To test the Laravel API, use the built-in testing tool to simulate HTTP requests. 1. Use $this->get, $this->post and other methods to simulate various HTTP requests and verify the response; 2. Use actingAs() or withHeaders() to simulate authentication requests; 3. Use assertJson() and other methods to check the response content; 4. Pay attention to the middleware and exception handling to ensure that the test covers the real scenario. These methods can efficiently verify API behavior and improve development and debugging efficiency.

When you're building or debugging APIs in Laravel, simulating and testing HTTP requests is a must. Whether you're verifying authentication flows, checking response structures, or making sure your routes behave correctly under different conditions, Laravel gives you solid tools to simulate real-world requests without hitting an actual endpoint.

Use Laravel's built-in test helpers

Laravel comes with a set of convenient methods for simulating GET, POST, PUT, DELETE, and other types of HTTP requests directly in your tests. These helpers let you make assertions on the response without needing to start up a server or send real HTTP traffic.

For example, in a feature test, you can do something like:

 $response = $this->get('/api/users');
$response->assertStatus(200);

This sends a simulated GET request to /api/users and checks if it returns a 200 status code. You can also pass headers, cookies, or even JSON payloads when needed. This is super handy during development because it avoids unecessary network calls and keeps tests fast and predictable.

Some common methods you'll use:

• $this->get($uri, $headers = [])
• $this->post($uri, $data = [], $headers = [])
• $this->put($uri, $data = [], $headers = [])
• $this->delete($uri, $headers = [])

These are perfect for testing your controllers, middleware, and route responses locally.

Simulate authenticated requests easily

Many endpoints require users to be authenticated. Instead of manually setting tokens or session data every time, Laravel provides helpers like actingAs() for session-based auth and withHeaders() for bearer tokens.

If you're using Sanctum or Passport for API auth, you can do something like:

 $user = User::factory()->create();
$response = $this->withHeaders([
    'Authorization' => 'Bearer '.$user->createToken('test')->plainTextToken,
])->get('/api/user');

This sets the Authorization header automatically, so your test behaves like a real API client. For web routes that rely on session authentication, just use actingAs($user) :

 $this->actingAs($user)->get('/dashboard')->assertSee('Welcome');

These shortcuts help avoid repetitive setup code and keep your tests clean and readable.

Inspect and debug responses effectively

After sending a simulated request, Laravel lets you inspect the response in detail. You can check the status code, headers, JSON structure, or even the rendered view content depending on what kind of response you're dealing with.

For JSON APIs, use assertJson() to verify specific parts of the payload:

 $response->assertJson([
    'name' => 'John Doe',
]);

Or dig deeper with closure-based assertions:

 $response->assertJson(fn (AssertableJson $json) =>
    $json->where('id', 1)
         ->where('name', 'John Doe')
         ->etc()
);

If things don't go as expected, Laravel's test responses give you helpful error messages by default. But if you want to see more context, you can always call $response->dump() to print the full response body for debugging.

Don't forget about middleware and exceptions

Simulated requests go through the full Laravel lifecycle — including middleware, service providers, and exception handling. That means if you're testing an endpoint that uses rate limiting, authentication middleware, or any custom logic, those will all run as they would in production.

This is great for reality but can sometimes trip you up. For instance, if your app uses the verified middleware, you might get redirected to a verification page unless you explicitly mark the test user as verified.

So when writing tests:

• Be aware of which middleware applies to your routes
• Set up users accordingly (eg, verified emails, roles, etc.)
• Use withoutMiddleware() sparingly — only if you really need to bypass certain behavior temporarily

Also, if your app throws exceptions or returns errors like 404 or 500, make sure to test those cases too. Laravel makes it easy to assert exceptions were thrown or that a specific status was returned.

Basically that's it. With these techniques, you can simulate almost any HTTP interaction your app needs to handle — all without leaving the comfort of your test suite.

The above is the detailed content of Simulating and testing HTTP requests in Laravel. For more information, please follow other related articles on the PHP Chinese website!