QA API Testing and Contracts

Use this skill to turn an API schema into enforceable checks (lint, diff, contracts, and negative/security cases) and wire them into CI so breaking changes cannot ship silently.

Ask For Inputs

• API type and canonical schema artifact (OpenAPI 3.1, SDL, proto) and where it lives in-repo.
• Environments, auth method(s), and how to provision stable test identities/keys.
• Critical endpoints/operations and business flows (rank by risk and revenue impact).
• Data constraints (idempotency keys, pagination, ordering), rate limits, and error format (prefer RFC 7807 application/problem+json for REST).
• Versioning + deprecation policy, consumer inventory, and release cadence.
• Current test tooling/CI and what “blocking” means for your org.

Outputs (What to Produce)

• A minimal CI gate set (lint + breaking diff + contract suite) wired to PRs.
• A coverage map derived from the schema (critical operations first).
• A negative/security baseline aligned to OWASP API risks.