How to Test REST APIs With Supertest and Node.js

Supertest is a Node.js library used to automate API testing by sending HTTP requests and asserting responses. Built on SuperAgent, it integrates smoothly with Express and test runners like Jest or Mocha. You can use it to validate APIs, catch regressions, and ensure backend reliability before code reaches production.

What Is Supertest?

Supertest is a lightweight Node.js library built for testing HTTP APIs directly and efficiently. It wraps the SuperAgent HTTP client with a fluent, chainable API that’s perfect for integration and end-to-end testing of backend services.

You can pass an http.Server or Express app directly, no need to manage listening ports, as Supertest handles it internally. It works seamlessly with popular JavaScript testing frameworks like Jest, Mocha, and Jasmine, supporting both async/await and promise-based syntax.

Key Features of Supertest

Below are the standout features that make Supertest a helpful library for QA engineers:

• Chainable HTTP Assertions: Supertest allows chained assertions in a readable style. For example:
request(app) .get('/api/users') .set('Accept', 'application/json') .expect('Content-Type', /json/) .expect(200)

1 2 3 4 5

request(app)   .get('/api/users')   .set('Accept', 'application/json')   .expect('Content-Type', /json/)   .expect(200)

Fields, bodies, response headers, and custom checks can all be validated inline.

• Full Control Over All HTTP Methods: GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS, you’re not limited. Support for .send(), .auth(), .query(), .field() and even multipart attach() calls is available.
• No External Server Required: By passing your express() app (or any Node.js HTTP server) to Supertest, it handles the server startup internally. There’s no need to configure ports or add separate server scripts for testing.
• Test Framework Agnostic: Works with Jest, Mocha, Jasmine, AVA, whatever your project uses. You can mix chainable .then() or async/await syntax (favored in Jest), or classic callback pattern via .end(done).
• Comprehensive Response Validation: Supertest offers built-in support to assert status codes, headers, JSON fields, and custom logic using inline .expect() callbacks. You can also transform or validate response data dynamically within these handlers for more flexible assertions.
• Authentication & Session Support: Via .auth(username, password) or header-based tokens, you can add auth checks easily. Agents also support cookies and persistent sessions across calls using the request.agent(app).
• TypeScript Friendly: A TypeScript definition package (@types/supertest) is available and maintained. If you write tests in TS, expect full type inference and IDE completion.

Note

Run your automated tests across 3000+ real browsers. Try LambdaTest Today!

Set Up Supertest

You’ll need Supertest for making requests and a test runner like Jest or Mocha.

Let’s use Jest.

Make sure your Express (or other framework) app is exported without starting the server directly in the same file.

Structure Your App for Testing

Make sure your Express (or other framework) app is exported without starting the server directly in the same file.

For example:

This separation allows Supertest to import the app directly without binding to a port.

Write Tests With Supertest

With Jest, create a test file:

Add a Jest test script in the package.json file:

Then run the below command to execute your tests:

Advanced Use Cases of Supertest

Supertest is often introduced as a quick way to test HTTP endpoints in Node.js, but its capabilities extend far beyond basic “send a request and check a status code” scenarios.

Here are some advanced use cases worth knowing about:

Testing With Complex Authentication Flows

Supertest can handle multi-step login processes, token-based auth, and cookie sessions. You can store authentication tokens or cookies from one request and reuse them in subsequent requests.

This approach allows you to mimic a real client session in your tests.

Chaining Requests for Stateful Scenarios

If your API has workflows (e.g., create -> update -> delete), you can chain requests in a single test to verify data persistence and state changes.

This helps catch integration issues that unit tests might miss.

Testing File Uploads and Downloads

Supertest can simulate multipart/form-data uploads and verify binary responses.

This is especially useful for APIs handling images, CSVs, or documents.

Validating Response Schemas

Integrating Supertest with schema validation libraries like Joi or ajv lets you check that responses match your API contract, preventing silent breaking changes.

Best Practices for Using Supertest

QA engineers can apply several well-tested strategies to keep their API suite robust and maintainable:

• Validate Response Bodies, Not Just Status: Checking only for status codes (e.g., 200 OK) is “smoke testing” and that’s not enough. Always validate the schema, data types, and key fields based on your API contract.
• Use Fixtures and Factory Data: Avoid hard-coding user IDs or test data. Use factory functions or JSON fixtures so tests can generate predictable but randomized payloads (e.g., userFactory()). This makes tests self-contained and easier to regenerate when requirements change.
• Isolate Test Environment: Ensure the database or in-memory store resets between test runs. For integration, use ephemeral test DBs or in-memory mocks so tests don’t bleed into each other. Cleanup logic belongs in afterEach() or afterAll() hooks.
• Avoid Test Fragility: Keep assertions specific, not brittle. Instead of checking full-body stringification, assert specific keys or use regex-based matches. For date fields or ephemeral IDs, use. expect(res => { expect(typeof res.body.createdAt).toBe(‘string’) }) instead of exact match.
• Keep Test Suites Lean: Group related tests; use shared beforeAll() for authentication tokens. Avoid long, sequential test files, modularize into topic-based files (e.g. login.test.js, products.test.js). This improves readability and maintenance for QA teams.
• Test Both Positive & Negative Scenarios: Don’t limit tests to happy paths, include scenarios like 4xx errors, missing fields, auth failures, and rate limits. Covering these edge cases ensures robust API behavior and real-world reliability.

Common Pitfalls and How to Avoid Them

Mistakes are the bane of test suites. Here are frequent pitfall scenarios to watch out for:

• Only Checking HTTP Status (Shallow Testing): As mentioned, testing only .expect(200) reveals very little. API responses often contain crucial data that must be verified. Supertest makes it easy to add body assertions, use them.
• Missing Error Case Coverage: Tests that focus exclusively on valid input ignore real failure paths. What happens if your API receives invalid JSON, duplicate keys, or missing headers? These should produce controlled error payloads and proper HTTP response codes.
• Flaky or Slow Tests Due to External APIs: If your API calls a third-party service, avoid hitting it directly. This makes tests fail when the third-party is slow or down. Use stub tools (nock, msw) to decouple and speed up testing.
• Race Conditions in Async Tests: When not using proper await or callback done(), tests may exit before assertions run. Use consistent async patterns. If mixing callback-style .end(), make sure to call done(err) properly, or else tests may quietly succeed or hang.
• Port Collisions and Shared State: Multiple Supertest instances can conflict if your server uses static ports or global state. Use isolated servers per test (by re-requiring app()), reset memory stores, or run tests serially for stateful endpoints.

Supertest vs Other Testing Tools

There are plenty of options available, so let’s see how Supertest stacks up against some well-known tools:

Pro-tip: If you’re working with REST APIs in Node.js, you’ve probably used Supertest to write detailed tests. It gives you full control over endpoints, assertions, and works seamlessly with test frameworks like Mocha or Jest.

That said, there’s also a growing category of GenAI testing tools like LambdaTest KaneAI that you might find useful if you’re looking to reduce the manual effort of writing API tests. These tools are designed to simplify API test creation by letting you write in natural language commands.

LambdaTest KaneAI is a Generative AI testing tool that allows you to plan, author, debug, and evolve end-to-end tests using natural language commands, eliminating much of the manual coding overhead typically required for test automation.

To get started, check out this guide on API testing with KaneAI.

Conclusion

Supertest brings speed, simplicity, and precision to API testing in Node.js. From setup to advanced usage, it streamlines how QA engineers validate endpoints, handle edge cases, and ensure consistent backend behavior.

With built-in assertion tools, flexible integration with test runners, and best practices for scalable test design, Supertest stands out as a reliable choice for service-level testing. Compared to other tools, it offers a lean, expressive approach without compromising depth.

Nandini Pawar

Nandini is a Community Contributor at LambdaTest, where she creates educational content and certification programs around automation testing and AI. With certifications in Selenium, Cypress, Appium, Playwright, KaneAI, and Automation Testing, she combines technical understanding with content strategy to support the QA community. Nandini has played an active role in shaping LambdaTest’s learning ecosystem, helping thousands of testers upskill through structured, accessible resources. Her data-informed approach to content blends creativity with long-term impact, making her a valuable contributor to LambdaTest’s mission of advancing software testing education.

See author's profile