Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

pyr0hu's avatar

What to test in a RESTful API

Hey,

I'm trying to wrap my head around TDD but struggling to understand the basic concepts.

When writing tests for API, I write the tests for the endpoints (e.g. POST /booking), or I'm writing for the logic (user can book a ticket) ?

Should I test every endpoint for things like 'it requires auth', 'it returns the correct fields'?

Or the basic concept is to test the correct logic of every endpoint? Or test the implementations, like the function on the models which does the actual logic? (validating, saving, mutators).

0 likes
2 replies
kyslik's avatar

Take a look at this repository https://github.com/KnpLabs/php-github-api and browse and look around the tests folder.

Rule of thumb, test what is most likely going to change in future, want 99% coverage? Test everything, every endpoint, every bit of logic just like you described...

You are writing test for your own API so you can actually make calls to it and do not have to mock it (adds burden if anything changes).

For common things like "requires auth" make generic test and simply add item to array to test: see this "generic" (DRY) test that I use for "is email queued?" It simply test that every file in Mail directory implements ShouldQueue interface have $queue property and that property is set to emails.

public function testMailsAreQueued()
{
    $files = \File::allFiles(app_path('Mail'));

    foreach ($files as $file) {
        $mailable = resolve('Yap\\Mail\\'.basename($file->getBasename('.php')));
        $this->assertArrayHasKey(ShouldQueue::class, class_implements($mailable),
            'Mailable ['.get_class($mailable).'] does not implement ShouldQueue interface.');
        $this->assertTrue(property_exists($mailable, 'queue'),
            'Mailable ['.get_class($mailable).'] does not have queue property.');
        $this->assertEquals('emails', $mailable->queue,
            'Mailable ['.get_class($mailable).'] queue must be \'emails\'.');
    }
}

Testing validation is simple, just test that your validation rules match whatever you have already in somewhere else (I know this duplicates things) but it is not necessary to test validation process itself since Laravels validation is already tested, on other hand you should test the "outcome" of failed validation.

1 like
Nospoon's avatar

It all depends. I'd say if you know you have your auth middleware applied on the whole group, testing it on every single endpoint is redundant.

Depending on what happens in your application, you might sometimes want to have a mix of unit and functional tests for some more complex stuff.

As a general rule - Think about what should happen and what could possibly go wrong and test against that. Think how would you be testing it manually, what would you be looking for.

I always tend to test the return values of each endpoint as well as required parameters if applicable. I also check if resources are saved to database as expected. If it handles the input the way you want it and spills out the output you expect, it's all good.

Please or to participate in this conversation.