一键在 Manus 中运行任何 Skill

开始使用

api-validation

星标0

分支0

更新时间2026年2月12日 17:30

Comprehensive API endpoint validation including schema validation, authentication testing, and error handling

安装

用 Codex 或 Claude 帮你安装复制这段 Prompt，粘贴到 Codex、Claude 或其他助手里，让它检查 Skill 页面并帮你完成安装。

在 Manus 中运行

来源

terrazul-ai

terrazul-ai/tz-packages

打开 GitHub 仓库查看创作者相关仓库

下载

在 Manus 中运行

API Validation Skill

Thorough validation of API endpoints including schema compliance, authentication, authorization, error handling, and performance.

When to Use

Validating new API endpoints
Testing API changes
Schema compliance verification
Authentication/authorization testing
API contract validation
Performance baseline checks

Capabilities

Schema validation - Verify responses match expected structure
Authentication testing - Test auth flows and token handling
Authorization testing - Verify permission enforcement
Error handling - Validate error responses and messages
Performance testing - Check response times and limits

Workflow

Phase 1: Discovery

Understand the API:

Review documentation (OpenAPI, Swagger, README)
Identify endpoints to validate
Note authentication requirements
Document expected responses

Phase 2: Test Design

Create comprehensive test cases:

For Each Endpoint:

Success scenarios (valid requests)
Authentication tests (valid/invalid/missing token)
Authorization tests (permitted/forbidden actions)
Validation tests (required fields, formats, types)
Error scenarios (not found, server errors)

Phase 3: Execution

Run tests systematically:

Test authentication first
Test each endpoint method
Validate response schemas
Check error handling
Measure performance

Phase 4: Validation

For each response, verify:

Status code correct
Response body matches schema
Required fields present
Data types correct
Headers appropriate
Timing acceptable

Phase 5: Reporting

Document findings:

Endpoints validated
Tests passed/failed
Schema violations
Security issues
Performance concerns

Validation Checklist

Authentication Validation

Unauthenticated requests rejected (401)
Invalid tokens rejected (401)
Expired tokens rejected (401)
Valid tokens accepted (200)
Token refresh works (if applicable)

Authorization Validation

Users can access own resources
Users cannot access others' resources (403)
Admin has elevated access
Role-based permissions enforced

Schema Validation

Input Validation

Required fields enforced (400)
Type validation works (400)
Format validation works - email, URL, etc. (400)
Length limits enforced (400)
Range limits enforced (400)
Unique constraints enforced (409)

Error Handling Validation

Performance Validation

Response time < acceptable threshold
Pagination works correctly
Large responses handled
Rate limiting works (if applicable)

Common Validation Patterns

CRUD Endpoint Validation

Use the api-validation skill to validate all CRUD operations on the /api/users endpoint

Tests:

POST /users - Create with valid data (201)
POST /users - Create with invalid data (400)
GET /users - List all (200, paginated)
GET /users/:id - Get existing (200)
GET /users/:id - Get non-existing (404)
PUT /users/:id - Update existing (200)
PUT /users/:id - Update non-existing (404)
DELETE /users/:id - Delete existing (204)
DELETE /users/:id - Delete non-existing (404)

Auth Endpoint Validation

Use the api-validation skill to thoroughly test authentication on /api/auth endpoints

Tests:

POST /auth/login - Valid credentials (200 + token)
POST /auth/login - Invalid password (401)
POST /auth/login - Unknown user (401)
POST /auth/logout - With valid token (200)
POST /auth/refresh - Valid refresh token (200)
POST /auth/refresh - Invalid token (401)

Protected Endpoint Validation

Use the api-validation skill to verify authorization on /api/admin endpoints

Tests:

Request without token (401)
Request with user token (403)
Request with admin token (200)
Request with expired token (401)

Schema Validation Approach

For each response field, verify:

| Field | Type | Required | Validation |
|-------|------|----------|------------|
| id | string | yes | UUID format |
| email | string | yes | email format |
| name | string | yes | min 1, max 100 |
| status | string | yes | enum: active, inactive |
| createdAt | string | yes | ISO date format |
| metadata | object | no | can be empty |

Usage Examples

Full Endpoint Validation

Use the api-validation skill to thoroughly validate the /api/products endpoint including all HTTP methods, authentication, and error handling

Auth-Focused Validation

Use the api-validation skill to test authentication and authorization across all protected endpoints

Schema Compliance Check

Use the api-validation skill to verify all API responses match the OpenAPI schema

Input Validation Testing

Use the api-validation skill to test input validation on POST /api/orders with various invalid payloads

Validation Report Format

# API Validation Report: [Endpoint]

**Date**: [Date]
**Endpoint**: [PATH]
**Methods Tested**: GET, POST, PUT, DELETE

## Summary

| Category | Tests | Passed | Failed |
|----------|-------|--------|--------|
| Authentication | X | X | X |
| Authorization | X | X | X |
| Schema | X | X | X |
| Validation | X | X | X |
| Error Handling | X | X | X |
| Performance | X | X | X |

## Detailed Results

### Authentication Tests
[Results table]

### Schema Validation
[Field-by-field results]

### Issues Found
[List with severity]

## Recommendations
[Action items]

Best Practices

Start with auth - Test authentication before other endpoints
Use real payloads - Test with production-like data
Test all methods - GET, POST, PUT, PATCH, DELETE
Validate schemas strictly - Every field, every type
Check error formats - Consistency matters
Test edge cases - Empty strings, null, max lengths
Measure performance - Set baselines, track changes
Document findings - Include evidence (requests/responses)

同仓库更多 Skills

同仓库

create-skill

terrazul-ai/tz-packages

Creates well-structured Claude Skills with proper YAML frontmatter, clear instructions, and supporting files. Activates when the user wants to create a new skill, add capabilities to their AI assistant, encode team preferences, or structure any reusable instruction set. Covers the full lifecycle from intent capture through writing, testing, and refinement.

2026-03-060

help

terrazul-ai/tz-packages

Shows all available skills, platform support, common workflows, and troubleshooting for the @terrazul/assistant-creator package. Activates when the user asks for help, wants to know what's available, or needs guidance on using the package.

2026-03-060

setup-mcp

terrazul-ai/tz-packages

Interactive wizard to set up MCP server credentials in your shell environment (~/.zshenv, ~/.bashrc, etc.). Activates when the user needs to configure API keys, tokens, or environment variables for MCP servers, or after adding new MCP integrations that require authentication.

2026-03-060

add-mcp

terrazul-ai/tz-packages

Searches mcp.so marketplace for MCP servers and configures them for Claude, Codex, or Gemini. Use when user wants to add external tool integrations, find MCP servers, or configure model context protocol.

2026-02-120

convert-skill-to-gemini

terrazul-ai/tz-packages

Converts Claude SKILL.md files to Gemini-compatible format. Use when user wants to use a Claude skill with Gemini CLI, or needs to make skills cross-platform compatible.

2026-02-120

create-agent

terrazul-ai/tz-packages

Create well-formed Claude agents with proper YAML frontmatter, system prompts, and examples. Use when user wants to create a new agent, customize Claude behavior, or needs help structuring an agent definition.

2026-02-120

name	api-validation
description	Comprehensive API endpoint validation including schema validation, authentication testing, and error handling