API Contract Tester
Turns an OpenAPI/Swagger spec into an exhaustive, framework-ready test suite — happy-path, validation, contract-conformance, auth, and defensive security tests — with a coverage matrix mapping every endpoint, status code, and schema constraint to a test.
- Generate framework-ready test suites from OpenAPI or Swagger specs.
- Audit existing test suites to identify untested paths and schema drift.
- Create negative test cases for every validation constraint in your API.
$5
· or 25 creditsSecure checkout via Stripe
Included in download
- Generate framework-ready test suites from OpenAPI or Swagger specs.
- Audit existing test suites to identify untested paths and schema drift.
- browser automation included
- Ready for Cursor
Sample input
Generate a Jest and Supertest suite for my users.yaml OpenAPI spec. It uses Bearer token auth. Ensure we test that a user can't read another user's profile.
Sample output
I've generated a 12-test suite.
| Endpoint | Method | Case | Assertion | Test ID | |---|---|---|---|---| | /users/{id} | GET | IDOR | 403 on different user's ID | T-009 |
test('GET /users/:id - IDOR protection', async () => {
const res = await request(app)
.get('/users/999')
.set('Authorization', `Bearer ${userAToken}`);
expect(res.status).toBe(403);
});
API Contract Tester
Turns an OpenAPI/Swagger spec into an exhaustive, framework-ready test suite — happy-path, validation, contract-conformance, auth, and defensive security tests — with a coverage matrix mapping every endpoint, status code, and schema constraint to a test.
$5
· or 25 creditsSecure checkout via Stripe
Included in download
- Generate framework-ready test suites from OpenAPI or Swagger specs.
- Audit existing test suites to identify untested paths and schema drift.
- browser automation included
- Ready for Cursor
- Instant install
Sample input
Generate a Jest and Supertest suite for my users.yaml OpenAPI spec. It uses Bearer token auth. Ensure we test that a user can't read another user's profile.
Sample output
I've generated a 12-test suite.
| Endpoint | Method | Case | Assertion | Test ID | |---|---|---|---|---| | /users/{id} | GET | IDOR | 403 on different user's ID | T-009 |
test('GET /users/:id - IDOR protection', async () => {
const res = await request(app)
.get('/users/999')
.set('Authorization', `Bearer ${userAToken}`);
expect(res.status).toBe(403);
});
About This Skill
Streamline Your API Reliability
The API Contract Tester is a specialized skill for developers and QA engineers who need to move beyond basic smoke tests. It transforms OpenAPI/Swagger specifications into exhaustive, framework-ready test suites that cover the "dark corners" of your API—validation logic, authz boundaries, and schema conformance.
What it does
This skill operates in two high-impact modes:
- GENERATE: Builds a complete test repository from a spec or description. It goes deep, creating tests for happy paths, negative input validation, schema strictness, authentication/authorization, and defensive security cases.
- AUDIT: Analyzes your existing test suite against your contract to find "silent killers"—untested status codes, response bodies that aren't validated against schemas, and missing edge cases that lead to production outages.
Supported Tools & Frameworks
The skill adapts to your stack, generating idiomatic code for frameworks like Jest/Supertest, Pytest/HTTPX, Playwright API, RestAssured, Vitest, and more. It focuses on REST/JSON architectures where contract drift is the primary risk.
Why use this skill?
Manual test writing often misses the boring but critical negative cases. This skill automates the creation of 4xx and 5xx test scenarios, ensures every documented schema constraint is actually checked, and identifies IDOR vulnerabilities. The output is a runnable, professional-grade test suite with a coverage matrix that maps every endpoint and status code to a specific test ID.
Use Cases
- Generate framework-ready test suites from OpenAPI or Swagger specs.
- Audit existing test suites to identify untested paths and schema drift.
- Create negative test cases for every validation constraint in your API.
- Verify authorization and IDOR protection across all protected endpoints.
- Produce a coverage matrix mapping endpoints to specific test IDs.
How to Install
mkdir -p ~/.claude/skills && curl -sL https://www.agensi.io/api/install/api-contract-tester-1 -o /tmp/api-contract-tester-1.zip && unzip -o /tmp/api-contract-tester-1.zip -d ~/.claude/skills && rm /tmp/api-contract-tester-1.zipFree skills install directly. Paid skills require purchase - use the download button above after buying.
Reviews
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Early access skill
Be the first to review this skill.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
File Scopes
Works with any SKILL.md-compatible agent (Claude Code, Cursor, Codex CLI, Gemini CLI). Best with an OpenAPI/Swagger doc or Postman collection; reconstructs the contract from a prose description if needed. Defensive testing only.
Frequently Asked Questions
Learn More About AI Agent Skills
More Premium Skills
designing-hybrid-context-layers
Architects the right retrieval strategy for every query — teaching your agent when to use RAG, a knowledge graph, or a temporal index instead of defaulting to vector search for everything.
ai-automation-qa-pack
Professional QA & UAT documentation generator for AI automation agencies and complex agent deployments.
Bounty Security Pattern Master Library — 399 Vulnerability Patterns
A premium library of 399 vulnerability patterns and DeFi attack vectors for AI-driven bug hunting and security audits.
cinematic-sites
Turn any basic business URL into a high-end cinematic landing page with AI-generated 4K assets and GSAP animations.