Overview

API agents exercise REST and GraphQL contracts with schema validation, status-code expectations, pagination boundaries, and negative cases for auth and rate limits. They integrate with OpenAPI specifications when linked to your project.

Enable agents per organization in Automation → AI Agents. Human review applies to generated output before release-critical use.

Who should read this

QA engineers, SREs, platform teams, and developers operating Zof Console and APIs.

Prerequisites

Organization administrator approval to enable agent category
Staging or approved test environment reachable from execution plane
Requirement linkage for audit-oriented teams (recommended)

When to use this workflow

Contract validation after backend versioning
Smoke suite on staging APIs before mobile app release
Breaking-change detection between staging and production mirrors

Step-by-step procedure

Connect API definition

Platform → Topology or project settings → link OpenAPI/GraphQL schema.

Map environments with base URLs and auth profiles.

Enable API agents

Automation → AI Agents → API → Enable.

Select agents aligned to REST vs GraphQL stacks.

Run contract suite

Operate → Runs → start run with API category cases.

Inspect failures for schema drift vs environment misconfiguration.

Key concepts

api validation scope: HTTP status codes and response schema shape; Auth header and token expiry behavior; Pagination cursors and empty result sets; Idempotency and conflict responses on mutating endpoints.
Check 1: HTTP status codes and response schema shape
Check 2: Auth header and token expiry behavior
Check 3: Pagination cursors and empty result sets

Best practices

Store synthetic credentials in Admin secrets, not in case metadata
Separate read-only smoke from destructive mutation suites
Version OpenAPI uploads when teams ship breaking API changes