@@ -4,7 +4,7 @@ description: >
44 Run comprehensive API testing against OpenAPI specifications using Dochia. Use when the user wants to
55 test APIs, run negative/boundary tests, validate API behavior, check for 5XX errors, run security-focused
66 API tests, or verify input validation. Also use when the user mentions chaos testing, fuzzing playbooks,
7- API hardening, or contract testing. Requires an OpenAPI spec file and a running server.
7+ API hardening, or contract testing. Requires an OpenAPI spec file and a running server. (1 supporting files)
88metadata :
99 triggers : |
1010 test my API
@@ -19,6 +19,8 @@ metadata:
1919 chaos testing
2020 contract testing
2121 run dochia
22+ test endpoints with dependencies
23+ supply reference data
2224 examples : |
2325 dochia test -c openapi.yml -s http://localhost:8080 -b
2426 dochia test -c openapi.yml -s http://localhost:8080 --playbooks "MalformedJson,BypassAuthentication" -b
@@ -33,9 +35,9 @@ API endpoints based on an OpenAPI specification.
3335## Prerequisites
3436
3537- Dochia CLI installed (any of the following):
36- - ` brew install dochia-dev/tap/dochia-cli `
37- - ` curl -sSL get.dochia.dev | sh `
38- - ` docker pull dochiadev/dochia-cli `
38+ - ` brew install dochia-dev/tap/dochia-cli `
39+ - ` curl -sSL get.dochia.dev | sh `
40+ - ` docker pull dochiadev/dochia-cli `
3941- An OpenAPI specification file (YAML or JSON)
4042- A running API server to test against
4143
@@ -150,12 +152,14 @@ dochia test -c openapi.yml -s https://localhost:8443 --ssl-keystore keystore.jks
150152Reports are generated in ` ./dochia-report ` by default. Use ` --output ` to change the directory.
151153
152154Each test produces:
155+
153156- ` TestN.html ` — human-readable report
154157- ` TestN.json ` — machine-readable result with full request/response details
155158
156159A ` dochia-summary-report.json ` is also generated with a compact array of all test results.
157160
158- See [ the report output reference] ( references/report-output.md ) for the full JSON schemas and ` jq ` examples for parsing results programmatically.
161+ See [ the report output reference] ( references/report-output.md ) for the full JSON schemas and ` jq ` examples for parsing
162+ results programmatically.
159163
160164### Quick Report Analysis
161165
@@ -176,6 +180,79 @@ cat dochia-report/Test449.json | jq .
176180cat dochia-report/dochia-summary-report.json | jq -r ' [.testCases[] | select(.result == "error") | .id] | join(",")'
177181```
178182
183+ ## Stateful Testing Workflow
184+
185+ Dochia is stateless — it does not automatically create or manage resources between requests. When testing APIs
186+ with resource dependencies (e.g. ` PUT /pet/{petId} ` requires a ` petId ` from ` POST /pet ` ), you need to
187+ orchestrate the workflow yourself.
188+
189+ ### Step 1: Understand the resource hierarchy
190+
191+ Use ` dochia list --paths ` to inspect the API structure and identify parent/child resource relationships:
192+
193+ ``` bash
194+ dochia list --paths -c openapi.yml
195+ dochia list --paths -c openapi.yml --path /pet/{petId}
196+ ```
197+
198+ Look for patterns like:
199+
200+ - ` POST /resource ` (creates) → ` GET/PUT/DELETE /resource/{id} ` (requires ID)
201+ - ` POST /resource/{id}/subresource ` (requires parent ID)
202+
203+ ### Step 2: Create resources first using HappyPath
204+
205+ Run the ` HappyPath ` playbook on creation endpoints (typically POST) to generate valid resources.
206+ Inspect the response body from the JSON report to extract the resource ID.
207+
208+ > ** Note:** The ID field name varies by API. Check the OpenAPI spec or the raw response body to find the correct
209+ > field. For example, for a Pet resource, it might be ` .id ` , ` .petId ` , ` .idOfPet ` , ` .petIdentifier ` , etc.
210+
211+ ``` bash
212+ # Run only HappyPath on the creation endpoint
213+ dochia test -c openapi.yml -s http://localhost:8080 --path " /pet" --http-method POST --playbooks HappyPath -o /tmp/setup-report
214+
215+ # First, inspect the full response to find the correct ID field name
216+ cat /tmp/setup-report/Test1.json | jq ' .response.body'
217+
218+ # Then extract using the actual field name from your API
219+ cat /tmp/setup-report/Test1.json | jq ' .response.body.id' # adjust field name as needed
220+ ```
221+
222+ ### Step 3: Supply reference data with -R
223+
224+ Use ` -R ` to pass fixed field values that Dochia will inject into path parameters and request bodies:
225+
226+ ``` bash
227+ # Inline reference data (applied to all paths)
228+ dochia test -c openapi.yml -s http://localhost:8080 -R " petId=123" -b
229+
230+ # Per-path reference data via YAML file
231+ dochia test -c openapi.yml -s http://localhost:8080 --reference-data refData.yml -b
232+ ```
233+
234+ The reference data YAML file format supports per-path and global (` all ` ) values:
235+
236+ ``` yaml
237+ /pet/{petId} :
238+ petId : " 123"
239+ /store/order/{orderId} :
240+ orderId : " 456"
241+ all :
242+ apiVersion : " v2"
243+ ` ` `
244+
245+ ### Recommended agent workflow
246+
247+ When testing an API with resource dependencies:
248+
249+ 1. Run ` dochia list --paths -c openapi.yml` to understand the API structure
250+ 2. Identify which endpoints create resources (typically POST without path parameters)
251+ 3. Run `dochia test` with `--playbooks HappyPath` on creation endpoints first
252+ 4. Extract resource IDs from the JSON response in the report
253+ 5. Run the full test suite on dependent endpoints using `-R` to supply the extracted IDs
254+ 6. Analyze results and replay failures with `dochia replay`
255+
179256# # Listing Available Playbooks
180257
181258` ` ` bash
0 commit comments