Thanks for the thoughtful suggestions, those are spot on.
Rate-limit testing and proper 429/Retry-After handling are definitely on the roadmap. Idempotency checks for POST/PUT are a great call too, a lot of APIs behave unpredictably there, and it’s one of those areas people rarely test systematically. Unicode/emoji/RTL input fuzzing is a fun one, Rentgen already generates trimming/whitespace/negative cases, but expanding into more string-weirdness categories makes total sense.
If you end up trying it on any internal APIs this week, I’d genuinely love to hear what it catches. The tool often surprises me in places I didn’t expect.
Rate-limit testing and proper 429/Retry-After handling are definitely on the roadmap. Idempotency checks for POST/PUT are a great call too, a lot of APIs behave unpredictably there, and it’s one of those areas people rarely test systematically. Unicode/emoji/RTL input fuzzing is a fun one, Rentgen already generates trimming/whitespace/negative cases, but expanding into more string-weirdness categories makes total sense.
If you end up trying it on any internal APIs this week, I’d genuinely love to hear what it catches. The tool often surprises me in places I didn’t expect.