Listen to this Post
APIs are the backbone of modern software systems, and ensuring their reliability is crucial. Below is a comprehensive cheatsheet for verifying API functionality, covering key aspects from request handling to error management.
1. Verify Presence of Expected Fields
Ensures all required data fields are present in the API response to avoid incomplete data processing.
Example Command (Using `curl` and `jq`):
curl -s https://api.example.com/data | jq 'has("required_field")'
2. Verify API Response Format
Validates whether the response matches the expected format (JSON, XML, etc.).
Example Command:
curl -s https://api.example.com/data | jq empty && echo "Valid JSON" || echo "Invalid JSON"
3. Verify Data Accuracy for Each Field
Ensures data integrity by checking field values against expected patterns.
Example Command (Regex Check):
curl -s https://api.example.com/user | jq '.email' | grep -E '^[^@]+@[^@]+.[^@]+$'
4. Verify API Response Time
Monitors latency to ensure optimal performance.
Example Command:
time curl -s -o /dev/null -w "%{time_total}s\n" https://api.example.com/data
5. Verify Request Parameters
Ensures required parameters are correctly passed.
Example Command:
curl -s "https://api.example.com/search?query=test&limit=10" | jq '.results'
6. Verify Request Method
Confirms the API handles HTTP methods (GET, POST, PUT, DELETE) correctly.
Example Command (POST Request):
curl -X POST -H "Content-Type: application/json" -d '{"key":"value"}' https://api.example.com/create
7. Verify Correct URI
Prevents routing errors by ensuring the right endpoint is called.
Example Command:
curl -I https://api.example.com/correct-endpoint | grep "HTTP/2 200"
8. Verify Response Headers
Checks metadata like `Content-Type` and authentication headers.
Example Command:
curl -I https://api.example.com/data | grep -i "content-type: application/json"
9. Verify Error Handling for Missing Payload
Ensures proper error messages when required data is missing.
Example Command:
curl -X POST -H "Content-Type: application/json" https://api.example.com/create | jq '.error'
10. Verify Error Handling for Nonexistent Resources
Validates 404 responses for invalid requests.
Example Command:
curl -I https://api.example.com/nonexistent | grep "HTTP/2 404"
11. Verify API Response Status Code
Confirms the correct HTTP status code is returned.
Example Command:
curl -s -o /dev/null -w "%{http_code}" https://api.example.com/data
12-15. Verify Success Messages for CRUD Operations
Ensures appropriate success responses for Create, Read, Update, and Delete operations.
Example (Resource Creation):
curl -X POST -H "Content-Type: application/json" -d '{"name":"test"}' https://api.example.com/create | jq '.success'
HTTP Status Codes Quick Reference
– `200 OK` – Successful request
– `400 Bad Request` – Invalid input
– `401 Unauthorized` – Authentication failure
– `404 Not Found` – Resource missing
– `500 Internal Server Error` – Server-side failure
You Should Know:
- Rate Limiting Check:
curl -I https://api.example.com/rate-limit | grep "x-ratelimit-remaining"
- Authentication Testing:
curl -H "Authorization: Bearer YOUR_TOKEN" https://api.example.com/secure
- Batch API Testing with
httpx:cat urls.txt | httpx -status-code -title
What Undercode Say:
APIs must be rigorously tested to ensure reliability. Automate checks using tools like Postman, curl, and jq. Monitor performance with `Prometheus` and log errors with ELK Stack. Always validate inputs, handle errors gracefully, and document API behavior.
Expected Output:
A well-tested API returns consistent responses, handles errors clearly, and performs efficiently under load. Use the commands above to verify critical aspects of your API.
Relevant URLs:
References:
Reported By: Ashsau Api – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
