Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
By Sarah Gooding - Feb 07, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
- Maintainers
- 1
Schemathesis
Schemathesis is an API testing tool that automatically finds crashes and validates spec compliance.
Finding server crashes in the Demo API.
Highlights
🎯 Catches Hard-to-Find Bugs
- Uncover hidden crashes and edge cases that manual testing might miss
- Identify spec violations and ensure your API adheres to its contract
⚡ Accelerates Testing Cycles
- Automatically generate a wide range of test cases based on your API schema
- Save time by reducing the need for manual test case creation
🧩 Integrates Seamlessly
- Works with popular API formats such as OpenAPI, GraphQL.
- Easily integrate into your existing CI/CD workflows.
🔧 Customizable and Extendable
- Tune the testing process using Python extensions.
- Adjust the testing flow to suit your needs with rich configuration options.
🐞 Simplifies Debugging
- Get detailed reports to identify and fix issues quickly.
- Reproduce failing test cases with cURL commands.
🔬 Proven by Research
- Validated through academic studies on API testing automation
- Featured in ICSE 2022 paper on semantics-aware fuzzing
- Recognized in ACM survey as state-of-the-art RESTful API testing tool
Installation
Use Schemathesis via Docker, or install it from PyPI
# Via Docker.
$ docker pull schemathesis/schemathesis:stable
# With pip.
$ pip install schemathesis
Getting Started
Schemathesis works as a standalone CLI:
docker run schemathesis/schemathesis:stable
run --checks all https://example.schemathesis.io/openapi.json
# Or when installed with pip
schemathesis run --checks all https://example.schemathesis.io/openapi.json
Or a Python library:
import schemathesis
schema = schemathesis.from_uri("https://example.schemathesis.io/openapi.json")
@schema.parametrize()
def test_api(case):
case.call_and_validate()
See a complete working example project in the /example directory.
Schemathesis can be easily integrated into your CI/CD pipeline using GitHub Actions. Add this block to your GitHub Actions to run Schemathesis against your API:
api-tests:
runs-on: ubuntu-latest
steps:
- uses: schemathesis/action@v1
with:
schema: "https://example.schemathesis.io/openapi.json"
For more details, check out our GitHub Action repository or see our GitHub Tutorial.
Who's Using Schemathesis?
Schemathesis is used by a number of projects and companies, including direct usage or integration into other tools:
- Abstract Machines (Magistrala)
- Bundesstelle für Open Data (smard-api)
- CheckMK
- Chronosphere.io (Calyptia)
- HXSecurity (DongTai)
- Netflix (Dispatch)
- Pixie
- Qdrant
- Spotify (Backstage)
- Weechat
- WordPress (OpenVerse)
Testimonials
"The world needs modern, spec-based API tests, so we can deliver APIs as-designed. Schemathesis is the right tool for that job."
Emmanuel Paraskakis - Level 250
"Schemathesis is the only sane way to thoroughly test an API."
Zdenek Nemec - superface.ai
"The tool is absolutely amazing as it can do the negative scenario testing instead of me and much faster! Before I was doing the same tests in Postman client. But it's much slower and brings maintenance burden."
Luděk Nový - JetBrains
"Schemathesis is the best tool for fuzz testing of REST API on the market. We are at Red Hat use it for examining our applications in functional and integrations testing levels."
Dmitry Misharov - RedHat
"There are different levels of usability and documentation quality among these tools which have been reported, where Schemathesis clearly stands out among the most user-friendly and industry-strength tools."
Testing RESTful APIs: A Survey - a research paper by Golmohammadi, at al
Contributing
We welcome contributions in code and are especially interested in learning about your use cases. Your input is essential for improving Schemathesis and directly influences future updates.
How to Contribute
- Discuss ideas and questions through GitHub issues or on our Discord channel.
- For code contributions, see our contributing guidelines.
- Share your experience and thoughts using this feedback form.
Why Your Input Matters
- Enables us to develop useful features and fix bugs faster
- Improves our test suite and documentation
Thank you for contributing to making Schemathesis better! 👍
Get in Touch
If you need assistance with integrating Schemathesis into your workflows or have specific questions, feel free to reach out at support@schemathesis.io.
Acknowledgements
Schemathesis is built on top of Hypothesis, a powerful property-based testing library for Python.
License
This project is licensed under the terms of the MIT license.
Keywords
FAQs
Property-based testing framework for Open API and GraphQL based apps
We found that schemathesis demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not Optional
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
By Sarah Gooding - Feb 06, 2025
Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025