API: Endpoint Coverage and Schema Validation
all
Persona: developer
Touchpoint: /api/*, all endpoints
Preconditions
- All API routes deployed
- OpenAPI/Swagger docs available (if documented)
Steps
| # | Action | Expected Result |
|---|---|---|
| 1 | POST /api/chatbot/stream with valid payload | Returns 200. Response is SSE stream or JSON. All required fields present. |
| 2 | POST /api/contact with valid form data | Returns 200. Contact created in database. Confirmation email sent. |
| 3 | GET /api/admin/analytics?churchId=X | Returns 200 with analytics JSON. Schema matches expected format. |
| 4 | POST /api/admin/kb-proxy with document upload | Returns 200. Document indexed. Returned immediately or queued. |
| 5 | POST /api/stripe/webhook with signed payload | Returns 200 (webhook processed). Event handled correctly. |
| 6 | GET /api/admin/agents?churchId=X | Returns 200 with agent config. Schema includes all agent properties. |
| 7 | Test each endpoint with missing required fields | Returns 400 Bad Request. Error message describes missing field. |
| 8 | Test each endpoint with invalid auth token | Returns 401 Unauthorized. No data leaks in error response. |
Known Failure Modes
- Endpoint returns 404 — route doesn't exist or wrong path
- Response schema missing fields — client can't parse
- Endpoint accepts invalid inputs — validation missing
- Wrong status code for errors — client misinterprets
References
- Playwright spec:
e2e (conceptual API tests) - Code files:
Notes
Tests all major API endpoints exist, return correct status codes, and match expected response schemas. Serves as API contract verification. If these tests fail, frontend and mobile clients can't work. Run after adding any new API endpoints.