REST APIs are the de facto standard for web service interaction, praised for flexibility and simplicity of adoption. Nevertheless, the lack of mandatory implementation guidelines for REST APIs has led to the diffusion of poor-quality and difficult-to-maintain web services. A key concern in this context is the misuse of CRUD (Create, Read, Update, and Delete) semantics of API operations. While best practices suggest mapping CRUD verbs to HTTP methods (POST, GET, PUT/PATCH, and DELETE, respectively), many implementations fail to adhere to such a guideline. This common anti-pattern makes interaction with the API ambiguous, hindering maintainability and decreasing the effectiveness of automated REST API testing. In this paper, we propose CRUDinfer, a novel approach to automatically infer REST API operation CRUD semantics by leveraging (black-box) interactions with the API. The approach incrementally refines the knowledge about API operations' CRUD semantics via CRUD test scenarios. Specifically, it employs interaction patterns typical of each CRUD semantics verb to craft test scenarios (i.e., HTTP interactions) for API operations with the aim of confirming their semantics. Testing failures indicate a mismatch between the intended CRUD semantics and the actual implementation. Thus, it refines API operations' CRUD semantics knowledge through improved test scenarios. Empirical evaluation indicates high inference capabilities for CRUDinfer, with an overall precision higher than 95% on the considered benchmark REST APIs.
CRUDinfer: Automated CRUD semantics inference for REST APIs through black-box testing.
Michele Pasqua;Davide Corradini;Mariano Ceccato.
2026-01-01
Abstract
REST APIs are the de facto standard for web service interaction, praised for flexibility and simplicity of adoption. Nevertheless, the lack of mandatory implementation guidelines for REST APIs has led to the diffusion of poor-quality and difficult-to-maintain web services. A key concern in this context is the misuse of CRUD (Create, Read, Update, and Delete) semantics of API operations. While best practices suggest mapping CRUD verbs to HTTP methods (POST, GET, PUT/PATCH, and DELETE, respectively), many implementations fail to adhere to such a guideline. This common anti-pattern makes interaction with the API ambiguous, hindering maintainability and decreasing the effectiveness of automated REST API testing. In this paper, we propose CRUDinfer, a novel approach to automatically infer REST API operation CRUD semantics by leveraging (black-box) interactions with the API. The approach incrementally refines the knowledge about API operations' CRUD semantics via CRUD test scenarios. Specifically, it employs interaction patterns typical of each CRUD semantics verb to craft test scenarios (i.e., HTTP interactions) for API operations with the aim of confirming their semantics. Testing failures indicate a mismatch between the intended CRUD semantics and the actual implementation. Thus, it refines API operations' CRUD semantics knowledge through improved test scenarios. Empirical evaluation indicates high inference capabilities for CRUDinfer, with an overall precision higher than 95% on the considered benchmark REST APIs.
| File | Dimensione | Formato | |
|---|---|---|---|
|
icse2026.pdf
accesso aperto
Licenza:
Creative commons
Dimensione
660.61 kB
Formato
Adobe PDF
|
660.61 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
