API Scenarios Cookbook: Params, JSON, Auth, Negative Tests, Localhost
Tags: api, examples, params, json, auth, localhost
Use this as a practical checklist for “real QA” API coverage.
1) Query parameters
Example: GET /comments?postId=1
- Confirm correct filtering.
- Add a negative: postId=999999 (expect empty array or 200 with no results).
2) Path parameters
Example: GET /posts/{id}
- id=1 → 200
- id=999999 → often 404 (or 200 with empty depending on API design)
3) JSON body (POST/PUT/PATCH)
- Always set Content-Type = application/json
- Add a negative body test:
- missing required field
- invalid type
- too long string
4) Headers
- Authorization
- Correlation-ID (x-request-id) for traceability
- Accept: application/json
5) Token handling (recommended pattern)
- Do NOT hardcode tokens in suites.
- Use environment variables (CI/CD secret managers):
- GitHub Actions Secrets
- Azure Key Vault
- Jenkins credentials
6) HTTPS + localhost (developer machine)
Scenario: a developer runs a local API:
- Base URL: http://localhost:8080
- Smoke endpoint: GET /health
If you use https://localhost with a self‑signed cert:
- Trust the certificate in the OS/browser
- Then run your suite normally
7) Performance sanity checks
- Record response times in logs (ms)
- Watch for regressions between builds
8) Pro tip for enterprise audits
- Keep a “Smoke” suite that runs fast (under 2–3 minutes)
- Keep deeper regression suites separate