SoftwareTestPilot
PilotAPI · practice backend

Master API Testing with a real practice backend

PilotAPI is a deliberately-imperfect REST backend built for this track. Six endpoints, four seeded production defects, full request / response inspector, and reference suites in Playwright API, Rest Assured, and Postman. Find every bug, write the failing test that proves it, then ship the fix in your head.

The 4 challenges

· planted defects waiting to be caught

Each bug is realistic — the kind of defect you'd actually triage in a real codebase. Use the explorer to reproduce them and the Run API test tab to write a failing assertion.

High

POST /orders quantity:0 returns 500

Validation never runs for quantity:0 — the server divides by zero and crashes with a 500 instead of a clean 400.

Medium

GET /products?sort=desc is silently ignored

The desc flag is parsed but never applied. Catalog sorts ascending no matter what — easy to miss without a schema-level assertion.

Medium

429 response body shape is wrong

Rate-limited responses return { error: 'too_many' } instead of the documented { code, retryAfterSeconds } contract.

Critical

GET /orders/:id authorization leak

Any authenticated user can fetch any order by guessing the id. Missing ownerId check in the controller.

Endpoint Explorer

Pick an endpoint, send a request, validate the response against the documented contract.

Mock responses
POST/auth/loginExpects 200

Exchange credentials for a bearer token. The explorer auto-attaches the returned token to subsequent requests.

Query string
Extra headers (one per line, Key: Value)
Body (JSON)
Response
Press Send to see the response.