API Testing
Testing strategies, patterns, and tools for API endpoints including unit tests, integration tests, and testing best practices.
API Testing
This section covers comprehensive testing strategies for API endpoints, including unit tests, integration tests, testing patterns, and best practices.
Testing Strategy Overview
API testing is implemented at multiple levels to ensure reliability, performance, and security:
┌─────────────────────────────────────────────────────────────┐
│ Unit Tests │
├─────────────────────────────────────────────────────────────┤
│ • Individual function testing │
│ • Business logic validation │
│ • Input/output validation │
│ • Error handling verification │
└─────────────────────────────────────────────────────────────┘
│
┌─────────────────────────────▼───────────────────────────────┐
│ Integration Tests │
├─────────────────────────────────────────────────────────────┤
│ • API endpoint testing │
│ • Database interactions │
│ • Authentication flows │
│ • Service integrations │
└─────────────────────────────────────────────────────────────┘
│
┌─────────────────────────────▼───────────────────────────────┐
│ End-to-End Tests │
├─────────────────────────────────────────────────────────────┤
│ • Complete workflow testing │
│ • User journey validation │
│ • Performance testing │
│ • Security testing │
└─────────────────────────────────────────────────────────────┘
Unit Testing
Testing Business Logic
// __tests__/services/product.service.test.ts
import { ProductService } from '@/lib/services/product.service'
import { mockSupabaseClient } from '@/test/mocks/supabase'
import { mockProduct, mockProducts } from '@/test/fixtures/products'
jest.mock('@/lib/supabase/client')
describe('ProductService', () => {
let productService: ProductService
beforeEach(() => {
productService = new ProductService(mockSupabaseClient)
jest.clearAllMocks()
})
describe('create', () => {
it('should create a product successfully', async () => {
const createData = {
name: 'Test Product',
sku: 'TEST-001',
price: 29.99,
category_id: 'cat-123'
}
mockSupabaseClient.from().insert.mockResolvedValue({
data: [mockProduct],
error: null
})
const result = await productService.create(createData)
expect(mockSupabaseClient.from).toHaveBeenCalledWith('products')
expect(mockSupabaseClient.from().insert).toHaveBeenCalledWith([createData])
expect(result).toEqual(mockProduct)
})
it('should throw error when SKU already exists', async () => {
const createData = {
name: 'Test Product',
sku: 'EXISTING-SKU',
price: 29.99,
category_id: 'cat-123'
}
mockSupabaseClient.from().insert.mockResolvedValue({
data: null,
error: {
code: '23505',
message: 'duplicate key value violates unique constraint'
}
})
await expect(productService.create(createData)).rejects.toThrow(
'Product with SKU EXISTING-SKU already exists'
)
})
it('should validate required fields', async () => {
const invalidData = {
name: '',
sku: 'TEST-001',
price: -10,
category_id: 'invalid-uuid'
}
await expect(productService.create(invalidData)).rejects.toThrow(
'Validation failed'
)
})
})
describe('getById', () => {
it('should return product when found', async () => {
mockSupabaseClient.from().select().eq().single.mockResolvedValue({
data: mockProduct,
error: null
})
const result = await productService.getById('prod-123')
expect(result).toEqual(mockProduct)
expect(mockSupabaseClient.from().select().eq).toHaveBeenCalledWith('id', 'prod-123')
})
it('should return null when product not found', async () => {
mockSupabaseClient.from().select().eq().single.mockResolvedValue({
data: null,
error: { code: 'PGRST116' } // Not found error
})
const result = await productService.getById('nonexistent')
expect(result).toBeNull()
})
})
describe('list', () => {
it('should return paginated products', async () => {
const mockResponse = {
data: mockProducts,
error: null,
count: 150
}
mockSupabaseClient.from().select().range.mockResolvedValue(mockResponse)
const result = await productService.list({
page: 1,
limit: 20,
sort: 'name',
order: 'asc'
})
expect(result).toEqual({
data: mockProducts,
pagination: {
page: 1,
limit: 20,
total: 150,
totalPages: 8,
hasNext: true,
hasPrev: false
}
})
})
it('should apply filters correctly', async () => {
mockSupabaseClient.from().select().ilike().eq().gte().lte().range.mockResolvedValue({
data: mockProducts,
error: null,
count: 5
})
await productService.list({
search: 'laptop',
category_id: 'cat-electronics',
min_price: 100,
max_price: 1000,
in_stock: true
})
expect(mockSupabaseClient.from().select().ilike).toHaveBeenCalledWith('name', '%laptop%')
expect(mockSupabaseClient.from().select().eq).toHaveBeenCalledWith('category_id', 'cat-electronics')
expect(mockSupabaseClient.from().select().gte).toHaveBeenCalledWith('price', 100)
expect(mockSupabaseClient.from().select().lte).toHaveBeenCalledWith('price', 1000)
})
})
})
Testing Validation Logic
// __tests__/validation/product.validation.test.ts
import { createProductSchema, updateProductSchema } from '@/lib/validation/schemas'
import { ZodError } from 'zod'
describe('Product Validation', () => {
describe('createProductSchema', () => {
const validProduct = {
name: 'Test Product',
sku: 'TEST-001',
price: 29.99,
category_id: '123e4567-e89b-12d3-a456-426614174000'
}
it('should validate correct product data', () => {
const result = createProductSchema.parse(validProduct)
expect(result).toEqual(validProduct)
})
it('should require name', () => {
const invalid = { ...validProduct, name: '' }
expect(() => createProductSchema.parse(invalid)).toThrow(ZodError)
})
it('should validate SKU format', () => {
const invalidSku = { ...validProduct, sku: 'invalid sku!' }
expect(() => createProductSchema.parse(invalidSku)).toThrow('SKU format invalid')
})
it('should transform SKU to uppercase', () => {
const lowercase = { ...validProduct, sku: 'test-001' }
const result = createProductSchema.parse(lowercase)
expect(result.sku).toBe('TEST-001')
})
it('should validate price is positive', () => {
const negativePrice = { ...validProduct, price: -10 }
expect(() => createProductSchema.parse(negativePrice)).toThrow('Price must be positive')
})
it('should validate UUID format for category_id', () => {
const invalidUuid = { ...validProduct, category_id: 'not-a-uuid' }
expect(() => createProductSchema.parse(invalidUuid)).toThrow('Invalid category ID')
})
it('should validate optional fields', () => {
const withOptionals = {
...validProduct,
description: 'Test description',
weight: 1.5,
barcode: '1234567890123'
}
const result = createProductSchema.parse(withOptionals)
expect(result).toEqual(withOptionals)
})
it('should validate barcode format', () => {
const invalidBarcode = { ...validProduct, barcode: 'abc123' }
expect(() => createProductSchema.parse(invalidBarcode)).toThrow('Barcode must contain only numbers')
})
})
describe('updateProductSchema', () => {
it('should allow partial updates', () => {
const partialUpdate = { price: 39.99 }
const result = updateProductSchema.parse(partialUpdate)
expect(result).toEqual(partialUpdate)
})
it('should validate provided fields', () => {
const invalidUpdate = { price: -10 }
expect(() => updateProductSchema.parse(invalidUpdate)).toThrow('Price must be positive')
})
})
})
Integration Testing
API Route Testing
// __tests__/api/products.test.ts
import { GET, POST, PUT, DELETE } from '@/app/api/products/route'
import { GET as GET_BY_ID, PUT as PUT_BY_ID } from '@/app/api/products/[id]/route'
import { createMockRequest } from '@/test/utils/request'
import { setupTestDatabase, cleanupTestDatabase } from '@/test/utils/database'
import { createTestUser, getAuthToken } from '@/test/utils/auth'
describe('/api/products', () => {
let testUser: any
let authToken: string
beforeAll(async () => {
await setupTestDatabase()
testUser = await createTestUser({ role: 'admin' })
authToken = await getAuthToken(testUser.id)
})
afterAll(async () => {
await cleanupTestDatabase()
})
describe('GET /api/products', () => {
it('should return products list', async () => {
const request = createMockRequest({
method: 'GET',
url: 'http://localhost:3000/api/products',
headers: { authorization: `Bearer ${authToken}` }
})
const response = await GET(request)
const data = await response.json()
expect(response.status).toBe(200)
expect(data.success).toBe(true)
expect(Array.isArray(data.data.items)).toBe(true)
expect(data.data.pagination).toBeDefined()
})
it('should handle pagination parameters', async () => {
const request = createMockRequest({
method: 'GET',
url: 'http://localhost:3000/api/products?page=2&limit=10',
headers: { authorization: `Bearer ${authToken}` }
})
const response = await GET(request)
const data = await response.json()
expect(response.status).toBe(200)
expect(data.data.pagination.page).toBe(2)
expect(data.data.pagination.limit).toBe(10)
})
it('should handle search and filters', async () => {
const request = createMockRequest({
method: 'GET',
url: 'http://localhost:3000/api/products?search=laptop&category_id=cat-123&in_stock=true',
headers: { authorization: `Bearer ${authToken}` }
})
const response = await GET(request)
const data = await response.json()
expect(response.status).toBe(200)
expect(data.success).toBe(true)
})
it('should require authentication', async () => {
const request = createMockRequest({
method: 'GET',
url: 'http://localhost:3000/api/products'
})
const response = await GET(request)
const data = await response.json()
expect(response.status).toBe(401)
expect(data.success).toBe(false)
expect(data.error.code).toBe('UNAUTHORIZED')
})
})
describe('POST /api/products', () => {
const validProductData = {
name: 'Test Product',
sku: 'TEST-INTEGRATION-001',
price: 29.99,
category_id: 'cat-123',
description: 'Test product description'
}
it('should create product successfully', async () => {
const request = createMockRequest({
method: 'POST',
url: 'http://localhost:3000/api/products',
headers: {
authorization: `Bearer ${authToken}`,
'content-type': 'application/json'
},
body: JSON.stringify(validProductData)
})
const response = await POST(request)
const data = await response.json()
expect(response.status).toBe(201)
expect(data.success).toBe(true)
expect(data.data.name).toBe(validProductData.name)
expect(data.data.sku).toBe(validProductData.sku)
expect(data.data.id).toBeDefined()
})
it('should validate required fields', async () => {
const invalidData = { ...validProductData, name: '', price: -10 }
const request = createMockRequest({
method: 'POST',
url: 'http://localhost:3000/api/products',
headers: {
authorization: `Bearer ${authToken}`,
'content-type': 'application/json'
},
body: JSON.stringify(invalidData)
})
const response = await POST(request)
const data = await response.json()
expect(response.status).toBe(400)
expect(data.success).toBe(false)
expect(data.error.code).toBe('VALIDATION_ERROR')
expect(data.error.details).toBeDefined()
})
it('should prevent duplicate SKU', async () => {
// Create first product
await POST(createMockRequest({
method: 'POST',
url: 'http://localhost:3000/api/products',
headers: {
authorization: `Bearer ${authToken}`,
'content-type': 'application/json'
},
body: JSON.stringify(validProductData)
}))
// Try to create duplicate
const request = createMockRequest({
method: 'POST',
url: 'http://localhost:3000/api/products',
headers: {
authorization: `Bearer ${authToken}`,
'content-type': 'application/json'
},
body: JSON.stringify(validProductData)
})
const response = await POST(request)
const data = await response.json()
expect(response.status).toBe(409)
expect(data.success).toBe(false)
expect(data.error.code).toBe('DUPLICATE_SKU')
})
it('should require proper permissions', async () => {
const viewerUser = await createTestUser({ role: 'viewer' })
const viewerToken = await getAuthToken(viewerUser.id)
const request = createMockRequest({
method: 'POST',
url: 'http://localhost:3000/api/products',
headers: {
authorization: `Bearer ${viewerToken}`,
'content-type': 'application/json'
},
body: JSON.stringify(validProductData)
})
const response = await POST(request)
const data = await response.json()
expect(response.status).toBe(403)
expect(data.success).toBe(false)
expect(data.error.code).toBe('FORBIDDEN')
})
})
describe('GET /api/products/[id]', () => {
let testProduct: any
beforeEach(async () => {
// Create test product
const createResponse = await POST(createMockRequest({
method: 'POST',
url: 'http://localhost:3000/api/products',
headers: {
authorization: `Bearer ${authToken}`,
'content-type': 'application/json'
},
body: JSON.stringify({
name: 'Test Product for GET',
sku: 'TEST-GET-001',
price: 19.99,
category_id: 'cat-123'
})
}))
const createData = await createResponse.json()
testProduct = createData.data
})
it('should return specific product', async () => {
const request = createMockRequest({
method: 'GET',
url: `http://localhost:3000/api/products/${testProduct.id}`,
headers: { authorization: `Bearer ${authToken}` }
})
const response = await GET_BY_ID(request, { params: { id: testProduct.id } })
const data = await response.json()
expect(response.status).toBe(200)
expect(data.success).toBe(true)
expect(data.data.id).toBe(testProduct.id)
expect(data.data.name).toBe(testProduct.name)
})
it('should return 404 for non-existent product', async () => {
const request = createMockRequest({
method: 'GET',
url: 'http://localhost:3000/api/products/00000000-0000-0000-0000-000000000000',
headers: { authorization: `Bearer ${authToken}` }
})
const response = await GET_BY_ID(request, {
params: { id: '00000000-0000-0000-0000-000000000000' }
})
const data = await response.json()
expect(response.status).toBe(404)
expect(data.success).toBe(false)
expect(data.error.code).toBe('NOT_FOUND')
})
})
describe('PUT /api/products/[id]', () => {
let testProduct: any
beforeEach(async () => {
const createResponse = await POST(createMockRequest({
method: 'POST',
url: 'http://localhost:3000/api/products',
headers: {
authorization: `Bearer ${authToken}`,
'content-type': 'application/json'
},
body: JSON.stringify({
name: 'Test Product for UPDATE',
sku: 'TEST-UPDATE-001',
price: 29.99,
category_id: 'cat-123'
})
}))
const createData = await createResponse.json()
testProduct = createData.data
})
it('should update product successfully', async () => {
const updateData = {
name: 'Updated Product Name',
price: 39.99
}
const request = createMockRequest({
method: 'PUT',
url: `http://localhost:3000/api/products/${testProduct.id}`,
headers: {
authorization: `Bearer ${authToken}`,
'content-type': 'application/json'
},
body: JSON.stringify(updateData)
})
const response = await PUT_BY_ID(request, { params: { id: testProduct.id } })
const data = await response.json()
expect(response.status).toBe(200)
expect(data.success).toBe(true)
expect(data.data.name).toBe(updateData.name)
expect(data.data.price).toBe(updateData.price)
expect(data.data.sku).toBe(testProduct.sku) // Should remain unchanged
})
it('should validate update data', async () => {
const invalidUpdate = { price: -10 }
const request = createMockRequest({
method: 'PUT',
url: `http://localhost:3000/api/products/${testProduct.id}`,
headers: {
authorization: `Bearer ${authToken}`,
'content-type': 'application/json'
},
body: JSON.stringify(invalidUpdate)
})
const response = await PUT_BY_ID(request, { params: { id: testProduct.id } })
const data = await response.json()
expect(response.status).toBe(400)
expect(data.success).toBe(false)
expect(data.error.code).toBe('VALIDATION_ERROR')
})
})
})
Database Integration Testing
// __tests__/integration/database.test.ts
import { supabase } from '@/lib/supabase/client'
import { ProductService } from '@/lib/services/product.service'
import { setupTestDatabase, cleanupTestDatabase, createTestData } from '@/test/utils/database'
describe('Database Integration', () => {
let productService: ProductService
beforeAll(async () => {
await setupTestDatabase()
productService = new ProductService(supabase)
})
afterAll(async () => {
await cleanupTestDatabase()
})
beforeEach(async () => {
await createTestData()
})
describe('Product CRUD operations', () => {
it('should perform complete CRUD cycle', async () => {
// Create
const createData = {
name: 'Integration Test Product',
sku: 'INT-TEST-001',
price: 49.99,
category_id: 'cat-123'
}
const created = await productService.create(createData)
expect(created.id).toBeDefined()
expect(created.name).toBe(createData.name)
// Read
const retrieved = await productService.getById(created.id)
expect(retrieved).toEqual(created)
// Update
const updateData = { name: 'Updated Product Name', price: 59.99 }
const updated = await productService.update(created.id, updateData)
expect(updated.name).toBe(updateData.name)
expect(updated.price).toBe(updateData.price)
// List with filters
const listed = await productService.list({
search: 'Updated Product',
page: 1,
limit: 10
})
expect(listed.data.some(p => p.id === created.id)).toBe(true)
// Delete
await productService.delete(created.id)
const deleted = await productService.getById(created.id)
expect(deleted).toBeNull()
})
it('should handle concurrent operations', async () => {
const createPromises = Array.from({ length: 10 }, (_, i) =>
productService.create({
name: `Concurrent Product ${i}`,
sku: `CONCURRENT-${i.toString().padStart(3, '0')}`,
price: 10 + i,
category_id: 'cat-123'
})
)
const products = await Promise.all(createPromises)
expect(products).toHaveLength(10)
expect(new Set(products.map(p => p.sku))).toHaveLength(10) // All unique SKUs
})
it('should enforce database constraints', async () => {
// Test unique constraint on SKU
const duplicateSkuData = {
name: 'Product 1',
sku: 'DUPLICATE-SKU',
price: 29.99,
category_id: 'cat-123'
}
await productService.create(duplicateSkuData)
await expect(
productService.create({ ...duplicateSkuData, name: 'Product 2' })
).rejects.toThrow('already exists')
})
})
describe('Transaction handling', () => {
it('should handle transaction rollback on error', async () => {
const initialCount = await productService.count()
try {
await supabase.rpc('create_products_with_error', {
products: [
{ name: 'Product 1', sku: 'TRANS-001', price: 10, category_id: 'cat-123' },
{ name: 'Product 2', sku: 'TRANS-002', price: 20, category_id: 'invalid-id' } // This will fail
]
})
} catch (error) {
// Expected to fail
}
const finalCount = await productService.count()
expect(finalCount).toBe(initialCount) // No products should be created
})
})
})
Performance Testing
Load Testing
// __tests__/performance/api.performance.test.ts
import { performance } from 'perf_hooks'
import { createMockRequest } from '@/test/utils/request'
import { GET } from '@/app/api/products/route'
import { getAuthToken } from '@/test/utils/auth'
describe('API Performance', () => {
let authToken: string
beforeAll(async () => {
authToken = await getAuthToken('test-user-id')
})
describe('GET /api/products', () => {
it('should respond within acceptable time limits', async () => {
const request = createMockRequest({
method: 'GET',
url: 'http://localhost:3000/api/products',
headers: { authorization: `Bearer ${authToken}` }
})
const startTime = performance.now()
const response = await GET(request)
const endTime = performance.now()
const responseTime = endTime - startTime
expect(response.status).toBe(200)
expect(responseTime).toBeLessThan(1000) // Should respond within 1 second
})
it('should handle concurrent requests efficiently', async () => {
const concurrency = 10
const requests = Array.from({ length: concurrency }, () =>
createMockRequest({
method: 'GET',
url: 'http://localhost:3000/api/products',
headers: { authorization: `Bearer ${authToken}` }
})
)
const startTime = performance.now()
const responses = await Promise.all(requests.map(req => GET(req)))
const endTime = performance.now()
const totalTime = endTime - startTime
const avgResponseTime = totalTime / concurrency
responses.forEach(response => {
expect(response.status).toBe(200)
})
expect(avgResponseTime).toBeLessThan(500) // Average response time under 500ms
})
it('should handle large datasets efficiently', async () => {
// Request large dataset
const request = createMockRequest({
method: 'GET',
url: 'http://localhost:3000/api/products?limit=100',
headers: { authorization: `Bearer ${authToken}` }
})
const startTime = performance.now()
const response = await GET(request)
const data = await response.json()
const endTime = performance.now()
const responseTime = endTime - startTime
expect(response.status).toBe(200)
expect(data.data.items.length).toBeLessThanOrEqual(100)
expect(responseTime).toBeLessThan(2000) // Should handle large datasets within 2 seconds
})
})
describe('Memory usage', () => {
it('should not have memory leaks in repeated requests', async () => {
const initialMemory = process.memoryUsage().heapUsed
// Make many requests
for (let i = 0; i < 100; i++) {
const request = createMockRequest({
method: 'GET',
url: 'http://localhost:3000/api/products',
headers: { authorization: `Bearer ${authToken}` }
})
await GET(request)
}
// Force garbage collection if available
if (global.gc) {
global.gc()
}
const finalMemory = process.memoryUsage().heapUsed
const memoryIncrease = finalMemory - initialMemory
// Memory increase should be reasonable (less than 50MB)
expect(memoryIncrease).toBeLessThan(50 * 1024 * 1024)
})
})
})
Test Utilities
Mock Request Factory
// test/utils/request.ts
import { NextRequest } from 'next/server'
interface MockRequestOptions {
method: string
url: string
headers?: Record<string, string>
body?: string
ip?: string
}
export function createMockRequest(options: MockRequestOptions): NextRequest {
const request = new NextRequest(options.url, {
method: options.method,
headers: options.headers,
body: options.body
})
// Mock IP address
if (options.ip) {
Object.defineProperty(request, 'ip', { value: options.ip })
}
return request
}
Database Test Utilities
// test/utils/database.ts
import { supabase } from '@/lib/supabase/client'
export async function setupTestDatabase() {
// Create test data
await createTestCategories()
await createTestWarehouses()
await createTestUsers()
}
export async function cleanupTestDatabase() {
// Clean up in reverse order of dependencies
await supabase.from('inventory').delete().neq('id', '')
await supabase.from('products').delete().neq('id', '')
await supabase.from('categories').delete().neq('id', '')
await supabase.from('warehouses').delete().neq('id', '')
await supabase.from('test_users').delete().neq('id', '')
}
export async function createTestData() {
// Create minimal test data for each test
const category = await supabase.from('categories').insert({
id: 'cat-123',
name: 'Test Category'
}).select().single()
const warehouse = await supabase.from('warehouses').insert({
id: 'wh-123',
name: 'Test Warehouse'
}).select().single()
return { category: category.data, warehouse: warehouse.data }
}
async function createTestCategories() {
await supabase.from('categories').insert([
{ id: 'cat-123', name: 'Electronics' },
{ id: 'cat-456', name: 'Clothing' },
{ id: 'cat-789', name: 'Books' }
])
}
async function createTestWarehouses() {
await supabase.from('warehouses').insert([
{ id: 'wh-123', name: 'Main Warehouse', address: '123 Main St' },
{ id: 'wh-456', name: 'Secondary Warehouse', address: '456 Second St' }
])
}
async function createTestUsers() {
await supabase.from('test_users').insert([
{ id: 'user-admin', email: 'admin@test.com', role: 'admin' },
{ id: 'user-manager', email: 'manager@test.com', role: 'manager' },
{ id: 'user-viewer', email: 'viewer@test.com', role: 'viewer' }
])
}
Best Practices
1. Test Organization
- Group related tests together
- Use descriptive test names
- Follow AAA pattern (Arrange, Act, Assert)
- Create reusable test utilities
2. Test Data Management
- Use isolated test data
- Clean up after each test
- Use fixtures for consistent test data
- Mock external dependencies
3. Performance Testing
- Set realistic performance thresholds
- Test under load conditions
- Monitor memory usage
- Profile slow tests
4. Security Testing
- Test authentication flows
- Verify authorization rules
- Test input validation
- Check for security vulnerabilities
5. Continuous Integration
- Run tests automatically on commits
- Generate test coverage reports
- Fail builds on test failures
- Run performance tests regularly
This comprehensive testing strategy ensures API reliability, performance, and security while maintaining development velocity.