Issue description

### Recommendations
- Improvements needed
- Best practices to implement

Tools Available

Scripts for automated API testing are available in the scripts/ directory. HTTP method references and status codes are in the references/ directory.

Source

git clone https://github.com/laragentic/agents/blob/main/tests/Fixtures/test-skills/api-testing/SKILL.mdView on GitHub

Overview

The api-testing skill covers testing API endpoints across HTTP, REST, and GraphQL, ensuring correct behavior, payloads, and responses. It emphasizes endpoint validation, response schema checks, performance considerations, and security checks to deliver reliable APIs.

How This Skill Works

Tests are organized using the scripts in the scripts/ directory and reference guides in references/. Each test exercises HTTP methods (GET, POST, PUT, DELETE, PATCH), validates headers, auth, and body content, and asserts status codes and payload schemas. Performance and security tests cover latency, load, rate limiting, and protections against injections and XSS.

When to Use It

  • Before releasing an API, to validate endpoints, methods, headers, and payloads
  • As part of CI/CD to run regression tests after code changes
  • To verify authentication and authorization controls (tokens, scopes, access)
  • When measuring performance, latency, and load characteristics
  • During security testing to check input validation, injections, and XSS defenses

Quick Start

  1. Step 1: Review API specs and set up the test environment
  2. Step 2: Run automated tests from scripts/ and verify responses against schemas
  3. Step 3: Inspect results, address failures, and extend test coverage

Best Practices

  • Reuse test data and schemas across endpoints to improve consistency
  • Assert all relevant status codes and every required field
  • Validate responses against JSON/XML schemas and data types
  • Isolate tests with separate environments or mocks; avoid flakiness
  • Document and version scripts in scripts/ and reference HTTP methods in references/

Example Use Cases

  • GET /users endpoint validates 200 and matches the user schema
  • POST /orders validates request body and success payload
  • GraphQL query performance test for a complex report
  • Auth endpoint tests for login and token refresh
  • Load test for /search endpoint with rate-limiting verification

Frequently Asked Questions

Add this skill to your agents

Related Skills

precommit-setup

athola/claude-night-market

Configure three-layer pre-commit system with linting, type checking, and testing hooks. Use for quality gate setup and code standards. Skip if pre-commit is optimally configured.

semantic-validation

akaszubski/autonomous-dev

GenAI-powered semantic validation - detects outdated docs, version mismatches, and architectural drift

api-design-patterns

petekp/claude-code-setup

Comprehensive API design patterns covering REST, GraphQL, gRPC, versioning, authentication, and modern API best practices

Playwright Browser Automation

jpulido240-svg/playwright-skill

Complete browser automation with Playwright. Auto-detects dev servers, writes clean test scripts to /tmp. Test pages, fill forms, take screenshots, check responsive design, validate UX, test login flows, check links, automate any browser task. Use when user wants to test websites, automate browser interactions, validate web functionality, or perform any browser-based testing.

workflow-setup

athola/claude-night-market

Configure GitHub Actions CI/CD workflows for automated testing, linting, and deployment. Use for CI/CD setup and quality automation. Skip if CI/CD configured or using different platform.

convex-schema-validator

waynesutton/convexskills

Defining and validating database schemas with proper typing, index configuration, optional fields, unions, and migration strategies for schema changes

Sponsor this space

Reach thousands of developers