2023
Felício, Duarte; Simão, José; Datia, Nuno
RapiTest: Continuous Black-Box Testing of RESTful Web APIs Journal Article
In: Procedia Computer Science, vol. 219, pp. 537-545, 2023, ISSN: 1877-0509, (CENTERIS – International Conference on ENTERprise Information Systems / ProjMAN – International Conference on Project MANagement / HCist – International Conference on Health and Social Care Information Systems and Technologies 2022).
Abstract | Links | BibTeX | Tags: API, Black-box Testing, DSL, Reliability, REST, System Integration, Web Application
@article{FELICIO2023537,
title = {RapiTest: Continuous Black-Box Testing of RESTful Web APIs},
author = {Duarte Felício and José Simão and Nuno Datia},
url = {https://www.sciencedirect.com/science/article/pii/S1877050923003319},
doi = {https://doi.org/10.1016/j.procs.2023.01.322},
issn = {1877-0509},
year = {2023},
date = {2023-01-01},
journal = {Procedia Computer Science},
volume = {219},
pages = {537-545},
abstract = {When it comes to web services, RESTful web APIs have become the de facto standard since 2000. Those APIs expose back-end data, so it is crucial that they are robust, secure, and reliable to keep sensitive data protected. Although existing tools for automating APIs test case generation have shown significant potential, they are limited in their applicability since they focus solely on random inputs through fuzzing. Using only API specifications, it is impractical to describe personalized and specific test case workflows. This paper introduces RapiTest, an open-source continuous black-box testing application for RESTful web APIs. It takes advantage of the API specification to automatically generate tests, but also makes use of a new DSL named Test Specification Language (TSL), to create rich test cases. The RapiTest web application allows the setup of several predefined verifications, regarding security and correctness of the responses, while running the tests at regular intervals, such as every 24 hours. In this way, the API can be monitored continuously to ensure it is running correctly.},
note = {CENTERIS – International Conference on ENTERprise Information Systems / ProjMAN – International Conference on Project MANagement / HCist – International Conference on Health and Social Care Information Systems and Technologies 2022},
keywords = {API, Black-box Testing, DSL, Reliability, REST, System Integration, Web Application},
pubstate = {published},
tppubtype = {article}
}
When it comes to web services, RESTful web APIs have become the de facto standard since 2000. Those APIs expose back-end data, so it is crucial that they are robust, secure, and reliable to keep sensitive data protected. Although existing tools for automating APIs test case generation have shown significant potential, they are limited in their applicability since they focus solely on random inputs through fuzzing. Using only API specifications, it is impractical to describe personalized and specific test case workflows. This paper introduces RapiTest, an open-source continuous black-box testing application for RESTful web APIs. It takes advantage of the API specification to automatically generate tests, but also makes use of a new DSL named Test Specification Language (TSL), to create rich test cases. The RapiTest web application allows the setup of several predefined verifications, regarding security and correctness of the responses, while running the tests at regular intervals, such as every 24 hours. In this way, the API can be monitored continuously to ensure it is running correctly.