Is PassTheNote free to use for API testing?

Yes. All API endpoints and the API Explorer are free to use for contract, smoke, and hybrid automation.

Are payloads and contracts stable for API tests?

Yes. Deterministic payloads and documented schemas keep contract tests green across runs.

Can I automate both API and UI flows?

Absolutely. Use the API Explorer, Postman collection, and UI modules to mix API and UI automation.

Is the environment resettable for repeated practice?

Yes. You can reset your data or use demo credentials to start fresh anytime.

API Testing Playground

API Testing Practice with PassTheNote’s Realistic Gateway

PassTheNote mirrors a production-grade API gateway with OAuth-protected routes, catalog data, orders, notes, and utilities so you can rehearse contract tests, monitoring checks, and hybrid UI + API workflows.

Quick Start

Download the Postman collection in docs/postman_collection.json or hit /app/api-explorer for in-browser calls.
Authenticate via /api/auth/login to grab tokens before chaining secured routes.
Use mock data helpers in lib/mockDb.ts (local dev) to reset fixtures when needed.

Why API testers rely on PassTheNote

Every REST resource has deterministic payloads so contract tests stay green across runs.
The API Explorer mirrors Postman collections, letting you document, replay, and export calls quickly.
Mock DB utilities and admin routes keep seeding, cleanup, and negative-path rehearsals fast.

Auth & Session APIs

Validate login, refresh, OTP, and password reset flows.

POST /api/auth/login with valid + invalid payloads to confirm messaging.
Trigger password reset and assert that the reset token expires predictably.
Chain OTP verification steps before allowing privileged endpoints.

Products & Catalog

Exercise filtering, pagination, and price enforcement.

GET /api/v1/products with query params for categories and inventory.
POST new products (admin only) and verify RBAC via authorization headers.
Ensure PATCH updates propagate to the UI /app/products list.

Orders & Checkout

Simulate cart lifecycle, payments, and order history.

POST /api/v1/cart to add items, then convert to /api/v1/orders.
Validate idempotency by replaying checkout with the same payload.
Assert webhook-style notifications by polling /api/v1/notifications.

Notes Service

CRUD notes, tags, and sharing permissions.

Create notes with various visibility levels and confirm access control.
Test search endpoints for tag + keyword combinations.
Delete notes and ensure audit logs remain accessible to admins.

Health & Observability

Monitor uptime and resilience endpoints.

Hit /api/health for readiness checks and interpret JSON payload.
Use chaos endpoints (where available) to simulate latency or failures.
Integrate health checks into CI smoke suites.

Axios smoke script for hybrid suites

Log in, seed cart data, and place an order with the same headers you use in UI automation fixtures or contract testing harnesses.

import axios from 'axios';

async function checkoutSmoke() {
  const baseURL = 'https://www.passthenote.com';
  const auth = await axios.post(baseURL + '/api/auth/login', {
    email: 'tester@passthenote.com',
    password: 'Tester@123',
  });
  const client = axios.create({
    baseURL,
    headers: { Authorization: 'Bearer ' + auth.data.token },
  });

  await client.post('/api/v1/cart', {
    items: [{ productId: 'prod_mock_1', quantity: 2 }],
  });
  const order = await client.post('/api/v1/orders');
  console.log('orderId', order.data.id);
}

checkoutSmoke();

Sample end-to-end validation

Authenticate using POST /api/auth/login and store the bearer token.
Seed two products via POST /api/v1/products (admin scope).
Create a cart with POST /api/v1/cart and confirm subtotal math.
Checkout via POST /api/v1/orders, capturing orderId.
GET /api/v1/orders/{orderId} and compare response fields to the UI order detail.
DELETE seeded cart data to leave the environment clean for other engineers.