Efficient penetration of API sequences to test stateful RESTful services

Abstract

We have improved an approach for listing API sequences using API specification documents to make combinatorial testing for remote services to which requests are sent using APIs such as REST, gRPC, and WSDL. The proposed approach performs a depth-first, backward, all-at-once search rather than a breadth-first, forward, one-by-one search which was the strategy of previous studies. Our proposed approach parses an API specification document and creates a directed tree that represents a partial order of calls of APIs to collect values demanded by each target API. The approach calculates the leading-following relations of APIs by manipulating a matrix that represents the relations of APIs and named values that mediate the relations. We applied our proposed approach to a practical service, GitLab. We obtained the result that the approach lists the longer executable API sequences that can visit more methods in service implementation than the approaches of existing work without listing a large number of sequences.