Abstract
RESTful web APIs nowadays may be considered the de facto standard for web integration, since they enable interoperability between heterogeneous software systems in a standard way, and their usage is widespread in industry. Testing these systems thoroughly is therefore of utmost importance: a single bug in an API could compromise hundreds of services using it, potentially affecting millions of end users. In recent years, there has been an explosion in the number of tools and approaches to test RESTful web APIs, making it difficult for researchers and practitioners to select the right solution for the problem at hand.
In this tutorial, we overview some of the main industrial and research tools for testing RESTful APIs, with a primarily practical approach. We analyze different testing tools and frameworks from three different perspectives: a) manual vs automated testing; b) black-box vs white-box testing; and c) online vs offline testing. First, we show the capabilities of industrial tools and libraries for manual testing of web APIs, including REST Assured [3] and Postman [1]. Then, we delve into some of the main research tools for automatically generating test cases for RESTful APIs such as RESTler [6], EvoMaster [5], and RESTest [7]. Finally, we overview existing industrial Testing as a Service (TaaS) platforms such as RapidAPI [2] and Sauce Labs [4], and we show the latest research advances on the provision of continuous online testing of RESTful APIs (including automated test generation and execution) with the RESTest testing ecosystem [8]. We finish the tutorial outlining some of the most pressing research challenges in the domain of web API testing automation, which will hopefully open a range of opportunities for future researchers working on the topic.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Postman. https://www.postman.com. Accessed Nov 2022
RapidAPI. https://rapidapi.com. Accessed Nov 2022
REST Assured. https://rest-assured.io. Accessed Nov 2022
Sauce Labs. https://saucelabs.com. Accessed Nov 2022
Arcuri, A.: RESTful API automated test case generation with EvoMaster. ACM Trans. Softw. Eng. Methodol. 28(1), 1–37 (2019)
Atlidakis, V., Godefroid, P., Polishchuk, M.: RESTler: stateful REST API fuzzing. In: IEEE/ACM 41st International Conference on Software Engineering, pp. 748–758 (2019)
Martin-Lopez, A., Segura, S., Ruiz-Cortés, A.: RESTest: automated black-box testing of RESTful web APIs. In: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 682–685 (2021)
Martin-Lopez, A., Segura, S., Ruiz-Cortés, A.: Online testing of RESTful APIs: promises and challenges. In: Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 408–420 (2022)
Acknowledgments
This work has been supported by the European Commission (FEDER) and Junta de Andalucía under projects MEMENTO (US-1381595), APOLO (US-1264651) and EKIPMENT-PLUS (P18-FR-2895), by the Spanish Government (FEDER/Ministerio de Ciencia e Innovación - Agencia Estatal de Investigación) under project HORATIO (RTI2018-101204-B-C21), by MCIN/AEI/10.13039/ 501100011033/FEDER, UE under project BUBO (PID2021-126227NB-C22), and by the Excellence Network SEBASENet 2.0 (RED2018-102472-T).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Martin-Lopez, A., Alonso, J.C. (2023). Testing of RESTful Web APIs. In: Troya, J., et al. Service-Oriented Computing – ICSOC 2022 Workshops. ICSOC 2022. Lecture Notes in Computer Science, vol 13821. Springer, Cham. https://doi.org/10.1007/978-3-031-26507-5_43
Download citation
DOI: https://doi.org/10.1007/978-3-031-26507-5_43
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-26506-8
Online ISBN: 978-3-031-26507-5
eBook Packages: Computer ScienceComputer Science (R0)