Schemathesis
Schemathesis is a modern API testing tool for web applications built with Open API and GraphQL specifications.
It reads the application schema and generates test cases, which will ensure that your application is compliant with its schema (read more about how it works in our research paper).
The application under test could be written in any language; the only thing you need is a valid API schema in a supported format.
Simple to use and yet powerful to uncover hard-to-find errors thanks to the property-based testing approach backed by state-of-the-art Hypothesis library.
🚀 Schemathesis is available as a service, standalone CLI, or a Python library 🚀
The service enables you to verify your API schema in a few clicks, CLI gives more control. Schemathesis.io has a free tier, so you can combine the CLI flexibility with rich visuals by uploading your test results there.
Signup to reveal all issues on a dashboard.
Features
- Content-Type, schema, and status code conformance checks for Open API;
- Testing of explicit examples from the input schema;
- Stateful testing via Open API links;
- Concurrent test execution;
- Targeted testing;
- Storing and replaying network requests;
- Built-in ASGI / WSGI application support;
- Code samples for easy failure reproduction;
- Ready-to-go Docker image;
- Configurable with user-defined checks, string formats, hooks, and targets.
CLI installation
To install Schemathesis via pip
run the following command:
pip install schemathesis
This command installs the schemathesis
entrypoint + st
as its alias.
You can also use our Docker image without installing Schemathesis as a Python package.
Usage
You can use Schemathesis in the command line directly (st
is an alias to schemathesis
):
st run --checks all https://example.schemathesis.io/openapi.json
Or via Docker:
docker run schemathesis/schemathesis:stable \
run --checks all https://example.schemathesis.io/openapi.json
Or in your Python tests:
import schemathesis
schema = schemathesis.from_uri("https://example.schemathesis.io/openapi.json")
@schema.parametrize()
def test_api(case):
case.call_and_validate()
CLI is simple to use and requires no coding; the in-code approach gives more flexibility.
Both examples above will run hundreds of requests against the API under test and report all found failures and inconsistencies along with instructions to reproduce them.
💡 See a complete working example project in the /example
directory. 💡
Contributing
Any contribution to development, testing, or any other area is highly appreciated and useful to the project. For guidance on how to contribute to Schemathesis, see the contributing guidelines.
Support this project
Hi, my name is Dmitry! I started this project during my work at Kiwi.com. I am grateful to them for all the support they provided to this project during its early days and for the opportunity to evolve Schemathesis independently.
In order to grow the community of contributors and users, and allow me to devote more time to this project, please donate today.
Also, I occasionally write posts about Schemathesis in my blog.
Links
- Documentation: https://schemathesis.readthedocs.io/en/stable/
- Releases: https://pypi.org/project/schemathesis/
- Code: https://github.com/schemathesis/schemathesis
- Issue tracker: https://github.com/schemathesis/schemathesis/issues
- Chat: https://discord.gg/R9ASRAmHnA
Additional content:
- Research paper: Deriving Semantics-Aware Fuzzers from Web API Schemas by @Zac-HD and @Stranger6667
- An article about Schemathesis by @Stranger6667
- Effective API schemas testing from DevConf.cz by @Stranger6667
- A video from EuroPython 2020 by @hultner
- Schemathesis tutorial with an accompanying video by Red Hat
- Using Hypothesis and Schemathesis to Test FastAPI by @amalshaji
Non-English content:
- A tutorial (RUS) about Schemathesis by @Stranger6667
License
The code in this project is licensed under MIT license. By contributing to Schemathesis, you agree that your contributions will be licensed under its MIT license.