Stats
Actions
Tags
From testing
OpenAPI to Portman to Newman pipeline with auth injection for API contract testing. Use when building API tests from OpenAPI specs, injecting authentication into test collections, running contract tests, or when user mentions OpenAPI, Portman, API contract, Swagger, API testing pipeline, auth injection.
How this skill is triggered — by the user, by Claude, or both
Slash command
/testing:api-contract-testingThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
**CRITICAL: The description field above controls when Claude auto-loads this skill.**
examples/auth-injection-clerk.mdexamples/auth-injection-generic.mdexamples/auth-injection-supabase.mdexamples/openapi-pipeline.mdscripts/inject-auth.shscripts/openapi-to-collection.shscripts/run-api-contract-tests.shscripts/run-newman-ci.shscripts/sync-from-routes.shtemplates/collection-with-auth.jsontemplates/github-actions-api-tests.ymltemplates/newman-environment.jsontemplates/portman-config.jsonCRITICAL: The description field above controls when Claude auto-loads this skill.
Provides a complete pipeline for API contract testing: OpenAPI spec -> Portman config -> Postman collection -> Newman execution with auth injection. Replaces the legacy newman-testing and postman-collection-manager skills with a unified, production-ready approach.
OpenAPI Spec (openapi.yaml/json)
-> Portman (transforms to Postman collection with tests)
-> Auth Injection (adds authentication to requests)
-> Newman (executes tests with reporting)
Generate collection from OpenAPI:
bash scripts/openapi-to-collection.sh openapi.yaml api-tests.postman_collection.json
Run tests with auth:
bash scripts/run-api-contract-tests.sh api-tests.postman_collection.json --auth supabase
Full pipeline:
bash scripts/openapi-to-collection.sh openapi.yaml collection.json
bash scripts/inject-auth.sh collection.json supabase_cookie
bash scripts/run-api-contract-tests.sh collection.json
The pipeline supports multiple auth strategies:
| Strategy | Auth Header | Token Source |
|---|---|---|
supabase_cookie | Cookie-based | Supabase auth session |
clerk_jwt | Authorization: Bearer | Clerk JWT token |
auth0_token | Authorization: Bearer | Auth0 access token |
bearer_token | Authorization: Bearer | Generic JWT |
api_key | X-API-Key | API key from env |
none | No auth | Public endpoints |
Auth injection reads credentials from environment variables (never hardcoded):
# Supabase
SUPABASE_URL=your_supabase_url_here
SUPABASE_ANON_KEY=your_supabase_anon_key_here
# Clerk
CLERK_SECRET_KEY=your_clerk_secret_key_here
# Generic
API_KEY=your_api_key_here
AUTH_TOKEN=your_auth_token_here
Portman generates test assertions from OpenAPI specs:
See templates/portman-config.json for the default configuration.
For projects without OpenAPI specs, sync collections from route files:
bash scripts/sync-from-routes.sh src/app/api/ collection.json
This scans route files for HTTP handlers and creates a basic collection.
bash scripts/run-newman-ci.sh collection.json
CI-optimized runner with:
npm install -g newman for test executionnpm install -g @apideck/portman for OpenAPI conversion (optional)jq for JSON manipulationexamples/openapi-pipeline.md for the full pipelineexamples/auth-injection-supabase.md for Supabase auth setuptemplates/portman-config.json for Portman configuration optionsnpx claudepluginhub vanman2024/dev-lifecycle-marketplace --plugin testingAutomates testing of REST/GraphQL API endpoints from OpenAPI specs: generates requests, validates schemas/responses, covers auth, CRUD, errors, idempotency. Supports Supertest, pytest, REST-assured.
Automates REST/GraphQL API tests using Postman/Newman, REST Assured, SuperTest, httpx. Handles Pact contract testing, OpenAPI/JSON Schema validation, WireMock/MSW mocks, performance baselines, auth tokens.
Checks and configures API contract testing with Pact for consumer-provider agreements, OpenAPI spec validation, and schema testing. Use for CI breaking change detection and compliance checks.