A Catalogue of Inter-parameter Dependencies in RESTful Web APIs

Web services often impose dependency constraints that restrict the way in which two or more input parameters can be combined to form valid calls to the service. Unfortunately, current specification languages for web services like the OpenAPI Specification provide no support for the formal description of such dependencies, which makes it hardly possible to automatically discover and interact with services without human intervention. Researchers and practitioners are openly requesting support for modelling and validating dependencies among input parameters in web APIs, but this is not possible unless we share a deep understanding of how dependencies emerge in practice—the aim of this work. In this paper, we present a thorough study on the presence of dependency constraints among input parameters in web APIs in industry. The study is based on a review of more than 2.5K operations from 40 real-world RESTful APIs from multiple application domains. Overall, our findings show that input dependencies are the norm, rather than the exception, with 85% of the reviewed APIs having some kind of dependency among their input parameters. As the main outcome of our study, we present a catalogue of seven types of dependencies consistently found in RESTful web APIs.

[1]  Jordi Cabot,et al.  Automatic Generation of Test Cases for REST APIs: A Specification-Based Approach , 2018, 2018 IEEE 22nd International Enterprise Distributed Object Computing Conference (EDOC).

[2]  Alberto Martin-Lopez,et al.  Test coverage criteria for RESTful web APIs , 2019, A-TEST@ESEC/SIGSOFT FSE.

[3]  Daniel Jacobson,et al.  APIs: A Strategy Guide , 2011 .

[4]  Sergio Segura,et al.  Metamorphic Testing of RESTful Web APIs , 2018, IEEE Transactions on Software Engineering.

[5]  Vaggelis Atlidakis,et al.  REST-ler: Automatic Intelligent REST API Fuzzing , 2018, ArXiv.

[6]  Diletta Cacciagrano,et al.  Dynamic Constraint-Based Invocation of Web Services , 2006, WS-FM.

[7]  Jun Wei,et al.  Inferring Data Contract for Web-Based API , 2014, 2014 IEEE International Conference on Web Services.

[8]  Antonio Ruiz-Cortés,et al.  Automating SLA-Driven API Development with SLA4OAI , 2019, ICSOC.

[9]  Leonard Richardson,et al.  RESTful Web APIs , 2013 .

[10]  Andrea Arcuri,et al.  RESTful API Automated Test Case Generation with EvoMaster , 2019, ACM Trans. Softw. Eng. Methodol..

[11]  Tao Xie,et al.  Inferring dependency constraints on parameters for web services , 2013, WWW.

[12]  Joeri De Koster,et al.  Inter-parameter Constraints in Contemporary Web APIs , 2017, ICWE.

[13]  Roy Fielding,et al.  Architectural Styles and the Design of Network-based Software Architectures"; Doctoral dissertation , 2000 .

[14]  Sergio Segura,et al.  Automated analysis of feature models 20 years later: A literature review , 2010, Inf. Syst..

[15]  Chao Liu,et al.  Ontology-based Web Service robustness test generation , 2009, 2009 11th IEEE International Symposium on Web Systems Evolution.