API testing

Author: Tvisha Raji

versioned_docs/version-2.0.0/running-keploy/about-api-testing.md

@@ -0,0 +1,66 @@
+---
+id: about-api-testing
+title: What is API testing?
+sidebar_label: What is API testing?
+description: This section documents what is API Testing and why we need it
+tags:
+  - API testing
+  - API mocks
+  - generate test cases
+  - test automation
+keywords:
+  - api testing
+  - api mocks
+  - automated testing
+  - ai testing
+  - keploy
+  - Gemini
+  - OpenAI
+---
+
+# 📘 What is API Testing?
+
+**API Testing** is a type of software testing that focuses on verifying that **Application Programming Interfaces (APIs)** function as expected. Instead of testing the UI, API tests validate business logic, data responses, and the performance of an application’s backend services.
+
+APIs act as the _bridge_ between different software systems — enabling communication and data exchange. Testing ensures these bridges are **reliable, secure, and performant**.
+
+## ✅ Why Do We Need API Testing?
+
+| Reason                            | Description                                                                                               |
+| --------------------------------- | --------------------------------------------------------------------------------------------------------- |
+| **1. Early Bug Detection**        | API testing is usually done before UI testing, allowing faster detection and resolution of critical bugs. |
+| **2. Improved Test Coverage**     | Validates all layers of the application including edge cases, error codes, and data responses.            |
+| **3. Faster Execution**           | API tests are faster than UI tests, enabling quicker feedback loops in CI/CD pipelines.                   |
+| **4. Language-Agnostic**          | APIs can be tested independently of the frontend technology — enabling broader automation.                |
+| **5. Enhanced Security**          | Validates authentication, authorization, and data privacy mechanisms.                                     |
+| **6. Enables Continuous Testing** | Ideal for automated pipelines to ensure every build meets quality standards.                              |
+
+## 🧪 What Do We Test in an API?
+
+- Request & Response Validation
+- Status Codes (200, 400, 500, etc.)
+- Data Format (JSON, XML, etc.)
+- Authentication & Authorization
+- Load and Performance
+- Edge Cases and Error Handling
+
+## 🔍 Types of API Testing
+
+| Type                                | Description                                                              |
+| ----------------------------------- | ------------------------------------------------------------------------ |
+| **Functional Testing**              | Ensures the API performs expected functions correctly with valid inputs. |
+| **Validation Testing**              | Verifies the API meets business and technical requirements.              |
+| **Load Testing**                    | Evaluates how the API handles a large volume of requests.                |
+| **Security Testing**                | Checks for vulnerabilities, data leaks, and access control.              |
+| **Error/Negative Testing**          | Validates behavior when given invalid inputs or unexpected conditions.   |
+| **Regression Testing**              | Ensures recent changes haven't broken existing functionality.            |
+| **Runtime and Reliability Testing** | Confirms the API's stability and availability during sustained use.      |
+
+## ⚠️ Common Challenges in API Testing
+
+- Lack of proper API documentation
+- Handling dynamic responses and tokens
+- Managing large test data and scenarios
+- Testing across multiple environments (dev, staging, prod)
+- Ensuring version compatibility and backward support
+- Automating complex workflows involving chained API calls

versioned_docs/version-2.0.0/running-keploy/api-test-generator.md

@@ -1,6 +1,6 @@
 ---
 id: api-test-generator
-title: Keploy API Test Generator
+title: API Test Generator
 sidebar_label: API Test Generator
 description: This section documents usecase of Keploy's API Test Generator
 tags:

versioned_docs/version-2.0.0/running-keploy/best-practices-api-testing.md

@@ -0,0 +1,84 @@
+---
+id: best-practices-api-testing
+title: Best Practices for API testing
+sidebar_label: Best Practices
+description: This section documents what best practices can be followed while performing API testing
+tags:
+  - API testing
+  - API mocks
+  - generate test cases
+  - test automation
+  - Best Practices
+keywords:
+  - api testing
+  - api mocks
+  - automated testing
+  - ai testing
+  - keploy
+  - Gemini
+  - OpenAI
+---
+
+## 🛠️ Best Practices in API Testing
+
+API testing ensures the reliability, security, and performance of your application's backend services. To build robust, scalable test suites, here are the best practices you should follow:
+
+### ✅ 1. Define Clear Test Objectives
+
+- Understand what you're testing — functionality, security, performance, or error handling.
+- Align tests with business logic and expected user workflows.
+
+### 🧪 2. Cover Both Positive and Negative Scenarios
+
+- Validate how the API responds to correct input.
+- Intentionally send malformed, missing, or unauthorized requests to verify error handling and status codes.
+
+### 🔄 3. Automate Repetitive Tests
+
+- Integrate API tests into your CI/CD pipeline.
+- Automate regression tests for each deployment or commit.
+
+## 🗃️ 4. Use Data-Driven Testing
+
+- Store request and response data externally (e.g., JSON files or CSV).
+- This keeps test logic clean and improves reusability.
+
+## 🔐 5. Test Authentication and Authorization
+
+- Validate token generation, expiration, and refresh flows.
+- Confirm users cannot access resources outside their scope.
+
+### 🕒 6. Measure Performance and Response Times
+
+- Ensure APIs meet SLAs under normal and load conditions.
+- Monitor response time, throughput, and error rates.
+
+## 🧩 7. Validate Response Structure and Schema
+
+- Check if all fields exist and are in the correct format (JSON schema validation).
+- Flag any unexpected keys or missing data.
+
+### 🌍 8. Handle Environment Configurations
+
+- Avoid hardcoding endpoints and credentials.
+- Use environment variables or configuration files for flexibility across dev, staging, and prod.
+
+### 📦 9. Use Mocks and Stubs When Needed
+
+- Isolate APIs under test from third-party dependencies.
+- Simulate edge cases or failure scenarios not easily reproducible in production.
+
+### 📈 10. Track and Version API Tests
+
+- Keep your API test suite in version control (e.g., Git).
+- Ensure tests are updated as the API evolves (versioning, deprecations).
+
+### 🔁 11. Chain Requests for Workflow Validation
+
+- Simulate real-world flows (e.g., user signup → login → perform action).
+- Maintain session or token data across calls.
+
+### 📊 12. Add Clear Logging and Reporting
+
+- Output test name, request payload, status code, and failure reason.
+- Use structured reports for better traceability in CI/CD tools.

versioned_docs/version-2.0.0/running-keploy/test-generate.md

@@ -0,0 +1,76 @@
+---
+id: test-generate
+title: What is API testing?
+sidebar_label: Generate Tests
+description: This section documents what is API Testing and why we need it
+tags:
+  - API testing
+  - API mocks
+  - generate test cases
+  - test automation
+keywords:
+  - api testing
+  - api mocks
+  - automated testing
+  - ai testing
+  - keploy
+  - Gemini
+  - OpenAI
+---
+
+# 🧪 AI-Powered API Test Suite Generation
+
+Keploy enables you to automatically generate **comprehensive API test suites** for your application using AI, based on live requests, API schemas, and supporting documentation.
+
+## 🚀 Create API Tests in 4 Simple Steps
+
+### 1️⃣ Create a New App
+
+Start by creating a new test project for your application:
+
+- Click on **"Create New App"**
+- Give it a name that matches your app/module
+- Optionally provide a description
+
+### 2️⃣ Input URL or Endpoint
+
+Provide a base URL or a specific API endpoint you want to test:
+
+This helps Keploy identify where the API requests are sent and initiate context-aware test generation.
+
+### 3️⃣ Add Test Inputs
+
+#### 🔐 Authentication (Optional)
+
+If your API requires authentication, make sure you:
+
+- Add API keys or bearer tokens in headers
+- Or include auth flows via test inputs below
+
+#### 📎 Paste cURL Snippets _(Recommended: 3–5)_
+
+Add working `curl` commands representing real user flows. These help the AI infer request types, payloads, and expected outcomes.
+
+```bash
+curl -X POST https://your-api.com/login -d 'username=john&password=secret'
+
+curl -X GET https://your-api.com/users
+
+curl -X PUT https://your-api.com/users/1 -d 'username=john&role=admin'
+```
+
+### 📄 Swagger / OpenAPI Schema
+
+Paste your OpenAPI (Swagger) spec in either **YAML** or **JSON** format.  
+This schema provides a contract for how endpoints behave and enables accurate, schema-driven test generation.
+
+### 4️⃣ Upload Supporting Resources (Optional but Valuable)
+
+Enhance test accuracy by uploading documentation such as:
+
+- 🧾 **API Docs** (Postman collections, Swagger files)
+- 💻 **Code Snippets**
+- 📄 **PRD/BRD documents**
+- 🗂 **Feature briefs or requirement docs**
+
+These help Keploy better understand the intended logic and behavior of each endpoint.

versioned_docs/version-2.0.0/running-keploy/test-run-reports.md

@@ -0,0 +1,118 @@
+---
+id: test-run-reports
+title: What is API testing?
+sidebar_label: Test Report generation
+description: This section documents what is API Testing and why we need it
+tags:
+  - API testing
+  - API mocks
+  - generate test cases
+  - test automation
+keywords:
+  - api testing
+  - api mocks
+  - automated testing
+  - ai testing
+  - keploy
+  - Gemini
+  - OpenAI
+---
+
+# 🧪 Keploy Test Run Reports
+
+Easily track and manage the outcome of your API test runs with detailed reporting on test executions, results, and creators.
+
+## 🔍 Search Test Run Reports
+
+Use the search bar to filter reports by Report ID, creator email, or status.
+
+### 📋 Test Report Summary
+
+- Report ID
+- Created At
+- Creator
+- Total Tests
+- Passed
+- Failed
+- Status
+
+## 🧩 Test Suites
+
+Manage and fine-tune your test suites for each API endpoint. You can edit request inputs, response expectations, and assertion types.
+
+### ✏️ Editable Test Cases
+
+Each test case can be modified to:
+
+- Change the **request payload**, headers, or query parameters
+- Edit or update **expected response bodies**
+- Select or modify **assertion types**
+
+### 🧪 Supported Assertion Types
+
+| Assertion Type     | Description                                                    |
+| ------------------ | -------------------------------------------------------------- |
+| `statusCode`       | Asserts the HTTP status code matches expected (e.g., 200, 404) |
+| `bodyContains`     | Checks if the response body includes specific text or keys     |
+| `jsonEquals`       | Validates deep equality of the JSON response                   |
+| `headerMatch`      | Asserts presence or value of specific response headers         |
+| `schemaValidation` | Validates against OpenAPI/JSON schema if available             |
+| `custom`           | User-defined scripts or match rules                            |
+
+#### ➕ Example Test Case Structure (YAML)
+
+```yaml
+- testName: Get All Users
+  method: GET
+  endpoint: /users
+  expectedStatus: 200
+  assertions:
+    - type: statusCode
+    - type: bodyContains
+      value: "username"
+    - type: jsonEquals
+      expected:
+        - id: 1
+          username: john_doe
+```
+
+### 🧱 Edit Test Step
+
+Easily customize individual test steps to simulate real-world API usage and validate your app’s behavior under different conditions.
+
+#### 🔧 Request Details
+
+Update the request configuration for each test case:
+
+- **Name:**  
+  `Create Object P024 Invalid JSON`
+
+- **Method:**  
+  `POST`
+
+- **URL Path:**  
+  `/objects`
+
+- **Headers:**
+
+  | Key          | Value            |
+  | ------------ | ---------------- |
+  | Content-Type | application/json |
+
+  You can **Add Header** as needed (e.g., Authorization, Custom-Token).
+
+- **Request Body:**
+
+  ````json
+  {
+    "name": "AUT Test Object P024",
+    "data": {
+      "key": "value"
+  }
+  }```
+  ````
+
+### 💾 Actions
+
+- ✅ **Save Changes** — Apply edits to the test step and update the suite.
+- ❌ **Cancel** — Discard any unsaved modifications and revert to the last saved state.

versioned_sidebars/version-2.0.0-sidebars.json

@@ -228,15 +228,29 @@
       "collapsible": true,
       "collapsed": true,
       "items": [
+        {
+              "type": "doc",
+              "label": "What is API testing?",
+              "id": "running-keploy/about-api-testing"
+      },
     {
       "type": "category",
-      "label": "How ATG Works",
+      "label": "How Keploy's ATG Works",
       "collapsible": true,
       "collapsed": true,
       "items": [
+        "running-keploy/test-run-reports",
+           "running-keploy/test-generate",
         "running-keploy/api-test-generator"
+     
       ]
-    }
+    },
+
+    {
+              "type": "doc",
+              "label": "Best Practices for API Testing",
+              "id": "running-keploy/best-practices-api-testing"
+      }
   ]
   }
   ],