Skip to content

Latest commit

 

History

History
280 lines (183 loc) · 12.4 KB

README.md

File metadata and controls

280 lines (183 loc) · 12.4 KB

Schemathesis: catch crashes, validate specs, and save time

Build Coverage Version Python versions Discord License


Documentation: https://schemathesis.readthedocs.io/en/stable/

Chat: https://discord.gg/R9ASRAmHnA


Why Schemathesis?

Schemathesis is a tool that automates your API testing to catch crashes and spec violations. Built on top of the widely-used Hypothesis framework for property-based testing, it offers the following advantages:

🕒 Time-Saving

Automatically generates test cases, freeing you from manual test writing.

🔍 Comprehensive

Utilizes fuzzing techniques to probe both common and edge-case scenarios, including those you might overlook.

🛠️ Flexible

Supports OpenAPI, GraphQL, and can work even with partially complete schemas. Only the parts describing data generation or responses are required.

🎛️ Customizable

Customize the framework by writing Python extensions to modify almost any aspect of the testing process.

🔄 Reproducible

Generates code samples to help you quickly replicate and investigate any failing test cases.

Quick Demo

Schemathesis Demo

With a summary right in your PRs:

image

Getting Started

Choose from multiple ways to start testing your API with Schemathesis.

💡 Your API schema can be either a URL or a local path to a JSON/YAML file.

💻 Command-Line Interface

Quick and easy for those who prefer the command line.

Python

  1. Install via pip: python -m pip install schemathesis
  2. Run tests
st run --checks all https://example.schemathesis.io/openapi.json

Docker

  1. Pull Docker image: docker pull schemathesis/schemathesis:stable
  2. Run tests
docker run schemathesis/schemathesis:stable
   run --checks all https://example.schemathesis.io/openapi.json

🐍 Python Library

For more control and customization, integrate Schemathesis into your Python codebase.

  1. Install via pip: python -m pip install schemathesis
  2. Add to your tests:
import schemathesis

schema = schemathesis.from_uri("https://example.schemathesis.io/openapi.json")


@schema.parametrize()
def test_api(case):
    case.call_and_validate()

💡 See a complete working example project in the /example directory.

:octocat: GitHub Integration

GitHub Actions

Run Schemathesis tests as a part of your CI/CD pipeline.

Add this YAML configuration to your GitHub Actions:

api-tests:
  runs-on: ubuntu-22.04
  steps:
    - uses: schemathesis/action@v1
      with:
        schema: "https://example.schemathesis.io/openapi.json"
        # OPTIONAL. Add Schemathesis.io token for pull request reports
        token: ${{ secrets.SCHEMATHESIS_TOKEN }}

For more details, check out our GitHub Action repository.

💡 See our GitHub Tutorial for a step-by-step guidance.

GitHub App

Receive automatic comments in your pull requests and updates on GitHub checks status. Requires usage of our SaaS platform.

  1. Install the GitHub app.
  2. Enable in your repository settings.

Software as a Service

Schemathesis CLI integrates with Schemathesis.io to enhance bug detection by optimizing test case generation for efficiency and realism. It leverages various techniques to infer appropriate data generation strategies, provide support for uncommon media types, and adjust schemas for faster data generation. The integration also detects the web server being used to generate more targeted test data.

Schemathesis.io offers a user-friendly UI that simplifies viewing and analyzing test results. If you prefer an all-in-one solution with quick setup, we have a free tier available.

How it works

Here’s a simplified overview of how Schemathesis operates:

  1. Test Generation: Using the API schema to create a test generator that you can fine-tune to your testing requirements.
  2. Execution and Adaptation: Sending tests to the API and adapting through statistical models and heuristics to optimize subsequent cases based on responses.
  3. Analysis and Minimization: Checking responses to identify issues. Minimizing means simplifying failing test cases for easier debugging.
  4. Stateful Testing: Running multistep tests to assess API operations in both isolated and integrated scenarios.
  5. Reporting: Generating detailed reports with insights and cURL commands for easy issue reproduction.

Research Findings on Open-Source API Testing Tools

Our study, presented at the 44th International Conference on Software Engineering, highlighted Schemathesis's performance:

  • Defect Detection: identified a total of 755 bugs in 16 services, finding between 1.4× to 4.5× more defects than the second-best tool in each case.

  • High Reliability: consistently operates seamlessly on any project, ensuring unwavering stability and reliability.

Explore the full paper at https://ieeexplore.ieee.org/document/9793781 or pre-print at https://arxiv.org/abs/2112.10328

Testimonials

"The world needs modern, spec-based API tests, so we can deliver APIs as-designed. Schemathesis is the right tool for that job."

Emmanuel Paraskakis - Level 250

"Schemathesis is the only sane way to thoroughly test an API."

Zdenek Nemec - superface.ai

"The tool is absolutely amazing as it can do the negative scenario testing instead of me and much faster! Before I was doing the same tests in Postman client. But it's much slower and brings maintenance burden."

Luděk Nový - JetBrains

"Schemathesis is the best tool for fuzz testing of REST API on the market. We are at Red Hat use it for examining our applications in functional and integrations testing levels."

Dmitry Misharov - RedHat

"There are different levels of usability and documentation quality among these tools which have been reported, where Schemathesis clearly stands out among the most user-friendly and industry-strength tools."

Testing RESTful APIs: A Survey - a research paper by Golmohammadi, at al

Contributing

We welcome contributions in code and are especially interested in learning about your use cases. Understanding how you use Schemathesis helps us extend its capabilities to better meet your needs.

Feel free to discuss ideas and questions through GitHub issues or on our Discord channel. For more details on how to contribute, see our contributing guidelines.

Let's make it better together 🤝

Your feedback is essential for improving Schemathesis. By sharing your thoughts, you help us develop features that meet your needs and expedite bug fixes.

  1. Why Give Feedback: Your input directly influences future updates, making the tool more effective for you.
  2. How to Provide Feedback: Use this form to share your experience.
  3. Data Privacy: We value your privacy. All data is kept confidential and may be used in anonymized form to improve our test suite and documentation.

Thank you for contributing to making Schemathesis better! 👍

Commercial support

If you're a large enterprise or startup seeking specialized assistance, we offer commercial support to help you integrate Schemathesis effectively into your workflows. This includes:

  • Quicker response time for your queries.
  • Direct consultation to work closely with your API specification, optimizing the Schemathesis setup for your specific needs.

To discuss a custom support arrangement that best suits your organization, please contact our support team at [email protected].

Additional content

Papers

Articles

Videos

License

This project is licensed under the terms of the MIT license.