This paper proposes a novel approach to web service fuzzing that utilizes the OpenAPI Specification. The proposed smart black-box generation-based fuzzer, named openapi-fuzzer, generates and minimizes random payloads to detect vulnerabilities in web services. It is able to minimize the bug-triggering payload to its canonical form. Due to this minimization, it is easy to detect the root cause of an underlying bug. To evaluate its performance, openapi-fuzzer was tested on 3 relevant web services. Kubernetes, Hashicorp Vault, and Gitea. The results demonstrate that openapi-fuzzer outperforms other state-of-the-art web service fuzzers in terms of the number of bugs found and running time.Furthermore, openapi-fuzzer conducts a performance analysis to identify endpoints that are susceptible to Denial-of-Service attacks. By providing developers with detailed statistics, openapi-fuzzer helps them identify and fix performance issues in their web services.