Stats
Actions
Tags
From laravel-api-tool-kit
Tests API endpoints using curl, validates HTTP status and response structure, then cross-references against database records.
How this command is triggered — by the user, by Claude, or both
Slash command
/laravel-api-tool-kit:curl-testlaravel-api-tool-kit/workflows/Files this command reads when invoked
The summary Claude sees in its command listing — used to decide when to auto-load this command
# Workflow: Test an API Endpoint with Curl Use during investigation or feature verification to test an endpoint directly and cross-reference its response against the database. **Trigger phrases**: "test this endpoint", "curl this", "test the API", "verify the response", `/curl-test` **Best used alongside `/investigate`** — curl response + DB comparison is the fastest way to prove a cache, resource, or transformation bug. --- ## Step 1 — Build the Curl Command Generate the correct command based on the HTTP method: **Always use `-s` (silent) + `| jq .` for readable output.** Add `-v`...
Use during investigation or feature verification to test an endpoint directly and cross-reference its response against the database.
Trigger phrases: "test this endpoint", "curl this", "test the API", "verify the response", /curl-test
Best used alongside /investigate — curl response + DB comparison is the fastest way to prove a cache, resource, or transformation bug.
Generate the correct command based on the HTTP method:
# GET
curl -s -X GET "http://localhost/api/v1/ENDPOINT" \
-H "Authorization: Bearer TOKEN" \
-H "Accept: application/json" | jq .
# POST
curl -s -X POST "http://localhost/api/v1/ENDPOINT" \
-H "Authorization: Bearer TOKEN" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d '{"key": "value"}' | jq .
# PUT / PATCH
curl -s -X PUT "http://localhost/api/v1/ENDPOINT/ID" \
-H "Authorization: Bearer TOKEN" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d '{"key": "value"}' | jq .
# DELETE
curl -s -X DELETE "http://localhost/api/v1/ENDPOINT/ID" \
-H "Authorization: Bearer TOKEN" \
-H "Accept: application/json"
Always use -s (silent) + | jq . for readable output. Add -v when you need to inspect response headers.
If the user doesn't have a token, provide the login command:
curl -s -X POST "http://localhost/api/auth/login" \
-H "Content-Type: application/json" \
-d '{"email": "[email protected]", "password": "password"}' | jq .token
When the user shares the response, check:
| Status | Meaning | Next step |
|---|---|---|
| 200 / 201 | Success | Validate response structure |
| 401 | Unauthenticated | Check token / auth middleware |
| 403 | Forbidden | Check policy |
| 404 | Not found | Check route / model binding |
| 422 | Validation failed | Read errors field |
| 500 | Server error | Check storage/logs/laravel.log |
This is the most valuable step. Compare the API response against raw DB data:
-- Get the raw record
SELECT * FROM table_name WHERE id = 'RECORD_ID';
-- If values differ → cache issue, resource bug, or accessor/cast bug
Mismatch diagnosis:
| API shows | DB shows | Likely cause |
|---|---|---|
| Stale value | Correct value | Cache not invalidated |
| Transformed value | Raw value | Accessor or cast applied |
| Missing field | Field exists | Resource not including it / when() condition false |
| Wrong value | Same wrong value | Data written incorrectly — trace the write path |
Endpoint: GET /api/v1/cars/CAR_ID
Status: 200 OK ✓
Response: { "balance": 50 }
Database: balance = 100
⚠ Mismatch — API returns 50, DB has 100.
Likely cause: cached value not invalidated on last update.
Next: check Cache::get() for key 'car:CAR_ID:balance'
❌ Assuming the endpoint URL — check routes first (php artisan route:list | grep keyword)
❌ Skipping the DB comparison — response vs DB is the fastest bug locator
❌ Testing only the happy path — test unauthenticated, forbidden, invalid input too
❌ Hardcoding specific IDs in saved commands — use CAR_ID, USER_ID placeholders
npx claudepluginhub ahmedesa/laravel-api-tool-kit/test-endpointTests an API endpoint across happy path, validation, auth, edge cases, and idempotency scenarios using curl/fetch, validating responses and producing a pass/fail summary table.
/send-requestSends HTTP requests via Postman CLI: gathers URL/method/headers/body/auth from user or collections, shows command, executes, reports status/response/errors with fixes.
/debug-apiDebugs REST API failures by loading OpenAPI specs, ingesting HTTP logs, analyzing root causes with fixes, and generating cURL repro commands.
/test-apiDesign comprehensive API testing strategy including contracts and integration tests.
/testhttpfExecutes full HTTP tests against real APIs using Python requests library, starting test server if needed and reporting live responses, status codes, errors. Incurs real API costs.
/fuzz-apiFuzz tests REST APIs by generating malformed inputs, edge cases, and payloads to detect vulnerabilities, crashes, and unexpected behaviors. Outputs test suites, security reports, and reproducible cases.