Skip to main content

Assertion Operators Overview

HTTPSpec supports multiple assertion operators for flexible testing:

Equality

== - Exact match!= - Not equal

Contains

contains - Substring searchnot_contains - Absence check

Pattern Matching

starts_with - Prefix matchends_with - Suffix match

Regular Expressions

matches_regex - Regex matchnot_matches_regex - Regex negation

Equality Assertions

Exact Match (==)

Test for exact equality: 
### Test exact status code
GET https://api.example.com/users

//# status == 200
//# header["content-type"] == "application/json"
//# body == "OK"

Not Equal (!=)

Ensure values don’t match: 
### Test status is not an error
GET https://api.example.com/health

//# status != 404
//# status != 500
//# header["content-type"] != "text/plain"

Contains Assertions

Substring Search (contains)

Check if a value contains a substring: 
### Test JSONPlaceholder API
GET https://jsonplaceholder.typicode.com/users/1
Accept: application/json

//# status == 200
//# body contains "Leanne Graham"
//# body contains "hildegard.org"
//# header["content-type"] contains "json"
The contains operator is case-sensitive for body content but case-insensitive for headers.

Not Contains (not_contains)

Verify content is absent: 
### Ensure no sensitive data leaked
GET https://api.example.com/public/profile

//# body not_contains "password"
//# body not_contains "secret"
//# body not_contains "token"
//# header["content-type"] not_contains "xml"

Pattern Matching Assertions

Starts With (starts_with)

Check if content begins with a specific string: 
### Test response format
GET https://api.example.com/data

//# status starts_with "2"
//# body starts_with "{\"data\""
//# header["content-type"] starts_with "application"

Ends With (ends_with)

Verify content ends with a pattern: 
### Test file download
GET https://api.example.com/files/report.pdf

//# header["content-type"] ends_with "pdf"
//# header["content-disposition"] ends_with ".pdf\""

Regular Expression Assertions

Regex Match (matches_regex)

Use regex patterns for complex validation: 
### Test with regex patterns
GET https://api.example.com/users/123
Accept: application/json

//# status matches_regex "^2.*"
//# body matches_regex ".*success.*"
//# header["content-type"] matches_regex "application/.*"

Common Regex Patterns

//# status matches_regex "^2.*"        # Any 2xx status
//# status matches_regex "^[23].*"     # 2xx or 3xx
//# status not_matches_regex "^[45].*" # Not 4xx or 5xx

Regex Negation (not_matches_regex)

Ensure content doesn’t match a pattern: 
### Ensure no error codes
GET https://api.example.com/status

//# status not_matches_regex "^[45].*"
//# body not_matches_regex ".*error.*"
//# body not_matches_regex ".*exception.*"

Multiple Assertions Per Request

Combine different assertion types for comprehensive validation: 
### Comprehensive API test
GET https://jsonplaceholder.typicode.com/users/1
Accept: application/json

//# status == 200
//# status starts_with "2"
//# status not_matches_regex "^[45].*"
//# header["content-type"] contains "json"
//# header["content-type"] == "application/json; charset=utf-8"
//# body contains "Leanne Graham"
//# body contains "hildegard.org"
//# body not_contains "error"
//# body matches_regex ".*\"id\"\\s*:\\s*1.*"
All assertions must pass for the test to succeed. If any assertion fails, the entire request is marked as failed.

Header Assertion Examples

Test various header scenarios: 
### Test content-type variations
GET https://api.example.com/data

//# header["content-type"] == "application/json"
//# header["content-type"] contains "json"
//# header["content-type"] starts_with "application"
//# header["content-type"] matches_regex "application/(json|xml)"

Body Assertion Patterns

JSON Response Testing

### Test JSON structure
GET https://api.example.com/users/1
Accept: application/json

//# status == 200
//# body contains "\"id\""
//# body contains "\"email\""
//# body contains "\"name\""
//# body matches_regex ".*\"id\"\\s*:\\s*[0-9]+.*"
//# body not_contains "password"

Error Response Testing

### Test error response format
GET https://api.example.com/users/999999

//# status == 404
//# body contains "error"
//# body contains "not found"
//# body matches_regex ".*\"message\".*"

Empty Body Validation

### Test no content response
DELETE https://api.example.com/users/123
Authorization: Bearer TOKEN

//# status == 204
//# body == ""

Real-World Complex Example

Here’s a comprehensive test demonstrating multiple assertion types: 
### Test with some failing assertions (to show diagnostics)
GET https://httpbin.org/json

//# status == 404
//# body contains "nonexistent"
//# header["content-type"] == "text/plain"
When this test runs, HTTPSpec will report all failures: 
 Test with some failing assertions (120ms)
  [Fail] Expected status 404, got 200
  [Fail] Expected body to contain "nonexistent", got "{...}"
  [Fail] Expected header "content-type" to be "text/plain", got "application/json"
  3 assertions failed
HTTPSpec reports all assertion failures, not just the first one. This helps you understand all issues at once.

Assertion Targets

All assertion operators work with three targets: 
//# status == 200
//# status != 404
//# status contains "20"        # Status contains substring
//# status starts_with "2"       # 2xx status codes
//# status matches_regex "^2.*"  # 2xx using regex

//# body == "exact match"
//# body contains "substring"
//# body not_contains "error"
//# body starts_with "{"
//# body ends_with "}"
//# body matches_regex ".*pattern.*"

//# header["content-type"] == "application/json"
//# header["content-type"] contains "json"
//# header["cache-control"] not_contains "no-cache"
//# header["x-api-version"] starts_with "v"
//# header["authorization"] matches_regex "Bearer .*"

Best Practices

1

Start with simple assertions

Begin with status code checks, then add more specific validations:
//# status == 200
//# header["content-type"] contains "json"
//# body contains "success"
2

Use appropriate operators

Choose the right operator for your needs:
  • Use == for exact matches (status codes, specific header values)
  • Use contains for flexible content checks
  • Use matches_regex for complex patterns
3

Test both positive and negative cases

Verify both what should and shouldn’t be present:
//# body contains "success"
//# body not_contains "error"
4

Combine assertions strategically

Add multiple assertions to catch different failure modes:
//# status == 200
//# status not_matches_regex "^[45].*"
//# header["content-type"] contains "json"
//# body contains "data"
//# body not_contains "error"

Assertion Reference Table

OperatorSyntaxStatusBodyHeadersDescription
==key == valueExact match
!=key != valueNot equal
containskey contains valueContains substring
not_containskey not_contains valueDoes not contain
starts_withkey starts_with valueStarts with prefix
ends_withkey ends_with valueEnds with suffix
matches_regexkey matches_regex patternMatches regex
not_matches_regexkey not_matches_regex patternDoesn’t match regex

Next Steps

Basic Tests

Review fundamental testing concepts

API Testing

Learn REST API testing patterns

Build docs developers (and LLMs) love

Get started for freeTalk to us