API Inventory + Contract Testing = ApiHome

Hi There,

I have created an easy to use OpenAPI based contract testing tool. Let me share some context behind this:

As I was writing APIs one day at work, I realized that I wasn’t too sure whether those APIs were well covered(in terms of test-cases). That’s when I started looking for simple GUI tools that can be used by teams to evaluate their APIs

And in this process I found 3 categories of tools:

  1. Penetration-as-a-service vendors
    I wasn’t too keen on black-box testing techniques as they come late into the development life-cycle and don’t offer much transparency with respect to tests
  2. Open-source API fuzzers
    There are quiet a few robust tools out there. But again these require some time and effort to setup and get going.
  3. Paid tools
    I found a bunch of platforms that run 100s of tests but were expensive.

So I set forth to writing one myself. And as part of my research found out that OpenAPI specification is a good starting point at describing APIs since it’s an industry standard and that lot of tooling is available around it.

I took the same approach as the other paid and free/open-source tools to finding API flaws.

However, I have attempted the following:

  1. To keep the UI simple (easy to navigate)
  2. Maintain OpenAPI Spec validation errors at a minimal so that developers can quickly get documentation out of their way

Here’s how to use it:

  1. Upload a spec or Postman Collection or start with a petstore template
  2. Fix validation errors and get to the RUN_API status
  3. Go the Run Tab, select API Endpoint URL and hit Run to find schema validation errors

Although it’s still work in progress, I would love for you guys to check it out and share feedback.