Schemathesis CLI Reference
This reference details all the command-line options available in the Schemathesis CLI. The documentation is organized by command and subcommand to provide a clear structure of available options and their usage.
Global Options
These options apply to all Schemathesis commands:
--no-color
Disables ANSI color output in the terminal. Use this option when running in environments where color codes may cause issues or when redirecting output to files.
--force-color
Forces the use of ANSI color escape codes in terminal output, even in environments where Schemathesis would normally disable colors.
run
The run command executes API tests against an API using a schema for test generation.
Required Parameter
SCHEMA: Path to an OpenAPI (.json, .yml) or GraphQL SDL file, or a URL pointing to such specifications. This schema defines the API surface to test.
Basic Options
-u, --url URL
Type: String
Default: null
Specifies the base URL for the API under test. Required for file-based schemas.
-w, --workers VALUE
Type: Integer or "auto"
Default: 1
Range: 1-64 or auto
Specifies the number of concurrent workers for running unit test phases (examples, coverage, fuzzing). Use "auto" to automatically adjust based on available CPU cores.
--phases PHASES
Type: Comma-separated list
Default: All phases enabled
Possible values: examples, coverage, fuzzing, stateful
Specifies which test phases to run.
--suppress-health-check CHECKS
Type: Comma-separated list
Default: []
Possible values: data_too_large, filter_too_much, too_slow, large_base_example, all
Disables specified health checks during test execution. Health checks identify potential problems with test generation or performance and may stop tests early with an error to prevent Schemathesis from hanging (e.g., when processing extremely complex schemas).
--wait-for-schema SECONDS
Type: Float
Default: null
Range: ≥1.0
Maximum time in seconds to wait for the API schema to become available. Useful when testing services that take time to start up.
--warnings WARNINGS
Type: String or comma-separated list
Default: All warnings enabled
Possible values: off, missing_auth, missing_test_data, validation_mismatch
Control which warnings are displayed during test execution. Warnings help identify test configuration issues but don't stop execution.
Validation
-c, --checks CHECKS
Type: Comma-separated list
Default: All checks enabled
Possible values: not_a_server_error, status_code_conformance, content_type_conformance, response_headers_conformance, response_schema_conformance, negative_data_rejection, positive_data_acceptance, use_after_free, ensure_resource_availability, ignored_auth, all
Specifies which checks to run against API responses.
--exclude-checks CHECKS
Type: Comma-separated list
Default: []
Possible values: not_a_server_error, status_code_conformance, content_type_conformance, response_headers_conformance, response_schema_conformance, negative_data_rejection, positive_data_acceptance, use_after_free, ensure_resource_availability, ignored_auth, all
Specifies which checks to skip during testing.
--max-failures COUNT
Type: Integer
Default: null
Range: ≥1
Terminates the test suite after reaching a specified number of failures or errors.
--continue-on-failure
Type: Flag
Default: false
When enabled, continues executing all test cases within a scenario, even after encountering failures.
--max-response-time SECONDS
Type: Float
Default: null
Range: >0.0
Maximum allowed API response time in seconds. Responses exceeding this limit will be reported as failures.
Filtering
Schemathesis provides various ways to filter which operations are tested:
--include-TYPE VALUE / --exclude-TYPE VALUE
Type: String
Include or exclude operations by exact match on path, method, tag, or operation-id.
--include-TYPE-regex PATTERN / --exclude-TYPE-regex PATTERN
Type: String (regex pattern)
Include or exclude operations matching a regular expression pattern on path, method, tag, or operation-id.
--include-by EXPR / --exclude-by EXPR
Type: String (expression)
Include or exclude operations using a custom expression. The expression must start with a JSON Pointer.
--exclude-deprecated
Type: Flag
Default: false
Skip deprecated API operations.
Network
The following options control how Schemathesis makes network requests to the API under test:
-H, --header NAME:VALUE
Type: String (multiple allowed)
Add custom HTTP headers to all API requests. This option can be specified multiple times.
-a, --auth USER:PASS
Type: String
Authenticate all API requests with basic authentication.
--proxy URL
Type: String
Set the proxy for all network requests.
--tls-verify TEXT
Type: String or Boolean
Default: true
Path to CA bundle for TLS verification, or 'false' to disable TLS verification.
--rate-limit TEXT
Type: String
Format: <limit>/<duration>
Specify a rate limit for test requests. Supports 's' (seconds), 'm' (minutes), and 'h' (hours) as duration units.
--request-timeout SECONDS
Type: Float
Range: >0.0
Timeout limit, in seconds, for each network request during tests.
--request-cert PATH
Type: String (file path)
File path of unencrypted client certificate for authentication. The certificate can be bundled with a private key (e.g., PEM) or used with a separate private key.
--request-cert-key PATH
Type: String (file path)
Specify the file path of the private key for the client certificate when not bundled together.
Output
These options control the reporting and output format of test results:
--report FORMAT
Type: Comma-separated list
Possible values: junit, vcr, har
Generate test reports in specified formats as a comma-separated list.
--report-dir DIRECTORY
Type: String
Default: schemathesis-report
Directory to store all report files.
--report-junit-path FILENAME
Type: String
Custom path for JUnit XML report.
--report-vcr-path FILENAME
Type: String
Custom path for VCR cassette.
--report-har-path FILENAME
Type: String
Custom path for HAR file.
--report-preserve-bytes
Type: Flag
Default: false
Retain exact byte sequence of payloads in cassettes, encoded as base64.
--output-sanitize BOOLEAN
Type: Boolean
Default: true
Enable or disable automatic output sanitization to obscure sensitive data.
--output-truncate BOOLEAN
Type: Boolean
Default: true
Truncate schemas and responses in error messages for improved readability.
Data Generation
These options control how Schemathesis generates test data for API testing:
-m, --mode MODE
Type: String
Default: positive
Possible values: positive, negative, all
Test data generation mode. Controls whether Schemathesis generates valid data, invalid data, or both.
-n, --max-examples COUNT
Type: Integer
Range: ≥1
Maximum number of test cases per API operation.
--seed INTEGER
Type: Integer
Random seed for reproducible test runs. Setting the same seed value will result in the same sequence of generated test cases.
--no-shrink
Type: Flag
Default: false
Disable test case shrinking. Makes test failures harder to debug but improves performance.
--generation-deterministic
Type: Flag
Default: false
Enables deterministic mode, which eliminates random variation between tests.
--generation-allow-x00 BOOLEAN
Type: Boolean
Default: true
Whether to allow the generation of 'NULL' bytes within strings.
--generation-codec TEXT
Type: String
The codec used for generating strings. Defines the character encoding for string generation.
--generation-maximize METRIC
Type: String
Possible values: response_time
Guide input generation to values more likely to expose bugs via targeted property-based testing.
--generation-with-security-parameters BOOLEAN
Type: Boolean
Default: true
Whether to generate security parameters during testing.
--generation-graphql-allow-null BOOLEAN
Type: Boolean
Default: true
Whether to use null values for optional arguments in GraphQL queries. Applicable only for GraphQL API testing.
--generation-database TEXT
Type: String
Default: .hypothesis/examples
Storage for examples discovered by Schemathesis. Use none to disable, :memory: for temporary storage, or specify a file path for persistent storage.