3.0 Test
Prove reality against the spec
Test suites, security scans, and automation that treat your spec as the contract to enforce.
Launching soon — be the first to get access.
Assert everything
Suites of chained requests with 15+ assertion types — status, JSON paths, headers, latency.
- 15+ assertion types, drag-and-drop suites
- Chained requests: extract values, reuse them downstream
- Pre-request and post-response JavaScript
Auth like production
Ten auth schemes resolved per environment — run the same suite against staging and prod.
- OAuth2, Bearer, API Key, JWT, AWS SigV4, and more
- Environment variables in requests and assertions
Test data, managed
Fixtures, seeds, and snapshots put the API in a known state before every run.
- Fixtures with per-suite scope control
- Pre/post-run seeds with loops and captures
- Logical snapshots restore known state
Security is a test, too
OWASP API Top 10 scanning with multi-identity personas, finding triage, and a security score.
- 9 scanners: BOLA, broken auth, SSRF, and more
- Personas for multi-identity access testing
- Triage workflow with audit trail and score dashboard
Runs where you work
CLI for CI, API triggers, schedules, and signed webhooks — testing that fits your pipeline.
- CLI runner with CI exit codes
- Cron schedules and API-key triggers
- HMAC-signed webhooks on completion
One living spec
The rest of the lifecycle
Change the spec — everything on this page updates with it.
Be first to ship on it
Routebase is launching soon. Join the waitlist and we'll email you the moment it's ready.
One email at launch. No spam, unsubscribe anytime.