Auth0 Home Blog Docs

Integration Testing Best Practices


I’ve got some unit tests to cover my internal business logic with mock clients but I still have a client class that sends the actual http to the endpoint that I’d like to cover.
Is there like a test server I can hit with intermittent test traffic?

Alternatively I feel like I have to capture traffic and then create a mock that replicates that on a simple comparison of expected HTTP that goes out/in. I feel like that is brittle though as the client might make say an irrelevant header change which would break a RAW compare. Also its frozen in time and may provide a false sense of security.

There are two things I’m interested in testing: That my generated HTTP is correct. That the Auth0 endpoints are responding in the way I would expect them to from that generated HTTP.

Otherwise I’m left in the situation where production/staging might be broken but its just that no traffic has gone that way for X days to find that out.
What I’d really like is an infrequent daily ping that also represents a health-check that the technology that I am building for the next release definitely works with the technology that auth0 provides.

What solutions have others implemented to deal with this issue? What’s auth0’s stance on testing on its endpoints? Like, if I create a Mr Test Test user, update it and delete it every day are people gonna be mad at me?


What endpoints do you want to hit/test and what kind of frequency will you require?

Some endpoints are meant for machine-to-machine interaction (they return JSON) but other are browser-based endpoints (they return HTML and redirections), so these would obviously be more difficult to assert that the response is correct.


Sorry for the delayed response.

I’m currently hitting the json api end points. The management API.
The traffic is relatively low but right now when we do a build there’s a bunch of tests that will run through all our use-cases (create, edit, delete). That’s about four create/test/delete cycles per build going against my current free account. I’m going to move this onto our proper paid account real soon.
I can take some time to recategorise the tests so they run less frequently, my long-term desire is to run them just once a day as an effective health check but right now its anywhere up to eight times a day.
I rate limit them to approximately a one second delay between requests.

Is that okay?


Let me see if I get this straight: 4 users create/test (log in?)/delete, 8 times a day. In terms of management API v2 requests, I don’t see a problem, specially if you rate-limit those.


ye, login=>create=>edit=>delete is the “worst-case-scenario” for each test of which there are about four that support the use-cases for synchronisation. We may add a few more use-cases but I don’t see it growing much more.

Thanks for the confirmation! <3