rest apis

Designing and implementing HTTP-based RESTful services using frameworks such as Spring Boot (or Express/Flask), defining resource endpoints, request/response schemas (JSON), authentication (OAuth/JWT), versioning and OpenAPI specs, plus testing, rate-limiting, and deployment concerns.

restapis

12-Month Skill Trend

Momentum and market value over time
Trending
Score
+20 in 12 mo
96
12 mo agoNow
Career
Value
+$12K in 12 mo
$42K/year
12 mo agoNow

Recommended Survey Paper

Quick overview of the field
View more

Must-Read Papers

Most classic and influential ideas
View more

You Can REST Now: Automated Specification Inference and Black-Box Testing of RESTful APIs with Large Language Models

Feb 07, 2024
AD
Alix Decrop
🏛️ University of Namur | University of Luxembourg

REST API documentation frequently suffers from incompleteness, obsolescence, or inaccessibility, hindering both automated testing efficiency and human comprehension. This paper introduces the first LLM-driven, end-to-end framework for OpenAPI specification inference and black-box API testing—requiring only an API name and an LLM API key. It automatically generates and mutates HTTP requests, then infers specifications and detects defects via response analysis. A novel context-aware prompt masking strategy enables zero-shot discovery of undocumented routes and parameters without model fine-tuning. Evaluated on a standardized benchmark, the framework achieves 85.05% average recall for GET routes and 81.05% for query parameters, successfully uncovering hidden endpoints and diverse server-side errors (e.g., 5xx, logic flaws). The inferred OpenAPI specifications are directly compatible with mainstream API testing tools, enabling seamless integration into existing CI/CD and security validation pipelines.

Automate REST API documentation to reduce errors and save timeEnhance API testing efficiency with minimal user input requiredInfer and validate API routes and parameters using LLMs

LRASGen: LLM-based RESTful API Specification Generation

Apr 23, 2025
SD
Sida Deng
🏛️ Macau University of Science and Technology | Beihang University | University of Nottingham Ningbo China | China University of Mining and Technology

To address the labor-intensive, error-prone, and maintenance-challenging nature of manually authoring RESTful API specifications (e.g., OpenAPI), this paper proposes the first large language model (LLM)-based approach for automatic OpenAPI specification generation. Unlike prior methods, it requires neither comprehensive code annotations nor structured code representations; instead, it jointly leverages code understanding, RESTful semantic parsing, and structured text generation to directly infer accurate and complete interface descriptions from raw source code. Crucially, the method is robust to real-world development imperfections—such as incomplete implementations and missing comments—without requiring manual intervention. Evaluated on 20 real-world API projects, our approach achieves an average 48.85% improvement in coverage of developer-omitted entities compared to state-of-the-art tools, demonstrating substantial gains in both accuracy and practical applicability.

Automating RESTful API specification generation to reduce manual effortImproving accuracy in OpenAPI Specifications with incomplete codeLeveraging LLMs for better API documentation coverage

LLM-Generated Microservice Implementations from RESTful API Definitions

Feb 13, 2025
SC
Saurabh Chauhan
🏛️ Tampere University

This work addresses the low development efficiency and high maintenance overhead associated with manual implementation of RESTful microservices. We propose an API-first, LLM-powered automated code generation method that takes OpenAPI specifications as input and produces executable microservices via a novel LLM-driven generation framework. Crucially, we introduce— for the first time—a runtime log analysis and error feedback mechanism, enabling a closed-loop optimization paradigm: “specify → generate → execute → debug → refine.” Compared to conventional development practices, our approach significantly accelerates prototyping and reduces manual iteration cycles. Empirical evaluation with six industry practitioners demonstrates substantial improvements in coding automation and rapid experimentation capabilities. The method establishes a new pathway toward API-driven, intelligent software engineering.

Automate RESTful microservices development using LLMsEnhance development speed and reduce manual effortGenerate and refine server code via OpenAPI specifications

This work addresses the lack of effective automated testing mechanisms in microservice architectures, where existing API specifications such as OpenAPI suffer from limited semantic expressiveness and thus struggle to support high-coverage automated validation. To overcome this limitation, the authors propose APOSTL—an extension of OpenAPI grounded in restricted first-order logic—that enables formal annotation of semantic properties of APIs. Complementing this specification language, they develop PETIT, a tool that performs fully automated, source-code-free black-box testing using only APOSTL-annotated OpenAPI documents. By embedding formal logic directly into API specifications for the first time, this approach allows interface documentation to drive semantically precise and high-coverage automated tests, significantly enhancing the efficiency and reliability of microservice verification.

API specificationautomated testingmicroservice testing

REST API Testing in DevOps: A Study on an Evolving Healthcare IoT Application

Oct 16, 2024
HS
Hassan Sartaj
🏛️ Simula Research Laboratory | Oslo Kommune Helseetaten

In DevOps-enabled healthcare IoT systems, the continuous evolution of REST APIs undermines regression testing effectiveness, posing critical quality and safety risks. Method: This study conducts the first systematic empirical evaluation of regression testing capabilities of five state-of-the-art tools—RESTest, EvoMaster, Schemathesis, RESTler, and RestTestGen—in a real-world healthcare IoT setting. The evaluation spans 17 APIs, 120 endpoints, and 14 release iterations, integrating contract-based validation, fuzzing, and evolution-aware strategies. Contribution/Results: The experiments uncovered 18 previously unknown defects and 23 regression faults, achieving up to 84% endpoint coverage—yet with an average test overhead exceeding 80%. This work establishes the first empirical benchmark for regression testing in healthcare IoT DevOps and empirically characterizes the practical trade-offs among fault detection, coverage, and resource cost.

Assessing tool effectiveness in DevOps regression testingEvaluating REST API testing tools for healthcare IoT applicationsIdentifying failures and faults in evolving REST APIs

Latest Papers

What's happening recently
View more

This work addresses the inefficiency, error-proneness, and technology-stack dependency developers face when authoring and maintaining OpenAPI specifications (OAS). To overcome these challenges, we propose OOPS—the first language- and framework-agnostic, LLM-driven static analysis approach. OOPS constructs an API dependency graph to link cross-file code artifacts and employs a two-stage pipeline—endpoint extraction followed by OAS generation—augmented with a self-refinement mechanism to mitigate LLM context limitations and reduce hallucinations. Evaluated on 12 real-world REST APIs spanning five programming languages and eight frameworks, OOPS achieves F1 scores of 98%, 97%, and 92% in endpoint identification, request/response structure inference, and parameter constraint derivation, respectively, with average input and output token counts below 5.6K and 0.9K, substantially decreasing reliance on manual intervention and handcrafted rules.

context limitationLLM hallucinationOpenAPI Specification

This study addresses the lack of empirical evaluation of large language models (LLMs) in industrial-scale REST API testing, particularly regarding their effectiveness under complex authentication schemes, stateful interactions, and organizational constraints. For the first time, we conduct a systematic validation within the live production environment of a major Belgian logistics enterprise, targeting six representative microservice endpoints. Leveraging a prompt-engineering-based approach to LLM-driven test case augmentation integrated with an industrial-grade microservice testing framework, our experiments significantly improve test coverage and uncover multiple system anomalies and observability gaps. This work provides the first empirical evidence of the practical utility—and inherent limitations—of LLM-augmented testing in security-sensitive, state-intensive industrial settings.

industrial settingLarge Language ModelsREST API testing

RESTifAI: LLM-Based Workflow for Reusable REST API Testing

Dec 09, 2025
LK
Leon Kogler
🏛️ CASABLANCA hotelsoftware GmbH | University of Innsbruck | Mälardalen University

Existing REST API testing tools primarily focus on detecting internal server errors (5xx) and lack systematic capabilities for generating high-quality test cases covering both successful responses (2xx) and client-side error scenarios (4xx). They further suffer from low test reusability, complex assertion design, and poor CI/CD integration. This paper introduces RESTifAI, an LLM-powered automated testing workflow that deeply parses OpenAPI specifications to collaboratively generate reusable, semantically rich positive and negative test cases with domain-aware assertions. Its key innovation lies in synergistically integrating LLM reasoning with domain knowledge—including business logic and HTTP semantics—to enable end-to-end test generation and validation. Empirical evaluation shows that RESTifAI achieves test coverage and effectiveness comparable to AutoRestTest and LogiAgent, while industrial deployment across microservices confirms its engineering practicality and seamless CI/CD compatibility.

Addresses limitations in reusability, oracle complexity, and integration.Constructs valid and negative test scenarios for functionality.Generates reusable REST API tests for CI/CD pipelines.

This study addresses the challenge of effectively adopting REST API design guidelines, which are often too extensive or disconnected from real-world practice, thereby compromising API usability. Through semi-structured interviews with 16 industry experts, combined with qualitative analysis and case studies, the work systematically identifies eight key factors influencing API usability, underscoring the critical role of adhering to established conventions. The research reveals developer resistance to rigid guidelines and argues that effective design standards must evolve alongside organizational practices, involve broad stakeholder participation, and integrate automated linting to enhance compliance and design quality. Proposing an innovative “dynamic adaptation plus automated education” paradigm, this work offers both theoretical insights and practical foundations for developing actionable, context-aware API design guidelines.

API usabilitydesign guidelinesdeveloper experience

This work addresses the oracle problem in REST API testing—stemming from the absence of explicit expected outputs—by proposing a novel multi-agent workflow grounded in large language models (LLMs). The approach uniquely integrates multi-agent LLMs with metamorphic testing to automatically parse OpenAPI specifications and generate executable test cases in the Given-When-Then format, eliminating the need for manually defined oracles. Evaluated on two public web applications, the method demonstrates its effectiveness by uncovering API behaviors missed by existing scenario-based testing techniques and substantially enhancing test coverage. This study thus introduces a new paradigm for automated API testing that leverages the reasoning and coordination capabilities of LLM-based agents to overcome longstanding challenges in test oracle specification.

metamorphic testingoutput correctnessREST APIs

Hot Scholars

AA

Andrea Arcuri

Professor of Software Engineering at Kristiania University College
Software TestingSBSESearch-Based Software EngineeringFuzzing
MZ

Man Zhang

Beihang University
Software TestingSearch-based Software Engineering
SD

Serge Demeyer

University of Antwerp
Software EngineeringSoftware EvolutionTest Automation
RH

Rubing Huang

Macau University of Science and Technology
AI for Software EngineeringSoftware Engineering for AISoftware TestingAI Applications
RD

Ran Dubin

Senior Lecturer, Department of Computer and Software Engineering, Ariel Cyber Innovation Center
Video StreamingMachine LearningMalware ResearchSNDBOX