Abstract

A primary concern in the design and development of a RESTful Application Programming Interfaces (APIs) is API security. A RESTful API provides data over the network using HTTP and must not violate any of its security properties. When APIs are designed, the functional and security properties are inextricably linked thus security requirements of an API cannot be treated as afterthoughts. We therefore propose an approach to specifying and verifying APIs functional and security requirements with the practical formal method SOFL (Structured-Object-oriented Formal Language). We convert an API specification written in an API description language into SOFL while expressing security requirements as constraints on the APIs functional requirements and dataflow between the API’s trust boundaries. The verification of the specifications can be carried out using specification-based conformance testing. We apply this approach to a model of an online banking API as a case study using Django REST Framework and analyze its results.

Full Text

Published Version

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.