RoboCon2025

What has been done?
A framework enabling the execution of API SIT tests and/or fuzzing for APIs.

Why was it done?
The previous way to execute API SIT tests was done with Postman. For different reasons, including testing team management's desire to invest resources into different technologies and more meaningful ways of working (including enhancing the usage of Robot Framework), a new solution was needed to execute the API SIT tests.

How and what was done?
The answer to finding a new API SIT testing solution was the Robot Framework based API fuzzing framework, for which implementation had already been started, and which somewhat based on the idea of RoboCon 2024 talk Fuzzing For Vulnerabilities in REST APIs (by Alina Kostetska). The fuzzer itself needed the implementation for so called happy day API tests to a) verify the normal functionality of APIs before and after fuzzing and b) generate needed dynamic data (sessions, tokens etc.) so that the fuzzer could do its work as efficiently as possible.

So, as there were obvious overlapping characteristics in both API SIT test and fuzzer needs, it was clear that those should be combined and enable them to benefit from each other. The combining was made by adding the functionalities and features needed for API SIT into the API fuzzing framework.

What kind of Benefits?
- Making it easier to follow principle "One thing implemented in one place". Meaning that same code or script should be located only once in one place
- Team executing API SIT tests can concentrate to the actual API testing and no need to worry about the tooling
- Team executing fuzzing can concentrate on the actual fuzzing, no need to gather information, test data etc. for each API