Web APIs are ubiquitous and of utmost importance to industry, says Erik Wittern, thereby underlining Brad Myers’ words earlier today. The growth in the number of APIs of the past 20 years is enormous. These APIs focus a lot on similicity and flexibility.
Erik observes that the consumption of Web APIs is very challenging, because they are basically string-based interfaces without any means of checking, such as a type system. Additionally, Web APIs change at tremendous speed, up to multiple times per day, as is the case for Twitters API. This is underlines by the existence of web services that focus on identifying changes of APIs. Another problem with Web APIs is that they are controlled by a 3rd-party and, as a result, the quality of service (QoS) may vary for consumers and end users, depending on their geolocation.
Erik observes a large gap between the activity in industry vs. the activity of researchers in this field.
Industry proposed a set of formats for the specifications of Web APIs though machine-readable API contracts, which describe information like the APIs base URL, available endpoints, required and optional parameters and data returned by the API, and additional constraints, such as headers, authentication, rate limits, etc.. In his work, Erik aims to provide static verification of Web API Requests against existing specifications. To this end, he extracts properties from the API call and automatically matches it against existing API specifications. Then he detects mismatches between the specification and the call, to assist developer in correcting their API calls. He demonstrates his research prototype, an Atom integration of API Harmony, in a short video:
Some of the open challenges include, but are not limited to
- ensuring that API specifications are up to date,
- inferring specification, e.g., from available text documentation, and
- learning how actual API usage might deviate from the intended usage/specification.