I have created an easy to use OpenAPI based contract testing tool. Let me share some context behind this:
As I was writing APIs one day at work, I realized that I wasn’t too sure whether those APIs were well covered(in terms of test-cases). That’s when I started looking for simple GUI tools that can be used by teams to evaluate their APIs
And in this process I found 3 categories of tools:
- Penetration-as-a-service vendors
I wasn’t too keen on black-box testing techniques as they come late into the development life-cycle and don’t offer much transparency with respect to tests
- Open-source API fuzzers
There are quiet a few robust tools out there. But again these require some time and effort to setup and get going.
- Paid tools
I found a bunch of platforms that run 100s of tests but were expensive.
So I set forth to writing one myself. And as part of my research found out that OpenAPI specification is a good starting point at describing APIs since it’s an industry standard and that lot of tooling is available around it.
I took the same approach as the other paid and free/open-source tools to finding API flaws.
However, I have attempted the following:
- To keep the UI simple (easy to navigate)
- Maintain OpenAPI Spec validation errors at a minimal so that developers can quickly get documentation out of their way
Here’s how to use it:
- Upload a spec or Postman Collection or start with a petstore template
- Fix validation errors and get to the RUN_API status
- Go the Run Tab, select API Endpoint URL and hit Run to find schema validation errors
Although it’s still work in progress, I would love for you guys to check it out and share feedback.