I'm currently trying to reverse-engineer a private REST-Webservice, which lacks documentation. The only thing I know about it is, that it's written in PHP, using the ZendFramework. Is there any simple way of finding out, which actions are allowed and which parameters I have to supply to make the service work correctly?

Greets, Rob

If you have an existing client using the service (a web page, mobile app, etc.) you can use a proxy to record and observe traffic that's sent/received by an existing client using the service. Fiddler or Charles will get the job done.

You can use network analyzer tool like WIRESHARK to capture data sent on network Read more about it on wireshark site

For example i hit login web service data captured by wireshark is as:

In above image you can see data sent on HTTP protocol

1.) method POST

2.) Under MIME info for example

Content-Disposition: form-data; name="phoneNumber"\r\n\r\n

name of parameter is phoneNumber

===========UPDATE==============

Here you can see fiddle captured data:

1.) Click on GO bottun, after that it starts capturing requests

you can use

network analyzer tab under inspect element option in google chrome

where you can see all the data and scripts loaded for that webpage, for example check this screenshot, where i am trying to see which google api is used to find coordinates for the given address. in this you will get all the information required.