Docs

API testing docs for QA automation and mock backends

This hub is for QA, automation, and frontend teams who need a reliable API surface for testing. It includes quickstart steps, OpenAPI reference, and practical guidance for Postman, Playwright, and CI runs.

Open the dashboard See Notes example
Stable payloads Logs built-in CORS enabled

Start here

What you will do in 2 minutes

Use the fastest path to get predictable responses, then decide whether you need per-user sessions for isolation testing.

1

Create a project + keys on app.reqres.in.

Use a manage key for setup and a public key for read-only testing.

2

Send your first request with x-api-key.

This gives predictable data for smoke tests and Postman runs.

3

For per-user testing, mint a session token and use Authorization: Bearer.

App-user sessions isolate reads and writes to a single user.

Sample request 
curl "https://reqres.in/api/users?page=2" \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_API_KEY"
QA automation guide API reference (OpenAPI)

Paths

Choose a path

Quickstart

Get a request working with x-api-key in under two minutes.

Go →

QA automation

Stable payloads, logs, and guardrails for CI and headless runs.

Go →

API reference

OpenAPI and Swagger UI for payload shapes.

Go →

Example app

Launch the Notes app to see auth + CRUD in action.

Go →

Quickstart

First request with Postman or curl

Use your project key on any request to get stable, predictable responses. This is the fastest path for API testing, QA automation, and CI smoke tests.

If you need per-user isolation, start an app-user session and send the session token as a bearer token.

Example: list users 
curl "https://reqres.in/api/users?page=2" \
  -H "x-api-key: YOUR_API_KEY"
Example: app-user session 
curl "https://reqres.in/app/collections/todos/records" \
  -H "Authorization: Bearer YOUR_SESSION_TOKEN"

QA automation

Reliable runs without getting blocked

ReqRes is tuned for predictable payloads and stable status codes. Logs help explain failures fast, and guidance keeps CI runs from tripping rate limits or WAF rules.

Read the QA automation guide →

What this helps with

  • Stable payloads for Postman collections and Playwright suites.
  • Predictable status codes to keep QA assertions consistent.
  • Logs for auth, rate limits, and WAF-related failures.

API reference

OpenAPI and Swagger UI

Use the reference to confirm payload shapes and example responses.

Swagger UI

Interactive OpenAPI reference for browsing endpoints.

Open →

openapi.json

Raw spec for importing into Postman or tooling.

Download →

Example app

Notes app flow with auth + CRUD

See how magic links, per-user data, and collections work together in a real UI.

Open Notes example

Common issues

Common failure modes

Auth headers

x-api-key is for project scope. Use Authorization: Bearer for per-user sessions.

Environment header

If you see environment errors, set X-Reqres-Env to prod or dev.

Rate limits in CI

CI runners can trigger rate limits or WAF rules. Add backoff and stable user agents, then review the QA guide.

Related reading

Deeper dives for API testing and QA automation

QA automation without getting blocked

Keys, headers, logs, and retries that keep tests reliable.

qa testing

When mock data slows you down

Why fake APIs hide real issues and when to move on.

mock backend api testing

When JSONPlaceholder is not enough

A path from fake endpoints to real persistence.

fake api alternatives

Frontend-only auth

Login flow testing without standing up servers.

auth frontend