External API, MFA Support & Global Infrastructure

We've shipped a comprehensive External API v1 that puts the full power of desplega.ai at your fingertips programmatically. This REST API enables you to manage tests, test suites, test runs, issues, and data assets directly from your own tools, scripts, or CI/CD pipeline automation. Whether you're building custom integrations, automating test creation from specifications, or orchestrating complex testing workflows, the External API makes it possible.

The API covers the complete testing lifecycle with organized endpoint groups: Tests (create, read, update, delete, list, run tests with full configuration), Test Suites (manage suite configurations, schedules, and triggers), Test Runs (query run history, retrieve detailed results, analyze execution patterns), Issues (track and manage test failures automatically), and Data Assets (upload and manage test data files programmatically). Every endpoint follows REST conventions with proper HTTP verbs, status codes, and pagination support for large datasets.

For teams practicing shift-left testing or building custom QA workflows, this is transformative. Imagine automatically generating E2E testing AI scenarios from OpenAPI specs, syncing test results to your internal dashboards, triggering targeted test runs based on changed microservices, or building custom test orchestration that matches your deployment pipeline exactly. The External API enables integration patterns that weren't possible before—like triggering smoke tests immediately after deployment, automatically creating tests from user bug reports, or building custom synthetic monitoring that queries test results in real-time. This directly impacts DORA metrics—automated test creation and execution reduces lead time for changes, while programmatic result analysis speeds up mean time to recovery when issues are detected.

Multi-factor authentication is critical for security but has always been a pain point for automated testing. We've implemented comprehensive TOTP (Time-based One-Time Password) support that automatically generates and enters MFA codes during test execution. Store your TOTP secrets securely in application configurations, and our test runner automatically generates valid codes at test time, filling them into MFA fields just like a real user would.

The implementation uses industry-standard TOTP generation (RFC 6238) via the pyotp library, supporting all major MFA providers including Google Authenticator, Microsoft Authenticator, Authy, and custom implementations. Configure your TOTP secret once per application, and every test that encounters MFA prompts automatically handles them without manual intervention. The system resolves secrets from variables, generates time-synchronized codes, locates the MFA input field intelligently, and fills the code with proper timing to avoid rate limits or expiration issues.

For QA for startups and enterprises alike, this eliminates a major testing bottleneck. Authentication flows with MFA can now be tested end-to-end automatically, enabling comprehensive user workflows testing that includes login, checkout, and account management—all protected by MFA. This is especially critical for fintech, healthcare, and enterprise SaaS applications where MFA isn't optional. By automating MFA handling, your tests can validate the complete user experience including security flows, catching production bugs in authentication that manual testing or MFA-disabled test environments would miss. This directly boosts developer confidence—when your tests handle real security flows, you trust them to catch real issues before customers encounter them.

We've launched US region support with intelligent worker affinity routing that ensures your tests run on infrastructure close to your users. Configure your test suites to prefer US-based or EU-based workers, and our distributed infrastructure automatically routes test execution to the appropriate geographic region. This reduces latency-related flaky tests, ensures tests validate real-world performance for users in different regions, and helps meet data residency requirements for regulated industries.

The worker affinity system uses a label-based routing mechanism that matches test requirements with available worker capabilities. Each worker advertises its region (us, eu, or auto), and test suites specify their preferred region with optional strict requirements. The system intelligently falls back to any available worker if no regional match is found (unless you require strict regional execution), ensuring maximum availability while respecting geographic preferences when possible. The affinity system also supports organization-specific worker pools for enterprise customers who need dedicated infrastructure.

For teams serving global markets or facing compliance requirements, this is essential infrastructure. You can now test your application from US endpoints to validate performance for American users, run parallel test suites from different regions to catch geography-specific issues (like CDN misconfigurations or regional API differences), and ensure compliance with data regulations that require test execution in specific jurisdictions. This capability aligns perfectly with scaling QA needs—as your user base grows internationally, your testing infrastructure scales geographically to match. Better yet, regional routing reduces network latency in tests, eliminating an entire category of timing-related test maintenance headaches where tests pass in one region but fail in another due to API response times.

We've added intelligent AI model selection with Max Mode, giving you control over the AI power/cost tradeoff for different testing scenarios. By default, AI-powered test actions (like assertions and data extraction) use our fast and cost-effective Gemini Flash model. When you need maximum accuracy for complex validation or tricky DOM interactions, enable Max Mode to automatically switch to Claude Sonnet 4.5, our most powerful AI model.

This tiered approach optimizes both performance and cost. Simple assertions ("check if this text is visible") run blazingly fast on Gemini Flash, while complex validations ("verify the shopping cart correctly calculates discounts across multiple promo codes") leverage Claude Sonnet's superior reasoning. You choose the appropriate model per test action based on complexity, similar to how you might use different test strategies in the testing pyramid—fast and simple for most cases, powerful and thorough for critical paths.

For teams managing technical debt QA or complex applications with intricate business logic, Max Mode ensures your most critical test validations use the best available AI while keeping costs reasonable for routine checks. This flexibility enables sophisticated AI test automation strategies: use Gemini Flash for smoke tests and basic regression, reserve Max Mode for critical user workflows and edge cases, and automatically upgrade to Max Mode when tests fail to investigate complex issues. The result is faster developer velocity (cheap, fast tests for routine checks) without sacrificing quality (powerful AI for critical validations).

We've significantly enhanced our AI agent's knowledge retrieval capabilities with major improvements to the Retrieval-Augmented Generation (RAG) system. The enhanced RAG system now provides more accurate, context-aware responses when the AI agent needs to reference documentation, historical test patterns, or organizational knowledge. This makes AI-powered test creation and debugging more reliable, especially for teams with complex applications or extensive test libraries.

The improvements include better embedding quality for semantic search, smarter context windowing that retrieves more relevant information, enhanced filtering to prioritize recent and frequently-accessed knowledge, and improved handling of multi-document contexts for complex queries. We've also added new validation models for AI-generated variables and automatic detection and correction of malformed tool calls (when the AI makes formatting errors in its actions, the system now auto-fixes them instead of failing).

For scaling QA teams building extensive test suites, these AI improvements reduce friction in test creation and maintenance. The AI agent better understands your application's patterns, suggests more accurate selectors, and provides more helpful debugging assistance when tests fail. The auto-fixing of invalid tool calls particularly improves reliability for AI-generated tests—instead of cryptic errors when the AI makes a syntax mistake, the system corrects it automatically and continues. This aligns with self-healing tests principles, reducing the maintenance burden that typically grows as test suites scale.

We've enhanced the Test Agent Block Runner—the core execution engine that runs individual test steps—with better reliability and browser configuration management. The improvements include more robust handling of browser context switches, improved session management to prevent memory leaks in long-running test suites, better WebGL support for applications with complex graphics or data visualizations, and enhanced configuration persistence across test steps.

These infrastructure improvements directly impact test reliability. Better browser context handling means tests that switch between multiple windows, tabs, or iframes work more reliably. Improved session management prevents resource exhaustion issues when running large test suites consecutively. WebGL support ensures applications using libraries like D3.js, Three.js, or Mapbox render correctly during tests.

For teams running comprehensive end-to-end testing suites in their CI/CD pipeline, these reliability improvements reduce operational overhead. Fewer unexpected test failures mean less time investigating false positives and more time shipping features. Better resource management means you can run more tests in parallel without stability issues, improving deployment frequency—a key DORA metrics indicator of engineering effectiveness.

This week's releases represent a fundamental expansion of what's possible with desplega.ai. The External API v1 transforms desplega.ai from a standalone tool into a programmable testing platform that integrates deeply into your development workflow. MFA/TOTP support eliminates authentication testing bottlenecks that previously required manual intervention or security compromises. US region support ensures your tests validate real-world performance globally while meeting compliance requirements. AI model selection with Max Mode optimizes the cost/quality tradeoff for different testing scenarios. Enhanced RAG and Test Agent improvements make AI-powered testing more reliable and intelligent.

Together, these capabilities enable sophisticated QA strategies that weren't feasible before. You can now build custom test orchestration via the API, validate complete user journeys including MFA-protected flows, ensure tests run close to your global user base, and leverage appropriate AI power for different test complexity levels—all while maintaining the developer confidence that comes from comprehensive, reliable test coverage.

For executives evaluating technical debt QA solutions or concerned about account executive churn due to product quality issues, these infrastructure investments translate directly to business outcomes. Programmable testing via API reduces integration costs and accelerates adoption across teams. Automated MFA testing enables security-first quality assurance without slowing down continuous deployment. Global infrastructure ensures consistent quality for international customers. AI model flexibility optimizes testing costs at scale. The combination accelerates time to product-market fit by enabling quality at velocity—you ship faster because you have better automated quality coverage, not in spite of it.

With the External API foundation in place, we're exploring rich integration patterns: Webhooks for real-time test result notifications, GraphQL API for more flexible querying, SDK libraries for popular languages (Python, TypeScript, Go) to make integration even easier, and pre-built integrations with popular tools like Jira, Linear, and DataDog. The API opens possibilities for community-driven integrations and custom workflows we haven't even imagined yet.

On the intelligence front, we're investigating AI-powered test optimization that uses historical run data to predict which tests are most likely to catch regressions for specific code changes, enabling smart test selection that maximizes coverage while minimizing execution time. Combined with our global infrastructure, this could enable hyper-efficient CI/CD pipeline strategies where the right tests run in the right regions at the right time—automatically.

We'd love to hear how these new capabilities impact your testing workflow. What integrations would you build with the External API? Which applications need MFA testing most urgently? How does global routing change your testing strategy? Reach out at contact@desplega.ai or schedule a demo to explore how desplega.ai's programmable, globally-distributed testing infrastructure can transform your quality operations!