Endpoint Validation and Testing

Overview

Endpoint validation helps you ensure your implementation matches your contract. It’s the fastest way to detect:

• broken or drifting schemas
• missing status codes or response shapes
• auth and connectivity problems
• design/compliance issues your team cares about

Related: Endpoint import and discovery.

Validation types

• Syntax: URL and method correctness, parameter naming, schema syntax.
• Semantic: logical consistency, auth compatibility, appropriate response codes.
• Compliance: standards/security/documentation rules (team-defined).

Run endpoint validation

1. Select endpoints to validate.
2. Choose a validation profile (if your deployment supports profiles).
3. Run validation checks.
4. Review the report and fix issues.
5. Re-run validation to confirm the fix.

Example report structure

{
  "endpoint": "/api/v1/users/{id}",
  "validation_status": "warning",
  "checks": [
    {
      "type": "syntax",
      "status": "passed",
      "message": "URL structure is valid"
    },
    {
      "type": "security",
      "status": "warning",
      "message": "Consider adding rate limiting",
      "severity": "medium"
    },
    {
      "type": "documentation",
      "status": "failed",
      "message": "Missing response schema for 500 error",
      "severity": "high"
    }
  ]
}

Connection testing and verification

Verify endpoint connectivity and basic functionality.

Connection test types

1. Basic Connectivity Test
   • DNS resolution verification
   • Network reachability check
   • SSL/TLS certificate validation
   • Response time measurement
2. Authentication Test
   • Credential validation
   • Token refresh verification
   • Permission scope testing
   • Session management verification
3. Functional Test
   • Successful request/response cycle
   • Expected status codes
   • Response format verification
   • Error handling validation

Test Execution Steps:

1. Configure test parameters (timeout, retries, etc.)
2. Set up test credentials/authentication
3. Execute connection test
4. Analyze test results
5. Document findings
6. Schedule recurring tests if needed

Connection test output

Test: GET /api/v1/users/12345
Status: SUCCESS
Response Time: 145ms
Status Code: 200
Content-Type: application/json
SSL Certificate: Valid (expires: 2026-03-15)
Authentication: Successful (Bearer Token)

Headers Received:
  - X-Request-ID: abc123
  - X-Rate-Limit-Remaining: 999

Response Size: 432 bytes

Schema validation against responses

Validate actual API responses against defined schemas.

Schema validation process

1. Send Test Request
   • Execute endpoint with valid parameters
   • Capture complete response
2. Parse Response
   • Extract response body
   • Parse according to content type
   • Handle encoding issues
3. Compare Against Schema
   • Validate data types
   • Check required fields presence
   • Verify field constraints (min/max, patterns, etc.)
   • Validate nested structures
4. Generate Validation Report
   • List matching elements
   • Highlight mismatches
   • Suggest schema corrections
   • Calculate compliance score

Validation Rules:

• Type Checking: Ensure field types match schema (string, number, boolean, etc.)
• Required Fields: Verify all required fields are present
• Format Validation: Check formats (email, date, UUID, etc.)
• Constraint Validation: Verify min/max values, string lengths, patterns
• Enum Validation: Confirm values are within allowed enums
• Additional Properties: Check for unexpected fields

Validation report example

{
  "endpoint": "/api/v1/users/12345",
  "validation_result": "failed",
  "compliance_score": 0.85,
  "issues": [
    {
      "path": "response.data.created_at",
      "expected": "string (ISO 8601 date)",
      "actual": "number (timestamp)",
      "severity": "medium",
      "suggestion": "Update schema to accept number or convert response to string"
    },
    {
      "path": "response.data.phone",
      "expected": "required field",
      "actual": "missing",
      "severity": "high",
      "suggestion": "Add phone field to response or update schema"
    }
  ],
  "matches": 17,
  "total_fields": 20
}

Performance testing (optional)

Assess endpoint performance characteristics under various conditions.

Performance metrics

1. Response Time Metrics
   • Average response time
   • Median response time
   • 95th/99th percentile response times
   • Min/max response times
2. Throughput Metrics
   • Requests per second (RPS)
   • Concurrent request capacity
   • Data transfer rate
3. Reliability Metrics
   • Success rate
   • Error rate by type
   • Timeout frequency
   • Retry success rate

Performance test types

1. Load Testing

   • Gradually increase load
   • Identify breaking points
   • Measure degradation patterns

   Configuration:

   load_test:
     duration: 5m
     ramp_up: 1m
     initial_users: 10
     max_users: 500
     increment: 50
     increment_interval: 30s

2. Stress Testing

   • Push beyond normal capacity
   • Identify failure modes
   • Test recovery mechanisms

   Configuration:

   stress_test:
     duration: 10m
     target_rps: 1000
     spike_enabled: true
     spike_multiplier: 3
     spike_duration: 30s

3. Spike Testing

   • Sudden load increases
   • Measure response to traffic spikes
   • Validate auto-scaling behavior

4. Endurance Testing

   • Sustained load over time
   • Memory leak detection
   • Resource exhaustion testing

   Configuration:

   endurance_test:
     duration: 24h
     steady_load: 100
     sampling_interval: 5m

Performance Test Results:

Endpoint: GET /api/v1/users
Test Type: Load Test
Duration: 5 minutes
Total Requests: 15,000
Successful: 14,985 (99.9%)
Failed: 15 (0.1%)

Response Times:
  Average: 125ms
  Median: 118ms
  95th Percentile: 189ms
  99th Percentile: 245ms
  Max: 312ms

Throughput:
  Average RPS: 50
  Peak RPS: 75
  Data Transfer: 45 MB

Errors:
  Timeouts: 10
  5xx Errors: 5
  Connection Errors: 0

Related articles

• Endpoint management
• Test case
• Configuration fundamentals