Test the API

Good day. I will write automated scripts using Typescript for testing your API and checking the limits and security of roles. I will create a detailed report of the found errors and perform a recheck after your corrections. I am ready to start now. I would appreciate the collaboration.

Show original

Translate

Good day! I have reviewed the task and am ready to start. I have quite a lot of experience with APIs, integrations, and testing.

Experience:
• 4 years in Frontend and Backend development
• 2 years of commercial experience in product and blockchain
• Working with production code and real financial scenarios

Some of my projects:

… https://contentbuilder.ai/ - a commercial project from the USA, where I worked as a full-stack developer and implemented most of the functionality

https://freelancehunt.com/showcase/work/procasino/2025898.html

https://freelancehunt.com/showcase/work/bionrgg/2025897.html

Show original

Translate

Hello.

I will take it on. As I read the scope - at the input swagger, specification, design from Figma, and public methods; at the output a document listing issues (bugs, security gaps, redundant methods), then you make corrections, I verify.

What I will check systematically.

Authorization and roles - whether the correct checks are performed at each endpoint, whether there are roles that can see others' resources (IDOR), whether the logic of privilege degradation is correct.

Limits and rate limiting - are they genuinely limited or cosmetic, how does 429 behave (returns Retry-After), can it be bypassed through variations of headers or parameters.
…
Discrepancies between swagger and actual implementation - field types, required fields, date formats, enums, response codes 200, 4xx, 5xx.

Information leaks in errors - stack traces in production, informative messages that assist an attacker.

Input validation - null, empty values, negative numbers, overflow, SQL injection through parameters, typical edge cases.

Business logic - racing scenarios on sensitive operations, repeated operations (idempotency), states that may be prohibited from the domain perspective.

First iteration - 2-3 days after receiving access and documentation. Review of corrections - one day. Access to the code is not needed; the rights matrix and swagger are sufficient.

Show original

Translate

Good evening, I have over 5 years of experience in testing and API development, and I can easily handle end-to-end testing, from permission checks to basic errors. Feel free to reach out!

Show original

Translate

Hello. I am ready to conduct route testing through Swagger. Feel free to contact me. I will be happy to collaborate.

Show original

Translate

Hello, I am a full-stack developer. I write APIs, connect them to the front end.

Please write in private messages, we will communicate.

Show original

Translate

Good day. The task is clear. Black-box testing of the API with a focus on roles and security. I have worked with similar: IDOR, privilege escalation, rate limits, auth bypass. This is a standard checklist for such architecture.

Show original

Translate

Hello. I am ready to take on the project.

I have experience in testing and developing APIs, including role checks, ACL/access matrices, limits, authorization, permission-based access logic, and basic security risks (IDOR, excessive methods, role bypass, rate limit issues, validation, etc.).

I can:

* thoroughly review the swagger and role architecture;
* test public methods;
* check access logic between roles;
… * create a structured list of bugs/risks in one document;
* conduct a re-check after your revisions.

The work format you described is completely suitable. Access to the code is not critical if there is swagger, specifications, and information on roles/limitations.

Regarding timelines — I can complete the first iteration after familiarizing myself with the API scope.

Show original

Translate

Good evening. I have extensive experience in QA, I can help check your API. Write to me, we will discuss the details.

Show original

Translate

Hello! If I understand the task correctly — there is a ready API (similar to LUN), and it needs to be tested for bugs, security, and the correctness of roles/limits. The output will be two documents: first, a complete list of findings, and then a verification after your corrections.

Here’s how we do it:
— Read Swagger + specification + rights matrix
— Go through all public methods, checking if role A cannot do what is only allowed for role B
— Test limits, edge cases, excessive endpoints
— Create one clear document with all findings
— After your corrections — final verification

… If you are interested — message me privately, and we will discuss the details.

Show original

Translate

Good day. I will test your API, from start to finish. I have a similar system myself and would be interested to see yours. Feel free to reach out, and we can discuss the details.

Show original

Translate

Hello.
I am interested in the project. I have experience working with APIs, testing logic, access roles, and verifying integrations.
For the task, I see the work in two stages, as you described:
1. Analysis of the specification, Swagger, roles, access matrices, and existing logic. I will conduct a check of functionality, integrations, and use cases.
I will separately check:
* roles and access matrices;
* limits and restrictions;
* redundant or duplicated methods;
* authorization logic and rights segregation;
… * potential security issues (access to others' resources, role bypass, IDOR, excessive API responses, etc.);
* compliance of Swagger with the actual behavior of the API.
The result of the first iteration will be a document with identified issues, bugs, and recommendations.
2. After making corrections — re-check and validation of fixes.
Lack of access to the code is not a problem if documentation, Swagger, rights matrices, and necessary scenarios are available. I am ready to dive into the architecture and logic of roles.

Show original

Translate

Vasyl, I can systematically test the API without access to the code: I will check scenarios with Swagger, role permissions, limits, redundant methods, and typical security risks. I will create a clear list of bugs/discrepancies in the first iteration, and after your corrections, I will perform a re-verification. I have worked with technical audits and structured checklists, so I will quickly dive into the architecture and provide a clear result. I can start immediately.

Show original

Translate

Good day. I am interested in your order. I have been working in web development for over 10 years. Please write in private messages for detailed discussion of the specifications.

Show original

Translate

Привіт! 👋
Я професійний веб-розробник з 7+ роками досвіду у розробці
Великий досвід з АРІ.
Маю глибоку експертизу та великий практичний досвід роботи з сучасними веб-технологіями, зокрема:
⚙️ HTML, CSS, JavaScript, PHP, Laravel, CodeIgniter, Yuii2, CakePhp, Symphony
✅ Wordpress, Shopify, WooCommerce, OpenCart, PrestaShop, Magento, Webflow, Weblium
🐍 Python (Django, Flask)
🟢 NodeJS
🧩 React JS, Vue JS, Angular
… 🗄 MySQL, PostgreSQL
🔧 Git, REST API та інтеграції
Пишіть!