| name | rest-api-testing |
|---|---|
| description | Test REST APIs with repeatable, file-based requests under <project>/setup/rest, with per-project endpoint and Bearer token presets, using the bundled api-rest CLI. Use when the user asks to manually call REST endpoints, replay requests reliably, add CI-friendly assertions, and record API test reports. |
Prereqs:
api-restavailable onPATH(install viabrew install nils-cli).jqrecommended for pretty-printing/assertions (optional).setup/rest/exists (or bootstrap from template) with requests and optional endpoint/token presets.
Inputs:
- Request file path:
setup/rest/requests/<name>.request.json. - Optional flags/env (runner):
--env,--url,--token,--config-dir,--no-history(plusREST_URL,ACCESS_TOKEN,REST_JWT_VALIDATE_ENABLED,REST_JWT_VALIDATE_STRICT,REST_JWT_VALIDATE_LEEWAY_SECONDS).
Outputs:
- Response JSON (or raw response) printed to stdout; errors printed to stderr.
- Optional history file under
setup/rest/.rest_history(gitignored; disabled via--no-history). - Optional markdown report via
api-rest report.
Exit codes:
0: request completed successfully (and assertions, if present, passed)- non-zero: invalid inputs/missing files/http error/assertion failure
Failure modes:
- Missing
curl, invalid request JSON, or missing endpoint configuration (REST_URL/ endpoints env). - Auth missing/invalid (
ACCESS_TOKEN/ token profile) causing 401/403. - Network/timeout/connection failures.
Make REST API calls reproducible and CI-friendly via:
setup/rest/requests/*.request.json(request + optionalexpectassertions)setup/rest/endpoints.env(+ optionalendpoints.local.env)setup/rest/tokens.env(+ optionaltokens.local.env)setup/rest/prompt.md(optional, committed; project context for LLMs)
Call an existing request (JSON only):
api-rest call \
--env local \
setup/rest/requests/<request>.request.json \
| jq .If the endpoint requires auth, pass a token profile (from setup/rest/tokens.local.env) or use ACCESS_TOKEN:
# Token profile (requires REST_TOKEN_<NAME> to be non-empty in setup/rest/tokens.local.env)
api-rest call --env local --token default setup/rest/requests/<request>.request.json | jq .
# Or: one-off token (useful for CI)
REST_URL="https://<host>" ACCESS_TOKEN="<token>" \
api-rest call --url "$REST_URL" setup/rest/requests/<request>.request.json | jq .Replay the last run (history):
api-rest history --command-onlyGenerate a report (includes a replayable ## Command by default):
api-rest report \
--case "<test case name>" \
--request setup/rest/requests/<request>.request.json \
--env local \
--runGenerate a report from a copied api-rest/rest.sh command snippet (no manual rewriting):
api-rest report-from-cmd '<paste an api-rest/rest.sh command snippet>'- If
setup/rest/prompt.mdexists → read it first for project-specific context. - No
setup/rest/yet → bootstrap from template:cp -R "$AGENT_HOME/skills/tools/testing/rest-api-testing/assets/scaffold/setup/rest" setup/
- Have request file → run with
api-rest call. - Need a markdown report → use
api-rest report --run(or--response).
- History is on by default:
setup/rest/.rest_history(gitignored); one-off disable with--no-history(orREST_HISTORY_ENABLED=false). - Requests can embed CI-friendly assertions:
expect.status(integer; required whenexpectis present)expect.jq(optional; evaluated withjq -eagainst the JSON response)
- Reports redact common secret-like fields by default (e.g.
Authorization,Cookie,accessToken); use--no-redactonly when necessary. - Prefer
--config-dir setup/restin automation for deterministic discovery.
- Full guide (project template):
skills/tools/testing/rest-api-testing/references/REST_API_TESTING_GUIDE.md - Report contract:
skills/tools/testing/rest-api-testing/references/REST_API_TEST_REPORT_CONTRACT.md - Report template:
skills/tools/testing/rest-api-testing/references/REST_API_TEST_REPORT_TEMPLATE.md