Skip to main content
SpringerLink
Log in

WEBAPIK: a body of structured knowledge on designing web APIs

  • Original Article
  • Published:
Requirements Engineering Aims and scope Submit manuscript

Abstract

With the rise in initiatives such as software ecosystems and Internet of Things (IoT), developing robust web Application Programming Interfaces (web APIs) has become an increasingly important practice. One main concern in developing web APIs is that they expose back-end systems and data toward clients. This exposure threatens critical non-functional requirements, such as the security of back-end systems, the performance of provided services, and the privacy of communications with clients. Although dealing with non-functional requirements during software design has been long studied, there is still little guide on addressing these requirements in web APIs. In this paper, we present WEBAPIK, a body of structured knowledge on addressing non-functional requirements in the design of web APIs. WEBAPIK is comprised of 27 distinct non-functional requirements, 37 distinct design techniques to address some of the identified requirements, and the trade-offs of 22 design techniques, presented in two forms of natural language and knowledge graphs. The design knowledge compiled in WEBAPIK is systematically extracted and aggregated from 80 heterogeneous online literature resources, including 7 books, 15 weblogs and tutorial, 5 vendor white papers, 6 design standards, and 47 research papers. These resources are systematically retrieved from two search engines of Google and Google Scholar and five research databases of Web of Science, IEEE Xplore, ACM Digital Library, SpringerLink, and ScienceDirect in two periods of March to August 2018 and August 2022. WEBAPIK gathers and structures expert and scholarly discussions to provide insight about addressing non-functional requirements in the design of web APIs. The structure brought to the design knowledge makes it amenable towards extension and creates the potential for employing it in the database of knowledge-based systems that aid software developers in design decision-making.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22
Fig. 23
Fig. 24
Fig. 25
Fig. 26
Fig. 27
Fig. 28
Fig. 29
Fig. 30
Fig. 31
Fig. 32
Fig. 33
Fig. 34
Fig. 35
Fig. 36
Fig. 37
Fig. 38
Fig. 39
Fig. 40
Fig. 41

Similar content being viewed by others

Notes

  1. The * symbol identifies variations of the search term, e.g., the plural form of a noun or gerund form of a verb.

  2. X .509 is proposed and implemented for communications over internet, and with HTML and REST APIs. However, we expose and focus on the general mutual authentication pattern used in this mechanism.

  3. https://github.com/m-h-s/RAPID.

References

  1. Jansen S, Finkelstein A, Brinkkemper S (2009) A sense of community: a research agenda for software ecosystems. In: Proceedings of 31st international conference on software engineering—companion volume, IEEE. pp 187–190

  2. Sadi MH, Yu E (2014) Analyzing the evolution of software development: from creative chaos to software ecosystems. In: Eighth international conference on research challenges in information science (RCIS), IEEE. pp 1–11

  3. Tan L, Wang N (2010) Future internet: the internet of things. In: 2010 3rd international conference on advanced computer theory and engineering (ICACTE), IEEE. vol 5, pp V5–376

  4. Bosch J (2010) Architecture challenges for software ecosystems. In: Proceedings of the fourth European conference on software architecture: companion volume, ACM. pp 93–95

  5. Vukovic M, Laredo J, Rajagopal S (2014) API terms and conditions as a service. In: 2014 IEEE international conference on services computing, IEEE. pp 386–393

  6. Weber RH (2010) Internet of Things-New security and privacy challenges. Comput Law Secur Rev 26(1):23–30

    Article  Google Scholar 

  7. Sicari S, Rizzardi A, Grieco LA, Coen-Porisini A (2015) Security, privacy, and trust in Internet of Things: the road ahead. Comput Netw 76:146–164

    Article  Google Scholar 

  8. Stylos J, Myers B (2007) Mapping the space of API design decisions. In: Visual languages and human-centric computing, 2007. VL/HCC 2007. In: IEEE symposium on IEEE. pp 50–60

  9. Myers BA, Stylos J (2016) Improving API usability. Commun ACM 59(6):62–69

    Article  Google Scholar 

  10. Siriwardena P (2014) Advanced API security: securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE Apress, Berkeley, CA

  11. De B (2017) API management: an Architect's guide to developing and managing APIs for your organization, 1st edn. Apress, Berkeley, CA March 2017

  12. Vijayakumar T (2018) Practical API architecture and development with Azure and AWS. Apress, Berkeley, CA

    Book  Google Scholar 

  13. Madden N (2020) API security in action. Manning Publications, New York

    Google Scholar 

  14. Richardson C Pattern: API Gateway. Backend for Front-End, 37-40, Available at http://microservices.io/patterns/apigateway.html

  15. RFC 6749 (2012) The OAuth 2.0 authorization framework, Available at https://www.rfc-editor.org/rfc/rfc6749.

  16. Sakimura N, Bradley D, de Mederiso B, Jones M, Jay E (2012) OpenID connect standard 1.0-draft 09, Available at https://openid.net/specs/openid-connect-standard-1_0-09.html.

  17. Sun ST, Beznosov K (2012) The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems. In: Proceedings of the 2012 ACM conference on Computer and communications security, ACM. pp 378–390

  18. Li W, Mitchell CJ (2016) Analyzing the security of Google’s implementation of OpenID Connect. In: International conference on detection of intrusions and malware, and vulnerability assessment, Springer, Cham. pp 357–376

  19. Cataldo M, Herbsleb JD (2010) Architecting in software ecosystems: interface translucence as an enabler for scalable collaboration. In: Proceedings of the fourth European conference on software architecture: companion volume, ACM. pp 65–72

  20. Bloch J (2006) How to design a good API and why it matters. In: Companion to the 21st ACM SIGPLAN symposium on Object-oriented programming systems, languages, and applications, ACM. pp 506–507

  21. Henning M (2009) API design matters. Commun ACM 52(5):46–56

    Article  Google Scholar 

  22. Kitchenham B (2004) Procedures for performing systematic reviews. Keele, UK, Keele University, Technical report TR/SE-0401, 1–26

  23. Dyba T, Kitchenham BA, Jorgensen M (2005) Evidence-based software engineering for practitioners. IEEE Softw 22(1):58–65

    Article  Google Scholar 

  24. Wohlin C (2014) Guidelines for snowballing in systematic literature studies and a replication in software engineering. In: Proceedings of the 18th international conference on evaluation and assessment in software engineering, pp 1–10

  25. Flick U (2009) An introduction to qualitative research. Sage, Thousand Oaks

    Google Scholar 

  26. Saldaña J (2009) The coding manual for qualitative researchers. Sage, Thousand Oaks

    Google Scholar 

  27. Thomas DR (2006) A general inductive approach for analyzing qualitative evaluation data. Am J Eval 27(2):237–246

    Article  Google Scholar 

  28. Hogan A, Blomqvist E, Cochez M, d’Amato C, de Melo G, Gutierrez C, Labra Gayo JE, Kirrane S, Neumaier S, Polleres A, Navigli R, Ngonga Ngomo AC, Rashid SM, Rula A, Schmelzeisen L, Sequeda J, Staab S, Zimmermann A (2020) Knowl Graphs ACM Comput Surv (CSUR) 54(4):1–37

    Google Scholar 

  29. Sadi M H (2020) Assisting with API design through reusing design knowledge. Doctoral dissertation, University of Toronto (Canada)

  30. Pillai S, Iijima K, O’Neill M, Santoro J, Jain A, Ryan F (2021) Magic quadrant for full life cycle API management. The Gartner Group

  31. Chung L, Nixon BA, Yu E, Mylopoulos J (2000) Non-functional requirements in software engineering, vol 5. Springer, Berlin

    Book  MATH  Google Scholar 

  32. Gamma E, Helm R, Johnson R, Vlissides J (1993) Design patterns: abstraction and reuse of object-oriented design. In: European conference on object-oriented programming, pp 406–431

  33. ISO/IEC TS 25011: 2017 Information technology—systems and Software Quality Requirements and Evaluation (SQuaRE)—service quality models, Available at: https://www.iso.org/obp/ui#iso:std:iso-iec:ts:25011:ed-1:v2:en.

  34. Bass L, Clements P, Kazman R (2003) Software architecture in practice. Addison-Wesley Professional, Boston

    Google Scholar 

  35. Kruchten PB (1995) The 4+1 view model of architecture. IEEE Softw 12(6):42–50

    Article  Google Scholar 

  36. Akana Documents, How to Accelerate API adoption—available at https://www.akana.com/blog/api-adoption on 2019-08-13

  37. Bermbach D, Wittern E (2016) Benchmarking web API quality. In: International conference on web engineering. Springer, Cham, pp 188–206

  38. Zghidi A, Hammouda I, Hnich B, Knauss E (2017) On the role of fitness dimensions in API design assessment-an empirical investigation. In: 2017 IEEE/ACM 1st international workshop on API usage and evolution (WAPI). IEEE, pp 19–22

  39. Richardson C Building Micro-Services: Inter-process communication in a micro-service architecture, Available at https://www.nginx.com/blog/building-microservices-inter-process-communication/

  40. McLellan SG, Roesler AW, Tempest JT, Spinuzzi CI (1998) Building more usable APIs. IEEE Softw 15(3):78–86

    Article  Google Scholar 

  41. Robillard MP (2009) What makes APIs hard to learn? Answers from developers. IEEE Softw 26(6):27–34

    Article  Google Scholar 

  42. Robillard MP, Deline R (2011) A field study of API learning obstacles. Empir Softw Eng 16(6):703–732

    Article  Google Scholar 

  43. Piccioni M, Furia CA, Meyer B (2013) An empirical study of API usability. In: 2013 ACM/IEEE international symposium on empirical software engineering and measurement, IEEE. pp 5–14

  44. Zibran MF, Eishita FZ, Roy CK (2011) Useful, but usable? factors affecting the usability of APIs. In: 18th working conference on reverse engineering (WCRE), 2011, IEEE. pp 151–155

  45. Scheller T, Kühn E (2015) Automated measurement of API usability: the API concepts framework. Inf Softw Technol 61:145–162

    Article  Google Scholar 

  46. Koçi R, Franch X, Jovanovic P, Abelló A (2020) A data-driven approach to measure the usability of web APIs. In: 2020 46th Euromicro conference on software engineering and advanced applications (SEAA), IEEE. pp 64–71

  47. Bore C, Bore S (2005) Profiling software API usability for consumer electronics. In: 2005 digest of technical papers. International conference on consumer electronics, 2005. ICCE, IEEE. pp 155–156

  48. Rama GM, Kak A (2015) Some structural measures of API usability. Softw Pract Exp 45(1):75–110

    Article  Google Scholar 

  49. Rauf I, Troubitsyna E, Porres I (2019) Systematic mapping study of API usability evaluation methods. Comput Sci Rev 33:49–68

    Article  Google Scholar 

  50. Mosqueira-Rey E, Alonso-Ríos D, Moret-Bonillo V, Fernández-Varela I, Álvarez-Estévez D (2018) A systematic approach to API usability: taxonomy-derived criteria and a case study. Inf Softw Technol 97:46–63

    Article  Google Scholar 

  51. Grill T, Polacek O, Tscheligi M (2012) Methods towards API usability: a structural analysis of usability problem categories. In: International conference on human-centered software engineering. Springer, Berlin, pp 164–180

  52. Xu J, Wang Y, Chen P, Wang P (2017) Lightweight and adaptive service API performance monitoring in highly dynamic cloud environment. In: 2017 IEEE international conference on services computing (SCC), IEEE. pp 35–43

  53. Bermbach D, Wittern E (2019) Benchmarking web API quality—revisited. arXiv preprint arXiv:1903.07712

  54. Adeborna E, Fletcher KK (2020) An empirical study of web API quality formulation. In: International conference on services computing. Springer, Cham, pp. 145–153

  55. MuleSoft. Guide to API Security, Available at https://www.mulesoft.com/resources/api/api-security. Retrieved on 2022-08-15

  56. Villanueva JC. Comparing load balancing algorithms. Available at https://www.jscape.com/blog/load-balancing-algorithms

  57. Kemp Technologies White Paper. Load balancing algorithms and techniques, Available at https://kemptechnologies.com/load-balancer/load-balancing-algorithms-techniques/

  58. Microsoft Documents. Caching, Available at https://docs.microsoft.com/en-us/azure/architecture/best-practices/caching

  59. Richardson C. Building Micro-services: Using an API Gateway, Available at https://www.nginx.com/blog/building-microservices-using-an-api-gateway/

  60. Fowler M (2002) Patterns of enterprise architecture applications, 1st edn. Addison-Wesley Professional, Boston

    Google Scholar 

  61. Fowler M Gateway Pattern, Available at https://martinfowler.com/eaaCatalog/gateway.html

  62. Richardson C Service Discovery in a Micro-Service Architecture. Available at https://www.nginx.com/blog/service-discovery-in-a-microservices-architecture/

  63. Richardson C Pattern: Self Registration. Available at https://microservices.io/patterns/self-registration.html

  64. Richardson C Pattern: 3rd Party Registration. Available at https://microservices.io/patterns/3rd-party-registration.html

  65. Dey S, Mulloy B (2012) Essential facade patterns—API composition. Available at https://www.slideshare.net/apigee/api-facade-patterns-composition

  66. Richardson C (2017) Pattern: API composition, Available at https://microservices.io/patterns/data/api-composition.html. Retrieved on 2022-08-10

  67. Dey S (2012) Essential API Facade Patterns—synchronous to asynchronous conversion. Available at https://www.slideshare.net/apigee/essential-api-facade-patterns-synchronous-to-asynchronous-conversion-episode-4

  68. Richardson C Pattern: Server-Side Service Discovery. https://microservices.io/patterns/server-side-discovery.html

  69. Richardson C Pattern: Client-Side Service Discovery. Available at https://microservices.io/patterns/client-side-discovery.htmlhttps://microservices.io/patterns/client-side-discovery.html

  70. Hohpe G, Woolf B Enterprise Integration Patterns. Available at https://www.enterpriseintegrationpatterns.com/patterns/messaging/index.html

  71. Hohpe G, Woolf B (2004) Enterprise integration patterns: designing, building, and deploying messaging solutions. Addison-Wesley Professional, Boston

    Google Scholar 

  72. RFC 4158: Internet X509, Public key infrastructure: certification path building, Available at https://tools.ietf.org/html/rfc4158

  73. RFC 5280: Internet X509, Public key infrastructure and certificate revocation list, Available at https://www.rfc-editor.org/rfc/rfc3280

  74. OAuth 2.0, Available at https://oauth.net/2/

  75. OpenID Connect, Available at https://openid.net/connect/

  76. Google Cloud. Why and when to use API keys, Available at https://cloud.google.com/endpoints/docs/openapi/when-why-api-key

  77. Stocker M, Zimmermann O, Zdun U, Lübke D, Pautasso C (2018) Interface quality patterns: communicating and improving the quality of microservices Apis. In: Proceedings of the 23rd European conference on pattern languages of programs, pp 1–16

  78. Tang L, Ouyang L, Tsai WT (2015) Multi-factor web API security for securing Mobile Cloud. In: 2015 12th international conference on fuzzy systems and knowledge discovery (FSKD), IEEE. pp 2163–2168

  79. Fowler, M Circuit Breaker, Available at https://martinfowler.com/bliki/CircuitBreaker.html

  80. Montesi F, Weber J (2016) Circuit breakers, discovery, and API gateways in microservices. arXiv preprint, arXiv:1609.05830

  81. Apigee Reference Material. Comparing Quota, Spike Arrest, and Concurrent Rate Limit Policies, Available at https://docs.apigee.com/api-platform/develop/comparing-quota-spike-arrest-and-concurrent-rate-limit-policies

  82. Wilson Y, Hingnikar A (2019) Solving identity management in modern applications: demystifying OAuth 2.0, OpenID Connect, and SAML 2.0. Apress

  83. Fett D, Küsters R, Schmitz G (2016) A comprehensive formal security analysis of OAuth 2.0. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, pp 1204–1215

  84. Yang F, Manoharan S (2013) A security analysis of the OAuth protocol. In: 2013 IEEE Pacific Rim conference on communications, computers and signal processing (PACRIM), IEEE. pp 271–276

  85. Li W, Mitchell CJ (2014) Security issues in OAuth 2.0 SSO implementations. In: International conference on information security. Springer, Cham. pp 529–541

  86. Ferry E, Raw JO, Curran K (2015) Security evaluation of the OAuth 2.0 framework. Information and Computer Security

  87. Darwish M, Ouda A (2015) Evaluation of an OAuth 2.0 protocol implementation for web server applications. In: 2015 International conference and workshop on computing and communication (IEMCON). IEEE, pp 1–4

  88. Singh J, Chaudhary NK (2022) OAuth 2.0: architectural design augmentation for mitigation of common security vulnerabilities. J Inf Secur Appl 65:103091

    Google Scholar 

  89. Blazquez A, Tsiatsis V, Vandikas K (2015) Performance evaluation of OpenID Connect for an IOT information market-place. In: 2015 IEEE 81st, Vehicular Technology Conference (VTC Spring), pp 1–6

  90. Hammann S, Sasse R, Basin D (2020) Privacy-preserving openid connect. In: Proceedings of the 15th ACM Asia conference on computer and communications security, pp 277–289

  91. Li W, Mitchell CJ (2020) User access privacy in OAuth 2.0 and OpenID connect. In: 2020 IEEE European symposium on security and privacy workshops (EuroSandPW), IEEE. pp 664–6732

  92. Mainka C, Mladenov V, Schwenk J, Wich T (2017) Sok: single sign-on security—an evaluation of openid connect. In: 2017 IEEE European symposium on security and privacy (EuroSandP), IEEE. pp 251–266

  93. Fett D, Küsters R, Schmitz G (2017) The web SSO standard openid connect: in-depth formal security analysis and security guidelines. In: 2017 IEEE 30th computer security foundations symposium (CSF), IEEE. pp 189–202

  94. Navas J, Beltrán M (2019) Understanding and mitigating OpenID connect threats. Comput Secur 84:1–16

    Article  Google Scholar 

  95. Li W, Mitchell CJ, Chen T (2019) Oauthguard: Protecting user security and privacy with oauth 2.0 and openid connect. In: Proceedings of the 5th ACM workshop on security standardisation research workshop, pp 35–44

  96. Mladenov V, Mainka C, Schwenk J (2015) On the security of modern single sign-on protocols: second-order vulnerabilities in openid connect. arXiv preprint arXiv:1508.04324.

  97. Behnel S, Fiege L, Muhl G (2006) On quality-of-service and publish-subscribe. In: 26th IEEE international conference on distributed computing systems workshops (ICDCSW'06), IEEE. pp 20–20

  98. Cugola G, Margara A, Migliavacca M (2009) Context-aware publish-subscribe: model, implementation, and evaluation. In: 2009 IEEE symposium on computers and communications, IEEE. pp 875–881

  99. Costa P, Migliavacca M, Picco GP, Cugola G (2004) Epidemic algorithms for reliable content-based publish-subscribe: an evaluation. In: 24th international conference on distributed computing systems, 2004. Proceedings, IEEE, pp 552–561

  100. Lazidis A, Tsakos K, Petrakis EG (2022) Publish-Subscribe approaches for the IoT and the cloud: functional and performance evaluation of open-source systems. Internet of Things 19:100538

    Article  Google Scholar 

  101. Oh S, Kim JH, Fox G (2010) Real-time performance analysis for publish/subscribe systems. Futur Gener Comput Syst 26(3):318–323

    Article  Google Scholar 

  102. Wardana AA, Perdana RS (2018) Access control on internet of things based on publish/subscribe using authentication server and secure protocol. In: 2018 10th international conference on information technology and electrical engineering (ICITEE), IEEE. pp 118–123

  103. Taibi D, Lenarduzzi V, Pahl C (2018) Architectural patterns for microservices: a systematic mapping study. In: CLOSER 2018: proceedings of the 8th international conference on cloud computing and services science; Funchal, Madeira, Portugal, 19–21 March 2018. SciTePress

  104. Tighilt R, Abdellatif M, Moha N, Mili H, Boussaidi GE, Privat J, Guéhéneuc YG (2020) On the study of microservices antipatterns: a catalog proposal. In: Proceedings of the European conference on pattern languages of programs 2020, pp 1–13

  105. Siegmund J, Siegmund N, Apel S (2015) Views on internal and external validity in empirical software engineering. In: 2015 IEEE/ACM 37th IEEE international conference on software engineering, IEEE, vol 1, pp 9–19

  106. Chung L, Supakkul S (2006) Capturing and reusing functional and non-functional requirements knowledge: a goal-object pattern approach. In: 2006 IEEE international conference on information reuse and integration, IEEE. pp 539–544

  107. Casamayor A, Godoy D, Campo M (2010) Identification of non-functional requirements in textual specifications: a semi-supervised learning approach. Inf Softw Technol 52(4):436–445

    Article  Google Scholar 

  108. Supakkul, S, Chung, L (2010) Visualizing non-functional requirements patterns. In: 2010 fifth international workshop on requirements engineering visualization, IEEE. pp 25–34

  109. Sadi MH, Yu E (2017) Modeling and analyzing openness trade-offs in software platforms: a goal-oriented approach. In: International working conference on requirements engineering: foundation for software quality. Springer, Cham, pp 33–49

  110. Sadi MH, Yu E (2017) Accommodating openness requirements in software platforms: a goal-oriented approach. In: International conference on advanced information systems engineering. Springer, Cham, pp 44–59

  111. Binkhonain M, Zhao L (2019) A review of machine learning algorithms for identification and classification of non-functional requirements. Expert Syst Appl X(1):100001

    Google Scholar 

  112. Buschmann F, Henney K, Schmidt DC (2007) Pattern-oriented software architecture, on patterns and pattern languages, vol 5 Wiley, New York

  113. Aridor Y, Lange DB (1998) Agent design patterns: elements of agent application design. In: Proceedings of the second international conference on Autonomous agents. pp 108–115

  114. Freeman E, Robson E, Bates B, Sierra K (2008) Headfirst design patterns. O’Reilly Media Inc, Sebastopol

    Google Scholar 

  115. Erl T (2008) SOA design patterns (paperback). Pearson Education, London

    Google Scholar 

  116. Heer J, Agrawala M (2006) Software design patterns for information visualization. IEEE Trans Visual Comput Graph 12(5):853–860

    Article  Google Scholar 

  117. Zhang C, Budgen D (2011) What do we know about the effectiveness of software design patterns? IEEE Trans Softw Eng 38(5):1213–1231

    Article  Google Scholar 

  118. Boehm B, In H (1996) Identifying quality-requirement conflicts. IEEE Softw 13(2):25–35

    Article  Google Scholar 

  119. Monroe RT, Kompanek A, Melton R, Garlan D (1997) Architectural styles, design patterns, and objects. IEEE Softw 14(1):43–52

    Article  Google Scholar 

  120. Babar MA, Gorton I, Jeffery R (2005) Capturing and using software architecture knowledge for architecture-based software development. In: Fifth international conference on quality software (QSIC'05), IEEE. pp 169–176

  121. Farshidi S, Jansen S, van der Werf JM (2020) Capturing software architecture knowledge for pattern-driven design. J Syst Softw 169:110714

    Article  Google Scholar 

  122. Kruchten P (2010) Where did all this good architectural knowledge go? In: European conference on software architecture. Springer, Berlin, pp 5–6

  123. Kazman R, Klein M, Barbacci M, Longstaff T, Lipson H, Carriere J (1998) The architecture trade-off analysis method. In: Fourth IEEE international conference on engineering of complex computer systems, 1998. ICECCS'98. Proceedings, IEEE. pp 68–78

  124. Tang A, Jin Y, Han J (2007) A rationale-based architecture model for design traceability and reasoning. J Syst Softw 80(6):918–934

    Article  Google Scholar 

  125. Dürschmid T, Kang E, Garlan D (2019) Trade-off-oriented development: making quality attribute trade-offs first-class. In: 2019 IEEE/ACM 41st international conference on software engineering: new ideas and emerging results (ICSENIER), IEEE. pp 109–112

  126. Robillard M, Walker R, Zimmermann T (2009) Recommendation systems for software engineering. IEEE Softw 27(4):80–86

    Article  Google Scholar 

  127. Costa B, Pires PF, Delicato FC, Merson P (2016) Evaluating REST architectures—approach, tooling and guidelines. J Syst Softw 112:156–180

    Article  Google Scholar 

  128. Mathijssen M, Overeem M, Jansen S (2020) Identification of practices and capabilities in API management: a systematic literature review. arXiv preprint arXiv:2006.10481

  129. Zimmermann O, Stocker M, Lübke D, Pautasso C, Zdun U (2019) Introduction to microservice API patterns (MAP)

  130. Sadi MH, Yu E (2021) RAPID: a knowledge-based assistant for designing web APIs. Requirements Engineering, pp 1–52

Download references

Acknowledgements

The first author would like to thank Prof. Marsha Chechik, and Prof. Steve Easterbrook at the University of Toronto for their supervision throughout the course of the research reported in this paper. She also thanks Prof. John Mylopoulos for providing feedback.

Author information

Authors and Affiliations

  1. Microsoft, Redmond, WA, USA

    Mahsa H. Sadi

  2. Department of Computer Science, University of Toronto, Toronto, ON, Canada

    Eric Yu

Authors
  1. Mahsa H. Sadi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eric Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mahsa H. Sadi.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

The bulk of the research reported in this article has been conducted when the first author was affiliated with the University of Toronto.

Appendix I: The classification of the collected knowledge resources

Appendix I: The classification of the collected knowledge resources

The knowledge resources used to develop WEBAPIK are listed in Table

Table 1 The classified knowledge resources
Full size table

1.

The resources are classified based on their type into six categories: B: Book, WL: Weblog, T: Tutorial, WP: White Paper, S: Standard Framework, and R: Research Paper.

The resources are classified based on their focus of study into three categories: DES-TECH: discussing design techniques, NFR: discussing non-functional requirements, EFFECT: discussing trade-offs.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sadi, M.H., Yu, E. WEBAPIK: a body of structured knowledge on designing web APIs. Requirements Eng 28, 441–479 (2023). https://doi.org/10.1007/s00766-023-00401-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00766-023-00401-2

Keywords

Search

Navigation