Test Plan Checklist

Before you call your test suite "complete," run through this checklist. This is the same checklist senior QA engineers use before signing off on API test coverage. If you can check every box, your suite is production-ready.

Functional Coverage

All GET endpoints tested — list, single, filtered, nested resources
All POST endpoints tested — valid body, verify 201, verify returned data
All PUT endpoints tested — full update, verify all fields change
All PATCH endpoints tested — partial update, verify unchanged fields preserved
All DELETE endpoints tested — verify correct status code (200 or 204)
Query parameter filtering tested — userId, page, limit, sort
Pagination tested — page 1 vs page 2, total count, per_page
Nested resource relationships tested — /posts/1/comments, /users/1/posts

Validation Coverage

Status codes validated for every request — not just 200
Response body fields validated with specific assertions — not just "not null"
JSON Schema validation for every resource type
Response time checks — under 2 seconds for normal endpoints
Response headers validated — Content-Type: application/json

Negative and Edge Case Coverage

Non-existent resource IDs — 404 response
Invalid ID formats — zero, negative, string — proper error handling
Missing required fields — 400 with meaningful error message
Wrong data types — string where number expected
Empty request body — handled gracefully
Invalid endpoint URL — 404
Unauthorized access — 401 (if auth is applicable)
Empty filter results — 200 with empty array, not 404

Engineering Quality

Tests are independent — no test depends on another test running first
Data-driven tests for scenarios with multiple inputs
Smoke and regression groups defined
Allure annotations — @Epic, @Feature, @Severity on every test
Config externalized — base URL in properties file, not hardcoded
Tests pass consistently — no flaky tests
testng.xml configured with smoke and regression suites
Can run against different environments via -Denv flag
HTML reports generated — Allure for REST Assured, htmlextra for Newman

Documentation

Test plan document in project root
README with setup instructions and run commands
Postman collection and environment exported as JSON
JSON Schema files in resources/schemas/
Test data files in resources/testdata/

Key Point: A complete API test suite is not just about test count. It is about coverage — CRUD, schema, negative, edge cases, data-driven. Plus engineering quality — independence, config management, reporting, and documentation.

Print this checklist. Tape it to your monitor. Every time you write an API test suite — for learning, for work, for interviews — run through it before declaring the suite complete. It will save you from the "I forgot to test that" moment.

Key Point: A complete API test suite covers 5 areas: functional CRUD, validation (schema + status codes), negative/edge cases, engineering quality (independence + config + reports), and documentation. Use this checklist every time.

Previous Up NextPractice Exercises — More APIs to Test

Chapter 10: Practice: Test a Public API