How to report and API bug?

mariem_safi · 7 November 2025 12:17

Hey folks,
I’m testing some APIs and have come across a few failed responses.
What exactly should I report to the developer?
Also, do you have any templates or examples I could use?

Thanks a lot!

conrad.braam · 7 November 2025 14:06

It’s pretty much like any other bug report:

specify which API call is giving a incorrect response, and then detail under what scenarios it produces different or other responses. It’s important to capture either different preconditions that affect the reply, or different parameters that affect the reply.
Describe the response you expected.

I log API bugs the same really as any bug but the only difference for me, is that I go and look for other API’s that are either similar to or related somehow, to see if those API’s also exhibit issues. This can help the developers to fix them all in one go or help them to fix the bug more quickly if you have described some test scenarios.

Finally, I write a failing automated test, and check it into the CI setup so that the test fails, either until the bug gets fixed, or you get told that it’s wrong by design or something else. That way I have a failing test that will pass once the bug gets sorted out. Sometimes the automated test will need extending later on after a fix is delivered, but it’s a good reason to have a failing test in your CI/CD run. After the bug is fixed you can then easily evolve and stress test that API call.

alan · 7 November 2025 16:56

If you can’t do as @conrad.braam suggests and write a failing test - you might be testing an external API - then you could try and recreate the API issue as a cURL command and then include that in any bug report to make the problem easier to recreate.

Most of the API clients have the ability to export requests to cURL.

flynnbops · 8 November 2025 15:08

1 To both suggestions.

Capturing the request provides lots of great information just like the failing test.

When raising the bug, highlight any VPNs or corporate software that may have been running on your machine at the time. If the test fails in CICD then capture that info in case there are firewall / networking things at play.

christian.baumann · 20 November 2025 09:57

In addition to creating an automated tests or a cURL that reproduces the issue, also provided your expectations (the response, it status code, headers, payload, etc.)

ujjwal.singh · 24 November 2025 07:02

We usually add the following details while reporting an API Bug :

Application ID / Order ID, whichever is available

The microservice in which the error occurred
Request I send
Error message I received
Screenshot or link of the api documentation for the same.
If the api is failing on the frontend, then curl, end path, screenshot, payload ,and response

Topic		Replies	Views
30 Days of API Testing - Day 24: Share the best API bug you’ve found 30 Days of Testing 30-days-of-testing , api-testing	15	6322	26 March 2022
How do I start to test an API? Discussions learning , process , api-testing	13	282	10 October 2024
30 Days of API Testing Day 22: Biggest frustration with API testing! 30 Days of Testing 30-days-of-testing , api-testing	15	1742	6 March 2022
What is the best way to document API test scenarios or test cases Discussions tools , process	3	344	27 July 2025
What do you share in your automation reports? Discussions automation , reporting , pipeline , mot-fcta	13	2009	15 December 2025

How to report and API bug?

Related topics