I have a situation where my team is using an API supplied by a client but the client does not demonstrate good communication, documentation, or testing. We have had many incidents where there were major changes with the API schema and responses that we were not notified of and it would break functionality we developed around the API. We decided to create a Postman Collection for Contract Testing which can be run to validate their API as we need when they push changes. We planned to ask the client to run the test suite before pushing changes for us and give us the results from that test and go from there.
The issue is that trust is still an issue at the moment for us with the client. How could we validate or ensure that the client ran the test suite as it was designed without modifications (except for collection variables for example)? Is there something we could add to the collection that generates some sort of ID or hash that when they send it back to us we can check to ensure it was run as expected?
Or does anyone have any other ideas on how to achieve this result? Ideally, it could be handled all in the collection but I have not come across anything yet to do this within Postman.