Developer Portal Service — Testing Strategy
Version: 1.0 Status: Draft Owner: Product + Developer Relations (DevRel) Last Updated: 2026-04-20
1. Intent
Define unit, integration, contract, and E2E coverage targets and the scenario list for the Developer Portal. Verify API and key-management flows demand contract tests against auth-service, sms-orchestrator, and channel-router-service.
2. Coverage Targets
| Layer | Target |
|---|---|
| Unit | ≥ 80% line coverage |
| Integration | mandatory: tenant isolation, outbox, inbox |
| Contract | one per consumed gRPC RPC and one per produced event |
| E2E | top user journeys per epic |
3. Scenario List — EP-DEV-01
- Anonymous load of
/reference/v1docs site under 1.5 s LCP. TBD - Self-serve sandbox key issuance + immediate sandbox call success. TBD
- Production key request → owner approval → secret display. TBD
- Key revocation → 401 within 60 s on synthetic prober. TBD
4. Scenario List — EP-DEV-02 / EP-DEV-03
- npm install + happy path SMS send against sandbox. TBD
- Each server SDK contract test against latest sandbox. TBD
- Mobile SDK Verify auto-fill on Android emulator + iOS simulator. TBD
5. Scenario List — EP-DEV-04
- Postman "Run in Postman" → import collection → send sandbox SMS. TBD
- OpenAPI spec passes spectral lint and validates with
openapi-cli. TBD
6. Scenario List — EP-DEV-05
- SMS Verify happy path. TBD
- Voice Verify happy path. TBD
- WhatsApp Verify happy path + not-on-WhatsApp fallback. TBD
- Channel cascade: WA fail → SMS deliver → APPROVED. TBD
- Per-recipient rate limit triggers 429. TBD
- Tenant daily spend cap triggers 402. TBD
- Constant-time check verified via timing-attack test fixture. TBD
7. Test Infrastructure
- TBD (Vitest, Playwright, Pact, k6 for load)
8. CI Gates
- TBD