RESTful API Inference

 In today’s digital landscape, web applications are crucial for user-server inter-actions, with APIs playing a pivotal role. However, ensuring API security is chal- lenging. API security tools require detailed API specifications to effectively identify vulnerabilities. The motivation behind this research stems from the significant chal- lenge in web applications, particularly in addressing exposed API endpoints on the client side, which introduce an unknown attack surface. Having a detailed API specification is crucial for dynamic examination of the API. It serves as a guiding framework for understanding and interacting with APIs, regardless of the program- ming language used. Our research addresses the challenge of identifying client-side API endpoints, essential for security. We use static and dynamic analysis to infer RESTful APIs from JavaScript code. Our approach involves crawling websites to capture API requests, identifying call locations, and invoking APIs. .Our evaulation resulted in the inference of an additional 34 API paths, of which 25 APIs we were able to invoke. This process relies on the identification of API call locations and API paths within the source code. This work is a start in this direction and can be further taken on to calling all the API endpoints inferred by combination of static and dynamic analysis and automate the whole process.