API specification, testing & logging
All APIs should have an OpenAPI 3.0 specification available. The specification should be accessible either:
- Through an API request (
GET /swagger.json) - Published on the developer portal
Convention: Swagger documentation must be available via the developer portal and/or an API request.
Example:
https://api.wpp.com/customers/v1/swagger.json
API testing
For every API, a Postman collection should be available. This collection must include:
- Tests for all happy path flows
- Tests for authentication and API key security
- Tests for invalid HTTP methods
- A call to check Swagger documentation (if applicable)
Each environment (Dev, Test, Acc, Prod) should have a corresponding Postman environment with test API keys.
Convention: api-name + 'Test Cases'
Example(s):
wpp-addresses-v1 Test Caseswpp-customers-v2 Test Cases
API logging
All API calls should be logged, capturing request/response parameters and bodies. Errors (4xx, 5xx) should include the response body.
| Logging | Request | Response |
|---|---|---|
| Headers | Always | Always |
| Status Code | Always | Always |
| Body | Always | Only for errors |