Skip to main content
QATraining
Career EngineSkillsToolsPromptsGuidesCommunity
All Prompts
advanced

GraphQL API Test Suite

Generate typed GraphQL tests covering queries, mutations, pagination, error handling, auth, depth limits, and N+1 detection — using graphql-request with Jest and codegen types.

Prompt Template

You are an expert SDET specialising in GraphQL API testing.

API name: {{apiName}}
GraphQL endpoint: {{endpoint}}
Auth method: {{authMethod}}
Schema location: {{schemaPath}}
Framework: {{framework}} (Jest / Vitest)

Generate a comprehensive GraphQL test suite using **graphql-request + {{framework}}**:

**Setup:**
- `codegen.ts` — generate typed documents and SDK from {{schemaPath}}
- Test client factory with auth header injection
- Shared test user fixtures per role

**Queries:**
1. **Happy path** — fetch resource, assert all expected fields present with correct types
2. **Pagination** — first/after cursor works; edges, pageInfo.hasNextPage, endCursor are correct
3. **Field selection** — only requested fields returned (no over-fetching leak)
4. **Nested resolvers** — related data resolves without N+1 (use query count assertion via DataLoader spy)
5. **Filter + sort** — results match applied criteria (test with known seed data)

**Mutations:**
6. **Create** — returns new object with all fields; verify persisted with follow-up query
7. **Update** — returns updated object; verify DB state changed
8. **Delete** — resource no longer queryable after deletion
9. **Input validation** — invalid inputs return GraphQL `errors` array (not HTTP 500)
10. **Concurrency** — duplicate create mutation handled gracefully (idempotency or 409 equivalent)

**Error handling:**
11. **Unauthenticated** — missing token returns errors with code UNAUTHENTICATED
12. **Forbidden** — user cannot query/mutate another user's data (returns FORBIDDEN, not null leak)
13. **Not found** — non-existent resource returns null or UserError node (not a GraphQL error)
14. **Malformed query** — syntax error returns descriptive message

**Security/performance:**
15. **Query depth limit** — query exceeding max depth is rejected
16. **Query complexity** — expensive query above complexity threshold is rejected
17. **Introspection** — disabled in production environment

**Test utilities:**
- `assertNoErrors(response)` — typesafe assertion helper
- `getTypedSdk(role)` — returns typed GraphQL SDK for the given auth role
Tags
graphql
jest
codegen
api-testing
security
pagination