Testing Endpoints

Before publishing a Zerq proxy, run endpoint tests that prove both allowed and denied behaviors.

Minimum test matrix per route

Happy path with correct token, client, profile, and payload.
Missing token -> 401.
Unauthorized client/profile -> 403.
Unsupported method -> 405.
Burst traffic (if rate limit configured) -> 429.

Example commands

# Happy path
curl -i "https://gateway.example.com/v1/invoices" \
  -H "Authorization: Bearer $TOKEN" \
  -H "X-Client-ID: finance-ui" \
  -H "X-Profile-ID: prod-finance"

# Missing token
curl -i "https://gateway.example.com/v1/invoices" \
  -H "X-Client-ID: finance-ui" \
  -H "X-Profile-ID: prod-finance"

What to record in test evidence

Proxy revision ID.
Request and response pair for each status class.
Request IDs so logs can be replayed during incident analysis.

Practical tip

Keep a reusable shell script per API product with the five checks above, and run it after every profile, policy, or workflow change.

Proxies (Endpoints)
Workflows Overview
Request Logs

Minimum test matrix per route​

Example commands​

What to record in test evidence​

Practical tip​

Related docs​

Minimum test matrix per route

Example commands

What to record in test evidence

Practical tip

Related docs