SmartestQADocs
api REST API

API Request Step

Send requests to REST APIs and validate responses. Combine UI tests with API tests in the same scenario.

What is API Request?

API Request Step allows you to send HTTP requests to REST APIs within your test flow. You can create end-to-end scenarios by using it together with UI tests.

UI + API

Combine both in the same test

Response Assertion

Status, body, header validation

Data Extraction

Extract and use data from response

How to Use

API Requests Menu

You can add as steps all the requests you create in the API Requests section of the left menu to your testcases. Define once, use everywhere!

Step by Step Usage

1

Test the Request

Click the Send button in the right panel. The request will execute and the response will be displayed in the right panel.

2

Extract Data from Response

Click on the data you want to use parametrically in the returned response. The JSONPath will be automatically generated and saved as a Global Parameter.

Example: When you click on the token in the response

$.data.token is saved as auth_token
3

Use the Parameter

You can use the saved parameter anywhere with curly braces:

{{auth_token}} {{user_id}} {{order_id}}
4

Create Parametric Requests

You can also make your requests parametric! Use Global Parameters saved in previous steps with curly braces:

In URL:

{{base_url}}/api/orders/{{order_id}}

In Header:

Authorization: Bearer {{auth_token}}

In Body:

{"userId": "{{user_id}}"}

Note: All {{param}} values are replaced with their actual values just before the test runs. This allows you to create dynamic and reusable requests.

When to Use

Use It

  • Data setup before testing (create user, order)
  • Getting token from Login API
  • Validating UI operations via API
  • Backend state verification
  • Webhook/callback testing
  • Cleanup after testing

Don't Use It

  • When UI testing alone is sufficient
  • GraphQL (REST only for now)
  • WebSocket connections
  • File downloads (use Python)

HTTP Methods

Method Usage Body
GET Reading data, listing None
POST Creating new records JSON / Form
PUT Full update JSON / Form
PATCH Partial update JSON / Form
DELETE Deleting records Usually none

Real-World Scenario Examples

POST

Scenario 1: Getting Token from Login API

Fast authentication via API instead of UI login

Use Case: Logging in through UI for every test is slow. You can bypass login by getting a token via API and storing it in localStorage.

URL

{{base_url}}/api/auth/login

Headers

Content-Type: application/json

Request Body

{
  "email": "{{test_email}}",
  "password": "{{test_password}}"
}

Response (example)

{
  "success": true,
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIs...",
    "user": { "id": 123, "name": "Test User" }
  }
}

To use in subsequent steps: Extract token with JSONPath: $.data.token and save to Global Parameter

POST

Scenario 2: Creating Order Before Test

Preparing data in backend before UI test

Use Case: You want to test the "Order Details" page but you need an order first. Creating an order through UI takes 10 steps, with API just 1 step!

URL

{{base_url}}/api/orders

Headers

Authorization: Bearer {{auth_token}}

Request Body

{
  "items": [
    { "productId": 101, "quantity": 2 },
    { "productId": 205, "quantity": 1 }
  ],
  "shippingAddress": {
    "city": "Istanbul",
    "district": "Kadikoy"
  }
}

Get orderId from response, then navigate to /orders/{{orderId}} page in UI.

GET

Scenario 3: Verifying UI Action via API

You made changes in a form, did it actually save to the backend?

Use Case: You updated profile information through UI. "Success" message appeared but was it actually written to the database?

URL

{{base_url}}/api/users/{{user_id}}

Response Assertion

// Status Code
200

// JSONPath Assertions
$.data.phone == "+905551234567"
$.data.address.city == "Ankara"
GET

Scenario 4: List API Pagination Check

Pagination testing with query params

Use Case: You want to verify that the product list API's pagination works correctly.

URL (with Query Params)

{{base_url}}/api/products?page=2&limit=20&sort=price_asc

Response Assertion

// Array length check
$.data.length == 20

// Pagination meta check
$.meta.currentPage == 2
$.meta.totalPages > 1
DELETE

Scenario 5: Delete Operation Verification

You deleted via UI, was it actually deleted?

Use Case: You deleted an address via UI. Is it a soft delete or hard delete? Verify via API.

Step 1: Delete API

DELETE {{base_url}}/api/addresses/{{address_id}}

Expected: 204 No Content

Step 2: Verify with GET again

GET {{base_url}}/api/addresses/{{address_id}}

Expected: 404 Not Found

POST

Scenario 6: File Upload API Test

File upload with multipart/form-data

Use Case: You want to test the profile photo upload API.

URL

{{base_url}}/api/users/avatar

Content-Type

multipart/form-data

Form Data

file: [test-avatar.png]  // Select file
userId: {{user_id}}

Scenario 7: Chained API Requests

Using output from one response in the next request

Use Case: First get the category list, then fetch products in that category using the first category's ID.

Step 1: List Categories

GET /api/categories then save $.data[0].id to category_id

Step 2: Get Category Products

GET /api/categories/{{category_id}}/products

Response Handling

Data Extraction with JSONPath

You can use JSONPath to extract specific values from response JSON:

JSONPath Description Example Result
$.data.id Direct field access 123
$.data.items[0].name First element of array "iPhone 15"
$.data.items.length Array length 5
$.data.items[*].price All price values [100, 200, 150]
$.data.items[?(@.stock>0)] Filtered selection Items in stock
Status Code Assertion
200, 201, 204, 404, 500...
Save to Global Parameter
$.data.token to auth_token

Frequently Asked Questions

What is the API timeout duration?

The default timeout is 30 seconds. You can change it in Proje settings. Increase it for long-running operations.

I'm getting an HTTPS certificate error?

If test environments have self-signed certificates, enable the "Ignore SSL Errors" option. Don't use it in production!

How are Cookies/Sessions managed?

Cookies are automatically carried between API Steps. To add manual cookies, add Cookie: session=xxx to Headers.

How to implement OAuth 2.0?

POST to token endpoint in the first step, save the returned access_token to Global Parameter. In subsequent requests use Authorization: Bearer {{access_token}}.

JavaScript Global Parameters