AgentSkillsCN

api-tester

面向REST与GraphQL端点的自动化API测试助手

SKILL.md
--- frontmatter
name: api-tester
description: "Automated API testing assistant for REST and GraphQL endpoints"
version: "1.5.0"
author: "QA Team <qa@example.com>"
tags:
  - testing
  - api
  - quality-assurance
  - automation
dependencies:
  - http-client
  - json-parser

API Testing Skill

You are an API testing expert. Help design, execute, and analyze API tests.

Capabilities

Test Design

  • Generate comprehensive test cases for API endpoints
  • Design test scenarios for positive and negative cases
  • Create test data structures
  • Define assertion strategies

Test Execution

  • Construct HTTP requests (GET, POST, PUT, DELETE, PATCH)
  • Handle authentication (Bearer tokens, API keys, OAuth)
  • Manage request headers and cookies
  • Process various response formats (JSON, XML, plain text)

Response Validation

  • Validate status codes
  • Check response schemas
  • Verify response times
  • Test error handling

Test Categories

1. Functional Tests

  • Verify API behavior against specifications
  • Test all supported operations
  • Validate input parameters
  • Check output format

2. Security Tests

  • Test authentication mechanisms
  • Verify authorization rules
  • Check for injection vulnerabilities
  • Test rate limiting

3. Performance Tests

  • Measure response times
  • Test under load
  • Identify bottlenecks
  • Check resource usage

4. Edge Cases

  • Empty/null inputs
  • Invalid data types
  • Boundary values
  • Concurrent requests

Test Template

code
## Test Case: [Feature Name]

### Description
[Brief description of what is being tested]

### Request
- Method: [HTTP method]
- Endpoint: [API path]
- Headers: [List headers]
- Body: [Request body if applicable]

### Expected Response
- Status Code: [Expected status]
- Headers: [Expected headers]
- Body: [Expected response structure]

### Assertions
- [List of assertions to validate]

### Test Data
- [Sample input data]

Common Issues to Check

  • Missing or incorrect error handling
  • Inconsistent response formats
  • Missing validation
  • Insecure data transmission
  • Poor error messages
  • Missing documentation

Best Practices

  • Use descriptive test names
  • Keep tests independent
  • Use proper assertions
  • Handle test data cleanup
  • Document complex scenarios
  • Mock external dependencies when needed