Code-Memo

API Testing

Unit vs integration API tests

1. Unit tests mock dependencies and assert handler logic, validation, and mapping in isolation.
2. Integration tests hit a real HTTP stack (maybe Testcontainers DB) to catch wiring, auth, and serialization bugs.
3. Reserve full e2e suites for critical user journeys; keep them fast enough to run often.

Contract testing

1. Consumer-driven contracts (Pact) ensure providers do not break clients accidentally.
2. OpenAPI can be linted and diffed in CI as a lightweight contract check.
3. Version contracts alongside API versions; fail builds on breaking diffs without approval.

Postman / automated testing

1. Collections help exploratory work; export flows into Newman or similar for CI smoke tests.
2. Store secrets in CI secret stores, not committed environment files.
3. Prefer code-first tests (pytest, supertest, REST Assured) when teams outgrow GUI-only suites.

Mocking APIs

1. Mock external SaaS dependencies in dev/test to reduce flakiness and cost.
2. Avoid mocks that diverge from real behavior; refresh from recorded traffic or OpenAPI examples.
3. For frontends, MSW or similar stubs speed UI work before backends land.