Analytics-centric Continuous Design of Microservice APIs

As we enter the age of continuity, service-oriented software systems are not only open towards the rest of the world, but are expected to continuously evolve to deal with changing requirements and adapt to their dynamic environment. This project will focus on the critical element of such systems, the interface or API, which decouples the internal implementation from its consumers. The project will address the problem that APIs continue to change together with the rest of the architecture, but this becomes increasingly difficult and expensive, especially when having to ensure that each part of the system can continue to independently undergo a high frequency stream of changes, supported by continuous delivery processes handling many releases a day. The objective of the project is to establish a novel data-driven approach to the design and evolution of microservice APIs where the expectations of API designers can be continuously validated against the actual usage of the API by the consumers. To do so, a deeper understanding of APIs and the corresponding design processes is required so that the impact of each decision on the quality of the resulting architecture can be estimated. Focusing on APIs will allow us to reduce the complexity of the problems involved, which has not been attempted before. These goals will be reached by rigorous specification in models, as well as algorithms to use the models in sophisticated automated analytics and checks. The results of the analytics and checks will enable closing the feedback loop to the API designer by automatically detecting quality defects and making redesign recommendations. While the project can build on a rich set of related works in various related areas, only recent advances in distributed system API concepts and methods, continuous release methods, and checking methods and analytics make it possible to study support for a continuous design and redesign feedback loop at the API level. For this new foundations and foundational methods in API and API quality modelling, API analytics, API consistency and quality checking, API quality defect detection, and API redesign recommendations are needed, which this project plans to deliver.

The API-ACE project aimed at improving the communication of modern software systems via application programming interfaces (APIs). As software applications increasingly rely on interconnected services, APIs must be well-structured, efficient, and adaptable. API-ACE addresses this challenge using analytical techniques to assess API design, identify potential weaknesses, and continuously suggest improvements. One of the main goals of API-ACE was to develop a comprehensive model that integrates various aspects of API design, including their structure, behavior, and quality. The project provided a holistic view of API functionality by combining static analysis (examining code without executing it) and dynamic analysis (observing APIs in action). This enabled the researchers to identify common API design flaws and propose solutions to improve API quality. In addition, API-ACE emphasized the importance of a feedback loop in which API issues are continuously monitored and recommendations for redesign are provided. The project analyzed API patterns, which are common best practices for the design of APIs. Through extensive research, API-ACE helped define basic patterns for structural and behavioral API models. This work was documented in a professional book to make the findings accessible to developers and researchers. In addition, API-ACE investigated how APIs relate to Domain-Driven Design (DDD), a software design approach that focuses on creating models for representing complex real-world domains. This research has helped bridge the gap between technical API design and the real-world goals of the software system. Security was another focus of API-ACE. API security has become a major concern with the increasing adoption of microservice architectures, where software is built from many independent services. The project applied static analysis techniques to detect vulnerabilities and developed methods to assess the security aspects of microservice APIs. This work enabled conformance to API security best practices and helped developers build more robust and protected systems. In addition to theoretical research, API-ACE conducted empirical studies analyzing real-world API usage patterns. These included studies on rate limits (controlling how often APIs can be accessed) and the bundling of API requests (to optimize data retrieval). By analyzing API repositories and real-world usage data, the project gained important insights into the composability of APIs and ways to reduce inefficiencies in API interactions. Extensive empirical studies supported these various findings. The resulting data sets and the necessary code were made openly available to ensure the reproducibility of the results. Ultimately, API-ACE has significantly contributed to API design and analysis by providing tools, methods, and insights that help organizations and developers build higher quality, well-structured, and more secure software systems.