SLA-Driven Governance of RESTful Systems

The Software as a Service (SaaS) paradigm has become entrenched in the industry as a deployment model, bringing flexibility to the customers and a recurring revenue to the business. The main architectural paradigm of SaaS systems is the service-oriented one since it provides numerous advantages in terms of elasticity, fault tolerance, and flexible architectural design. Currently, the RESTful paradigm, a layer of abstraction on the server created by defining resources and entities that can be accessed by means of a URI, is the preferred choice for the construction of SaaS, as it promotes the deployment, isolation and integration of microservices through APIs. Nowadays, APIs are regarded as a new form of business product and ever more organizations are publicly opening up access to their APIs as a way to create new business opportunities. In the same way, other organizations also consume a number of third-party APIs as part of their business. We henceforth define the concept of a RESTful System as an information system following the RESTful paradigm to shape the integration model between both its own components as well as other information systems. Furthermore, understanding governance as the way in which a component is directed and controlled, in RESTful Systems, those components will be the RESTful APIs and what we aim to control or regulate is their behavior (i.e., how an API is being consumed or provided). As APIs are increasingly regarded as business products, a crucial activity is to describe the set of plans (i.e., the pricing) that depicts the functionality and performance being offered to clients. API providers usually define certain limitations in each instance of a plan (e.g., quotas and rates); for example, a free plan might be limited to having one hundred monthly requests, and a professional plan to have five hundred monthly requests. However, although API providers use the Service Level Agreement (SLA) concept to delimit the functionality and guarantees to which they commit to their customers, there is no standard model used by API providers for modeling API pricing (including the plans and limitations). Although some providers do model the information regarding the API pricing and API limitations with an ad hoc approach, there is no widely accepted model in the industry. Wherefore answering questions regarding API limitations (e.g., determining whether or not a certain pricing is valid) is still a manual or non-interoperable process coming along with some inconveniences (being tedious, time-consuming, error-prone, etc.). Understating governance as to how a system is directed and controlled, we translate this concept to meet the SLA-driven approach: we consider the SLA (i.e., API pricing) as the element that will drive the directions, policies and rules to deliver and maintain the RESTful System. Adding the SLA to the idea of governance of RESTful systems leads to the main hypothesis of this dissertation: there is no well-established model for describing API pricings)in RESTful systems, which is hindering the automatic SLA-Driven governance. We claim the main goal of this thesis to be: the creation of an expressive, fully-fledged specification of SLAs for RESTful APIs endorsed with an open ecosystem of tools aimed at the SLA-Driven Governance of RESTful systems. The results of this endeavor are twofold: (I) Creation of a sufficiently expressive specification for the description of API pricings and the analysis of their validity. This comprises: (i) conducting an analysis of real-world APIs to evaluate the characteristics of the API pricings and limitations; (ii) identifying the relevance of SLAs in APIs in both academic and industrial scenarios; (iii) proposing a comprehensive model for describing API pricings; (iv) defining analysis operations for common questions regarding the validity in API pricings and limitations; (v) performing an evaluation of the model in real-world APIs. (II) Implementation of an ecosystem of tools to support the SLA-Driven governance of RESTful APIs. This includes: (i) developing a set of API governance tools; (ii) implementing a validity analysis operation; (iii) performing a validation of the tools and operations in realistic scenarios. In this thesis, we present the Governify4APIs ecosystem as the set comprised of (i) a model aimed at describing API pricings that is closely aligned with industry standards in APIs (OpenAPI Specification) and (ii) a set of companion tools for enacting the automatic governance using our specification, ranging from low-level validation tasks to SaaS solutions based on our model. Governify4APIs is, therefore, a fully-fledged specification, aligned with the mainstream standards and intended to enable an SLA-Driven Governance of RESTful Systems.El paradigma del software como servicio (SaaS) se ha afianzado en la industria como modelo de despliegue, aportando flexibilidad a los clientes y unos ingresos constantes a las organizaciones. El principal paradigma arquitectónico de los sistemas SaaS es la arquitectura orientada a servicios, ya que proporciona numerosas ventajas en términos de elasticidad, tolerancia a fallos y diseño flexible. RESTful, una capa de abstracción sobre el servidor creada mediante la definición de recursos y entidades a las que se puede acceder mediante una URI, es la opción preferida para la construcción de SaaS, ya que promueve el despliegue, el aislamiento y la integración de microservicios a través de APIs. Hoy en día, las APIs se consideran una nueva forma de producto empresarial y cada vez más organizaciones abren públicamente el acceso a sus APIs como forma de crear nuevas oportunidades de negocio. Del mismo modo, otras organizaciones también consumen una serie de APIs de terceros como parte de su negocio. A partir de ahora definimos el concepto de Sistema RESTful como un sistema de información que sigue el paradigma RESTful para conformar el modelo de integración tanto entre sus propios componentes como con otros sistemas de información. Además, entendiendo gobierno como la forma en que se dirige y controla un componente, en los sistemas RESTful, esos componentes serán las APIs RESTful y lo que pretendemos controlar o regular es su comportamiento (es decir, cómo se está consumiendo o proporcionando una API). Dado que las APIs están, cada vez más, siendo consideradas como productos comerciales, una actividad crucial es describir el conjunto de planes (es decir, el pricing) que describe la funcionalidad y el rendimiento que se ofrece a los clientes. Los proveedores de API suelen definir ciertas limitaciones en cada instancia de un plan (por ejemplo, quotas y rates); por ejemplo, un plan gratuito podría estar limitado a tener cien peticiones mensuales, y un plan profesional a tener quinientas peticiones mensuales. Sin embargo, aunque los proveedores de APIs utilizan el concepto de Acuerdo de Nivel de Servicio (SLA) para delimitar la funcionalidad y las garantías a las que se comprometen con sus clientes, no existe ningún modelo estándar usado por los proveedores para modelar el pricing de las API (incluyendo los planes y limitaciones). Aunque algunos proveedores modelan la información relativa a los pricings y las limitaciones de las APIs con un enfoque ad hoc, no existe un modelo ampliamente aceptado en el sector. Por lo tanto, responder a las preguntas relativas a las limitaciones de la APIs (por ejemplo, determinar si un determinado pricing es válido o no) sigue siendo un proceso manual o no interoperable, cosa que conlleva algunos inconvenientes (es tedioso, consume tiempo, es propenso a errores, etc.). Entendiendo el gobierno como la forma de dirigir y controlar un sistema, podemos traducir este concepto teniendo en cuenta el SLA, esto es, consideramos este elemento como aquel sobre el que se realiza la dirección, políticas y reglas para entregar y mantener el sistema RESTful. Añadir el concepto SLA a esa idea de gobierno de sistemas RESTful nos lleva a la hipótesis principal de esta tesis: no existe un modelo bien establecido para describir los SLAs (o pricing) en los sistemas RESTful, lo que está dificultando el gobierno automático. Es, por tanto, el objetivo principal de esta tesis la creación de una especificación expresiva y completa de SLAs para APIs RESTful, respaldada por un ecosistema abierto de herramientas orientadas al gobierno de sistemas RESTful dirigido por SLAs. Los resultados principales han sido: (I) Creación de una especificación suficientemente expresiva para la descripción de los pricings de la API y el análisis de su validez. Esto comprende: (i) realizar un análisis de APIs del mundo real para evaluar las características de los pricings y limitaciones de las APIs; (ii) identificar la relevancia de los SLAs en las APIs tanto en escenarios académicos como industriales; (iii) proponer un modelo completo para describir los pricings de las APIs; (iv) definir operaciones de análisis para preguntas comunes sobre la validez en los pricings y limitaciones de las APIs; (v) realizar una evaluación del modelo en APIs del mundo real. (II) Implementación de un ecosistema de herramientas para apoyar la gobernanza SLA-Driven de las APIs RESTful. Esto incluye: (i) desarrollar un conjunto de herramientas de gobierno de APIs; (ii) implementar una operación de análisis de validez; (iii) realizar una validación de las herramientas y operaciones en escenarios realistas. En esta tesis, presentamos el ecosistema Governify4APIs como el conjunto compuesto por (i) un modelo destinado a describir los pricings de las APIs y alineado estrechamente con los estándares de la industria (OpenAPI) y (ii) un conjunto de herramientas complementarias para el gobierno automático utilizando este modelo, que van desde tareas de validación hasta soluciones SaaS. Por lo tanto, Governify4APIs es una especificación acompañada de todo lo necesario, alineada con los estándares industriales y destinada a permitir un gobierno de sistemas RESTful dirigidos por SLAs

Automating SLA-Driven API Development with SLA4OAI

The OpenAPI Specification (OAS) is the de facto standard to describe RESTful APIs from a functional perspective. OAS has been a success due to its simple model and the wide ecosystem of tools supporting the SLA-Driven API development lifecycle. Unfortunately, the current OAS scope ignores crucial information for an API such as its Service Level Agreement (SLA). Therefore, in terms of description and management of non-functional information, the disadvantages of not having a standard include the vendor lock-in and prevent the ecosystem to grow and handle extra functional aspects. In this paper, we present SLA4OAI, pioneering in extending OAS not only allowing the specification of SLAs, but also supporting some stages of the SLA-Driven API lifecycle with an open-source ecosystem. Finally, we validate our proposal having modeled 5488 limitations in 148 plans of 35 real-world APIs and show an initial interest from the industry with 600 and 1900 downloads and installs of the SLA Instrumentation Library and the SLA Engine.Ministerio de Economía y Competitividad TIN2015-70560-RMinisterio de Ciencia, Innovación y Universidades RTI2018-101204-B-C21Ministerio de Educación, Cultura y Deporte FPU15/0298

Fostering SLA-Driven API Specifications

Software architecture tendencies are shifting to a microservice paradigm. In this context, RESTful APIs are being established the standard of integration. API designer often identifies two key issues to be competitive in such growing market. On the one hand, the generation of accurate documentation of the behavior and capabilities of the API to promote its usage; on the other hand, the design of a pricing plan that fits into the potential API user’s needs. Besides the increasing number of API modeling alternatives is emerging, there is a lack of proposals on the definition of flexible pricing plans usually contained in the Service Level Agreements (SLAs). In this paper we propose two different modeling techniques for the description of SLA in a RESTful API context: iAgree and SLA4OAI.Ministerio de Economía y Competitividad TIN2015-70560-RJunta de Andalucía P12-TIC-1867Ministerio de Economía y Competitividad TIN2014-53986-RED

ELeCTRA: Induced Usage Limitations Calculation in RESTful APIs

As software architecture design is evolving to microservice paradigms, RESTful APIs become the building blocks of applications. In such a scenario, a growing market of APIs is proliferating and developers face the challenges to take advantage of this reality. For example, third-party APIs typically define different usage limitations depending on the purchased Service Level Agreement (SLA) and, consequently, performing a manual analysis of external APIs and their impact in a microservice architecture is a complex and tedious task. In this demonstration paper, we present ELeCTRA, a tool to automate the analysis of induced usage limitations in an API, derived from its usage of external APIs. This tool takes the structural, conversational and SLA specifications of the API, generates a visual dependency graph and translates the problem into a constraint satisfaction optimization problem (CSOP) to obtain the optimal usage limitations.Ministerio de Economía y Competitividad TIN2015-70560-RJunta de Andalucía P12–TIC–1867Ministerio de Economía y Competitividad TIN2014-53986-REDTMinisterio de Educación, Cultura y Deporte FPU15/0298

Gobierno de APIs REST basado en SLAs

CONTEXTO La evolución de la industria hacia un modelo de software como servicio ha favorecido la aparición de un mercado de APIs en continuo crecimiento. En este contexto es necesario para los desarrolladores de APIs dar soporte a planes de precio y gestión de niveles de servicio. Para desacoplar la lógica de la API de estas tareas se han creado plataformas de gestión denominadas API Gateways. Sin embargo, estas plataformas presentan bastantes limitaciones debido a que no establecen un modelo de SLA explícito. OBJETIVOS En este trabajo se pretende realizar un estudio del estado del arte de las APIs y SaaS existentes en el mercado para comprobar las necesidades en cuanto a planes de precio y gestión de peticiones, además de estudiar los API Gateways para analizar sus funcionalidades y así construir una herramienta que proporcione soporte a las APIs para cubrir tales necesidades. RESULTADOS La investigación realizada durante este trabajo ha dado como resultado una framework que cualquier API puede incorporar, personalizable con plantillas de SLA, que dota a la API de forma automática de un sistema de gestión de autorización de peticiones basadas en cuotas establecidas en los acuerdos. Además se ha realizado un estudio de las necesidades de las APIs y características de algunos API Gateways. CONCLUSIONES En un contexto donde existe un mercado abierto y en crecimiento de APIs con modelos de precio muy variados, el framework desarrollado establece los fundamentos de un gobierno automatizado de las APIs, simplificando y abriendo la puerta a otros que tengan en cuenta elementos como los costes de infraestructura y modelos avanzados de penalizaciones. Las contribuciones de este trabajo han permitido la elaboración de un artículo para un congreso nacional y han servido de base para complementar material de algunas prácticas docentes en asignaturas de la Escuela.Universidad de Sevilla. Grado en Ingeniería Informática - Tecnologías Informática

Governify for APIs: SLA-Driven Ecosystem for API Governance

As software architecture design is evolving to a microservice paradigm, RESTful APIs are being established as the preferred choice to build applications. In such a scenario, there is a shift towards a growing market of APIs where providers offer different service levels with tailored limitations typically based on the cost. In such a context, while there are well-established standards to describe the functional elements of APIs (such as the OpenAPI Specification), having a standard model for Service Level Agreements (SLAs) for APIs may boost an open ecosystem of tools that would represent an improvement for the industry by automating certain tasks during the development. In this paper, we introduce Governify for APIs, an ecosystem of tools aimed to support the user during the SLA-Driven RESTful APIs’ development process. Namely, an SLA Editor, an SLA Engine and an SLA Instrumentation Library. We also present a fully operational SLA-Driven API Gateway built on the top of our ecosystem of tools. To evaluate our proposal, we used three sources for gathering validation feedback: industry, teaching and research.Ministerio de Economía y Competitividad TIN2015- 70560-RMinisterio de Ciencia, Innovación y Universidades RTI2018-101204-B-C21Ministerio de Educación, Cultura y Deporte FPU15/0298

Towards SLA modeling for RESTful APIs

The term of API Economy is becoming increasingly used to describe the change of vision in how APIs can add value to the organizations. Furthermore, a greater automation of RESTful APIs management can suppose a competitive advantage for the company. New proposals are emerging in order to automatize some API governance tasks and increase the ease of use (e.g. generation of code and documentation). Despite that, the non-functional aspects are often addressed in a highly specific manner or even there not exists any solution for an automatic governance. Nevertheless, these properties are already defined in natural language at the Service Level Agreement (SLA) that both customer and provided have established. In this paper, we carry out a study on the *aaS industry and analyze the current both API modeling and SLA modeling proposals in order to identify the open challenges for an automatic RESTful API governance.Ministerio de Economía y Competitividad TIN2015-70560-RMinisterio de Economía y Competitividad P12–TIC-1867Ministerio de Economía y Competitividad TIN2014-53986-RED

Towards SLA-Driven API Gateways

As APIs are becoming popular to build Service-Based Ap- plications (SBA), API Gateways are being increasingly used to facilitate API features management. They o er API management functionalities such as pricing plans support, user authentication, API versioning or response caching. Some parts of the information that an API Gateway needs are already included into a Service Level Agreement (SLA), that providers use to describe the rights and the obligations of involved par- ties in the service. Unfortunately, current API Gateways do not use any SLA representation model nor SLA underlying technology, thereby miss- ing potential opportunities. In this paper we analyze the state of the art to justify the current situation and we identify some research challenges so as to achieve SLA-Driven API Gateways.European CommissionSpanish and the Andalusian R&D&I programs TIN201232273Spanish and the Andalusian R&D&I programs TIC5906Spanish and the Andalusian R&D&I programs P12TIC-1867Spanish and the Andalusian R&D&I programs TIN2014-53986-RED

An Analysis of RESTful APIs Offerings in the Industry

As distribution models of information systems are moving to XaaS paradigms, microservices architectures are rapidly emerging, having the RESTful principles as the API model of choice. In this context, the term of API Economy is being used to describe the increasing movement of the industries in order to take advantage of exposing their APIs as part of their service offering and expand its business model. Currently, the industry is adopting standard specifications such as OpenAPI to model the APIs in a standard way following the RESTful principles; this shift has supported the proliferation of API execution platforms (API Gateways) that allow the XaaS to optimize their costs. However, from a business point of view, modeling offering plans of those APIs is mainly done ad-hoc (or in a platform-dependent way) since no standard model has been proposed. This lack of standardization hinders the creation of API governance tools in order to provide and automate the management of business models in the XaaS industry. This work presents a systematic analysis of 69 XaaS in the industry that offer RESTful APIs as part of their business model. Specifically, we review in detail the plans that are part of the XaaS offerings that could be used as a first step to identify the requirements for the creation of an expressive governance model of realistic RESTful APIs. Additionally, we provide an open dataset in order to enable further analysis in this research line.Ministerio de Economía y Competitividad TIN2015-70560-RJunta de Andalucía P12-TIC-1867Ministerio de Educación, Cultura y Deportes FPU15/0298

SLA-driven governance for RESTful systems

Sofware distribution models are moving to SaaS paradigms where customers no longer need to buy a perpetual license. In this con text, SaaS providers leverage the Service Level Agreement (SLA) concept to delimit the functionality and guarantees to which they commit to their customers. However, although formal specifications for the definition of SLAs have been proposed, providers usually have an ad-hoc approach with a low degree of automation. This approach confirms the fact that the SaaS industry has not incorporated the idea of an SLA model that can be implemented within the infrastructure as a decision mechanism. This instrumentation would be of special interest in RESTful microser vice architectures in providing an automated governance framework for the service catalog and regulating the behavior of each component in the context of the agreements reached with each client. This thesis project is divided in four stages: i) Establishing a sufficiently expressive specification for the description of RESTful microservices reg ulated by advanced SLAs; ii) Develop a catalog of SLA analysis and management operations to support the governance of micro-service ar chitectures; iii) Implement a SLAs management ecosystem to support the government of RESTful microservices; iv) Consolidation of the Governify platform to validate the proposal in industrial environments.Ministerio de Educación, Cultura y Deporte FPU15/02980Ministerio de Economía y Competitividad BELI (TIN2015-70560-R)Junta de Andalucia COPAS (P12–TIC-1867)