DEV Community

Cover image for Free Open-Source CLI Tools for API Testing
Hassann
Hassann

Posted on • Originally published at apidog.com

Free Open-Source CLI Tools for API Testing

Most API testing tutorials start with a GUI. But if you work in the terminal, run tests in CI, or need tools whose source and license you can inspect, a CLI-first workflow is often a better fit. Open-source command-line tools let you self-host binaries, commit test definitions next to application code, and run checks without creating an account.

Try Apidog today

This list evaluates tools through the lens of licensing and control—not binary size or startup speed. Can you run the tool entirely inside your network? Is its source public under an OSI-approved license? Can you keep using it if a vendor changes its pricing? Those are the questions to answer before making a tool part of your CI pipeline.

Below are eight free, source-available CLI tools for testing REST, GraphQL, and HTTP APIs. Each includes its license, an installation command, and a minimal command to get started. For hosted and desktop options too, see the best free API testing tools roundup. For terminal-first endpoint exploration, see this guide to curl alternatives for REST API testing.

What makes an API testing CLI “open source”?

A tool being free to download does not make it open source. For this list, a tool must meet these criteria:

  • Use an OSI-approved license. Its source is public under a license such as MIT, Apache-2.0, MPL-2.0, AGPL-3.0, or BSD. You can inspect the code and understand the permissions and obligations.
  • Run without an account. You can execute it locally or on a CI runner without signing up, paying for seats, or requiring a phone-home service.
  • Be inspectable and maintained. Its GitHub repository has visible history and issues, so you can assess project activity before depending on it.

Every tool below meets the first two requirements. One no longer meets the maintenance requirement, and it is explicitly marked.

License choice matters. MIT and Apache-2.0 are permissive licenses. MPL-2.0 is weak copyleft. AGPL-3.0 can create stronger obligations if you build and distribute a service around the tool. Read the license before embedding a tool in your product or platform.

Hurl: plain-text HTTP tests in one Rust binary

Hurl runs HTTP requests defined in readable plain-text files and asserts against their responses. It is written in Rust, uses libcurl under the hood, and ships as a single binary.

License: Apache-2.0

Source: github.com/Orange-OpenSource/hurl

Create a request and assertion file:

brew install hurl
# Or:
# cargo install --locked hurl

cat > login.hurl <<'EOF'
POST https://api.example.com/login
{ "user": "acme", "pass": "s3cret" }

HTTP 200
[Asserts]
jsonpath "$.token" exists
EOF

hurl --test login.hurl
Enter fullscreen mode Exit fullscreen mode

Use Hurl when you want reviewable HTTP smoke tests and contract checks stored in Git. It is HTTP-focused, so it does not provide gRPC support or load generation. For complex workflows, expect to compose multiple .hurl files rather than write arbitrary scripts.

Step CI: declarative API workflows for CI

Step CI is a YAML-based workflow runner designed for continuous integration. It supports REST, GraphQL, gRPC, tRPC, and SOAP workflows. It can also load-test APIs and validate responses against an OpenAPI schema.

License: MPL-2.0

Source: github.com/stepci/stepci

Install it globally and run a workflow:

npm install -g stepci

# workflow.yml defines steps, checks, and captured values
stepci run workflow.yml
Enter fullscreen mode Exit fullscreen mode

Use Step CI when your team wants a single declarative workflow file that runs the same way on a developer machine and in CI.

MPL-2.0 is weak copyleft: modifications to Step CI's own covered files must be shared under the license. Using Step CI to test your application does not impose that requirement on your application code.

Schemathesis: property-based testing from an API schema

Schemathesis reads an OpenAPI or GraphQL schema and generates test cases automatically. Built on Python's Hypothesis library, it fuzzes request inputs to find server errors, schema violations, and responses that do not match the documented contract.

License: MIT

Source: github.com/schemathesis/schemathesis

Run generated tests against an OpenAPI document:

uv pip install schemathesis
# Or:
# pip install schemathesis

schemathesis run https://api.example.com/openapi.json
Enter fullscreen mode Exit fullscreen mode

Use Schemathesis before releases to find edge cases that are difficult to cover with hand-written examples. It requires an accurate schema, and large APIs can produce substantial output. Use its hooks and options to narrow the generated test space when needed.

Dredd: contract testing against an API description

Dredd verifies that a running API matches its description document. It reads an OpenAPI or API Blueprint file, replays documented requests against your backend, and compares the responses to the contract. It also supports hooks for setup and teardown.

License: MIT

Source: github.com/apiaryio/dredd

npm install -g dredd

dredd apiary.apib http://127.0.0.1:3000
Enter fullscreen mode Exit fullscreen mode

Use Dredd to detect drift between implementation and documentation.

One important limitation: the Dredd repository was archived in November 2024 and is read-only. It can still run existing workflows, but it is no longer maintained. For an actively maintained schema-driven testing option, Schemathesis is the safer choice.

k6: load testing scripted in JavaScript

k6 is Grafana's load and performance testing tool. You write scenarios in JavaScript or TypeScript, while its Go engine executes them at scale.

License: AGPL-3.0

Source: github.com/grafana/k6

Generate and run a starter script:

brew install k6

k6 new script.js
k6 run script.js
Enter fullscreen mode Exit fullscreen mode

Use k6 when you need to measure behavior under hundreds or thousands of virtual users, including performance and soak testing.

AGPL-3.0 is strong copyleft. Running k6 for internal testing is different from building and distributing a service around k6 code, so review the license if that applies to your use case. k6 is focused on load testing rather than fine-grained contract assertions.

Newman: run Postman collections without the GUI

Newman is Postman's command-line collection runner. If your API checks already exist in a Postman collection, Newman runs the same collection locally or in CI without requiring the Postman desktop application.

License: Apache-2.0

Source: github.com/postmanlabs/newman

npm install -g newman

newman run my-collection.json -e staging-environment.json
Enter fullscreen mode Exit fullscreen mode

Use Newman when your team already maintains Postman collections and needs a straightforward way to run them in a pipeline.

Newman uses the Postman collection format, so tests are authored through Postman's UI or directly in collection JSON. It runs collections; it does not design APIs or provide mocking on its own.

Tavern: API tests as a pytest plugin

Tavern is a Python library, CLI, and pytest plugin for API testing. It describes tests in YAML and integrates with the broader pytest ecosystem, including fixtures, reporting, parallelism, and existing CI integrations. It supports REST, MQTT, and gRPC.

License: MIT

Source: github.com/taverntesting/tavern

pip install tavern

# Keep the API test next to your Python test suite
pytest test_login.tavern.yaml
Enter fullscreen mode Exit fullscreen mode

Use Tavern when you already use pytest and want API checks to live next to unit and integration tests. If your stack is not Python-centric, the pytest dependency may add unnecessary friction.

Venom: multi-executor integration tests from OVHcloud

Venom, created by OVHcloud, runs integration tests across multiple executor types. It supports HTTP requests, shell scripts, IMAP, web checks, databases, and more. It uses YAML test suites and produces xUnit result files for CI systems.

License: BSD (modified)

Source: github.com/ovh/venom

# Download the binary from GitHub releases, then:
venom run testsuite.yml
Enter fullscreen mode Exit fullscreen mode

Use Venom when one end-to-end test must combine API calls with database validation, shell commands, or other external checks.

Its broad executor support can make YAML suites verbose, and its documentation often requires assembling patterns from repository examples.

Where Apidog fits

Apidog is not open source, so it does not belong in the eight-tool list above. It is a commercial product with a free tier.

The trade-off is integration. Hurl, Schemathesis, Newman, and a separate mock server can each solve a specific problem, but combining them into one workflow creates maintenance work. Apidog combines API design, testing, mocking, and documentation in one platform. Its apidog-cli lets you run tests from the terminal and in CI.

npm install -g apidog-cli

apidog login --with-token <YOUR_TOKEN>
apidog run --access-token <TOKEN>
# Exits 0 when all tests pass; exits non-zero on failure
Enter fullscreen mode Exit fullscreen mode

The CLI produces structured JSON output with agentHints.nextSteps, which can be consumed by scripts or AI agents. See the complete apidog-cli guide for the full command set.

If an auditable open-source license is mandatory, choose one or more of the eight tools above. If an integrated design-to-test workflow is more important, Apidog is the alternative.

How to choose

Tool Best for Install Open source? License
Hurl Plain-text HTTP assertions in Git brew install hurl Yes Apache-2.0
Step CI Declarative CI workflows npm i -g stepci Yes MPL-2.0
Schemathesis Property-based fuzzing from a schema pip install schemathesis Yes MIT
Dredd Documentation-vs-implementation contract tests npm i -g dredd Yes (archived) MIT
k6 Load and performance testing brew install k6 Yes AGPL-3.0
Newman Running Postman collections in CI npm i -g newman Yes Apache-2.0
Tavern API tests inside pytest pip install tavern Yes MIT
Venom Multi-executor integration suites GitHub releases Yes BSD
apidog-cli Integrated design-to-test workflow npm i -g apidog-cli No (free tier) Commercial

Match the tool to the job:

  • Use Hurl or Newman for readable request-level checks.
  • Use Schemathesis when you have an API schema and want generated edge-case coverage.
  • Use k6 when the question is performance at scale.
  • Use Tavern or Venom when API tests need to live in a broader test suite.
  • Use Step CI when you want declarative, multi-protocol CI workflows.

For more guidance on building an overall test approach, see API testing strategies and this guide to selecting a headless API testing tool.

Wrapping up

Open-source CLI tools let you inspect, fork, and run API tests on your own infrastructure. Hurl and Newman handle everyday request checks. Schemathesis and Dredd focus on contracts. k6 tests performance. Tavern and Venom bring API checks into wider suites.

Pick tools based on the license you can accept and the problem you need to solve. You do not have to standardize on only one: a practical pipeline might use Hurl for smoke tests, Schemathesis for schema fuzzing, and k6 for load testing.

If you prefer to design, test, mock, and document APIs in one place, Apidog provides the full lifecycle and includes apidog-cli for CI. Download Apidog to compare its CLI workflow with the tools above.

Top comments (0)