A Catalogue of Inter-Parameter Dependencies in RESTful Web APIs

Web services often impose dependency constraints that re strict the way in which two or more input parameters can be combined to form valid calls to the service. Unfortunately, current specification languages for web services like the OpenAPI Specification provide no support for the formal description of such dependencies, which makes it hardly possible to automatically discover and interact with services without human intervention. Researchers and practitioners are openly requesting support for modelling and validating dependencies among in put parameters in web APIs, but this is not possible unless we share a deep understanding of how dependencies emerge in practice—the aim of this work. In this paper, we present a thorough study on the presence of dependency constraints among input parameters in web APIs in in dustry. The study is based on a review of more than 2.5K operations from 40 real-world RESTful APIs from multiple application domains. Overall, our findings show that input dependencies are the norm, rather than the exception, with 85% of the reviewed APIs having some kind of dependency among their input parameters. As the main outcome of our study, we present a catalogue of seven types of dependencies consistently found in RESTful web APIsMinisterio de Economía y Competitividad BELI (TIN2015-70560-R)Ministerio de Ciencia, Innovación y Universidades Horatio RTI2018-101204-B-C21Ministerio de Educación, Cultura y Deporte FPU17/0407

Inter-Parameter Dependencies in Real-World Web APIs: The IDEA Dataset

Context: Web services often impose constraints that restrict the way in which two or more input parameters can be combined to form valid calls to the service, so-called inter-parameter dependencies. Current API design languages like the OpenAPI Specification (OAS) provide no support for their formal description, making it hardly possible to automatically discover and interact with services without human intervention. Researchers and practitioners are openly requesting support for modelling and validating inter-parameter dependencies in web APIs, but this is not possible unless we share a deep understanding of how these dependencies emerge in practice. Objective: We aim to provide evidence on how inter-parameter dependencies are used in real-world web APIs. This evidence will hopefully serve as a basis for future proposals for modelling and analysing inter-parameter dependencies and will open a new range of research possibilities in areas related to service-oriented computing. Method: The documentation of 2,557 operations from 40 real-world web APIs was reviewed and carefully analysed, and 633 inter-parameter dependencies were found and classified into seven different types. Results: A machine-readable dataset was generated. This dataset helps understand the dimension and recurrence of inter-parameter dependencies in web APIs, as well as their taxonomy.Ministerio de Ciencia e Innovación HORATIO (RTI2018-101204–B–C21)Junta de Andalucía APOLO (US-1264651)Junta de Andalucía EKIPMENTPLUS (P18–FR–2895)Ministerio de Educación y Formación Profesional FPU17/0407

Automated analysis of inter-parameter dependencies in web APIs

Web services often impose constraintsthat restrict the way in which two or more input parameters can be combined to form valid calls to the service, i.e. inter-parameter dependencies. Current web API specification languages like the OpenAPI Specification (OAS) pro vide no support for the formal description of such dependencies, making it hardly possible to interact with the services without human intervention. We propose specifying and automatically ana lyzing inter-parameter dependencies in web APIs. To this end, we propose a domain-specific language to describe these dependencies, a constraint programming-aided tool supporting their automated analysis, and an OAS extension integrating our approach and eas ing its adoption. Together, these contributions open a new range of possibilities in areas such as source code generation and testin

AI-driven web API testing

Testing of web APIs is nowadays more critical than ever before, as they are the current standard for software integration. A bug in an organization’s web API could have a huge impact both in ternally (services relying on that API) and externally (third-party applications and end users). Most existing tools and testing ap proaches require writing tests or instrumenting the system under test (SUT). The main aim of this dissertation is to take web API testing to an unprecedented level of automation and thoroughness. To this end, we plan to apply artificial intelligence (AI) techniques for the autonomous detection of software failures. Specifically, the idea is to develop intelligent programs (we call them “bots”) ca pable of generating hundreds, thousands or even millions of test inputs and to evaluate whether the test outputs are correct based on: 1) patterns learned from previous executions of the SUT; and 2) knowledge gained from analyzing thousands of similar programs. Evaluation results of our initial prototype are promising, with bugs being automatically detected in some real-world APIs.Ministerio de Economía y Competitividad BELI (TIN2015-70560-R)Ministerio de Ciencia, Innovación y Universidades RTI2018-101204-B-C21 (HORATIO)Ministerio de Educación, Cultura y Deporte FPU17/0407