skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Navigating Rapid API: An Empirical Dive into the Service Market
Service registry, a key component of the service-oriented architecture (SOA), aids software developers in discovering services that meet specific functionality requirements. Recent years have witnessed the transition from the traditional service registries to its successor, the Service Marketplaces, which has led to the widespread adoption of these web services. Service Marketplaces involve deeper engagement in the SOA software lifecycle and offer additional features, such as service request delegation and monitoring of services’ Quality of Service (QoS). However, through a comprehensive study of RapidAPI web services, the largest service marketplace, and their integration into GitHub-hosted applications along with analyzing developers’ concerns posted on online Q&A forums related to service marketplaces, it was found that despite the extensive use of these web services, there is a lack of a systematic approach to guide service developers in creating appealing offerings. Additionally, many developers struggle with such a transition, leading to development inefficiencies and even security vulnerabilities. This paper presents the first empirical study that: • Provides a powerful avenue for better understanding integration developers’ rationale for selecting services from a marketplace like RapidAPI and integrating them into applications (using the GitHub platform for this analysis). • Highlights the challenges developers face with service marketplaces due to changes in the functioning of the service registry component of SOA. • Offers a solution to help developers address challenges related to service marketplaces. The article initially presents a detailed comparison between two generations of service registries to identify the root causes of developers’ concerns related to the new generation service registry. In the next part, the article discusses data collected on over 16K RapidAPI services and 19K GitHub repositories that invoke these services, evaluating each based on metrics like latency, reliability, pricing, followers, aggregate ratings, community support, and provider support. The analysis explores how these metrics influence service popularity and usage on GitHub. By manually analyzing 800 repositories, developers’ service selection preferences and integration patterns were identified, considering alternatives and features. Further, developers were classified by proficiency levels to understand how expertise impacts service selection and integration strategies. Additionally, insights were refined by focusing on mature repositories, excluding those used for practice. Finally, through manual labeling and analysis of developers’ questions, a taxonomy of issues was developed, summarizing the impacts of the transition, and providing actionable suggestions for app developers, service providers, and marketplaces. We also fine-tune a Large Language Model (LLM) to answer similar questions and help extract critical information, such as service outages and key leakages. This work is the first to provide a comprehensive analysis of developer behavior and challenges in service marketplaces, particularly RapidAPI. It offers valuable insights for improving service selection and integration, ultimately enhancing the efficiency and security of SOA-based applications. By providing actionable solutions and automating support through AI, this research has the potential to significantly improve the developer experience in modern service marketplaces.  more » « less
Award ID(s):
2104337
PAR ID:
10588100
Author(s) / Creator(s):
;
Publisher / Repository:
University of Michigan
Date Published:
Subject(s) / Keyword(s):
Service Registry Service Marketplace Rapid API GitHub Service Integration Service Selection Developers' Concerns Taxonomy Finetuning LLM Computer and Information Science
Format(s):
Medium: X
Institution:
University Of Michigan
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, 31st USENIX Security Symposium)
    With the increasing popularity of containerized applications, container registries have hosted millions of repositories that allow developers to store, manage, and share their software. Unfortunately, they have also become a hotbed for adversaries to spread malicious images to the public. In this paper, we present the first in-depth study on the vulnerability of container registries to typosquatting attacks, in which adversaries intentionally upload malicious images with an identification similar to that of a benign image so that users may accidentally download malicious images due to typos. We demonstrate that such typosquatting attacks could pose a serious security threat in both public and private registries as well as across multiple platforms. To shed light on the container registry typosquatting threat, we first conduct a measurement study and a 210-day proof-of-concept exploitation on public container registries, revealing that human users indeed make random typos and download unwanted container images. We also systematically investigate attack vectors on private registries and reveal that its naming space is open and could be easily exploited for launching a typosquatting attack. In addition, for a typosquatting attack across multiple platforms, we demonstrate that adversaries can easily self-host malicious registries or exploit existing container registries to manipulate repositories with similar identifications. Finally, we propose CRYSTAL, a lightweight extension to existing image management, which effectively defends against typosquatting attacks from both container users and registries. 
    more » « less
  2. ; (, ESEC/FSE 2020: Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering)
    null (Ed.)
    Recommendations between colleagues are effective for encouraging developers to adopt better practices. Research shows these peer interactions are useful for improving developer behaviors, or the adoption of activities to help software engineers complete programming tasks. However, in-person recommendations between developers in the workplace are declining. One form of online recommendations between developers are pull requests, which allow users to propose code changes and provide feedback on contributions. GitHub, a popular code hosting platform, recently introduced the suggested changes feature, which allows users to recommend improvements for pull requests. To better understand this feature and its impact on recommendations between developers, we report an empirical study of this system, measuring usage, effectiveness, and perception. Our results show that suggested changes support code review activities and significantly impact the timing and communication between developers on pull requests. This work provides insight into the suggested changes feature and implications for improving future systems for automated developer recommendations, such as providing situated, concise, and actionable feedback. 
    more » « less
  3. ; ; ; ; (, ICGSE '20: Proceedings of the 15th International Conference on Global Software Engineering)
    In globally distributed software development, many software developers have to collaborate and deal with issues of collaboration. Although collaboration is challenging, collaborative development produces better software than any developer could produce alone. Unlike previous work which focuses on the proposal and evaluation of models and tools to support collaborative work, this paper presents an interview study aiming to understand (i) the motivations, (ii) how collaboration happens, and (iii) the challenges and barriers of collaborative software development. After interviewing twelve experienced software developers from GitHub, we found different types of collaborative contributions, such as in the management of requests for changes. Our analysis also indicates that the main barriers for collaboration are related to non-technical, rather than technical issues. 
    more » « less
  4. ; ; (, ASE '19: Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering)
    Evidence shows that developer reputation is extremely important when accepting pull requests or resolving reported issues. It is particularly salient in Free/Libre Open Source Software since the developers are distributed around the world, do not work for the same organization and, in most cases, never meet face to face. The existing solutions to expose developer reputation tend to be forge specific (GitHub), focus on activity instead of impact, do not leverage social or technical networks, and do not correct often misspelled developer identities. We aim to remedy this by amalgamating data from all public Git repositories, measuring the impact of developer work, expose developer's collaborators, and correct notoriously problematic developer identity data. We leverage World of Code (WoC), a collection of an almost complete (and continuously updated) set of Git repositories by first allowing developers to select which of the 34 million(M) Git commit author IDs belong to them and then generating their profiles by treating the selected collection of IDs as that single developer. As a side-effect, these selections serve as a training set for a supervised learning algorithm that merges multiple identity strings belonging to a single individual. As we evaluate the tool and the proposed impact measure, we expect to build on these findings to develop reputation badges that could be associated with pull requests and commits so developers could easier trust and prioritize them. 
    more » « less
  5. ; ; ; ; (, Applied Sciences)
    A vast proportion of scientific data remains locked behind dynamic web interfaces, often called the deep web—inaccessible to conventional search engines and standard crawlers. This gap between data availability and machine usability hampers the goals of open science and automation. While registries like FAIRsharing offer structured metadata describing data standards, repositories, and policies aligned with the FAIR (Findable, Accessible, Interoperable, and Reusable) principles, they do not enable seamless, programmatic access to the underlying datasets. We present FAIRFind, a system designed to bridge this accessibility gap. FAIRFind autonomously discovers, interprets, and operationalizes access paths to biological databases on the deep web, regardless of their FAIR compliance. Central to our approach is the Deep Web Communication Protocol (DWCP), a resource description language that represents web forms, HyperText Markup Language (HTML) tables, and file-based data interfaces in a machine-actionable format. Leveraging large language models (LLMs), FAIRFind combines a specialized deep web crawler and web-form comprehension engine to transform passive web metadata into executable workflows. By indexing and embedding these workflows, FAIRFind enables natural language querying over diverse biological data sources and returns structured, source-resolved results. Evaluation across multiple open-source LLMs and database types demonstrates over 90% success in structured data extraction and high semantic retrieval accuracy. FAIRFind advances existing registries by turning linked resources from static references into actionable endpoints, laying a foundation for intelligent, autonomous data discovery across scientific domains. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email