API Testing Fundamentals — The 5 Checks On Every Endpoint

For every endpoint, verify:

1. Status code for the happy path AND each error path (400/401/403/404/409/422/500).
2. Response schema — required fields, types, nested shapes. Use a JSON schema validator in CI.
3. Headers — Content-Type, caching, CORS, security headers.
4. Auth — request without a token, with an expired token, with another tenant's token. None should succeed.
5. Edge data — empty arrays, nulls, maximum string length, Unicode, SQL-looking input.

Run these in Postman first to learn the shape, then port to your automation framework.