api-testing
Use this skill when testing REST or GraphQL APIs, implementing contract tests, setting up mock servers, or validating API behavior. Triggers on API testing, Postman, contract testing, Pact, mock servers, MSW, HTTP assertions, response validation, and any task requiring API test automation.
engineering api-testingcontract-testingmock-serversrestgraphqlWhat is api-testing?
Use this skill when testing REST or GraphQL APIs, implementing contract tests, setting up mock servers, or validating API behavior. Triggers on API testing, Postman, contract testing, Pact, mock servers, MSW, HTTP assertions, response validation, and any task requiring API test automation.
Quick Start
- Open your terminal or command prompt
- Run:
npx skills add AbsolutelySkilled/AbsolutelySkilled --skill api-testing - Start your AI coding agent (Claude Code, Cursor, Gemini CLI, or any supported agent)
- The api-testing skill is now active and ready to use
api-testing
api-testing is a production-ready AI agent skill for claude-code, gemini-cli, openai-codex. Testing REST or GraphQL APIs, implementing contract tests, setting up mock servers, or validating API behavior.
Quick Facts
| Field | Value |
|---|---|
| Category | engineering |
| Version | 0.1.0 |
| Platforms | claude-code, gemini-cli, openai-codex |
| License | MIT |
How to Install
- Make sure you have Node.js installed on your machine.
- Run the following command in your terminal:
npx skills add AbsolutelySkilled/AbsolutelySkilled --skill api-testing- The api-testing skill is now available in your AI coding agent (Claude Code, Gemini CLI, OpenAI Codex, etc.).
Overview
A comprehensive framework for testing REST and GraphQL APIs with confidence. Covers the full spectrum from unit-level handler tests to cross-service contract tests, with emphasis on what to test at each layer and why - not just syntax. Designed for engineers who can write tests but need opinionated guidance on strategy, tooling, and avoiding common traps.
Tags
api-testing contract-testing mock-servers rest graphql
Platforms
- claude-code
- gemini-cli
- openai-codex
Related Skills
Pair api-testing with these complementary skills:
Frequently Asked Questions
What is api-testing?
Use this skill when testing REST or GraphQL APIs, implementing contract tests, setting up mock servers, or validating API behavior. Triggers on API testing, Postman, contract testing, Pact, mock servers, MSW, HTTP assertions, response validation, and any task requiring API test automation.
How do I install api-testing?
Run npx skills add AbsolutelySkilled/AbsolutelySkilled --skill api-testing in your terminal. The skill will be immediately available in your AI coding agent.
What AI agents support api-testing?
This skill works with claude-code, gemini-cli, openai-codex. Install it once and use it across any supported AI coding agent.
Maintainers
Generated from AbsolutelySkilled
SKILL.md
API Testing
A comprehensive framework for testing REST and GraphQL APIs with confidence. Covers the full spectrum from unit-level handler tests to cross-service contract tests, with emphasis on what to test at each layer and why - not just syntax. Designed for engineers who can write tests but need opinionated guidance on strategy, tooling, and avoiding common traps.
When to use this skill
Trigger this skill when the user:
- Writes tests for a REST or GraphQL API endpoint
- Sets up integration or end-to-end tests for an HTTP service
- Implements contract testing between a consumer and provider
- Creates mock servers or stubs for downstream dependencies
- Validates response schemas or payload shapes
- Tests authentication flows (JWT, OAuth, API keys)
- Tests error handling, edge cases, or failure scenarios
- Asks about Supertest, Pact, MSW, Zod validation, or Apollo testing
Do NOT trigger this skill for:
- UI/component testing concerns (use a frontend-testing skill instead)
- Load/performance testing - that is a separate discipline with different tooling
Key principles
Test behavior, not implementation - Assert on what the API returns to callers, not on how internal functions are wired together. An endpoint test that reaches the router and asserts on status code + response body is worth ten unit tests on internal helpers.
Isolate at the right boundary - Unit tests mock everything below the handler. Integration tests use a real database (test container or in-memory). Contract tests verify only the interface promise. Choose the boundary that catches the most bugs with the least brittleness.
Schema-first assertions - Validate response shape with a schema (Zod, JSON Schema) rather than field-by-field assertions. One schema assertion catches structural regressions that 20 individual assertions would miss.
Contracts are promises, not snapshots - A contract test verifies that a provider will always satisfy what a consumer expects. It must be run on every deploy. A snapshot that drifts silently is worse than no test.
Mock at the network boundary, not inside functions - Use MSW or nock to intercept HTTP calls at the network layer. Mocking individual imported functions couples tests to implementation details and breaks on refactors.
Core concepts
API test types
| Type | What it tests | Scope | Speed |
|---|---|---|---|
| Unit | Handler logic, middleware, validators | Single function | Fast |
| Integration | Full request cycle with real DB | Service in isolation | Medium |
| Contract | Interface promise between consumer + provider | Two services | Medium |
| End-to-end | Complete user journey across services | Full stack | Slow |
Default strategy: Integration tests for business logic (they give the most confidence per line of test code). Unit tests for pure transformation logic. Contract tests at service boundaries. E2E only for the critical happy path.
Mock vs stub vs fake
| Term | Definition | Use for |
|---|---|---|
| Mock | Records calls and verifies expectations | Verifying side effects (emails sent, events published) |
| Stub | Returns canned responses without recording | Replacing slow/expensive dependencies |
| Fake | Working implementation of a lighter version | In-memory DB, in-process message queue |
Prefer fakes over stubs over mocks. Mocks that verify call counts are fragile and break whenever you refactor internal wiring.
Schema validation
Validate response schemas at the integration test level. Use Zod because it:
- Produces TypeScript types from the same definition (no duplication)
- Gives precise error messages when assertions fail
- Can be shared between test and production code for dual validation
Common tasks
Test REST endpoints with Supertest
Supertest binds directly to an Express/Fastify app without starting a real HTTP server. Use it for integration tests that exercise the full request pipeline.
// tests/users.test.ts
import request from 'supertest';
import { app } from '../src/app';
import { db } from '../src/db';
beforeEach(async () => {
await db.migrate.latest();
await db.seed.run();
});
afterEach(async () => {
await db.migrate.rollback();
});
describe('GET /users/:id', () => {
it('returns 200 with user data for a valid id', async () => {
const res = await request(app)
.get('/users/1')
.set('Authorization', 'Bearer test-token')
.expect(200);
expect(res.body).toMatchObject({
id: 1,
email: expect.stringContaining('@'),
createdAt: expect.any(String),
});
});
it('returns 404 when user does not exist', async () => {
const res = await request(app)
.get('/users/99999')
.set('Authorization', 'Bearer test-token')
.expect(404);
expect(res.body).toMatchObject({
type: expect.stringContaining('not-found'),
status: 404,
});
});
it('returns 401 when no auth token is provided', async () => {
await request(app).get('/users/1').expect(401);
});
});Test GraphQL APIs with Apollo Server Testing
Use @apollo/server test utilities to execute operations in-process. This
avoids the overhead of HTTP while still exercising the full resolver chain.
// tests/graphql/users.test.ts
import { ApolloServer } from '@apollo/server';
import { typeDefs } from '../src/schema';
import { resolvers } from '../src/resolvers';
import { createTestContext } from './helpers/context';
let server: ApolloServer;
beforeAll(async () => {
server = new ApolloServer({ typeDefs, resolvers });
await server.start();
});
afterAll(async () => {
await server.stop();
});
describe('Query.user', () => {
it('returns user fields when authenticated', async () => {
const { body } = await server.executeOperation(
{
query: `query GetUser($id: ID!) {
user(id: $id) { id email createdAt }
}`,
variables: { id: '1' },
},
{ contextValue: createTestContext({ userId: 'viewer-1' }) }
);
expect(body.kind).toBe('single');
if (body.kind === 'single') {
expect(body.singleResult.errors).toBeUndefined();
expect(body.singleResult.data?.user).toMatchObject({
id: '1',
email: expect.any(String),
});
}
});
it('returns null for a user that does not exist', async () => {
const { body } = await server.executeOperation(
{ query: `query { user(id: "nonexistent") { id } }` },
{ contextValue: createTestContext({ userId: 'viewer-1' }) }
);
if (body.kind === 'single') {
expect(body.singleResult.data?.user).toBeNull();
}
});
});Contract testing with Pact
For detailed Pact consumer and provider verification examples, see references/contract-and-auth-testing.md.
Mock APIs with MSW
MSW intercepts at the Service Worker level in browsers and at the network layer in Node.js. Use it to replace real API calls in tests without patching imports.
// tests/msw/handlers.ts
import { http, HttpResponse } from 'msw';
export const handlers = [
http.get('https://api.example.com/users/:id', ({ params }) => {
if (params.id === '404') {
return HttpResponse.json({ type: 'not-found', status: 404 }, { status: 404 });
}
return HttpResponse.json({ id: params.id, email: 'test@example.com' });
}),
http.post('https://api.example.com/orders', async ({ request }) => {
const body = await request.json();
return HttpResponse.json({ id: 'order-1', ...body }, { status: 201 });
}),
];
// tests/setup.ts
import { setupServer } from 'msw/node';
import { handlers } from './msw/handlers';
export const server = setupServer(...handlers);
beforeAll(() => server.listen({ onUnhandledRequest: 'error' }));
afterEach(() => server.resetHandlers());
afterAll(() => server.close());
// Override handlers for a single test
it('handles API errors gracefully', async () => {
server.use(
http.get('https://api.example.com/users/1', () =>
HttpResponse.json({ message: 'Internal Server Error' }, { status: 500 })
)
);
// test code...
});Validate response schemas with Zod
Define schemas once and use them in both production code and tests. A failed schema parse gives a precise error pointing to exactly which field is wrong.
// src/schemas/user.ts
import { z } from 'zod';
export const UserSchema = z.object({
id: z.string().uuid(),
email: z.string().email(),
role: z.enum(['admin', 'user', 'viewer']),
createdAt: z.string().datetime(),
profile: z.object({
displayName: z.string().min(1),
avatarUrl: z.string().url().nullable(),
}),
});
export type User = z.infer<typeof UserSchema>;
// tests/users.schema.test.ts
import request from 'supertest';
import { app } from '../src/app';
import { UserSchema } from '../src/schemas/user';
it('GET /users/:id response conforms to UserSchema', async () => {
const res = await request(app)
.get('/users/1')
.set('Authorization', 'Bearer test-token')
.expect(200);
const result = UserSchema.safeParse(res.body);
if (!result.success) {
throw new Error(`Schema validation failed: ${result.error.message}`);
}
});
// Validate a list response
it('GET /users response items conform to UserSchema', async () => {
const res = await request(app).get('/users').expect(200);
const listSchema = z.object({
data: z.array(UserSchema),
pagination: z.object({ nextCursor: z.string().nullable(), hasNextPage: z.boolean() }),
});
expect(() => listSchema.parse(res.body)).not.toThrow();
});Test authentication flows
For detailed authentication flow test examples (missing token, expired token, wrong scope, valid token), see references/contract-and-auth-testing.md.
Test error handling and edge cases
Error paths are the most likely to be undertested. Cover 4xx and 5xx responses explicitly, including the shape of error bodies.
// tests/error-handling.test.ts
import request from 'supertest';
import { app } from '../src/app';
import { db } from '../src/db';
describe('Error handling', () => {
it('returns RFC 7807 error format for 422 validation failures', async () => {
const res = await request(app)
.post('/users')
.set('Authorization', 'Bearer test-token')
.send({ email: 'not-an-email' })
.expect(422);
expect(res.body).toMatchObject({
type: expect.stringContaining('validation'),
title: expect.any(String),
status: 422,
errors: expect.arrayContaining([
expect.objectContaining({ field: 'email' }),
]),
});
});
it('returns 409 when creating a user with a duplicate email', async () => {
await request(app)
.post('/users')
.set('Authorization', 'Bearer test-token')
.send({ email: 'duplicate@example.com', password: 'secret123' })
.expect(201);
await request(app)
.post('/users')
.set('Authorization', 'Bearer test-token')
.send({ email: 'duplicate@example.com', password: 'secret123' })
.expect(409);
});
it('does not leak stack traces in 500 responses', async () => {
jest.spyOn(db, 'query').mockRejectedValueOnce(new Error('DB connection lost'));
const res = await request(app)
.get('/users/1')
.set('Authorization', 'Bearer test-token')
.expect(500);
expect(JSON.stringify(res.body)).not.toContain('Error:');
expect(JSON.stringify(res.body)).not.toContain('at ');
expect(res.body.status).toBe(500);
});
it('returns 400 for malformed JSON body', async () => {
await request(app)
.post('/users')
.set('Authorization', 'Bearer test-token')
.set('Content-Type', 'application/json')
.send('{ invalid json }')
.expect(400);
});
});Anti-patterns
| Mistake | Why it's wrong | What to do instead |
|---|---|---|
| Testing only the happy path | Error paths are where bugs live in production; clients rely on error contracts too | Cover 401, 403, 404, 409, 422, 500 for every resource |
| Mocking the module under test | Circular: if you mock the handler, you're not testing the handler | Mock dependencies (DB, HTTP calls), not the code being tested |
| Sharing state between tests | One test leaks data into the next; flaky tests that fail in suites but pass alone | Seed and tear down in beforeEach/afterEach; use transactions that roll back |
| Contract tests that are just snapshots | Snapshots catch no semantic regressions; they auto-update and drift silently | Use Pact with structured matchers; run provider verification in CI |
| Testing internal implementation details | Tests break on refactors even when behavior is unchanged; slows iteration | Test via the public HTTP interface; verify outputs, not internal calls |
| Ignoring response headers | Security and cache headers are part of the contract; clients depend on them | Assert Content-Type, Cache-Control, X-Request-Id, and auth headers |
Gotchas
Shared test database state causes flaky tests - Tests that don't clean up after themselves leave rows that cause unique constraint failures or wrong counts in subsequent tests. The tests pass in isolation but fail in suites. Use database transactions that roll back after each test, or seed and truncate in
beforeEach/afterEach.MSW
onUnhandledRequest: 'warn'silently passes unmocked calls - With the defaultwarnsetting, any request not matched by a handler goes through to the real network. In CI this causes non-deterministic test behavior. SetonUnhandledRequest: 'error'so unmatched requests fail loudly.Supertest doesn't start a real server but shares app state - Supertest binds to the app instance. If the app has module-level singletons (connection pools, caches), those persist across tests. Make sure database and cache connections are properly reset between test runs, or tests will interfere with each other.
Pact consumer tests passing doesn't mean provider will pass - Consumer Pact tests only verify that the mock returns the expected shape. The provider verification step (running against the real provider) is where real contract drift is caught. Both steps must run in CI; running only the consumer half gives false confidence.
Schema validation with
.toMatchObject()misses extra fields - Jest'stoMatchObjectdoes a partial match: extra fields on the response body pass silently. If the API starts leaking sensitive fields (passwords, internal IDs), these tests won't catch it. Use Zod'sstrict()mode or exact schema validation for security-sensitive fields.
References
For detailed patterns on specific tools and setups, read the relevant file from
the references/ folder:
references/msw-patterns.md- MSW setup for Node.js and browser environments, handler patterns, and recipes for common scenariosreferences/contract-and-auth-testing.md- Pact consumer/provider contract testing and authentication flow test examples
Only load a references file when the current task requires it - they are detailed and will consume context.
References
contract-and-auth-testing.md
Contract Testing and Authentication Flow Testing
Contract testing with Pact
Pact tests the contract from the consumer side first. The consumer defines what it expects; the provider verifies it can satisfy those expectations.
// consumer/tests/order-service.pact.test.ts
import { PactV3, MatchersV3 } from '@pact-foundation/pact';
import { fetchOrder } from '../src/order-client';
const { like, iso8601DateTimeWithMillis } = MatchersV3;
const provider = new PactV3({
consumer: 'checkout-service',
provider: 'order-service',
dir: './pacts',
});
describe('Order Service contract', () => {
it('returns order details for a valid order id', async () => {
await provider
.given('order 42 exists')
.uponReceiving('a request for order 42')
.withRequest({ method: 'GET', path: '/orders/42' })
.willRespondWith({
status: 200,
body: {
id: like('42'),
status: like('confirmed'),
total: like(99.99),
createdAt: iso8601DateTimeWithMillis(),
},
})
.executeTest(async (mockServer) => {
const order = await fetchOrder('42', mockServer.url);
expect(order.id).toBe('42');
expect(order.status).toBeDefined();
});
});
});
// provider/tests/order-service.pact.verify.test.ts
import { Verifier } from '@pact-foundation/pact';
describe('Provider verification', () => {
it('satisfies all consumer pacts', () => {
return new Verifier({
provider: 'order-service',
providerBaseUrl: 'http://localhost:3001',
pactUrls: ['./pacts/checkout-service-order-service.json'],
stateHandlers: {
'order 42 exists': async () => {
await seedOrder({ id: '42', status: 'confirmed', total: 99.99 });
},
},
}).verifyProvider();
});
});Test authentication flows
Test each auth state explicitly: no token, expired token, wrong scope, and valid token. Never assume auth "just works" at the middleware level.
// tests/auth.test.ts
import request from 'supertest';
import { app } from '../src/app';
import { signToken } from './helpers/auth';
const PROTECTED = '/api/v1/profile';
describe('Authentication middleware', () => {
it('returns 401 when Authorization header is missing', async () => {
await request(app).get(PROTECTED).expect(401);
});
it('returns 401 when token is malformed', async () => {
await request(app)
.get(PROTECTED)
.set('Authorization', 'Bearer not.a.valid.jwt')
.expect(401);
});
it('returns 401 when token is expired', async () => {
const expired = signToken({ userId: '1' }, { expiresIn: '-1s' });
await request(app)
.get(PROTECTED)
.set('Authorization', `Bearer ${expired}`)
.expect(401);
});
it('returns 403 when token lacks required scope', async () => {
const token = signToken({ userId: '1', scopes: ['read:orders'] });
await request(app)
.get('/api/v1/admin/users')
.set('Authorization', `Bearer ${token}`)
.expect(403);
});
it('returns 200 when token is valid and has correct scope', async () => {
const token = signToken({ userId: '1', scopes: ['read:profile'] });
await request(app)
.get(PROTECTED)
.set('Authorization', `Bearer ${token}`)
.expect(200);
});
});msw-patterns.md
MSW Patterns Reference
Opinionated setup and handler recipes for Mock Service Worker (MSW v2+). MSW intercepts at the network layer - not the module layer - which means your tests exercise the real fetch/axios/got code path and break only when behavior changes, not when you refactor internal function signatures.
1. Installation and initial setup
npm install msw --save-devMSW v2 ships with separate entry points for Node.js and browser environments. Do not mix them.
| Environment | Import from | Use in |
|---|---|---|
| Node.js (Jest, Vitest) | msw/node |
API integration tests, unit tests with fetch |
| Browser (Storybook, Playwright) | msw/browser |
Component tests, visual testing |
2. Node.js test server setup
Create the server once per test file (or in a global setup) and configure lifecycle hooks in the test framework's global setup file.
// tests/msw/server.ts
import { setupServer } from 'msw/node';
import { handlers } from './handlers';
export const server = setupServer(...handlers);// tests/setup.ts (referenced in jest.config.ts setupFilesAfterEach)
import { server } from './msw/server';
// Start the server before all tests in the file
beforeAll(() => server.listen({ onUnhandledRequest: 'error' }));
// Reset per-test overrides so tests don't bleed into each other
afterEach(() => server.resetHandlers());
// Stop cleanly after all tests
afterAll(() => server.close());onUnhandledRequest: 'error' is the right default. It forces you to declare
every network call your code makes. If an unregistered URL is hit, the test
throws immediately rather than silently returning undefined.
3. Defining handlers
REST handlers
// tests/msw/handlers.ts
import { http, HttpResponse, delay } from 'msw';
export const handlers = [
// GET - return JSON
http.get('https://api.example.com/users/:id', ({ params }) => {
const { id } = params;
if (id === 'missing') {
return HttpResponse.json(
{ type: 'not-found', title: 'User not found', status: 404 },
{ status: 404 }
);
}
return HttpResponse.json({
id,
email: `user-${id}@example.com`,
role: 'user',
createdAt: '2024-01-15T09:30:00Z',
});
}),
// POST - read request body
http.post('https://api.example.com/users', async ({ request }) => {
const body = await request.json() as Record<string, unknown>;
return HttpResponse.json(
{ id: 'new-user-1', ...body, createdAt: new Date().toISOString() },
{ status: 201 }
);
}),
// PATCH - partial update
http.patch('https://api.example.com/users/:id', async ({ params, request }) => {
const body = await request.json();
return HttpResponse.json({ id: params.id, ...body });
}),
// DELETE - no body
http.delete('https://api.example.com/users/:id', () => {
return new HttpResponse(null, { status: 204 });
}),
];GraphQL handlers
import { graphql, HttpResponse } from 'msw';
export const graphqlHandlers = [
graphql.query('GetUser', ({ variables }) => {
if (variables.id === 'missing') {
return HttpResponse.json({ data: { user: null } });
}
return HttpResponse.json({
data: {
user: {
id: variables.id,
email: `user-${variables.id}@example.com`,
__typename: 'User',
},
},
});
}),
graphql.mutation('CreateOrder', ({ variables }) => {
return HttpResponse.json({
data: {
createOrder: { id: 'order-new', ...variables.input, __typename: 'Order' },
},
});
}),
];4. Per-test handler overrides
Override handlers for a single test without affecting other tests. MSW applies
server.use() additions on top of existing handlers - the last matching handler wins.
server.resetHandlers() in afterEach removes all per-test additions.
import { http, HttpResponse } from 'msw';
import { server } from '../msw/server';
describe('Error handling', () => {
it('shows an error message when the API returns 500', async () => {
server.use(
http.get('https://api.example.com/users/1', () =>
HttpResponse.json({ message: 'Internal Server Error' }, { status: 500 })
)
);
// test code - this request will get the 500 response
});
it('handles rate limiting gracefully', async () => {
server.use(
http.get('https://api.example.com/products', () =>
new HttpResponse(null, {
status: 429,
headers: { 'Retry-After': '30' },
})
)
);
// test code - this request will get the 429 response
});
});5. Simulating network conditions
import { http, HttpResponse, delay } from 'msw';
// Simulate slow network
http.get('https://api.example.com/slow-endpoint', async () => {
await delay(2000); // 2-second delay
return HttpResponse.json({ data: 'finally' });
});
// Simulate network error (connection refused, DNS failure)
http.get('https://api.example.com/unreachable', () => {
return HttpResponse.error();
});
// Simulate intermittent failure with a counter
let callCount = 0;
http.post('https://api.example.com/flaky', () => {
callCount++;
if (callCount % 2 !== 0) {
return HttpResponse.json({ message: 'Service unavailable' }, { status: 503 });
}
return HttpResponse.json({ ok: true });
});6. Asserting on requests
MSW does not have built-in request assertion utilities (it is a mock server, not a spy library). Use a closure or a captured variable to inspect what was sent.
it('sends the correct payload when creating an order', async () => {
let capturedRequest: Request | undefined;
server.use(
http.post('https://api.example.com/orders', async ({ request }) => {
capturedRequest = request.clone();
return HttpResponse.json({ id: 'order-1' }, { status: 201 });
})
);
await createOrder({ productId: 'p1', quantity: 2 });
expect(capturedRequest).toBeDefined();
const body = await capturedRequest!.json();
expect(body).toMatchObject({ productId: 'p1', quantity: 2 });
});7. Browser / Storybook setup
For browser environments (Playwright, Cypress component tests, Storybook):
// src/mocks/browser.ts
import { setupWorker } from 'msw/browser';
import { handlers } from './handlers';
export const worker = setupWorker(...handlers);
// src/main.ts (development only)
if (import.meta.env.DEV && import.meta.env.VITE_USE_MOCKS === 'true') {
const { worker } = await import('./mocks/browser');
await worker.start({ onUnhandledRequest: 'warn' });
}Generate the service worker file once and commit it:
npx msw init public/ --save8. Common mistakes and fixes
| Mistake | Symptom | Fix |
|---|---|---|
Not calling server.resetHandlers() in afterEach |
Per-test overrides leak into later tests | Add afterEach(() => server.resetHandlers()) in global setup |
Using onUnhandledRequest: 'warn' in tests |
Unregistered calls silently return undefined, test passes with wrong data |
Use 'error' in test environments |
Forgetting await delay() is async |
Delay is skipped, no actual pause | async () => { await delay(ms); return response; } |
Mixing msw/node and msw/browser imports |
Runtime errors or service worker not found | Node tests use setupServer from msw/node only |
| Hardcoding base URLs differently in handlers and app code | Handlers never match, onUnhandledRequest: 'error' throws |
Extract base URL to an env variable used by both |
Frequently Asked Questions
What is api-testing?
Use this skill when testing REST or GraphQL APIs, implementing contract tests, setting up mock servers, or validating API behavior. Triggers on API testing, Postman, contract testing, Pact, mock servers, MSW, HTTP assertions, response validation, and any task requiring API test automation.
How do I install api-testing?
Run npx skills add AbsolutelySkilled/AbsolutelySkilled --skill api-testing in your terminal. The skill will be immediately available in your AI coding agent.
What AI agents support api-testing?
api-testing works with claude-code, gemini-cli, openai-codex. Install it once and use it across any supported AI coding agent.
Is api-testing free?
Yes, api-testing is completely free and open source under the MIT license. Install it with a single command and start using it immediately.
What is the difference between api-testing and similar tools?
api-testing is an AI agent skill that teaches your coding agent specialized software engineering knowledge. Unlike standalone tools, it integrates directly into claude-code, gemini-cli, openai-codex and other AI agents.
Can I use api-testing with Cursor or Windsurf?
api-testing works with any AI coding agent that supports the skills protocol, including Claude Code, Cursor, Windsurf, GitHub Copilot, Gemini CLI, and 40+ more.