API Testing Lab · Validation Lab

VALIDATION LAB•API TESTING LAB

API Testing Lab

QA investigation tool for API defects

This lab is not a developer API viewer. It preloads contracts from API Docs, lets you manipulate responses, validate behavior, track progress, and reveal backend root causes after investigation.

Connected systems

Review the reference in API Docs, then practice the same endpoint here with QA checks and bug discovery.

QA endpoints

Investigation queue

5 cases

GET/api/v1/users/{id}

Find why this user profile response is invalid.

This API is used in Profile header, Settings page, and Admin user drawer. Incorrect data breaks The UI can show a user as active when the API sends a string instead of a boolean, and audit timelines lose last-login evidence.

Investigation tracking

Logged defect findings

Persisted for Get user profile get-user. Check when you have confirmed a backend or contract bug worth recording.

Loading investigation state…

Send request

Generate evidence for validation

MethodURL

HeadersBody

Actual response

Send a request, then use the QA checks below to investigate the result.

Response manipulation

Simulate backend failure modes

Active simulation: actual

Bug detection system

Validate the actual response

Bugs found: 0 / 1Completed checks: 0 / 4

Status code correctSend request before judging.Response schema validSend request before judging.Required fields existSend request before judging.Data types correctSend request before judging.

QA learning flow

Investigation path

1Review SwaggerRead endpoint intent, parameters, auth rules, and examples.
2Send requestGenerate actual response evidence inside the QA Lab.
3Validate responseCheck status, schema, required fields, data types, and timing.
4Automate with PlaywrightTurn the strongest checks into repeatable assertions and mocks.

Compare mode

Expected from Swagger vs actual response

0 highlighted issue(s)

Expected 200

{
  "id": "u-1001",
  "email": "alex@hakdogan.com",
  "role": "qa",
  "isActive": true,
  "lastLogin": "2026-05-02T21:18:00Z"
}

Actual response

Send request to compare

Highlights

Send a request to highlight missing fields, type mismatches, and incorrect status codes.

Bug reveal system

Hidden until QA interaction

The known bug is hidden so learners investigate first. Send a request, tick validation checks, or manipulate the response to unlock the reveal.

Playwright integration

Assertions based on the API contract

These assertions exist because UI tests can pass while the API contract silently breaks. When one fails, QA gets a precise backend bug signal instead of a vague UI symptom. A failure means the profile UI may render an incorrect account state or incomplete audit evidence.

import { test, expect } from "@playwright/test";

test("GET user profile contract", async ({ request }) => {
  const response = await request.get("/api/v1/users/u-1001", {
    headers: {
      "Authorization": "Bearer qa-training-token",
      "Accept": "application/json"
    },

  });

  expect(response.status()).toBe(200);
  const body = await response.json();
  expect(body.id).toBeDefined();
  expect(body.email).toBeDefined();
  expect(body.role).toBeDefined();
  expect(body.isActive).toBeDefined();
  expect(body.lastLogin).toBeDefined();
});

test("mock response for UI isolation", async ({ page }) => {
  await page.route("**/api/v1/users/*", async (route) => {
    await route.fulfill({
      status: 200,
      contentType: "application/json",
      body: JSON.stringify({
  "id": "u-1001",
  "email": "alex@hakdogan.com",
  "role": "qa",
  "isActive": true,
  "lastLogin": "2026-05-02T21:18:00Z"
}),
    });
  });
});