Tests that pass when something is actually broken, and fail when things actually do work, are worse than useless- they are positively harmful.
Let's say we've been tasked with returning 400
when GET
/users/<userId>
is called with a negative userId
.
The requirement can be turned into a test that hits the endpoint with a negative userId
and checks that a 400
is returned: