A Python library for writing expressive, readable API tests
Project description
lashtest
A Python library for writing expressive, readable API tests with built-in Allure reporting.
Features
- Fluent builder API — chain methods to build requests in one expression
- Rich assertions — assert status, JSON body, headers, cookies, response time, JSONPath, and JSON Schema
- Multiple auth strategies — Bearer token, Basic auth, API key
- Retry with exponential backoff — configurable per-request
- File uploads — multipart form data with automatic handle cleanup
- Allure integration — requests and responses auto-attached as report steps
- Test decorators —
@authenticated,@title,@severity,@description,@tag,@link - Fake data generator — built-in
fakefor names, emails, phone numbers, addresses - CLI runner —
lashtest runcollects and runs tests,lashtest reportgenerates HTML reports - SSL auto-detection — finds the system CA bundle on macOS, Linux, and Windows without configuration
Installation
pip install lashtest
To also install development tools (coverage):
pip install "lashtest[dev]"
Requirements: Python 3.9+, and Allure CLI for HTML report generation.
Quick start
from lashtest import APIClient
def test_get_user():
with APIClient('https://jsonplaceholder.typicode.com').get('/users/1') as response:
response.assert_status(200) \
.assert_json_contains({'id': 1}) \
.assert_response_time(2.0)
Run it:
lashtest run tests/
Table of contents
- Client configuration
- Making requests
- Assertions
- Authentication
- Retry logic
- File uploads
- Test decorators
- Fake data
- Allure reporting
- CLI reference
- Error reference
Client configuration
APIClient is the entry point. All configuration methods return self and can be chained.
from lashtest import APIClient
from lashtest.http import BearerToken
client = (
APIClient('https://api.example.com')
.with_base_path('/v1')
.with_auth(BearerToken('my-token'))
.with_header('X-Request-ID', 'test-suite')
.with_timeout(10.0)
)
| Method | Description |
|---|---|
with_base_path(path) |
Prefix applied to every endpoint (must start with /) |
with_header(key, value) |
Add a default header sent with every request |
with_headers(headers) |
Add multiple default headers at once |
with_auth(auth) |
Set default authentication (see Authentication) |
with_timeout(seconds) |
Default timeout in seconds (default: 30) |
with_ssl_verification(verify) |
True, False, or path to a CA bundle file |
with_cookies(cookies) |
Set session-level cookies |
clear_cookies() |
Remove all session cookies |
Context manager
Use APIClient as a context manager to automatically close the underlying session:
with APIClient('https://api.example.com') as client:
with client.get('/health') as response:
response.assert_ok()
Making requests
Call .get(), .post(), .put(), .patch(), or .delete() on the client to get a Request builder. Use it as a context manager — it executes the request and yields the Response.
# GET with query parameters
with client.get('/users').with_param('page', '2').with_param('limit', '10') as response:
response.assert_ok()
# POST with JSON body
with client.post('/users').with_json({'name': 'Alice', 'email': 'alice@example.com'}) as response:
response.assert_status(201)
# PUT with JSON body
with client.put('/users/1').with_json({'name': 'Alice Updated'}) as response:
response.assert_ok()
# PATCH
with client.patch('/users/1').with_json({'email': 'new@example.com'}) as response:
response.assert_ok()
# DELETE
with client.delete('/users/1') as response:
response.assert_status(204)
Request builder methods
All methods return self and can be chained before the with statement.
| Method | Description |
|---|---|
with_header(key, value) |
Add a request-level header |
with_param(key, value) |
Add a query string parameter |
with_params(params) |
Add multiple query string parameters |
with_json(body) |
Set JSON body and Content-Type: application/json |
with_body(body) |
Set raw body |
with_data(data) |
Set form-encoded body |
with_auth(auth) |
Override the client-level auth for this request |
with_timeout(seconds) |
Override the client-level timeout for this request |
with_file(field, path) |
Attach a file for multipart upload (see File uploads) |
with_retry(...) |
Configure retry logic (see Retry logic) |
Accessing the response
The context manager returns a Response object:
with client.get('/users/1') as response:
print(response.status_code) # int
print(response.headers) # dict
print(response.text) # str
print(response.json()) # dict or list
print(response.elapsed) # float (seconds)
print(response.ok) # bool (True if 2xx)
Assertions
All assertion methods return self, so they can be chained.
with client.get('/users/1') as response:
response \
.assert_status(200) \
.assert_ok() \
.assert_header('Content-Type') \
.assert_json_path('$.name', 'Alice') \
.assert_response_time(1.5)
Status
response.assert_status(200) # exact status code
response.assert_ok() # any 2xx status
JSON body
# Exact match
response.assert_json({'id': 1, 'name': 'Alice'})
# Subset match — only checks specified keys
response.assert_json_contains({'id': 1})
# JSON Schema validation
schema = {
'type': 'object',
'properties': {
'id': {'type': 'integer'},
'name': {'type': 'string'},
},
'required': ['id', 'name'],
}
response.assert_json_schema(schema)
JSONPath
Uses JSONPath expressions via jsonpath_ng.
response.assert_json_path('$.id', 1) # value match
response.assert_json_path_type('$.id', int) # type match
response.assert_json_path_exists('$.address.city') # existence check
Headers and cookies
response.assert_header('Content-Type') # header exists
response.assert_header('Content-Type', 'application/json') # header value match
response.assert_cookie_exists('session_id')
response.assert_cookie_value('theme', 'dark')
Performance
response.assert_response_time(0.5) # must respond in under 0.5 seconds
Authentication
Import auth classes from lashtest.http:
from lashtest.http import BearerToken, BasicAuth, APIKey
Bearer token
client = APIClient('https://api.example.com').with_auth(BearerToken('eyJhbGci...'))
Adds Authorization: Bearer <token> to every request.
Basic auth
client = APIClient('https://api.example.com').with_auth(BasicAuth('username', 'password'))
Adds Authorization: Basic <base64(username:password)> to every request.
API key
# Default header name: X-API-KEY
client = APIClient('https://api.example.com').with_auth(APIKey(api_key='secret'))
# Custom header name
client = APIClient('https://api.example.com').with_auth(APIKey(header_name='X-Custom-Key', api_key='secret'))
Per-request override
# Client has no auth, but this one request uses a token
with client.get('/admin').with_auth(BearerToken('admin-token')) as response:
response.assert_ok()
Retry logic
Call .with_retry() on any request to enable automatic retries with exponential backoff.
with (
client.post('/submit')
.with_json({'data': 'value'})
.with_retry(max_attempts=3, on_status=[500, 502, 503, 504])
) as response:
response.assert_ok()
| Parameter | Type | Default | Description |
|---|---|---|---|
max_attempts |
int |
— | Maximum number of attempts (required) |
on_status |
list[int] |
[500, 502, 503, 504] |
Retry on these status codes |
raise_on_exhausted |
bool |
False |
Raise MaxRetriesExceededError after all attempts fail |
Backoff schedule: 2^(attempt-1) seconds — 1 s, 2 s, 4 s, …
from lashtest import MaxRetriesExceededError
try:
with client.get('/flaky').with_retry(max_attempts=3, raise_on_exhausted=True) as response:
response.assert_ok()
except MaxRetriesExceededError as e:
print(f"Failed after {e.retries} attempts, last status: {e.status_code}")
File uploads
Use .with_file(field, path) for multipart file uploads. File handles are opened and closed automatically.
with client.post('/upload').with_file('document', '/path/to/report.pdf') as response:
response.assert_status(201)
Multiple files:
with (
client.post('/upload')
.with_file('avatar', '/path/to/photo.jpg')
.with_file('resume', '/path/to/cv.pdf')
) as response:
response.assert_ok()
Test decorators
Import decorators from lashtest.decorators:
from lashtest.decorators import authenticated, title, severity, description, tag, link
@authenticated
Injects authentication into every request made by self.client inside the decorated test. The original client is restored after each test, even if the test raises.
Method-level:
from lashtest.decorators import authenticated
from lashtest.http import BearerToken
class TestUsers:
client = APIClient('https://api.example.com')
@authenticated(BearerToken('my-token'))
def test_get_profile(self):
with self.client.get('/profile') as response:
response.assert_ok()
Class-level — applies to all test_* methods automatically:
@authenticated(BasicAuth('admin', 'secret'))
class TestAdminEndpoints:
client = APIClient('https://api.example.com')
def test_list_users(self):
with self.client.get('/admin/users') as response:
response.assert_ok()
def test_delete_user(self):
with self.client.delete('/admin/users/1') as response:
response.assert_status(204)
Allure decorators
These are thin wrappers around the corresponding allure decorators.
@title("User creation returns 201")
@severity('critical')
@description("Verifies that POST /users creates a new user and returns the created resource.")
@tag('smoke', 'users')
@link('https://jira.example.com/browse/API-42', name='API-42')
def test_create_user():
...
| Decorator | Description |
|---|---|
@title(text) |
Sets the test title in the Allure report |
@severity(level) |
blocker, critical, normal, minor, trivial |
@description(text) |
Adds a description to the test in the report |
@tag(*tags) |
Marks tests for filtering with -t |
@link(url, name) |
Links to an external resource (JIRA, docs, etc.) |
Fake data
fake provides simple, dependency-free test data generation:
from lashtest.utils import fake
fake.name() # 'Alice Martin'
fake.email() # 'xktvwqbn@gmail.com'
fake.phone() # '+33 6 12 34 56 78'
fake.phone(country_code='+1') # '+1 6 12 34 56 78'
fake.address() # '12 Rue de Rivoli, Paris, France'
Use it directly in test payloads:
def test_create_user():
with client.post('/users').with_json({
'name': fake.name(),
'email': fake.email(),
'phone': fake.phone(),
'address': fake.address(),
}) as response:
response.assert_status(201)
Allure reporting
Every request and response is automatically recorded as an Allure step with the body attached as an artifact.
Viewing reports
Step 1 — Run tests and collect results:
lashtest run tests/ --allure-dir allure-results
Step 2 — Generate and open the HTML report:
lashtest report
Or using the Allure CLI directly:
allure serve allure-results
Enhancing reports
from lashtest.decorators import title, severity, description
@title("POST /users returns 201 with valid payload")
@severity('critical')
@description("Ensures the user creation endpoint validates input and returns the created resource.")
def test_create_user():
with client.post('/users').with_json({'name': fake.name(), 'email': fake.email()}) as response:
response.assert_status(201).assert_json_path_exists('$.id')
CLI reference
lashtest run
Discover and run API tests.
Usage: lashtest run [PATH] [OPTIONS]
Arguments:
PATH Test directory or file [default: tests/]
Options:
-v, --verbose Enable verbose output
-r, --allure-dir TEXT Directory for Allure results [default: allure-results]
-t, --tags TEXT Filter tests by tag (comma-separated)
--help Show this message and exit.
Examples:
# Run all tests
lashtest run
# Run a specific file
lashtest run tests/test_users.py
# Filter by tag
lashtest run -t smoke
# Custom results directory with verbose output
lashtest run -r ci-results -v
lashtest report
Generate an HTML Allure report from collected results.
Usage: lashtest report [RESULTS-DIR] [OUTPUT-DIR]
Arguments:
RESULTS-DIR Allure results directory [default: allure-results]
OUTPUT-DIR Output HTML report directory [default: allure-report]
Error reference
All exceptions inherit from lashtest.APIError.
| Exception | When raised |
|---|---|
APIError |
Base class — catch this to handle any library error |
HTTPError |
The server returned an HTTP error response |
APITimeoutError |
The request exceeded the configured timeout |
APIConnectionError |
Could not connect to the server |
InvalidURL |
The URL or endpoint is malformed |
JSONDecodeError |
The response body is not valid JSON |
AuthenticationError |
Authentication failed |
MaxRetriesExceededError |
All retry attempts failed (only when raise_on_exhausted=True) |
from lashtest import APIClient, APIError, APITimeoutError, MaxRetriesExceededError
try:
with APIClient('https://api.example.com').with_timeout(5.0).get('/slow') as response:
response.assert_ok()
except APITimeoutError as e:
print(f"Timed out after {e.timeout}s")
except APIError as e:
print(f"Request failed: {e}")
Project structure
Recommended layout for a test project using lashtest:
my-api-tests/
├── pyproject.toml
├── conftest.py # shared fixtures
└── tests/
├── test_users.py
├── test_products.py
└── test_auth.py
conftest.py:
import pytest
from lashtest import APIClient
from lashtest.http import BearerToken
@pytest.fixture(scope='session')
def client():
return (
APIClient('https://api.example.com')
.with_base_path('/v1')
.with_auth(BearerToken('token'))
.with_timeout(10.0)
)
tests/test_users.py:
from lashtest.decorators import title, severity, tag
from lashtest.utils import fake
@tag('users', 'smoke')
class TestUsers:
@title("GET /users returns a list")
@severity('normal')
def test_list_users(self, client):
with client.get('/users') as response:
response.assert_ok() \
.assert_json_path_exists('$[0].id')
@title("POST /users creates a user")
@severity('critical')
def test_create_user(self, client):
with client.post('/users').with_json({
'name': fake.name(),
'email': fake.email(),
}) as response:
response.assert_status(201) \
.assert_json_path_exists('$.id')
Contributing
See CONTRIBUTING.md.
License
MIT — see LICENCE.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
lashtest-0.1.0.tar.gz
(29.7 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
lashtest-0.1.0-py3-none-any.whl
(24.6 kB
view details)
File details
Details for the file lashtest-0.1.0.tar.gz.
File metadata
- Download URL: lashtest-0.1.0.tar.gz
- Upload date:
- Size: 29.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7130e76e2b294ec963b0873453b1b7696ade63685523dc3969a20ed2c1297a35
|
|
| MD5 |
948f00b98f5ed3885ff5245506e0a93e
|
|
| BLAKE2b-256 |
55f7afa10a7b747cd0ad2fc8f72314dbb632cea048a97074e8532283f6e4207a
|
File details
Details for the file lashtest-0.1.0-py3-none-any.whl.
File metadata
- Download URL: lashtest-0.1.0-py3-none-any.whl
- Upload date:
- Size: 24.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e3cda1907e4d660f1bdfb360c9d7ea57e09a92cc01235d8d898fbddb1e6b236e
|
|
| MD5 |
79830ec125a3213e3840bd3c948868eb
|
|
| BLAKE2b-256 |
aad1023ee07f863ae7a281ed56c7988f5513186d3fe481e399fe38f6e29c47c5
|
