The idea came from a simple problem: most teams have lots of API endpoints, but almost no one has realistic coverage. Writing and maintaining test collections takes forever, and scripts always fall out of sync.

Rentgen takes one cURL request and generates: • boundary tests (min/max, out-of-range) • enum variation tests • invalid/negative input cases • trimming/whitespace cases • structure/mapping validation • reflection safety checks • missing/incorrect security headers • basic latency/load insights • automatic bug-report templates • and many other.

The goal is to give engineers a rough but honest API health picture in ~2 minutes — without maintaining test files or writing code.

A fun surprise: I pointed Rentgen at ChatGPT’s API and found a few issues we genuinely didn’t expect to see in production. They were fixed immediately after reporting.

I would really appreciate feedback from the community: • What categories of tests are missing? • Which edge cases do you usually find manually? • What would make this useful in your workflow?

GitHub: https://github.com/LiudasJan/Rentgen

Happy to answer anything about the engine design, how the generator works, reflection detection, or upcoming performance modules.

This hits a real pain point. I've been on teams with hundreds of endpoints but maybe 10% had any tests beyond "does it return 200?" — and those inevitably rot as the API evolves.

Generating tests from a single cURL is smart because it meets devs where they already are. We're already firing off cURL commands during development; turning that into a test suite with zero extra effort is a nice DX win.

A few edge cases I’d love to see: Rate limit testing (verify proper 429s with Retry-After) Idempotency checks for POST/PUT endpoints Unicode edge cases like : emoji, RTL characters, null bytes in strings

The ChatGPT API finding is a great proof point. Nothing sells a security tool better than “we found something in production at a major company.” Will try this on some internal APIs this week.