Api Testing

Name: Api Testing
Author: secondsky

secondsky/claude-skills·MIT

Write and structure HTTP API tests with Supertest (TypeScript) or httpx/pytest (Python) for REST, GraphQL, auth, and error cases.

Overview

API Testing is an agent skill for the Ship phase that guides HTTP API tests using Supertest/Vitest and httpx/pytest for REST, GraphQL, auth, and error handling.

Install

npx skills add https://github.com/secondsky/claude-skills --skill api-testing

What is this skill?

Dual-stack patterns: Supertest with Vitest (TypeScript) and httpx with pytest (Python)
REST examples for GET/POST, body validation, and expected status assertions
Request helpers for headers, auth, and error-path expectations (e.g., 400 on missing fields)
Install snippets for Bun/npm dev dependencies including @types/supertest
Covers GraphQL, authentication, and error-handling testing themes in the skill charter

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 527 installs on skills.sh; 165 GitHub stars; 3/3 security scanners passed (skills.sh audits).

What problem does it solve?

You have API routes but lack a repeatable test setup for status codes, JSON bodies, auth, and failure paths in TypeScript or Python.

Who is it for?

Indie builders with an Express/Fastify-style or Python ASGI app who want agent-assisted integration tests, not manual Postman-only checks.

Skip if: Pure frontend-only work, browser E2E flows, or performance/load testing without HTTP contract focus.

When should I use this skill?

Adding or refactoring HTTP API tests with Supertest (TS/JS) or httpx/pytest (Python) for REST, GraphQL, auth, and errors.

What do I get? / Deliverables

You get copy-ready test structure and assertions so endpoints are verified in CI-style suites before you merge or deploy.

API test files with describe/it blocks and status/body assertions
Dev dependency install commands for supertest or httpx as documented

Recommended Skills

Agent Browservercel-labs/open-agents

agent-browser is a Vercel Open Agents skill that wraps a CLI for programmatic browser control—ideal when solo builders n…404k installs·5.6k stars

Tddmattpocock/skills

TDD is an agent skill that coaches test-driven development using the red-green-refactor loop for solo and indie builders…214k installs·121k stars

Use My Browserxixu-me/skills

Use My Browser skill forces agents to classify tasks as static-capable or browser-required before choosing tools—staying…198k installs·61 stars

Test Driven Developmentobra/superpowers

Test-Driven Development is an agent skill from obra/superpowers that forces a test-first implementation ritual: write a …118k installs·221k stars

Verification Before Completionobra/superpowers

Verification Before Completion is an agent skill from the Superpowers lineage that blocks premature success claims durin…100k installs·221k stars

Webapp Testinganthropics/skills

webapp-testing is an agent skill for solo builders who need to prove that a local web application actually works—not jus…90.9k installs·148k stars

Journey fit

Primary fit

Ship/testing is where solo builders prove endpoints behave before release—matching REST/GraphQL validation, status codes, and auth flows. Testing subphase covers automated request/response checks that gate merges and deployments for API-first products.

How it compares

Skill templates for in-repo integration tests—not an external API monitoring SaaS or MCP server.

Common Questions / FAQ

Who is api-testing for?

Solo developers building HTTP APIs in TypeScript/JavaScript or Python who want standardized Supertest or httpx/pytest patterns in their repo.

When should I use api-testing?

Use it in Ship/testing while adding or hardening routes—health checks, CRUD flows, auth headers, GraphQL queries, and 4xx validation—before release or hotfix branches.

Is api-testing safe to install?

The skill allows Bash and file edits to add dev dependencies and test files; review the Security Audits panel on this Prism page and inspect generated commands before running them.

SKILL.md

READMESKILL.md - Api Testing

# API Testing

Expert knowledge for testing HTTP APIs with Supertest (TypeScript/JavaScript) and httpx/pytest (Python).

## TypeScript/JavaScript (Supertest)

### Installation

```bash
# Using Bun
bun add -d supertest @types/supertest

# or: npm install -D supertest @types/supertest
```

### Basic Setup

```typescript
import { describe, it, expect } from 'vitest'
import request from 'supertest'
import { app } from './app'

describe('API Tests', () => {
  it('returns health status', async () => {
    const response = await request(app)
      .get('/api/health')
      .expect(200)

    expect(response.body).toEqual({ status: 'ok' })
  })

  it('creates a user', async () => {
    const response = await request(app)
      .post('/api/users')
      .send({ name: 'John Doe', email: 'john@example.com' })
      .expect(201)

    expect(response.body).toMatchObject({
      id: expect.any(Number),
      name: 'John Doe',
    })
  })

  it('validates required fields', async () => {
    await request(app)
      .post('/api/users')
      .send({ name: 'John Doe' })
      .expect(400)
  })
})
```

### Request Methods

```typescript
// GET
await request(app).get('/api/users').expect(200)

// POST with body
await request(app)
  .post('/api/users')
  .send({ name: 'John' })
  .expect(201)

// PUT
await request(app)
  .put('/api/users/1')
  .send({ name: 'Jane' })
  .expect(200)

// DELETE
await request(app).delete('/api/users/1').expect(204)
```

### Headers and Query Parameters

```typescript
// Set headers
await request(app)
  .get('/api/protected')
  .set('Authorization', 'Bearer token123')
  .expect(200)

// Query parameters
await request(app)
  .get('/api/users')
  .query({ page: 1, limit: 10 })
  .expect(200)
```

### Authentication Testing

```typescript
describe('Authentication', () => {
  let authToken: string

  beforeAll(async () => {
    const response = await request(app)
      .post('/api/auth/login')
      .send({ email: 'user@example.com', password: 'password123' })
      .expect(200)

    authToken = response.body.token
  })

  it('accesses protected endpoint', async () => {
    await request(app)
      .get('/api/protected')
      .set('Authorization', `Bearer ${authToken}`)
      .expect(200)
  })

  it('rejects without token', async () => {
    await request(app).get('/api/protected').expect(401)
  })
})
```

### Error Handling

```typescript
it('handles validation errors', async () => {
  const response = await request(app)
    .post('/api/users')
    .send({ email: 'invalid-email' })
    .expect(400)

  expect(response.body).toMatchObject({
    error: 'Validation failed',
    details: expect.any(Array),
  })
})

it('handles not found', async () => {
  await request(app).get('/api/users/999999').expect(404)
})
```

## Python (httpx + pytest)

### Installation

```bash
uv add --dev httpx pytest-asyncio
```

### Basic Setup

```python
import pytest
from fastapi.testclient import TestClient
from main import app

client = TestClient(app)

def test_health_check():
    response = client.get("/api/health")
    assert response.status_code == 200
    assert response.json() == {"status": "ok"}

def test_create_user():
    response = client.post(
        "/api/users",
        json={"name": "John Doe", "email": "john@example.com"}
    )
    assert response.status_code == 201
    data = response.json()
    assert data["name"] == "John Doe"
    assert "id" in data

def test_not_found():
    response = client.get("/api/users/999")
    assert response.status_code == 404
```

### Fixtures

```python
@pytest.fixture
def auth_token(client):
    response = client.post(
        "/api/auth/login",
        json={"email": "user@example.com", "password": "password123"}
    )

What is this skill?

Dual-stack patterns: Supertest with Vitest (TypeScript) and httpx with pytest (Python)

REST examples for GET/POST, body validation, and expected status assertions

Request helpers for headers, auth, and error-path expectations (e.g., 400 on missing fields)

Install snippets for Bun/npm dev dependencies including @types/supertest

Covers GraphQL, authentication, and error-handling testing themes in the skill charter

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 527 installs on skills.sh; 165 GitHub stars; 3/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

SKILL.md

READMESKILL.md - Api Testing

# API Testing

Expert knowledge for testing HTTP APIs with Supertest (TypeScript/JavaScript) and httpx/pytest (Python).

## TypeScript/JavaScript (Supertest)

### Installation

```bash
# Using Bun
bun add -d supertest @types/supertest

# or: npm install -D supertest @types/supertest
```

### Basic Setup

```typescript
import { describe, it, expect } from 'vitest'
import request from 'supertest'
import { app } from './app'

describe('API Tests', () => {
  it('returns health status', async () => {
    const response = await request(app)
      .get('/api/health')
      .expect(200)

    expect(response.body).toEqual({ status: 'ok' })
  })

  it('creates a user', async () => {
    const response = await request(app)
      .post('/api/users')
      .send({ name: 'John Doe', email: 'john@example.com' })
      .expect(201)

    expect(response.body).toMatchObject({
      id: expect.any(Number),
      name: 'John Doe',
    })
  })

  it('validates required fields', async () => {
    await request(app)
      .post('/api/users')
      .send({ name: 'John Doe' })
      .expect(400)
  })
})
```

### Request Methods

```typescript
// GET
await request(app).get('/api/users').expect(200)

// POST with body
await request(app)
  .post('/api/users')
  .send({ name: 'John' })
  .expect(201)

// PUT
await request(app)
  .put('/api/users/1')
  .send({ name: 'Jane' })
  .expect(200)

// DELETE
await request(app).delete('/api/users/1').expect(204)
```

### Headers and Query Parameters

```typescript
// Set headers
await request(app)
  .get('/api/protected')
  .set('Authorization', 'Bearer token123')
  .expect(200)

// Query parameters
await request(app)
  .get('/api/users')
  .query({ page: 1, limit: 10 })
  .expect(200)
```

### Authentication Testing

```typescript
describe('Authentication', () => {
  let authToken: string

  beforeAll(async () => {
    const response = await request(app)
      .post('/api/auth/login')
      .send({ email: 'user@example.com', password: 'password123' })
      .expect(200)

    authToken = response.body.token
  })

  it('accesses protected endpoint', async () => {
    await request(app)
      .get('/api/protected')
      .set('Authorization', `Bearer ${authToken}`)
      .expect(200)
  })

  it('rejects without token', async () => {
    await request(app).get('/api/protected').expect(401)
  })
})
```

### Error Handling

```typescript
it('handles validation errors', async () => {
  const response = await request(app)
    .post('/api/users')
    .send({ email: 'invalid-email' })
    .expect(400)

  expect(response.body).toMatchObject({
    error: 'Validation failed',
    details: expect.any(Array),
  })
})

it('handles not found', async () => {
  await request(app).get('/api/users/999999').expect(404)
})
```

## Python (httpx + pytest)

### Installation

```bash
uv add --dev httpx pytest-asyncio
```

### Basic Setup

```python
import pytest
from fastapi.testclient import TestClient
from main import app

client = TestClient(app)

def test_health_check():
    response = client.get("/api/health")
    assert response.status_code == 200
    assert response.json() == {"status": "ok"}

def test_create_user():
    response = client.post(
        "/api/users",
        json={"name": "John Doe", "email": "john@example.com"}
    )
    assert response.status_code == 201
    data = response.json()
    assert data["name"] == "John Doe"
    assert "id" in data

def test_not_found():
    response = client.get("/api/users/999")
    assert response.status_code == 404
```

### Fixtures

```python
@pytest.fixture
def auth_token(client):
    response = client.post(
        "/api/auth/login",
        json={"email": "user@example.com", "password": "password123"}
    )

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is api-testing for?

When should I use api-testing?

Is api-testing safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is api-testing for?

When should I use api-testing?

Is api-testing safe to install?

SKILL.md