AI-Powered API Testing

Features Built for Backend Engineers

Everything you need to auto-generate, run, and maintain comprehensive API test suites from OpenAPI specs

Feature

OpenAPI/Swagger Integration

Auto-generate comprehensive API test suites from your spec files

  • Support for OpenAPI 2.0, 3.0, and 3.1
  • Automatically test all REST and GraphQL endpoints
  • Validate request/response schemas
  • Test authentication flows
  • Edge case detection (null values, duplicates)
  • AsyncAPI support for event-driven architectures
# Point Markus at your OpenAPI spec
$ markus generate --spec openapi.yaml

✓ Found 47 endpoints in spec
✓ Generated 342 tests in 2.3s

# Generated pytest tests:
def test_create_payment_endpoint(client, db):
    response = client.post('/api/payments', json={
        'amount': 10000,
        'currency': 'USD',
        'customer_id': 'cus_123'
    })
    assert response.status_code == 201

    # Verify database state
    payment = db.query(Payment).first()
    assert payment.amount == 10000
Feature

Database State Verification

Automatically verify database changes after every API call

  • PostgreSQL, MySQL, MongoDB support
  • Verify POST creates records correctly
  • Validate PATCH updates fields
  • Confirm DELETE removes data
  • Test cascade deletions
  • Check foreign key relationships
# Markus auto-generates database assertions
def test_update_user_endpoint(client, db):
    response = client.patch('/api/users/123', json={
        'email': 'new@example.com'
    })
    assert response.status_code == 200

    # Database verification (auto-generated)
    user = db.query(User).filter_by(id=123).first()
    assert user.email == 'new@example.com'
    assert user.updated_at > user.created_at

    # Verify audit log created
    audit = db.query(AuditLog).filter_by(
        user_id=123, action='UPDATE'
    ).first()
    assert audit is not None
Feature

Multiple Testing Frameworks

Generate tests for your preferred language and framework

  • pytest for Python APIs
  • Jest/Supertest for Node.js
  • RestAssured for Java
  • RSpec for Ruby
  • Industry best practices
  • Customizable test templates
# Python (pytest)
$ markus generate --spec api.yaml --framework pytest

# Node.js (Jest + Supertest)
$ markus generate --spec api.yaml --framework jest

# Java (RestAssured)
$ markus generate --spec api.yaml --framework restassured

# All tests follow best practices:
# - Proper setup/teardown
# - Database transactions
# - Clean test data
# - Clear assertions
Feature

CI/CD Pipeline Integration

Seamlessly integrate into GitHub Actions, GitLab CI, Jenkins, and more

  • GitHub Actions workflow templates
  • GitLab CI pipeline integration
  • Jenkins pipeline support
  • Block PRs with failing tests
  • Automatic test runs on every commit
  • Detailed test result reports
# .github/workflows/api-tests.yml
name: API Tests
on: [push, pull_request]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - run: markus test --spec openapi.yaml

# Auto-generates & runs API tests
# Blocks PRs with failing endpoints
# Creates Jira tickets for failures

Exit code: 1 if any test fails
✓ Blocks deployment automatically
Feature

Jira & GitHub Issue Tracking

Automatically create tickets for test failures with full context

  • Auto-create Jira tickets for failures
  • GitHub Issues integration
  • Full test context in tickets
  • Stack traces and error details
  • Suggested fixes included
  • Pull ticket status for tracking
# Auto-create tickets for failures
$ markus test --create-tickets

✓ 3 tests failed
✓ Created Jira ticket API-247: POST /payments fails
✓ Created GitHub issue #184: Auth timeout

# Pull existing tickets
$ markus tickets pull

Ticket API-247: In Progress
Assigned to: @backend-team
Last updated: 2h ago

# Tickets include:
# - Failing endpoint
# - Request/response samples
# - Stack trace
# - Suggested fix
Feature

Detailed Test Reports

Actionable insights with coverage metrics and failure analysis

  • Test coverage by endpoint
  • Pass/fail rates over time
  • Response time analytics
  • Database query performance
  • Compliance reporting
  • Executive summaries
📊 Markus Test Report

Endpoints: 47 tested
Tests: 342 total (339 passed, 3 failed)
Coverage: 94% of spec validated
Avg Response: 142ms

Critical Failures:
❌ POST /api/payments - 500 Internal Error
❌ GET /api/users/:id - Timeout (30s)
❌ PATCH /api/subscriptions - Schema mismatch

Recommendations:
1. Fix payment processing logic
2. Add database index on users.id
3. Update subscription response schema
Feature

K8s SBOM Monitoring

Track dependencies and scan for vulnerabilities in your Kubernetes deployments

  • Scan container images for vulnerabilities (CVEs)
  • Map dependencies to API endpoints for impact analysis
  • Generate compliance reports (NTIA, SOC 2, HIPAA)
  • Track SBOM changes across deployments
  • Automated vulnerability alerts
  • Dependency version tracking
# Auto-generate SBOM for K8s cluster
$ markus sbom scan --cluster production

✓ Scanned 47 container images
✓ Found 312 dependencies
✓ Detected 3 CVEs

📦 SBOM Summary

Dependencies: 312 tracked
Critical CVEs: 1
  ├─ CVE-2024-1234 (openssl@1.1.1k)
  └─ Affects: POST /api/payments

High CVEs: 2
  ├─ CVE-2024-5678 (express@4.17.1)
  └─ Affects: 12 API endpoints

Compliance Score: 85/100
  ✓ NTIA minimum elements
  ✓ SPDX 2.3 format
  ⚠ 3 outdated dependencies

# Auto-create Jira ticket for critical CVE
Ticket created: SEC-892
Assigned to: @security-team
Feature

K8s IaC Configuration Scanning

Scan Terraform, Helm, and Kubernetes manifests to detect API endpoint impact

  • Extract API endpoints from Ingress/Service resources
  • Detect K8s version and deprecated APIs
  • Scan Terraform, Helm, and YAML for security issues
  • Map infrastructure changes to API endpoint impact
  • Version compatibility checking
  • Auto-generate tests for detected endpoints
# Scan IaC files in repository
$ markus iac scan --repo ./infrastructure

✓ Found 25 IaC files
  ├─ 12 Kubernetes YAML
  ├─ 5 Helm charts
  └─ 8 Terraform files

🔍 IaC Analysis Results

Detected API Endpoints:
  ✓ GET /api/v1/users
    └─ k8s/ingress.yaml → user-service:8080
    └─ Has tests (24 passing)

  ⚠ POST /api/v1/payments
    └─ helm/api/ingress.yaml → payment-svc:3000
    └─ No tests found - Auto-generating...

Security Issues: 3 found
  ❌ CRITICAL: Privileged container
     File: k8s/deployment.yaml:15
     Fix: Set securityContext.privileged = false

  ⚠ MEDIUM: Missing resource limits
     File: k8s/deployment.yaml:32
     Fix: Add resources.limits.memory

Deprecated APIs: 1 found
  ✗ k8s/deployment.yaml uses apps/v1beta1
    (Removed in Kubernetes 1.16+)
    Migrate to: apps/v1

Ready to Stop Writing API Tests Manually?

Start auto-generating comprehensive API test suites from your OpenAPI specs. Free for first 1,000 tests.