DEV Community

Cover image for API Testing and Development with FastAPI

Posted on

API Testing and Development with FastAPI

Image description
API testing and development can be a daunting task for even the most experienced developers. With the introduction of FastAPI, however, the process has become significantly easier and more efficient. FastAPI is a modern, fast (high-performance), web framework for building APIs with Python 3.6+ based on standard Python type hints.

One of the standout features of FastAPI is its use of automatic API documentation using Swagger and OpenAPI. This means that as you build your API, the documentation is automatically generated, saving you time and effort in maintaining accurate documentation. Additionally, FastAPI integrates with popular testing libraries such as Pytest and Hypothesis, making it easy to write and run API tests.

Here's a simple example of a FastAPI endpoint that increments a counter and returns the result:

from fastapi import FastAPI

app = FastAPI()

counter = 0

def increment():
    global counter
    counter += 1
    return {"value": counter}

Enter fullscreen mode Exit fullscreen mode

This endpoint can be tested using the popular Pytest library:

def test_increment():
    response = app.get("/increment")
    assert response.status_code == 200
    assert response.json() == {"value": 1}

Enter fullscreen mode Exit fullscreen mode

FastAPI integrates seamlessly with the OpenAPI specification, also known as Swagger. This allows for automatic generation of API documentation, saving developers time and effort in maintaining accurate documentation.

The integration with Swagger allows for interactive documentation, which can be accessed via a browser at the /docs endpoint of your API. This interactive documentation allows for easy testing and exploration of the API endpoints, as well as the ability to easily share the documentation with other developers. The documentation is automatically generated based on the API's function signatures and docstrings, ensuring that it is always up-to-date.

Swagger is swag (I'm not sorry)

In addition to the interactive documentation, the Swagger integration also allows for the generation of static documentation in the form of a JSON or YAML file. This file can be used to easily share the API documentation with other tools and services, such as API gateways. Overall, the Swagger integration in FastAPI greatly simplifies the process of API documentation and testing.

Tools that leverage OAS

There are many tools on the web build to extract value for developers with OAS files. One of these is our own open source tool cherrybomb.

BLST's cherrybomb tool is a powerful tool for testing and finding problems in a Swagger file. It is designed to automatically attack a Swagger file and uncover problems that may not be immediately obvious. This is especially useful for ensuring the security and reliability of an API. Cherrybomb can perform a variety of tests, including custom defined active tests.

In addition to its ability to validate and test a Swagger file for best practices and adherence to the OAS specification, BLST's cherrybomb tool can also test for common vulnerabilities. This is an important aspect of ensuring the security of an API, as vulnerabilities can leave the API open to attacks and exploitation. By automatically testing for these vulnerabilities, cherrybomb can help developers identify and fix potential security issues before they become a problem.

The tool's detailed output, including the exact location of any issues found, makes it easy for developers to quickly identify and fix any problems. This can save time and effort in manual testing and help ensure that the API is reliable and secure. Overall, cherrybomb is a valuable tool for anyone looking to ensure the quality and security of their API through automatic testing and problem identification.

Thanks for reading! If you enjoyed please consider checking us out!
Star our Github repo and join the discussion in our Discord channel!
Test your API for free now at BLST!

Top comments (0)