Classification of changes in API evolution

Applications typically communicate with each other, accessing and exposing data and features by using Application Programming Interfaces (APIs). Even though API consumers expect APIs to be steady and well established, APIs are prone to continuous changes, experiencing different evolutive phases through their lifecycle. These changes are of different types, caused by different needs and are affecting consumers in different ways. In this paper, we identify and classify the changes that often happen to APIs, and investigate how all these changes are reflected in the documentation, release notes, issue tracker and API usage logs. The analysis of each step of a change, from its implementation to the impact that it has on API consumers, will help us to have a bigger picture of API evolution. Thus, we review the current state of the art in API evolution and, as a result, we define a classification framework considering both the changes that may occur to APIs and the reasons behind them. In addition, we exemplify the framework using a software platform offering a Web API, called District Health Information System (DHIS2), used collaboratively by several departments of World Health Organization (WHO).Peer ReviewedPostprint (author's final draft

You Can REST Now: Automated Specification Inference and Black-Box Testing of RESTful APIs with Large Language Models

RESTful APIs are popular web services, requiring documentation to ease their comprehension, reusability and testing practices. The OpenAPI Specification (OAS) is a widely adopted and machine-readable format used to document such APIs. However, manually documenting RESTful APIs is a time-consuming and error-prone task, resulting in unavailable, incomplete, or imprecise documentation. As RESTful API testing tools require an OpenAPI specification as input, insufficient or informal documentation hampers testing quality. Recently, Large Language Models (LLMs) have demonstrated exceptional abilities to automate tasks based on their colossal training data. Accordingly, such capabilities could be utilized to assist the documentation and testing process of RESTful APIs. In this paper, we present RESTSpecIT, the first automated RESTful API specification inference and black-box testing approach leveraging LLMs. The approach requires minimal user input compared to state-of-the-art RESTful API inference and testing tools; Given an API name and an LLM key, HTTP requests are generated and mutated with data returned by the LLM. By sending the requests to the API endpoint, HTTP responses can be analyzed for inference and testing purposes. RESTSpecIT utilizes an in-context prompt masking strategy, requiring no model fine-tuning. Our evaluation demonstrates that RESTSpecIT is capable of: (1) inferring specifications with 85.05% of GET routes and 81.05% of query parameters found on average, (2) discovering undocumented and valid routes and parameters, and (3) uncovering server errors in RESTful APIs. Inferred specifications can also be used as testing tool inputs

Model-driven round-trip engineering of REST APIs

Les API web s'han convertit cada vegada més en un actiu clau per a les empreses, que n'han promogut la implementació i la integració en les seves activitats quotidianes. A la pràctica, la majoria d'aquestes API web són "REST-like", que significa que s'adhereixen parcialment a l'estil arquitectònic conegut com transferència d'estat representacional ('representational state transfer', REST en anglés). De fet, REST és un paradigma de disseny i no proposa cap estàndard. Com a conseqüència, tant desenvolupar com consumir API REST són tasques difícils i costoses per als proveïdors i clients de l'API. L'objectiu d'aquesta tesi és facilitar el disseny, la implementació, la composició i el consum de les API REST, basant-se en tècniques d'enginyeria dirigida per models ('model-driven engineering', MDE en anglés). Aquesta tesi proposa les contribucions següents: EMF-REST, APIDiscoverer, APITester, APIGenerator, i APIComposer. Aquestes contribucions constitueixen un ecosistema que avança l'estat de la qüestió al camp de l'enginyeria de programari automàtica per al desenvolupament i el consum de les API REST.Las API Web se han convertido en una pieza fundamental para un gran número de compañías, que han promovido su implementación e integración en las actividades cotidianas del negocio. En la práctica, estas API Web son "REST-like", lo que significa que se adhieren parcialmente al estilo arquitectónico conocido como transferencia de estado representacional ('representational state transfer', REST en inglés). De hecho, REST es un paradigma de diseño y no propone ningún estándar. Por ello, tanto el desarrollo como el consumo de API REST son tareas difíciles y que demandan mucho tiempo de los proveedores y los clientes de API. El objetivo de esta tesis es facilitar el diseño, la implementación, la composición y el consumo de API REST, apoyándose en el desarrollo de software dirigido por modelos (DSDM). Esta tesis propone las siguientes contribuciones: EMF-REST, APIDiscoverer, APITester, APIGenerator y APIComposer. Estas contribuciones constituyen un ecosistema que avanza el estado de la cuestión en el área de la ingeniería del software referida a la automatización de las tareas relacionadas con el desarrollo y consumo de API REST.Web APIs have become an increasingly key asset for businesses, and their implementation and integration in companies' daily activities has thus been on the rise. In practice, most of these Web APIs are "REST-like", meaning that they adhere partially to the Representational State Transfer (REST) architectural style. In fact, REST is a design paradigm and does not propose any standard, so developing and consuming REST APIs end up being challenging and time-consuming tasks for API providers and clients. Therefore, the aim of this thesis is to facilitate the design, implementation, composition and consumption of REST APIs by relying on Model-Driven Engineering (MDE). Likewise, it offers the following contributions: EMF-REST, APIDiscoverer, APITester, APIGenerator and APIComposer. Together, these contributions make up an ecosystem which advances the state of the art of automated software engineering for REST APIs

Example-driven web API specification discovery

REpresentational State Transfer (REST) has become the dominant approach to design Web APIs nowadays, resulting in thousands of public REST Web APIs offering access to a variety of data sources (e.g., open-data initiatives) or advanced functionalities (e.g., geolocation services). Unfortunately, most of these APIs do not come with any specification that developers (and machines) can rely on to automatically understand and integrate them. Instead, most of the time we have to rely on reading its ad-hoc documentation web pages, despite the existence of languages like Swagger or, more recently, OpenAPI that developers could use to formally describe their APIs. In this paper we present an example-driven discovery process that generates model-based OpenAPI specifications for REST Web APIs by using API call examples. A tool implementing our approach and a community-driven repository for the discovered APIs are also presented

Example-driven web API specification discovery

REpresentational State Transfer (REST) has become the dominant approach to design Web APIs nowadays, resulting in thousands of public REST Web APIs offering access to a variety of data sources (e.g., open-data initiatives) or advanced functionalities (e.g., geolocation services). Unfortunately, most of these APIs do not come with any specification that developers (and machines) can rely on to automatically understand and integrate them. Instead, most of the time we have to rely on reading its ad-hoc documentation web pages, despite the existence of languages like Swagger or, more recently, OpenAPI that developers could use to formally describe their APIs. In this paper we present an example-driven discovery process that generates model-based OpenAPI specifications for REST Web APIs by using API call examples. A tool implementing our approach and a community-driven repository for the discovered APIs are also presented