testing-api-manual

Base environment URL Auth scheme and access Endpoints and contracts list (params, bodies, responses) Spec (OpenAPI/Swagger) and API version Test data and initial state Rate limit and timeout constraints </input_requirements>

Verify environment availability and basic health
Prepare tokens/keys and store them in variables
Prepare a minimal set of reusable curl templates
Set up request-id/correlation-id variables (if used)

Every request must be reproducible Verify status code and response contract Cover positive and negative scenarios Record headers and parameters that affect behavior Verify response schema and field types Verify pagination, sorting, and filtering Verify idempotency where applicable Note dependencies between requests (chain) </execution_rules> CRUD scenarios Input validation Authorization and access control Errors and edge cases Pagination/filtering/sorting Rate limiting and error codes Expected outcome is stated unambiguously No duplicate scenarios with different wording Server and client errors are distinguished and verified separately Record request-id/correlation-id when available If result recording is needed, use a single consistent format </quality_rules> Do not run destructive requests in production Do not use real user data Do not mutate state unless the scenario requires it Do not leak tokens/keys into shell history or logs </do_not> <template>curl -X GET "$BASE_URL/resource" -H "Authorization: Bearer $TOKEN"</template> <template>curl -X POST "$BASE_URL/resource" -H "Content-Type: application/json" -d '{"key":"value"}'</template> <template>curl -X GET "$BASE_URL/resource?page=1&limit=20" -H "Authorization: Bearer $TOKEN"</template> </example_templates>