## Schemathesis
> **Catch API bugs before your users do.**
Schemathesis automatically generates thousands of test cases from your OpenAPI or GraphQL schema and finds edge cases that break your API.
Finding bugs that manual testing missed
## Try it now
```console
# Test a demo API - finds real bugs in 30 seconds
uvx schemathesis run https://example.schemathesis.io/openapi.json
# Test your own API
uvx schemathesis run https://your-api.com/openapi.json
```
## What problems does it solve?
- 💥 **500 errors** that crash your API on edge case inputs
- 📋 **Schema violations** where your API returns different data than documented
- 🚪 **Validation bypasses** where invalid data gets accepted
- 🔗 **Integration failures** when responses don't match client expectations
- 🔄 **Stateful bugs** where operations work individually but fail in realistic workflows
> ⚠️ **Upgrading from older versions?** Check our [Migration Guide](https://github.com/schemathesis/schemathesis/blob/master/MIGRATION.md) for key changes.
# Installation & Usage
**Command Line:**
```console
uv pip install schemathesis
schemathesis run https://your-api.com/openapi.json
```
**Python Tests:**
```python
import schemathesis
schema = schemathesis.openapi.from_url("https://your-api.com/openapi.json")
@schema.parametrize()
def test_api(case):
# Tests with random data, edge cases, and invalid inputs
case.call_and_validate()
# Stateful testing: Tests workflows like: create user -> get user -> delete user
APIWorkflow = schema.as_state_machine()
# Creates a test class for pytest/unittest
TestAPI = APIWorkflow.TestCase
```
**CI/CD:**
```yaml
- uses: schemathesis/action@v3
with:
schema: "https://your-api.com/openapi.json"
```
## Who uses it
Used by teams at **[Spotify](https://github.com/backstage/backstage)**, **[WordPress](https://github.com/WordPress/openverse)**, **JetBrains**, **Red Hat**, and dozens of other companies.
> "_Schemathesis is the best tool for fuzz testing of REST APIs on the market. We at Red Hat use it for examining our applications in functional and integration testing levels._" - Dmitry Misharov, RedHat
## See it in action
🔬 **[Live Benchmarks](https://workbench.schemathesis.io)** showing continuous testing results from real-world APIs:
- Code & API schema coverage achieved
- Issues found with detailed categorization
- Performance across different fuzzing strategies
## Reporting
- **[Allure](https://schemathesis.readthedocs.io/en/stable/guides/allure/)** — Rich visual reports with per-operation results, failure steps, and curl reproduction commands
- **[JUnit XML](https://schemathesis.readthedocs.io/en/stable/guides/cicd/)** — For GitHub Actions, GitLab CI, Jenkins, and any CI tool that consumes JUnit
## Documentation
📚 **[Documentation](https://schemathesis.readthedocs.io/en/stable/)** with guides, examples, and API reference.
## Get Help
- 💬 [Discord community](https://discord.gg/R9ASRAmHnA)
- 🐛 [GitHub issues](https://github.com/schemathesis/schemathesis/issues)
## Contributing
We welcome contributions! See our [contributing guidelines](CONTRIBUTING.md) and join discussions in [issues](https://github.com/schemathesis/schemathesis/issues) or [Discord](https://discord.gg/R9ASRAmHnA).
## Acknowledgements
Schemathesis is built on top of Hypothesis, a powerful property-based testing library for Python.
## License
This project is licensed under the terms of the [MIT license](https://opensource.org/licenses/MIT).
## Recent releases
| Version | Date | Urgency | Changes |
| --- | --- | --- | --- |
| `v4.21.1` | 2026-06-06 | High | ### :bug: Fixed - Missing boundary negative in the coverage phase for boolean `exclusiveMinimum` / `exclusiveMaximum`. - `UnicodeEncodeError` when failure or error output contains lone Unicode surrogate characters. [#4229](https://github.com/schemathesis/schemathesis/issues/4229) |
| `v4.21.0` | 2026-05-31 | High | ### :rocket: Added - Chain GraphQL operations on non-`id` identifiers (`fullPath`, `slug`, ...) in stateful and fuzzing phases. ### :racing_car: Performance - Much lower peak memory and faster validation for schemas with very large `maxLength` / `maxItems`. - Cache failed validator builds to avoid recompiling invalid patterns from large `maxLength` / `maxItems` values. - Update `hypothesis-graphql` to `0.13.0` that brings up to 180x performance improvements for deeply nested GraphQL schemas. |
| `v4.20.0` | 2026-05-24 | High | ### :rocket: Added - Override server variable defaults via `[servers.variables]` in config. [#4166](https://github.com/schemathesis/schemathesis/issues/4166) - Form-encoded payloads for dynamic auth via `payload_content_type`. [#4167](https://github.com/schemathesis/schemathesis/issues/4167) ### :racing_car: Performance - ~50% lower coverage-phase wall on definition-heavy schemas. - Cache repeated computations during the coverage phase. - Faster schema bundling for specs with recursive refer |
| `v4.19.0` | 2026-05-19 | High | ### :rocket: Added - Stateful tests damp reuse of extracted values from unreliable API links. - Reuse response field values across operations without an inferred producer-consumer link. - Persist error-feedback, auth, and 405 discoveries to `.schemathesis/`; probing replays them to skip rediscovery. - Fuzz dictionaries: sample curated values during generation via `[dictionaries.]` and `[generation.dictionaries]`. [#2121](https://github.com/schemathesis/schemathesis/issues/2121) - Overrid |
| `v4.18.5` | 2026-05-13 | High | ### :wrench: Changed - Render `negative_data_rejection` mutation descriptions cleanly: no trailing `at`, readable original values. ### :bug: Fixed - Runtime Error on hook-driven revalidation of OpenAPI 3.1 parameters with `prefixItems`. [#4099](https://github.com/schemathesis/schemathesis/issues/4099) - False positive `negative_data_rejection` when a `before_call` hook reassigns request parameters. [#4101](https://github.com/schemathesis/schemathesis/issues/4101) - Pad negative-mode arrays t |
| `v4.18.0` | 2026-05-08 | High | ### :rocket: Added #### Resource pool & captured IDs - Capture identifiers from `{:
