API Integration Validation Guide
Recommended testing approach for VISO TRUST integrations
Overview
This guide provides best practices for validating integrations built against the VISO TRUST API. It is designed for customers and partners who are building custom integrations or maintaining existing ones.
The goal is to ensure that integrations are not only technically functional, but also aligned with expected platform behavior, especially as business logic evolves over time.
Why validation matters
An integration may appear to “work” (e.g., returning a 200 OK response), but still produce unintended results if:
- Platform business logic has changed
- Payload assumptions are outdated
- Downstream workflows depend on specific behavior
For this reason, successful integrations must validate:
- API contract correctness
- Platform interpretation of data
- Downstream workflow behavior
Key principle
A successful API response does not guarantee correct business behavior.
Validation should confirm not just that a request succeeds, but that the resulting state in VISO TRUST matches expectations.
Recommended validation approach
We recommend structuring your validation strategy across four layers:
1. Contract (Schema) Validation
Ensure requests conform to the API specification.
Examples:
- Required fields are present
-
homepageis a properly formatted URL -
contextTypesanddataTypesuse valid values - Email fields are valid
- Assessment requests follow multipart/form-data structure
2. Business Logic Validation
Ensure VISO TRUST interprets your payload as intended.
Examples:
- Context types are correctly applied to the relationship
- Data types are correctly assigned
- Relationship scoping behaves as expected
- Updates modify only intended fields
3. Workflow Validation
Ensure downstream processes behave correctly after API calls.
Examples:
- Assessments trigger as expected
- Webhooks are delivered and processed
- Reporting reflects updated relationship data
- External systems (e.g., ServiceNow, Jira, Workato) remain in sync
4. Regression Validation
Ensure behavior remains consistent over time.
Run regression tests when:
- VISO TRUST releases updates
- You modify your integration logic
- You introduce new workflows or mappings
Core test cases
The following scenarios should be included in your validation suite:
1. Relationship Creation (Baseline)
Objective: Validate standard relationship creation.
Verify:
- Relationship is created successfully
- All fields (name, homepage, contacts) are correctly stored
- Context types and data types are applied
2. Context Type–Driven Behavior
Objective: Validate that relationship scoping is driven by context types.
Test scenarios:
- Create a relationship without a specific context type
- Create the same relationship with that context type included
Verify:
- Platform behavior changes appropriately based on context type presence
- Downstream workflows reflect the expected scope
3. Relationship Updates
Objective: Validate safe updates to existing relationships.
Verify:
- Fields are updated correctly
- Unrelated fields are not overwritten
- Context and data type associations remain intact unless changed
4. Duplicate Detection / Lookup
Objective: Prevent duplicate relationships.
Verify:
- Existing vendors can be found via search endpoints
- Integration logic avoids duplicate creation
- Matching rules align with your source system
5. Reference Data Validation
Objective: Ensure mappings align with supported values.
Verify:
- Context types match available options
- Data types match available options
- Deprecated or renamed values are not used
6. Assessment Execution
Objective: Validate assessment workflows.
Verify:
- Assessments can be created successfully
- They are linked to the correct relationship
- Recipients and follow-up behavior are correct
Important: Assessment requests require a JSON payload embedded within multipart/form-data.
7. Webhook Behavior
Objective: Validate event-driven workflows.
Verify:
- Webhooks are registered correctly
- Events are delivered successfully
- Downstream systems process events as expected
8. Result Retrieval
Objective: Validate access to outputs.
Verify:
- Assessment summaries are retrievable
- Reports (e.g., PDF exports) are accessible
- Artifacts are available if applicable
Common pitfalls to avoid
When building against the API, be mindful of the following:
- Do not rely on indirect behavior assumptions
Platform logic may evolve to rely on explicit fields rather than inferred relationships. - Avoid hardcoding business logic assumptions
Even if an endpoint remains unchanged, behavior may evolve. - Validate reference data regularly
Context types and data types should be treated as dynamic, not static. - Test downstream systems
Integration success includes verifying external workflows. - Re-test after platform updates
Especially when changes affect relationship semantics or scoping.
Recommended deliverables for your integration
To ensure long-term reliability, we recommend maintaining:
1. API Test Collection
- Postman or equivalent
- Includes sample payloads and environments
2. Test Case Matrix
A structured table mapping:
- Test scenario
- Endpoint
- Input payload
- Expected API result
- Expected platform behavior
- Dependent systems to validate
3. Sample Payload Library
Reusable examples for:
- Relationship creation
- Updates
- Assessments
- Webhooks
4. Regression Checklist
A lightweight checklist to run after:
- Platform updates
- Integration changes
- Workflow modifications
Example regression scenario
Test: Context-driven scoping behavior
Steps:
- Create a relationship without a specific context type
- Validate resulting platform behavior
- Update or recreate the relationship including that context type
- Validate updated behavior
Expected outcome:
- Platform behavior changes based on explicit context configuration
- Downstream workflows align with the updated scope
Final recommendations
To build a resilient integration:
- Validate behavior, not just responses
- Design for change tolerance
- Maintain a repeatable regression process
- Treat your integration as a living system, not a one-time implementation
Need help?
If you have questions about validating your integration or adapting to platform changes, please contact your VISO TRUST representative or support team.
