Comprehensive Data Generation and API Testing Strategies with pytest Example

Data Generation Strategies

Boundary value generation: For numeric parameters, include not only the minimum, maximum and critical values but also values near the boundaries (slightly below the minimum, slightly above the maximum) and values that may cause floating‑point precision issues such as very small positive/negative numbers or numbers close to an integer.

Character input generation: Beyond typical valid characters, add strings with special combinations (long repeated characters, mixed full‑width/half‑width characters, homophones, etc.) and strings that must follow specific formats such as email, phone number, URL, or date.

Encoding compatibility: Test inputs under different character encodings (UTF‑8, GBK, ISO‑8859‑1, etc.) especially for multilingual support.

Sensitive information simulation: If the API handles sensitive data (passwords, credit‑card numbers, etc.), generate test data containing weak passwords, expired dates, invalid check digits, and other edge cases.

Parameter combinations: Perform multi‑dimensional boundary testing by creating combinations of boundary values for multiple numeric parameters, and create character‑input combinations for multiple text fields to evaluate complex input handling.

Dependency management and data isolation: When APIs have data dependencies (e.g., create‑then‑update or delete), ensure test cases follow the correct operation order and clean up generated data to avoid interference with subsequent tests. Use unique identifiers such as UUIDs or temporary test accounts to isolate test data.

Performance and stress testing: Conduct load testing on top of boundary tests to simulate high‑concurrency scenarios, checking response time and resource consumption. Perform capacity testing by gradually increasing input size (very large text, massive list items) to assess handling of large data volumes.

Exception injection and fault‑tolerance testing: Simulate network failures using proxy tools (e.g., mitmproxy) or libraries (e.g., requests_mock) to inject latency, packet loss, retries, or disconnections, and verify the API’s resilience. Trigger server‑side exceptions by sending inputs that cause database query errors or third‑party service failures, ensuring appropriate error responses without exposing sensitive information.

Test coverage statistics and optimization: Use Python coverage tools such as coverage.py to measure code coverage, ensuring test cases cover all important branches and logic. Regularly review coverage reports to identify uncovered paths and add targeted tests.

Test documentation and knowledge base: Maintain detailed test plan documents that list objectives, scope, methods, and expected results. Build a knowledge base of test cases, known issues, solutions, and tips to improve testing efficiency.

Example Code

Use pytest as the test framework, requests as the HTTP client, and the faker library to generate random test data for a hypothetical RESTful API.

First, install the required libraries:

pip install pytest requests faker

Assume we have an endpoint GET /users/{id} that returns user information. The following code demonstrates how to generate various user‑ID test data, including boundary values and illegal character inputs, and assert the expected HTTP status codes.

import pytest
import requests
from faker import Faker

# Assume API server address
BASE_URL = "https://api.example.com"

# Test data generation functions

def generate_user_id():
    return Faker().random_int(min=1, max=1_000_000)

def generate_special_chars():
    # Return a string containing special characters
    return Faker().pystr(max_chars=20, special_chars=True)

# Request function

def get_user_info(user_id):
    url = f"{BASE_URL}/users/{user_id}"
    response = requests.get(url)
    response.raise_for_status()  # Raise exception for non‑2xx status codes
    return response.json()

# Test cases
@pytest.mark.parametrize(
    "user_id, expected_status",
    [
        (generate_user_id(), 200),          # Random normal user ID, expect success
        (0, 400),                           # Boundary: minimum value, expect failure
        (1_000_001, 404),                   # Boundary: max+1, expect failure
        ("invalid_user_id", 400),          # Character input: non‑numeric ID, expect failure
        (generate_special_chars(), 400),    # Character input: special‑char ID, expect failure
    ],
)
def test_get_user_info(user_id, expected_status):
    response = get_user_info(user_id)
    assert response.status_code == expected_status
    if expected_status == 200:
        # Verify response data structure
        assert "id" in response
        assert "name" in response
        assert "email" in response
    else:
        # Verify error response structure
        assert "error" in response
        assert "message" in response["error"]

# Additional scenarios can be added, e.g.:
# - Test non‑boundary missing IDs
# - Test IDs with special characters that still meet format rules
# - Test IDs containing spaces or tabs
# - Test extremely large or small IDs (float‑to‑int conversion edge cases)

if __name__ == "__main__":
    pytest.main()

This example shows how to use pytest.mark.parametrize to generate diverse user‑ID test data, including boundary values and illegal character inputs, and perform assertions based on the expected status code. In real projects, extend the test suite according to the specific API requirements and specifications.

Note

This is a simplified example; actual projects may need to consider additional factors such as authentication, pagination, filtering conditions, and close collaboration with API documentation and developers to ensure comprehensive and accurate test coverage.