Contextwebapis are one of the most used ways to expose application functionality on the web, and their understandability is important for efficiently using the provided resources. While many apidesign rules exist, e...
详细信息
Contextwebapis are one of the most used ways to expose application functionality on the web, and their understandability is important for efficiently using the provided resources. While many apidesign rules exist, empirical evidence for the effectiveness of most rules is *** therefore wanted to study 1) the impact of RESTful apidesign rules on understandability, 2) if rule violations are also perceived as more difficult to understand, and 3) if demographic attributes like REST-related experience have an influence on *** conducted a controlled web-based experiment with 105 participants, from both industry and academia and with different levels of experience. Based on a hybrid between a crossover and a between-subjects design, we studied 12 design rules using api snippets in two complementary versions: one that adhered to a rule and one that was a violation of this rule. Participants answered comprehension questions and rated the perceived *** 11 of the 12 rules, we found that violation performed significantly worse than rule for the comprehension tasks. Regarding the subjective ratings, we found significant differences for 9 of the 12 rules, meaning that most violations were subjectively rated as more difficult to understand. Demographics played no role in the comprehension performance for *** results provide first empirical evidence for the importance of following design rules to improve the understandability of webapis, which is important for researchers, practitioners, and educators.
The REST architectural style supports the reliable interaction of clients with a single server. However, no guarantees can be made for more complex interactions which require to atomically transfer state among resourc...
详细信息
ISBN:
(纸本)9781450327459
The REST architectural style supports the reliable interaction of clients with a single server. However, no guarantees can be made for more complex interactions which require to atomically transfer state among resources distributed across multiple servers. In this paper we describe a lightweight design for transactional composition of RESTful services. The approach based on the TryCancel/Conf rm (TCC) pattern - does not require any extension to the HTTP protocol. The design assumes that resources are designed to comply with the TCC pattern and ensures that the resources involved in the transaction are not aware of it. It delegates the responsability of achieving the atomicity of the transaction to a coordinator which exposes a RESTful api.
The growth of the web over the last couple of decades opened the door for the creation of an increasing number of web-based software systems. This change brought the need for new software solutions to establish commun...
详细信息
ISBN:
(纸本)9781665443616
The growth of the web over the last couple of decades opened the door for the creation of an increasing number of web-based software systems. This change brought the need for new software solutions to establish communication between distributed software entities. One of the adopted solutions was webapis;however, their appearance brought with itself new challenges that need to be solved. Among these new challenges, we find the necessity to protect the api at a design level from attacks by malicious users, in other words, making the api secure by design. This task is not trivial, and to be able to perform it effectively, it is necessary to know the vulnerabilities which apis are commonly exposed to, alongside the mechanisms which exist to defend against them. The objective of this systematic mapping study is to gather the existing scientific knowledge about security threats that a webapi faces, alongside design-level mechanisms for detecting, resisting, reacting, and recovering from attacks. Our results discovered 66 threats described in the literature. We observed that the most reported threats are those related to Spoofing and Tampering, both mostly related to the network traffic the api interacts with. In contrast, the least reported threats are those related to repudiation. We identified 21 techniques, 11 patterns and 34 methods that can be employed at a design level to detect, resist, react to or recover from these threats.
暂无评论