REST API CRUD load test
Problem: You want to load-test a REST API that has a create → read → update → delete lifecycle, making sure all four operations perform within your SLO at the target throughput.
Test type: Load test or API performance test.
Prerequisites
Section titled “Prerequisites”- A MaxoPerf account and a workspace.
- The base URL of the API you want to test (staging or a dedicated load-test environment — never production without consent).
- An API token or other credentials, stored as a project secret.
- The four endpoint paths and expected request/response shapes for your CRUD resource.
Step by step in MaxoPerf
Section titled “Step by step in MaxoPerf”1. Write the Taurus scenario
Section titled “1. Write the Taurus scenario”Create a file called crud-load-test.yml locally:
execution: - scenario: crud-lifecycle concurrency: 50 ramp-up: 2m hold-for: 5m
scenarios: crud-lifecycle: variables: base_url: https://api.example.com resource_id: '' requests: # Create - label: POST /items url: ${base_url}/items method: POST headers: Authorization: Bearer ${AUTH_TOKEN} Content-Type: application/json body: '{"name": "load-test-item", "value": 42}' extract-jsonpath: resource_id: '$.id'
# Read - label: GET /items/{id} url: ${base_url}/items/${resource_id} method: GET headers: Authorization: Bearer ${AUTH_TOKEN}
# Update - label: PUT /items/{id} url: ${base_url}/items/${resource_id} method: PUT headers: Authorization: Bearer ${AUTH_TOKEN} Content-Type: application/json body: '{"name": "updated-item", "value": 99}'
# Delete - label: DELETE /items/{id} url: ${base_url}/items/${resource_id} method: DELETE headers: Authorization: Bearer ${AUTH_TOKEN}The AUTH_TOKEN variable comes from a project secret — do not hard-code it.
2. Create the test
Section titled “2. Create the test”- In the MaxoPerf console, go to Tests and click New test.
- Give the test a name like
Items API — CRUD load testand select the project. - Click Create.
3. Upload the Taurus file
Section titled “3. Upload the Taurus file”- Open the new test and switch to the Files tab.
- Drag
crud-load-test.ymlonto the upload area. - Mark it as the entrypoint when prompted.
- Save. The console validates the YAML and reports any schema errors.
See Upload test files for details on the Files tab.
4. Bind the auth secret
Section titled “4. Bind the auth secret”- Switch to the Settings tab of the test.
- Under Secrets, click Add binding.
- Select the project secret that holds your API token and name the environment variable
AUTH_TOKEN. - Save.
See Manage test secrets for the full secrets workflow.
5. Set the load profile and locations
Section titled “5. Set the load profile and locations”- Switch to the Configuration tab.
- Confirm the VU count and ramp-up match the
executionblock in the YAML (or override here to iterate quickly). - Select one or more Locations — pick the region closest to your staging environment to minimise network-introduced latency.
- Save.
6. Run the test
Section titled “6. Run the test”- Click Run now from any tab.
- The run appears in the Runs list with status
Starting. - Click the run to open the real-time overview — watch throughput and per-label latency rise during ramp-up.
Verify
Section titled “Verify”After the run finishes:
- All four labels (
POST /items,GET /items/{id},PUT /items/{id},DELETE /items/{id}) appear in the per-label breakdown. - Error rate is at or near 0 % for all labels. Non-zero errors on DELETE often indicate the resource was not created (check the POST label first).
- p95 latency for each label is within your SLO.
- The run status is
Finished(notFailed— see failure criteria if you set thresholds).
Variations
Section titled “Variations”- Higher concurrency: increase
concurrencyin the YAML or override it in the Configuration tab without changing the file. - Multiple resources: parameterise the body with a CSV data entity — see CSV data-driven test.
- Staged ramp: swap the simple ramp for a multi-stage profile — see Staged ramp profile.
- CI gate: trigger the test from your pipeline — see CI-gated performance test.
Where to go next
Section titled “Where to go next”- Auth login + token capture flow — when your API requires a login step before the CRUD calls.
- Correlation and dynamic values — extract server-generated IDs (like the
resource_idabove) more robustly. - API performance test — understand what this test type measures.
- Taurus fundamentals — YAML structure, execution blocks, and scenario syntax.