Resumen de Automated Management of Inter-Parameter Dependencies in Web APIs. The IDL Tool Suite
Saman Alias Barakat
Web Application Programming Interfaces (APIs) often include dependencies that restrict how input parameters can be combined for making valid calls to the service. These inter-parameter dependencies are prevalent, appearing in 4 out of every 5 APIs across various application domains. However, current API specification languages, such as the OpenAPI Specification (OAS), lack formal mechanisms for describing them. Instead, developers rely on informal natural-language descriptions, which lead to ambiguities and hinder automation. In previous work, the ISA research group introduced IDL (Inter-parameter Dependency Language), a domain-specific language tailored for the formal specification of inter-parameter dependencies, and IDLReasoner, a Java-based library for the automated analysis of IDL specifications. Both contributions have been leveraged by different groups of authors in the context of test case generation for REST APIs, enabling the detection of hundreds of bugs in commercial APIs such as Amadeus, GitHub, Yelp, and YouTube.
Despite advances in testing, IDL and IDLReasoner have exposed serious limitations in terms of performance, explainability, and integration with other tools. Additionally, their potential applications beyond testing remain largely unexplored. Key domains such as code generation and API gateways, for example, face substantial challenges due to the lack of support for inter-parameter dependencies. In code generation, existing tools fail to account for dependencies among input parameters, requiring developers to manually implement validation logic---a process that is both laborious and error-prone. Similarly, current request validators integrated into API gateways fail to detect or explain invalid requests that violate these dependencies. This shortcoming leads to wasted resources, user dissatisfaction, and input validation failures.
The primary objective of this dissertation is to extend and enhance existing tool support for the automated management of inter-parameter dependencies in web APIs, and leverage it in novel applications to code generation and API gateways. Regarding tool support, we present the IDL Tool Suite, a set of tools for the automated management of inter-parameter dependencies in web APIs. The suite, built on top of IDL, includes a new analysis engine---overcoming the performance limitations of IDLReasoner---, a new analysis operation for explainability, a web API to ease integration, and a website, among others.
Regarding applications, in code generation, we introduce IDLGen, a tool designed to automate the generation of validation code for inter-parameter dependencies in Java and Python server projects. IDLGen was evaluated using 14 API operations, generating up to 9.4 times more validation code than a state-of-the-art code generator. An empirical study involving 81 participants revealed that IDLGen saves an average of 16 minutes (for one dependency) to 24 minutes (for three dependencies) per API operation. More importantly, the generated code minimizes the risk of errors, significantly improving API robustness and reliability.
In the context of API gateways, we introduced IDLFilter to detect and explain inter-parameter dependency violations. Our prototype, IDLFilter, built on Spring Cloud Gateway, was evaluated using 12 industrial API operations, 30K API calls, and an experiment with 151 participants. The results show that our approach effectively blocks invalid calls caused by dependency violations, provides informative error messages, and minimizes potential input validation failures. IDLFilter introduces a modest 7\% overhead when processing valid API requests, while reducing the response time of requests with dependency violations by 59\%.
Overall, this dissertation provides advanced tool support for the automated management of inter-parameter dependencies in web APIs, laying a foundation for accelerating the development of more reliable service-oriented applications.
