APIZombie - Frankenstein

API Testing Reinvented with AI - Unified for REST, GraphQL, and gRPC.

Comment

Inspiration

Modern development teams constantly juggle between multiple tools—Postman for REST, GraphiQL for GraphQL, BloomRPC for gRPC, and countless scripts for automation and testing. This fragmentation bothered us.

I asked: Why does API testing still feel scattered, repetitive, and slow in 2025?

At the same time, AI models like Groq LLMs were becoming extremely fast and capable of understanding natural language. That sparked the idea:

What if developers could test any API by simply describing what they want in plain English?

That was the moment APIZombie was born — a unified, AI-powered API testing monster that brings every protocol to life.

What it does

APIZombie is an AI-powered platform that unifies API testing across REST, GraphQL, and gRPC. It allows developers to:

  • Convert natural language → actual API requests
  • Test APIs from a single interface
  • Automatically generate test suites (success, error, edge, and security cases)
  • Translate protocols between REST ↔ GraphQL ↔ gRPC
  • Create multi-step workflows visually
  • Analyze API performance with built-in charts
  • Save requests, workflows, and maintain complete history

In short:

It’s a full-stack API testing lab powered entirely by AI.

How I built it

Kiro was a core part of the development workflow. It helped me design, structure, implement, verify, and iterate on APIZombie efficiently.

1. Spec-Driven Development with Kiro

  • Created a complete technical spec in .kiro/specs/api-zombie/ including design, requirements, and task breakdown.
  • Kiro continuously validated my implementation against the spec to ensure design compliance, keeping the project consistent and maintainable.
  • All backend models, routes, controllers, and services were built by following the spec generated and refined through Kiro.
  • Every time I added a feature (NL engine, translator, test generator), Kiro helped update or extend the specification.

2. Task Automation & Structured Development

  • Kiro broke the entire project into manageable tasks (e.g., natural language engine, protocol translator, test generator, workflow engine, security layer).

  • For every task, Kiro provided:

    • Required files
    • Acceptance criteria
    • Test scripts
    • Documentation

  • This let me follow a clearly defined roadmap instead of randomly coding features.

3. Agent Steering for Feature Implementation

  • Used Kiro’s agent steering to guide the AI in writing correct folder structures, boilerplate code, validation rules, and error-handling logic.

  • When implementing complex components (e.g., test generation logic, encryption, gRPC handler, or workflow builder), I used Kiro’s steering to:

    • Fix mistakes
    • Regenerate missing sections
    • Improve architectural decisions
    • Ensure consistency across modules

  • This made the development workflow iterative and precise, reducing rework.

4. Auto-Generated Documentation

  • Kiro automatically created internal docs like:

    • SECURITY_IMPLEMENTATION_SUMMARY.md
    • Task completion summaries
    • Model documentation
    • Error-handling and API spec docs

  • This gave the project production-grade documentation with zero extra effort.

5. Hooks That Updated Files Automatically

  • Used .kiro/hooks/update-readme-on-task-completion.kiro.hook which automatically updated the project README whenever a task was completed.
  • This kept the documentation synced with implementation progress.

  • Kiro hooks saved time by automating:

    • File updates
    • Task tracking
    • Spec synchronization

6. Scaffolding & Code Generation

  • Kiro generated skeletons for:

    • Controllers
    • Models
    • Middleware
    • Services
    • Test scripts

  • This ensured the entire backend had a consistent structure and followed best practices from the start.

7. Verification & Testing Through Kiro

  • Kiro generated multiple test scripts such as verify-design-compliance.js, test-groq-connection.js, test-encryption.js, etc.

  • These helped validate:

    • Database models
    • Security implementation
    • NL parsing
    • Protocol translation
    • Error handling

  • Kiro acted like a QA assistant, ensuring my implementation matched the spec.

8. Rapid Iteration & Debugging

  • Whenever something broke, Kiro:

    • Suggested fixes
    • Regenerated missing logic
    • Highlighted inconsistent code
    • Provided debugging guidance

  • This significantly reduced development time.

Frontend

  • React 18 + Vite
  • Tailwind CSS
  • Recharts for Analytics
  • Monaco Editor for code preview
  • React Router & Context API

Backend

  • Node.js + Express
  • MongoDB + Mongoose
  • Groq LLMs for NLP, test generation, and protocol translation
  • Axios for API execution
  • AES-256 credential encryption
  • Rate limiting, sanitization, and security layers

Infra

  • Vercel for both frontend and backend
  • MongoDB Atlas for cloud storage

A large part of the system is powered by the NLP engine I built, capable of translating human language into structured API instructions.

Challenges I ran into

1. Multi-protocol complexities

REST, GraphQL, and gRPC each behave completely differently. Designing a unified request schema and execution pipeline took multiple iterations.

2. Natural language accuracy

Translating vague human text into structured API calls was hard:

  • extracting entities
  • mapping them to API specs
  • choosing the right protocol

I solved this by implementing contextual spec-aware prompting with Groq.

3. Workflow builder logic

Passing data between steps (like chaining IDs) required designing a custom dependency engine.

4. Security

Storing API credentials for users safely meant:

  • AES-256 encryption
  • JWT
  • Sanitization middleware
  • Proper rate limiting

5. Deployment on Vercel

Serverless functions + MongoDB + LLM integration required careful optimization, routing, and environment handling.

Accomplishments

  • Built a fully functional multi-protocol testing platform from scratch
  • Designed a natural language engine that actually works reliably
  • Enabled REST ↔ GraphQL ↔ gRPC translation (rare feature!)
  • Created a drag-and-drop Workflow Builder
  • Achieved a clean UI with powerful features
  • Added complete security layer: sanitization, rate limits, and encryption
  • Deployed a production-ready AI platform end-to-end

What I learned

  • How different API protocols work internally
  • The power of Groq LLMs for real-time NLP
  • Designing scalable request schemas
  • Implementing secure patterns for SaaS platforms
  • Managing async workflows and step chaining
  • Building complex React state management cleanly
  • Deploying full-stack, AI-enabled apps on Vercel

From both engineering and design perspectives, this project taught us how to build AI-first developer tools the right way.

What's next for APIZombie

I have a strong roadmap for taking APIZombie further:

  • Collaborative team workspaces
  • API mocking & sandboxing
  • Performance testing (latency, load, stress)
  • CI/CD pipeline integration
  • Plugin ecosystem for custom workflows
  • WebSocket testing support
  • API version comparison & diffing
  • Public marketplace for workflows & test suites

And of course… even smarter AI assistance.

Built With

Share this project:

Updates