Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/davidG97/qa-flow/llms.txt

Use this file to discover all available pages before exploring further.

QA Flow’s REST API gives you programmatic control over every aspect of the platform — creating and managing test projects, triggering Playwright executions, recording new test flows, inspecting results, and downloading reports. The API follows standard REST conventions: resources are JSON objects, HTTP verbs map to CRUD operations, and errors are returned as { "error": "..." } JSON objects with an appropriate status code.

Base URL

All endpoints are mounted under the /api prefix on port 3001.
http://localhost:3001/api
For production deployments, replace http://localhost:3001 with your deployed host (e.g. https://qaflow.example.com).

Authentication

QA Flow uses JWT Bearer tokens for authentication. Endpoints marked Auth: Yes in the index below require a Bearer token in the Authorization header. The Auth and Users route groups are the only routes that enforce authentication — project management requires a token while execution, recording, test-run history, report, picker, and flow utility endpoints are currently open. Pass the token as:
Authorization: Bearer <token>
Obtain a token by logging in:
curl -X POST http://localhost:3001/api/auth/login \
  -H 'Content-Type: application/json' \
  -d '{"email": "admin@qaflow.com", "password": "admin123"}'
Response:
{ "token": "eyJ..." }
Store this token and pass it on every subsequent request. Tokens are verified by the requireAuth middleware; an invalid or expired token returns 401 Unauthorized.
Admin-only endpoints additionally require the requireAdmin middleware. Requests from non-admin users return 403 Forbidden with { "error": "Prohibido: se requiere rol de administrador" }.

Request Format

All requests that include a body must set the Content-Type header:
Content-Type: application/json
Request bodies are parsed as JSON. Sending an incorrectly formatted body or omitting required fields returns 400 Bad Request.

Common Response Codes

CodeMeaning
200 OKRequest succeeded; body contains the resource or result
201 CreatedResource was created; body contains the new object
204 No ContentRequest succeeded; no response body (e.g. DELETE)
400 Bad RequestMissing or invalid request parameters
401 UnauthorizedMissing, invalid, or expired Bearer token
403 ForbiddenAuthenticated but insufficient permissions (non-admin)
404 Not FoundThe requested resource does not exist
500 Internal Server ErrorUnexpected server-side error

Endpoint Index

Below is a complete index of every API endpoint, grouped by resource.

Auth — /api/auth

MethodPathAuthDescription
POST/auth/registerNoRegister a new user account
POST/auth/loginNoLog in and receive a JWT token
GET/auth/meYesGet the currently authenticated user

Projects — /api/projects

MethodPathAuthDescription
GET/projectsYesList all projects (admin sees all; users see own)
POST/projectsYesCreate a new project
GET/projects/:idYesGet a single project by ID
PUT/projects/:idYesUpdate a project (owner or admin)
DELETE/projects/:idYesDelete a project (owner or admin)
GET/projects/:id/flowYesGet the project as a TestFlow object

Execution — /api

MethodPathAuthDescription
POST/runNoTrigger a test execution for a project
GET/status/:executionIdNoPoll status of a running/completed execution
GET/executionsNoList all past executions

Test Runs — /api/test-runs

MethodPathAuthDescription
GET/test-runsNoList recent test runs (default limit 20)
GET/test-runs/:idNoGet a specific test run with results
GET/test-runs/project/:projectIdNoGet test runs for a project (default limit 10)
GET/test-runs/:id/reportNoGet HTML or JSON report for a run

Recording — /api

MethodPathAuthDescription
POST/record/startNoStart a Playwright Codegen recording session
GET/record/status/:sessionIdNoCheck recording session status
POST/record/stop/:sessionIdNoStop a recording session
GET/record/code/:sessionIdNoGet raw recorded Playwright TypeScript code
GET/record/nodes/:sessionIdNoGet recorded interactions as QA Flow nodes
POST/parse-codeNoParse Playwright TypeScript code into nodes
GET/recordingsNoList all recording sessions
DELETE/recordings/:sessionIdNoDelete a specific recording session
DELETE/recordingsNoDelete all recording sessions
POST/recordings/cleanupNoClean up stale or orphaned sessions

Picker — /api/picker

MethodPathAuthDescription
POST/picker/startNoStart a visual element picker session
POST/picker/interactive/startNoStart an interactive picker (Docker-compatible)
POST/picker/interactive/selectNoSelect an element by coordinates
POST/picker/interactive/scrollNoScroll within an interactive picker session
POST/picker/cancel/:sessionIdNoCancel a picker session
GET/picker/status/:sessionIdNoGet picker session status

Reports — /api/reports

MethodPathAuthDescription
GET/reportsNoList all generated HTML reports
GET/reports/:idNoGet report JSON metadata and summary
GET/reports/:id/htmlNoRender report as HTML in the browser
GET/reports/:id/downloadNoDownload the report HTML as a file
DELETE/reports/:idNoDelete a report

Code — /api

MethodPathAuthDescription
POST/generate-codeNoGenerate Playwright TypeScript code from a flow
POST/flowsNoSave a flow definition
GET/healthNoHealth check

Users (Admin Only) — /api/users

MethodPathAuthDescription
GET/usersAdminList all users
POST/usersAdminCreate a new user
PUT/users/:idAdmin or SelfUpdate a user
DELETE/users/:idAdminDelete a user

Build docs developers (and LLMs) love