Skip to main content
SpringerLink
Log in

Statically Checking REST API Consumers

  • Conference paper
  • First Online:
Software Engineering and Formal Methods (SEFM 2020)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 12310))

Included in the following conference series:

Abstract

Consumption of REST services has become a popular means of invoking code provided by third parties, particularly in web applications. Nowadays programmers of web applications can choose TypeScript over JavaScript to benefit from static type checking that enables validating calls to local functions or to those provided by libraries. Errors in calls to REST services, however, can only be found at runtime. In this paper, we present SRS, a language that extends the support of static analysis to calls to REST services, with the ability to statically find common errors such as missing or invalid data in REST calls and misuse of the results from such calls. SRS features a syntax similar to JavaScript and is equipped with a rich collection of types and primitives to natively support REST calls that are statically validated against specifications of the corresponding APIs written in the HeadREST language.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 44.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 59.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://swagger.io/specification.

  2. 2.

    https://petstore.swagger.io.

  3. 3.

    http://dummy.restapiexample.com.

  4. 4.

    https://api.jquery.com.

References

  1. Anderson, C., Giannini, P., Drossopoulou, S.: Towards type inference for JavaScript. In: Black, A.P. (ed.) ECOOP 2005. LNCS, vol. 3586, pp. 428–452. Springer, Heidelberg (2005). https://doi.org/10.1007/11531142_19

    Chapter  Google Scholar 

  2. Aué, J., Aniche, M.F., Lobbezoo, M., van Deursen, A.: An exploratory study on faults in web API integration in a large-scale payment company. In: Proceedings of the 40th International Conference on Software Engineering: Software Engineering in Practice, ICSE, pp. 13–22. ACM (2018). https://doi.org/10.1145/3183519.3183537

  3. Axios: Promise based HTTP client for the browser and node.js. https://github.com/axios/axios

  4. Barnett, M., Fähndrich, M., Leino, K.R.M., Müller, P., Schulte, W., Venter, H.: Specification and verification: the Spec# experience. Commun. ACM 54(6), 81–91 (2011)

    Article  Google Scholar 

  5. Barnett, M., Chang, B.-Y.E., DeLine, R., Jacobs, B., Leino, K.R.M.: Boogie: a modular reusable verifier for object-oriented programs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2005. LNCS, vol. 4111, pp. 364–387. Springer, Heidelberg (2006). https://doi.org/10.1007/11804192_17

    Chapter  Google Scholar 

  6. Bierman, G.M., Abadi, M., Torgersen, M.: Understanding TypeScript. In: Jones, R. (ed.) ECOOP 2014. LNCS, vol. 8586, pp. 257–281. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44202-9_11

    Chapter  Google Scholar 

  7. Bierman, G.M., Gordon, A.D., Hritcu, C., Langworthy, D.E.: Semantic subtyping with an SMT solver. J. Funct. Program. 22(1), 31–105 (2012). https://doi.org/10.1017/S0956796812000032

    Article  MathSciNet  MATH  Google Scholar 

  8. Burnay, N., et al.: Communication contracts for distributed systems development. http://rss.di.fc.ul.pt/confident

  9. Burnay, N., Lopes, A., Vasconcelos, V.T.: SafeRESTScript: statically checking REST API consumers. arXiv:2007.08048 (2020). http://arxiv.org/abs/2007.08048

  10. Chugh, R., Herman, D., Jhala, R.: Dependent types for JavaScript. In: Proceedings of the 27th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA, pp. 587–606. ACM (2012). https://doi.org/10.1145/2384616.2384659

  11. Dart: The Dart programming language. https://www.dartlang.org/

  12. Dezfuli-Arjomandi, A.: Introducing RESTyped: end-to-end typing for REST APIs with TypeScript (2017). https://blog.falcross.com/introducing-restyped-end-to-end-typing-for-rest-apis-with-typescript/

  13. Dunfield, J., Krishnaswami, N.R.: Complete and easy bidirectional typechecking for higher-rank polymorphism. In: ACM SIGPLAN International Conference on Functional Programming, ICFP, pp. 429–442. ACM (2013). https://doi.org/10.1145/2500365.2500582

  14. Facebook: Flow: a static type checker for JavaScript. https://flow.org/

  15. Ferreira, F., Pientka, B.: Bidirectional elaboration of dependently typed programs. In: Proceedings of the 16th International Symposium on Principles and Practice of Declarative Programming, pp. 161–174. ACM (2014). https://doi.org/10.1145/2643135.2643153

  16. Fielding, R.T., Taylor, R.N.: Principled design of the modern web architecture. ACM Trans. Internet Technol. 2(2), 115–150 (2002). https://doi.org/10.1145/514183.514185

    Article  Google Scholar 

  17. GitLab: GitLab OpenAPI documentation. https://gitlab.com/gitlab-org/gitlab-foss/blob/swagger-api/doc/api/wikis.md

  18. Gregorio, J., Fielding, R.T., Hadley, M., Nottingham, M., Orchard, D.: URI template. RFC 6570, pp. 1–34 (2012). https://doi.org/10.17487/RFC6570

  19. Harmony, A.: Instagram API. https://apiharmony-open.mybluemix.net/public/apis/instagram#get_locations_search

  20. Herman, M.: Instagram search app. https://github.com/mjhea0/thinkful-mentor/blob/master/frontend/instagram-search/app.js

  21. Hoare, C.A.R.: An axiomatic basis for computer programming. Commun. ACM 12(10), 576–580 (1969). https://doi.org/10.1145/363235.363259

    Article  MATH  Google Scholar 

  22. JSHint: JSHint, a static code analysis tool for JavaScript. https://jshint.com/about/

  23. Leino, K.R.M.: Dafny: an automatic program verifier for functional correctness. In: Clarke, E.M., Voronkov, A. (eds.) LPAR 2010. LNCS (LNAI), vol. 6355, pp. 348–370. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17511-4_20

    Chapter  MATH  Google Scholar 

  24. Levin, G.: The rise of REST API (2015). https://blog.restcase.com/the-rise-of-rest-api/

  25. Meyer, B.: Object-Oriented Software Construction, 2nd edn. Prentice-Hall, Upper Saddle River (1997)

    MATH  Google Scholar 

  26. de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78800-3_24

    Chapter  Google Scholar 

  27. Oostvogels, N., Koster, J.D., Meuter, W.D.: Static typing of complex presence constraints in interfaces. In: 32nd European Conference on Object-Oriented Programming, ECOOP. LIPIcs, vol. 109, pp. 14:1–14:27. Schloss Dagstuhl - Leibniz-Zentrum für Informatik (2018). https://doi.org/10.4230/LIPIcs.ECOOP.2018.14

  28. Pearce, D.J., Groves, L.: Whiley: a platform for research in software verification. In: Erwig, M., Paige, R.F., Van Wyk, E. (eds.) SLE 2013. LNCS, vol. 8225, pp. 238–248. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-02654-1_13

    Chapter  Google Scholar 

  29. Pierce, B.C., Turner, D.N.: Local type inference. In: POPL 1998, Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Diego, CA, USA, 19–21 January 1998, pp. 252–265. ACM (1998). https://doi.org/10.1145/268946.268967

  30. Richardson, L., Ruby, S.: RESTful Web Services - Web Services for the Real World. O’Reilly, Sebastopol (2007)

    Google Scholar 

  31. Sun, K., Ryu, S.: Analysis of JavaScript programs: challenges and research trends. ACM Comput. Surv. 50(4), 59:1–59:34 (2017). https://doi.org/10.1145/3106741

  32. Thiemann, P.: Towards a type system for analyzing JavaScript programs. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 408–422. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31987-0_28

    Chapter  Google Scholar 

  33. Utting, M., Pearce, D.J., Groves, L.: Making Whiley boogie!. In: Polikarpova, N., Schneider, S. (eds.) IFM 2017. LNCS, vol. 10510, pp. 69–84. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66845-1_5

    Chapter  Google Scholar 

  34. Vasconcelos, V.T., Martins, F., Lopes, A., Burnay, N.: HeadREST: a specification language for RESTful APIs. In: Boreale, M., Corradini, F., Loreti, M., Pugliese, R. (eds.) Models, Languages, and Tools for Concurrent and Distributed Programming. LNCS, vol. 11665, pp. 428–434. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21485-2_23

    Chapter  Google Scholar 

  35. Vekris, P., Cosman, B., Jhala, R.: Refinement types for TypeScript. In: Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI, pp. 310–325. ACM (2016). https://doi.org/10.1145/2908080.2908110

  36. Waye, L., Chong, S., Dimoulas, C.: Whip: higher-order contracts for modern services. PACMPL 1(ICFP), 36:1–36:28 (2017). https://doi.org/10.1145/3110280

  37. Wittern, E., Ying, A.T.T., Zheng, Y., Dolby, J., Laredo, J.A.: Statically checking web API requests in JavaScript. In: Proceedings of the 39th International Conference on Software Engineering, ICSE, pp. 244–254. IEEE/ACM (2017). https://doi.org/10.1109/ICSE.2017.30

  38. Wittern, E., et al.: Opportunities in software engineering research for web API consumption. In: 1st IEEE/ACM International Workshop on API Usage and Evolution, WAPI@ICSE, pp. 7–10. IEEE Computer Society (2017). https://doi.org/10.1109/WAPI.2017.1

Download references

Acknowledgements

This work was supported by FCT through the LASIGE Research Unit, ref. UIDB/00408/2020, and by project Confident ref. PTDC/EEI-CTP/4503/2014.

Author information

Authors and Affiliations

  1. LASIGE, Faculdade de Ciências, Universidade de Lisboa, Lisbon, Portugal

    Nuno Burnay, Antónia Lopes & Vasco T. Vasconcelos

Authors
  1. Nuno Burnay
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Antónia Lopes
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vasco T. Vasconcelos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Antónia Lopes .

Editor information

Editors and Affiliations

  1. Informatica, Centrum voor Wiskunde en Informatica (CWI), Amsterdam, The Netherlands

    Frank de Boer

  2. Department of Computer Science, Nazarbayev University, Astana, Kazakhstan

    Antonio Cerone

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Burnay, N., Lopes, A., Vasconcelos, V.T. (2020). Statically Checking REST API Consumers. In: de Boer, F., Cerone, A. (eds) Software Engineering and Formal Methods. SEFM 2020. Lecture Notes in Computer Science(), vol 12310. Springer, Cham. https://doi.org/10.1007/978-3-030-58768-0_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-58768-0_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-58767-3

  • Online ISBN: 978-3-030-58768-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation