• API changes may break contract, data shape, auth, or error handling.
• Backend is ready before UI and API needs early verification.
• Regression confidence is needed for integration and release.

• Validate request/response behavior using Bruno-based API collection and scripted checks.
• Detect contract mismatch, status-code drift, and data integrity issues.
• Provide evidence for API readiness and downstream integration safety.

1. Define API scope by endpoint criticality and business flow dependency.
2. Prepare test matrix: happy path, validation errors, auth, idempotency, and boundary data.
3. Execute with deterministic fixtures and environment isolation.
4. Verify status, schema, key fields, and side effects.
5. Log failures with reproducible request payload and correlation id.
6. Summarize API quality with pass rate, top risks, and follow-up tests.

Input:

• Endpoint: POST /orders
• Rules: member coupon + stock lock + timeout rollback

Output:

• Cases covering valid order, invalid coupon, insufficient stock, replay protection
• Defect found: rollback missing when payment timeout occurs
• Recommendation: block release until compensation path is fixed

Input:

• "Test all order APIs"

Output (problem):

• Only 200-response checks, no schema validation or negative path
• Misses contract-breaking field type change

• Do not test APIs without environment/data setup clarity.
• Do not rely on status code alone for correctness.
• Do not ignore side-effect validation for write APIs.
• Do not hide flaky assertions caused by unstable test data.
• Do not claim integration safety without contract verification.