원클릭으로 Manus에서 모든 스킬 실행

시작하기

api-validation

스타0

포크0

업데이트2026년 2월 12일 17:30

Comprehensive API endpoint validation including schema validation, authentication testing, and error handling

설치

Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.

Manus에서 실행

출처

terrazul-ai

terrazul-ai/tz-packages

GitHub 저장소 열기 Creator 저장소 보기

다운로드

Manus에서 실행

API Validation Skill

Thorough validation of API endpoints including schema compliance, authentication, authorization, error handling, and performance.

When to Use

Validating new API endpoints
Testing API changes
Schema compliance verification
Authentication/authorization testing
API contract validation
Performance baseline checks

Capabilities

Schema validation - Verify responses match expected structure
Authentication testing - Test auth flows and token handling
Authorization testing - Verify permission enforcement
Error handling - Validate error responses and messages
Performance testing - Check response times and limits

Workflow

Phase 1: Discovery

Understand the API:

Review documentation (OpenAPI, Swagger, README)
Identify endpoints to validate
Note authentication requirements
Document expected responses

Phase 2: Test Design

Create comprehensive test cases:

For Each Endpoint:

Success scenarios (valid requests)
Authentication tests (valid/invalid/missing token)
Authorization tests (permitted/forbidden actions)
Validation tests (required fields, formats, types)
Error scenarios (not found, server errors)

Phase 3: Execution

Run tests systematically:

Test authentication first
Test each endpoint method
Validate response schemas
Check error handling
Measure performance

Phase 4: Validation

For each response, verify:

Status code correct
Response body matches schema
Required fields present
Data types correct
Headers appropriate
Timing acceptable

Phase 5: Reporting

Document findings:

Endpoints validated
Tests passed/failed
Schema violations
Security issues
Performance concerns

Validation Checklist

Authentication Validation

Unauthenticated requests rejected (401)
Invalid tokens rejected (401)
Expired tokens rejected (401)
Valid tokens accepted (200)
Token refresh works (if applicable)

Authorization Validation

Users can access own resources
Users cannot access others' resources (403)
Admin has elevated access
Role-based permissions enforced

Schema Validation

Input Validation

Required fields enforced (400)
Type validation works (400)
Format validation works - email, URL, etc. (400)
Length limits enforced (400)
Range limits enforced (400)
Unique constraints enforced (409)

Error Handling Validation

Performance Validation

Response time < acceptable threshold
Pagination works correctly
Large responses handled
Rate limiting works (if applicable)

Common Validation Patterns

CRUD Endpoint Validation

Use the api-validation skill to validate all CRUD operations on the /api/users endpoint

Tests:

POST /users - Create with valid data (201)
POST /users - Create with invalid data (400)
GET /users - List all (200, paginated)
GET /users/:id - Get existing (200)
GET /users/:id - Get non-existing (404)
PUT /users/:id - Update existing (200)
PUT /users/:id - Update non-existing (404)
DELETE /users/:id - Delete existing (204)
DELETE /users/:id - Delete non-existing (404)

Auth Endpoint Validation

Use the api-validation skill to thoroughly test authentication on /api/auth endpoints

Tests:

POST /auth/login - Valid credentials (200 + token)
POST /auth/login - Invalid password (401)
POST /auth/login - Unknown user (401)
POST /auth/logout - With valid token (200)
POST /auth/refresh - Valid refresh token (200)
POST /auth/refresh - Invalid token (401)

Protected Endpoint Validation

Use the api-validation skill to verify authorization on /api/admin endpoints

Tests:

Request without token (401)
Request with user token (403)
Request with admin token (200)
Request with expired token (401)

Schema Validation Approach

For each response field, verify:

| Field | Type | Required | Validation |
|-------|------|----------|------------|
| id | string | yes | UUID format |
| email | string | yes | email format |
| name | string | yes | min 1, max 100 |
| status | string | yes | enum: active, inactive |
| createdAt | string | yes | ISO date format |
| metadata | object | no | can be empty |

Usage Examples

Full Endpoint Validation

Use the api-validation skill to thoroughly validate the /api/products endpoint including all HTTP methods, authentication, and error handling

Auth-Focused Validation

Use the api-validation skill to test authentication and authorization across all protected endpoints

Schema Compliance Check

Use the api-validation skill to verify all API responses match the OpenAPI schema

Input Validation Testing

Use the api-validation skill to test input validation on POST /api/orders with various invalid payloads

Validation Report Format

# API Validation Report: [Endpoint]

**Date**: [Date]
**Endpoint**: [PATH]
**Methods Tested**: GET, POST, PUT, DELETE

## Summary

| Category | Tests | Passed | Failed |
|----------|-------|--------|--------|
| Authentication | X | X | X |
| Authorization | X | X | X |
| Schema | X | X | X |
| Validation | X | X | X |
| Error Handling | X | X | X |
| Performance | X | X | X |

## Detailed Results

### Authentication Tests
[Results table]

### Schema Validation
[Field-by-field results]

### Issues Found
[List with severity]

## Recommendations
[Action items]

Best Practices

Start with auth - Test authentication before other endpoints
Use real payloads - Test with production-like data
Test all methods - GET, POST, PUT, PATCH, DELETE
Validate schemas strictly - Every field, every type
Check error formats - Consistency matters
Test edge cases - Empty strings, null, max lengths
Measure performance - Set baselines, track changes
Document findings - Include evidence (requests/responses)

이 저장소의 다른 Skills

같은 저장소

create-skill

terrazul-ai/tz-packages

Creates well-structured Claude Skills with proper YAML frontmatter, clear instructions, and supporting files. Activates when the user wants to create a new skill, add capabilities to their AI assistant, encode team preferences, or structure any reusable instruction set. Covers the full lifecycle from intent capture through writing, testing, and refinement.

2026-03-060

help

terrazul-ai/tz-packages

Shows all available skills, platform support, common workflows, and troubleshooting for the @terrazul/assistant-creator package. Activates when the user asks for help, wants to know what's available, or needs guidance on using the package.

2026-03-060

setup-mcp

terrazul-ai/tz-packages

Interactive wizard to set up MCP server credentials in your shell environment (~/.zshenv, ~/.bashrc, etc.). Activates when the user needs to configure API keys, tokens, or environment variables for MCP servers, or after adding new MCP integrations that require authentication.

2026-03-060

add-mcp

terrazul-ai/tz-packages

Searches mcp.so marketplace for MCP servers and configures them for Claude, Codex, or Gemini. Use when user wants to add external tool integrations, find MCP servers, or configure model context protocol.

2026-02-120

convert-skill-to-gemini

terrazul-ai/tz-packages

Converts Claude SKILL.md files to Gemini-compatible format. Use when user wants to use a Claude skill with Gemini CLI, or needs to make skills cross-platform compatible.

2026-02-120

create-agent

terrazul-ai/tz-packages

Create well-formed Claude agents with proper YAML frontmatter, system prompts, and examples. Use when user wants to create a new agent, customize Claude behavior, or needs help structuring an agent definition.

2026-02-120

name	api-validation
description	Comprehensive API endpoint validation including schema validation, authentication testing, and error handling