A powerful, extensible API testing tool built with .NET 8 that allows you to define and execute HTTP API tests using YAML or JSON specifications. Comprehensive validation, authentication support, and detailed reporting capabilities with enterprise-grade CI/CD integration.
Define tests in YAML or JSON format with intuitive syntax and comprehensive validation options.
Built-in support for Basic Auth, Bearer Token, and API Key authentication methods.
Validate status codes, response bodies, headers, and response times with configurable expectations.
Generate comprehensive Markdown reports with test results, response times, and detailed analysis.
Built with SOLID principles and dependency injection for easy extension and customization.
Async/await support and optimized execution for fast, reliable API testing at scale.
Enterprise-grade automation with comprehensive security scanning and deployment capabilities
Complete CI/CD pipeline with build, test, security scanning, and deployment automation.
OWASP Dependency Check, CodeQL, Semgrep, Trivy, and secrets detection integrated.
Multi-stage Docker builds, Docker Compose, and automated container security scanning.
Staging and production deployments with approval gates and automatic rollback.
Slack integration for deployment status, security alerts, and build notifications.
Code coverage reporting, security metrics, and performance monitoring dashboards.
Comprehensive security scanning and compliance monitoring
Automated vulnerability detection in dependencies with OWASP Dependency Check.
Static code analysis with CodeQL and Semgrep for security vulnerabilities.
Automated detection of exposed secrets with TruffleHog and Gitleaks.
Docker image vulnerability scanning with Trivy and Hadolint.
License validation, security policy enforcement, and standards compliance.
Real-time security notifications and automated vulnerability reporting.
- name: "Get User Data"
request:
method: "GET"
url: "https://api.example.com/users/1"
headers:
Accept: "application/json"
expect:
statusCode: 200
maxResponseTimeMs: 5000- name: "Create User with Bearer Token"
request:
method: "POST"
url: "https://api.example.com/users"
headers:
Content-Type: "application/json"
auth:
type: "bearer"
token: "your-jwt-token"
body:
name: "John Doe"
email: "john@example.com"
expect:
statusCode: 201
body:
id: 123
name: "John Doe"variables:
base_url: "https://api.example.com"
api_key: "your-api-key"
- name: "Test with Variables"
request:
method: "GET"
url: "{{base_url}}/users"
auth:
type: "apikey"
in: "header"
name: "X-API-Key"
value: "{{api_key}}"
expect:
statusCode: 200SpecAPI is built with modern software engineering practices and follows SOLID principles
Easy to extend with custom validators, authentication handlers, and reporters through well-defined interfaces.
Clean separation of concerns with dependency injection for maintainable and testable code.
Async/await support and optimized execution for fast, reliable API testing at scale.
Authentication Methods
Validation Types
Security Tools
Extensibility
# Clone the repository
git clone https://github.com/sully8665/specapi.git
cd SpecAPI
# Build the project
dotnet build src/SpecAPI/SpecAPI.csproj
# Run your first test
dotnet run --project src/SpecAPI/SpecAPI.csproj Examples/example-test.yaml
# Or use Docker
docker build -t specapi .
docker run specapi Examples/example-test.yamlSpecAPI comes with comprehensive CI/CD integration out of the box. The GitHub Actions workflows provide: