Abstract

When it comes to web services, RESTful web APIs have become the de facto standard since 2000. Those APIs expose back-end data, so it is crucial that they are robust, secure, and reliable to keep sensitive data protected. Although existing tools for automating APIs test case generation have shown significant potential, they are limited in their applicability since they focus solely on random inputs through fuzzing. Using only API specifications, it is impractical to describe personalized and specific test case workflows. This paper introduces RapiTest, an open-source continuous black-box testing application for RESTful web APIs. It takes advantage of the API specification to automatically generate tests, but also makes use of a new DSL named Test Specification Language (TSL), to create rich test cases. The RapiTest web application allows the setup of several predefined verifications, regarding security and correctness of the responses, while running the tests at regular intervals, such as every 24 hours. In this way, the API can be monitored continuously to ensure it is running correctly.