REST Web Service Maintenance Through API Policy Enforcement

Web services and cloud computing have revolutionized the way software is developed, deployed, and consumed. As a consequence, there has been a proliferation of web services, which developers make accessible to users via web application programming interfaces (web APIs) and cloud-based deployment technologies. Because this model significantly simplifies and expedites deployment of web APIs, it also poses new software maintenance and evolution challenges. In particular, it becomes difficult to track, control, and compel reuse of web APIs, inadequately tested services can be deployed into production, and API changes can be introduced that break API-user code or that breach security or organizational procedures. To address these challenges, we investigate a new approach to API governance – combined policy, implementation, and deployment control of APIs for software and data deployed as web services. Our approach, called EAGER, provides a software architecture that can be easily integrated into cloud platforms as a cloud-native feature, and supports system-wide, deployment-time enforcement of API governance policies. Specifically, EAGER can check for and prevent backward incompatible API changes from being deployed into production, enforces service reuse, and facilitates enforcement of other best practices in software maintenance via policies. We also describe a prototype EAGER implementation that integrates with an open source platform-asa-service cloud and evaluate its feasibility, efficiency, scalability, and effectiveness for enforcing cloud-based API governance.