With the emergence of the open API ecosystem, third-party developers can publish their APIs on the API marketplace, significantly facilitating the development of cutting-edge features and services. The rapidapi platfo...
详细信息
ISBN:
(纸本)9798400706363
With the emergence of the open API ecosystem, third-party developers can publish their APIs on the API marketplace, significantly facilitating the development of cutting-edge features and services. The rapidapi platform is currently the largest API marketplace and it provides over 40,000 APIs, which have been used by more than 4 million developers. However, such open API also raises security and privacy concerns associated with APIs hosted on the platform. In this work, we perform the first large-scale analysis of 32,089 APIs on the rapidapi platform. By searching in the GitHub code and Android apps, we find that 3,533 rapidapi keys, which are important and used in API request authorization, have been leaked in the wild. These keys can be exploited to launch various attacks, such as Resource Exhaustion Running, Theft of Service, Data Manipulation, and User Data Breach attacks. We also explore risks in API metadata that can be abused by adversaries. Due to the lack of a strict certification system, adversaries can manipulate the API metadata to perform typosquatting attacks on API URLs, impersonate other developers or renowned companies, and publish spamming APIs on the platform. Lastly, we analyze the privacy non-compliance of APIs and applications, e.g., Android apps, that call these APIs with data collection. We find that 1,709 APIs collect sensitive data and 94% of them don't provide a complete privacy policy. For the Android apps that call these APIs, 50% of them in our study have privacy non-compliance issues.
Despite the widespread adoption of Web services in modern computing applications, there remains a lack of a systematic approach that can guide service developers in creating appealing services. This paper addresses th...
详细信息
ISBN:
(纸本)9798350368567;9798350368550
Despite the widespread adoption of Web services in modern computing applications, there remains a lack of a systematic approach that can guide service developers in creating appealing services. This paper addresses this gap by presenting findings from a comprehensive study of rapidapi web services, the largest service marketplace, and their integration into GitHub-hosted applications. We collected data on over 16K rapidapi services and 19K corresponding GitHub repositories invoking these services, evaluating each service based on metrics such as latency, reliability, pricing, community support, and provider support. Our analysis examines how these metrics influence service popularity and usage patterns on GitHub. We manually analyzed 800 GitHub repositories and identified developers' service selection preferences and integration patterns, considering alternative services and their features. Additionally, we classified GitHub developers based on proficiency levels to understand how developers' levels of proficiency impact their service selection and integration strategies. Our findings offer insights for service marketplaces to recommend integration-friendly services and for service developers to create offerings tailored to real-world application needs.
暂无评论