Automatic Generation of Test Cases for REST APIs: A Specification-Based Approach

The REpresentation State Transfer (REST) has gained momentum as the preferred technique to design Web APIs. REST allows building loosely coupled systems by relying on HTTP and the Web-friendly format JSON. However, REST is not backed by any standard or specification to describe how to create/consume REST APIs, thus creating new challenges for their integration, testing and verification. To face this situation, several specification formats have been proposed (e.g., OpenAPI, RAML, and API Blueprint), which can help automate tasks in REST API development (e.g., testing) and consumption (e.g., SDKs generation). In this paper we focus on automated REST API testing relying on API specifications, and particularly the OpenAPI one. We propose an approach to generate specification-based test cases for REST APIs to make sure that such APIs meet the requirements defined in their specifications. We provide a proof-of-concept tool implementing our approach, which we have validated with 91 OpenAPI definitions. Our experiments show that the generated test cases cover on average 76.5% of the elements included in the OpenAPI definitions. Furthermore, our experiments also reveal that 40% of the tested APIs fail.

[1]  Andrea Arcuri,et al.  RESTful API Automated Test Case Generation , 2017, 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS).

[2]  Juan Luo,et al.  Testing Web services by XML perturbation , 2005, 16th IEEE International Symposium on Software Reliability Engineering (ISSRE'05).

[3]  Lars-Åke Fredlund,et al.  Jsongen: a quickcheck based library for testing JSON web services , 2014, Erlang Workshop.

[4]  Joeri De Koster,et al.  Inter-parameter Constraints in Contemporary Web APIs , 2017, ICWE.

[5]  Fabio Casati,et al.  REST APIs: A Large-Scale Analysis of Compliance with Principles and Best Practices , 2016, ICWE.

[6]  Jia Zhang,et al.  Criteria analysis and validation of the reliability of Web services-oriented systems , 2005, IEEE International Conference on Web Services (ICWS'05).

[7]  Jordi Cabot,et al.  Example-Driven Web API Specification Discovery , 2017, ECMFA.

[8]  Marc J. Hadley,et al.  Web application description language (WADL) , 2006 .

[9]  Malcolm Munro,et al.  Fault-Based Web Services Testing , 2008, Fifth International Conference on Information Technology: New Generations (itng 2008).

[10]  Larry J Morell,et al.  A Theory of Fault-Based Testing , 1990, IEEE Trans. Software Eng..

[11]  Mark Harman,et al.  Testing and verification in service‐oriented architecture: a survey , 2013, Softw. Test. Verification Reliab..

[12]  Wei-Tek Tsai,et al.  WSDL-based automatic test case generation for Web services testing , 2005, IEEE International Workshop on Service-Oriented System Engineering (SOSE'05).

[13]  Prashant Kumar,et al.  Test-the-REST: An Approach to Testing RESTful Web-Services , 2009, 2009 Computation World: Future Computing, Service Computation, Cognitive, Adaptive, Content, Patterns.

[14]  Eda Marchetti,et al.  WS-TAXI: A WSDL-based Testing Tool for Web Services , 2009, 2009 International Conference on Software Testing Verification and Validation.

[15]  A. Jefferson Offutt,et al.  Generating test cases for web services using data perturbation , 2004, SOEN.

[16]  Cesare Pautasso,et al.  Restful web services vs. "big"' web services: making the right architectural decision , 2008, WWW.

[17]  Roy Fielding,et al.  Architectural Styles and the Design of Network-based Software Architectures"; Doctoral dissertation , 2000 .

[18]  Peter Braun,et al.  Model-driven Testing of RESTful APIs , 2015, WWW.