A focused API sandbox designed to simulate real-world integration failure patterns.
This project models common production scenarios encountered in SaaS and partner integrations, including authentication errors, authorization gaps, schema mismatches, idempotency conflicts, rate limiting, and unstable upstream dependencies.
The goal is not feature breadth, but controlled failure simulation and disciplined debugging.
The service is structured around explicit middleware boundaries:
- Authentication (JWT validation + expiry)
- Authorization (scope-based access control)
- Schema validation (Zod)
- Idempotency enforcement (in-memory key store)
- Rate limiting (Retry-After compliant)
- Centralized error envelope
- Request correlation via
X-Request-Id - OpenAPI 3.0 documentation
- Automated integration verification via Newman
Each concern is isolated and composable.
The API intentionally produces:
- 401 Unauthorized — missing, invalid, or expired token
- 403 Forbidden — valid token, insufficient scope
- 400 Bad Request — schema validation or header errors
- 409 Conflict — idempotency key reuse
- 429 Too Many Requests — rate limiting with
Retry-After - 500 Internal Error — simulated upstream instability
These reflect typical integration support and debugging workflows.
Install dependencies:
npm install
Start the service:
npm run dev
Base URL:
Swagger documentation:
The repository includes a Postman collection and environment.
To run a full integration sequence:
npm run demo
This command:
- Starts the server
- Waits for readiness
- Executes the Postman collection via Newman
- Validates response codes
- Shuts down the server
This enables deterministic validation of all simulated failure paths.
- Acquire token via
POST /auth/token - Create order (
POST /orders) - Trigger idempotency conflict (409)
- Trigger validation error (400)
- Trigger upstream instability (500)
- Trigger rate limiting (429)
All responses include structured error envelopes and correlation IDs.
Every response includes:
requestIdin bodyX-Request-Idheader- Structured error codes
See docs/runbook.md for failure analysis patterns and retry strategies.
This project demonstrates:
- Middleware-driven Express architecture
- Clear separation of concerns
- Explicit failure modeling
- Defensive API design
- Idempotent resource creation patterns
- Scope-based authorization
- OpenAPI-driven documentation
- CLI-driven integration validation
The emphasis is on integration reliability, diagnosability, and failure transparency rather than feature complexity.
Designed for engineers working in:
- API integrations
- SaaS platforms
- B2B partner ecosystems
- Payment or order processing systems
- Developer platform teams
This repository serves as a compact, controlled reference implementation of common integration edge cases.