Testing Real-World Python APIs

A free, hands-on guide to testing production Python APIs with pytest. Eight sections, one working Flask app, and a test suite that runs in seconds and catches the bugs a Todo-app tutorial never could.

What you'll build

You'll build a small Flask API for weather lookups, wire it up to a real OpenWeather client, layer authentication on top, add a full GitHub OAuth flow, and test every piece of it end-to-end. By the time you finish, you'll have seen the patterns that real production codebases use: HTTP-level mocking, route testing via the Flask test client, session injection for auth, and parametrised edge cases.

Every section is follow-along. Every file has a save location. Every test has a pytest command and its expected output. You can type along in your own editor and end up with a working test suite.

Sections

  • 1. Setting up your environment. Create a clean Python project with a virtual environment, install pytest, and freeze your dependencies. The two-minute setup you'll use for the rest of the guide.
  • 2. Introduction to Testing. What testing is, why automate it, and your first pytest run with VS Code's Testing panel. Unit tests vs integration tests, explained with running examples.
  • 3. Unit Testing for APIs. The six places unit tests pay off in a real API: request validation, data transformation, business logic, error handling, authentication, and edge cases.
  • 4. HTTP-Level Mocking. Mock HTTP calls at the transport layer with the responses library. Catches URL, method, and query-parameter bugs that unittest.mock silently lets through.
  • 5. Testing Flask Routes. Use Flask's built-in test client to exercise your routes end-to-end without running a real server. Covers the fixture pattern, happy paths, validation, and upstream error handling.
  • 6. Testing Authenticated Routes. Test login-gated Flask endpoints by injecting session state directly. Covers the session_transaction pattern, reusable fixtures, and parametrising by user role.
  • 7. Testing OAuth Flows. Lock down the OAuth callback handler end-to-end. Covers the happy path, CSRF state verification, and upstream-failure handling.
  • 8. Composing the Production Test Suite. How the pieces compose into a production-grade suite. Layered fixtures, parametrised edge cases, the five-second target, and running on every save.

Who this is for

Python developers who have written a Flask app but haven't yet built a test suite they trust. Anyone whose first pytest tutorial tested 1 + 1 == 2 and left them wondering how that pattern extends to code that talks to real APIs, real databases, and real users. If you've ever wanted to refactor a route and felt nervous because nothing would tell you if you broke something, this is for you.

The guide assumes Python 3.10 or later, comfort with basic Flask and requests, and nothing else. Everything installs with pip, runs locally, and costs nothing.

Start with Section 1

The sections are written to be read in order. Each one builds on the files and patterns from the previous. Start here:

Begin → 1. Setting up your environment

The book behind the guide

This guide is a standalone piece. It's also a sampler of how the full book handles testing. Mastering APIs With Python dedicates an entire chapter to testing a real Flask app end-to-end: a Spotify-powered listening history dashboard with OAuth, SQLite persistence, scheduled monthly snapshots, and CI-backed deployment. 43 tests, under 3 seconds, production-ready.

The book is 30 chapters, 6 portfolio projects, and 800+ code examples. It covers everything that takes a Python developer from "I can make API calls" to "I can build, test, and deploy a production API service." One-time payment, lifetime access, €35.

See the full curriculum → Get the book (€35, lifetime access) →