⚡ Full-Stack API Automation Suite

Enterprise-Grade Testing Portfolio

TypeScript • Jest • REST • GraphQL • OWASP Security • K6 Performance

🚀 237 automated tests across 12 test suites with 100% pass rate

🎯 About This Project

This repository is a comprehensive API Automation Portfolio demonstrating advanced testing strategies for both REST and GraphQL architectures. Built as a reference implementation for enterprise-grade test automation.

What This Project Demonstrates:

Area	Description
🔄 Full Lifecycle Testing	From CRUD operations to complex multi-step business workflows
🔐 Security First	OWASP Top 10 vulnerability scanning with SQL Injection & XSS tests
⚡ Performance Testing	Scalable load & stress testing with K6
🏗️ Clean Architecture	Modular design with reusable clients, helpers & utilities
🐳 DevOps Ready	Dockerized environment with GitHub Actions CI/CD

👤 Built by: Aditya Dwi Cahyono — Senior QA Automation Engineer

🏆 Test Results Summary

╔════════════════════════════════════════════╗
║     TEST EXECUTION SUMMARY                 ║
╠════════════════════════════════════════════╣
║  Test Suites:  12 passed   │  12 total     ║
║  Tests:        237 passed  │  237 total    ║
║  Pass Rate:    100% ✅                      ║
╚════════════════════════════════════════════╝

Category	Test Suite	Tests	Status
CRUD	Users API	14	✅
CRUD	Posts API	15	✅
CRUD	Comments API	11	✅
Auth	JWT Authentication	16	✅
Auth	OAuth 2.0 + PKCE	25	✅
Validation	JSON Schema	25	✅
Workflow	API Chaining	15	✅
Edge Cases	Negative Testing	35	✅
GraphQL	Queries	24	✅
GraphQL	Mutations	18	✅
Security	OWASP Top 10	20	✅
Contract	Consumer-Driven	19	✅

💡 Tech Stack & Skills

Languages	Testing	API	DevOps
TypeScript 5.3 JavaScript ES6+	Jest 29.7 Supertest K6	REST (Axios) GraphQL Postman/Newman	Docker GitHub Actions Allure Reports

Category	Technologies
Authentication	JWT, OAuth 2.0, PKCE Flow
Security Testing	OWASP Top 10, SQL Injection, XSS, SSRF
Validation	JSON Schema (AJV), Contract Testing
Code Quality	ESLint, Prettier, TypeScript Strict Mode

🚀 Quick Start

# 1. Clone the repository
git clone https://github.com/adityadwic/fullstack-API-automation.git

# 2. Navigate to project
cd fullstack-API-automation

# 3. Install dependencies
npm install

# 4. Run all tests
npm test

🧪 Available Test Commands

# ══════════════════════════════════════════
# 🧪 TEST EXECUTION
# ══════════════════════════════════════════

npm test                    # Run all 237 tests
npm run test:watch          # Watch mode for development

# ══════════════════════════════════════════
# 📦 SPECIFIC TEST SUITES
# ══════════════════════════════════════════

npm run test:crud           # CRUD operations (40 tests)
npm run test:auth           # JWT & OAuth2 (41 tests)
npm run test:graphql        # GraphQL queries & mutations
npm run test:security       # OWASP security tests
npm run test:contract       # Contract validation

# ══════════════════════════════════════════
# ⚡ PERFORMANCE & DOCKER
# ══════════════════════════════════════════

npm run test:perf           # K6 quick performance test
npm run test:perf:full      # K6 full load test
npm run docker:build        # Build Docker image
npm run docker:test         # Run tests in container

# ══════════════════════════════════════════
# 🔍 CODE QUALITY
# ══════════════════════════════════════════

npm run lint                # ESLint check
npm run lint:fix            # Auto-fix lint issues
npm run typecheck           # TypeScript validation

📁 Project Architecture

fullstack-API-automation/
│
├── 📂 src/                          # Source code
│   ├── 📂 clients/                  # API Clients
│   │   ├── rest-client.ts           # REST client with retry & interceptors
│   │   └── graphql-client.ts        # GraphQL client with error handling
│   │
│   ├── 📂 auth/                     # Authentication
│   │   ├── jwt-helper.ts            # JWT token generation & validation
│   │   └── oauth2-helper.ts         # OAuth 2.0 with PKCE support
│   │
│   ├── 📂 utils/                    # Utilities
│   │   ├── schema-validator.ts      # JSON Schema validation (AJV)
│   │   ├── test-data-factory.ts     # Faker.js test data generation
│   │   └── api-chain.ts             # Fluent API chaining
│   │
│   └── 📂 schemas/                  # JSON Schemas for validation
│
├── 📂 tests/                        # Test suites
│   ├── 📂 rest/                     # REST API tests
│   │   ├── crud/                    # CRUD operations
│   │   ├── auth/                    # Authentication tests
│   │   ├── schema/                  # Schema validation
│   │   ├── chaining/                # API workflow tests
│   │   └── negative/                # Edge cases & error handling
│   │
│   ├── 📂 graphql/                  # GraphQL tests
│   ├── 📂 security/                 # OWASP security tests
│   └── 📂 contract/                 # Contract tests
│
├── 📂 performance/                  # K6 load tests
├── 📂 postman/                      # Postman collection
├── 📂 docs/                         # Documentation
└── 📂 .github/workflows/            # CI/CD pipeline

✨ Key Features

🔄 API Testing REST API - Full CRUD with Axios GraphQL - Queries & Mutations Schema Validation - AJV JSON Schema API Chaining - Multi-step workflows	🔐 Security & Auth JWT Testing - Token lifecycle OAuth 2.0 - PKCE flow support OWASP Top 10 - Security scanning Injection Tests - SQL, XSS, SSRF
⚡ Performance K6 Load Testing - Virtual users Stress Testing - Breaking point analysis Spike Testing - Traffic surge handling	🏗️ Infrastructure Docker - Containerized execution CI/CD - GitHub Actions Allure Reports - Rich test reports Postman - Collection export

📚 Documentation

Document	Description
📐 ARCHITECTURE.md	System architecture & diagrams
🐳 DOCKER.md	Docker setup & commands
⚡ PERFORMANCE.md	K6 performance testing guide
🔒 SECURITY.md	OWASP security testing
📝 CONTRACT.md	Contract testing patterns

👤 Author

Aditya Dwi Cahyono

Senior QA Automation Engineer

_{📊 237 Tests • 🔒 20 Security Tests • 📝 19 Contract Tests • 🐳 Docker Ready • ⚡ K6 Performance}

⭐ If you find this project helpful, please give it a star! ⭐

_{Built with ❤️ for the QA community}

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
.github		.github
docker/grafana/provisioning		docker/grafana/provisioning
docs		docs
performance		performance
postman		postman
reports		reports
src		src
tests		tests
.dockerignore		.dockerignore
.env.example		.env.example
.eslintrc.js		.eslintrc.js
.gitignore		.gitignore
.prettierrc		.prettierrc
CHANGELOG.md		CHANGELOG.md
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
CONTRIBUTING.md		CONTRIBUTING.md
Dockerfile		Dockerfile
LICENSE		LICENSE
README.md		README.md
docker-compose.yml		docker-compose.yml
jest.config.js		jest.config.js
package-lock.json		package-lock.json
package.json		package.json
tsconfig.json		tsconfig.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

⚡ Full-Stack API Automation Suite

Enterprise-Grade Testing Portfolio

🎯 About This Project

What This Project Demonstrates:

🏆 Test Results Summary

💡 Tech Stack & Skills

🚀 Quick Start

🧪 Available Test Commands

📁 Project Architecture

✨ Key Features

🔄 API Testing

🔐 Security & Auth

⚡ Performance

🏗️ Infrastructure

📚 Documentation

👤 Author

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

⚡ Full-Stack API Automation Suite

Enterprise-Grade Testing Portfolio

🎯 About This Project

What This Project Demonstrates:

🏆 Test Results Summary

💡 Tech Stack & Skills

🚀 Quick Start

🧪 Available Test Commands

📁 Project Architecture

✨ Key Features

🔄 API Testing

🔐 Security & Auth

⚡ Performance

🏗️ Infrastructure

📚 Documentation

👤 Author

About

Resources

License

Code of conduct

Contributing

Security policy

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages