web services

Designing and operating HTTP/gRPC APIs and backend services including RESTful endpoints, protobufs, OpenAPI, authentication (OAuth/JWT), scalable deployment with containers and Kubernetes, observability (metrics, logging, tracing), and API versioning and rate limiting.

webservices

12-Month Skill Trend

Momentum and market value over time
Trending
Score
+20 in 12 mo
96
12 mo agoNow
Career
Value
+$12K in 12 mo
$42K/year
12 mo agoNow

Recommended Survey Paper

Quick overview of the field
View more

Must-Read Papers

Most classic and influential ideas
View more

Microkernel-Based Web Architecture: Design&Implementation Considerations

Feb 12, 2025
VD
Vick Dini
🏛️ Politecnico di Milano

To address core challenges in microservice architecture—including operational complexity, high inter-service communication overhead, and difficulty ensuring data consistency—this paper proposes a microkernel-based architectural paradigm tailored for Web systems. The design centers on a lightweight kernel that serves as an integration hub, enabling dynamic loading and unloading of service modules via contract-driven plugin mechanisms. Innovatively, we introduce a cloud-native–enabled, lightweight MAPE-K (Monitor-Analyze-Plan-Execute over a shared Knowledge base) adaptive control framework to enhance self-healing and self-optimization capabilities. Compared with conventional microservices, the proposed architecture reduces cross-service invocation overhead by over 35%, accelerates fault recovery by 2.1×, and supports hot-pluggable extension and dynamic policy updates. It thus reconciles the simplicity of monolithic architectures with the elasticity of microservices, offering a novel intermediate architectural option for medium-to-large-scale Web systems.

Addressing microservice architecture challengesEnhancing self-* properties with microkernelMiddle-ground web architecture design

FirecREST v2: lessons learned from redesigning an API for scalable HPC resource access

Dec 12, 2025
EP
Elia Palme
🏛️ CSCS – Swiss National Supercomputing Centre | PSI Center for Scientific Computing, Theory, and Data

To address the low throughput, high latency, and weak security coupling of HPC-oriented proxy-based RESTful APIs under intensive I/O workloads, this paper proposes a novel API architecture tailored for high-performance computing. Methodologically, we introduce the first end-to-end performance modeling and bottleneck attribution framework; deeply integrate security mechanisms (JWT/OAuth 2.1) into stateless service design—rather than applying them as post-hoc hardening—and implement asynchronous I/O, zero-copy data transfer, and load-aware routing in Rust. Our contributions include a 100× throughput improvement and reduction of P99 latency to the millisecond level; rigorous independent peer review; and production deployment across multiple European supercomputing centers, supporting scientific workflows with over one thousand concurrent clients.

Addressing performance bottlenecks in proxy-based APIs with I/OIntegrating enhanced security and high throughput requirementsRedesigning an API for scalable HPC resource access

Test Amplification for REST APIs Using"Out-of-the-box"Large Language Models

Mar 13, 2025
TB
Tolgahan Bardakci
🏛️ Universiteit Antwerpen | Flanders Make

To address insufficient boundary-value coverage and poor test-case readability in REST API automated testing, this paper proposes an API test-case augmentation method that leverages off-the-shelf commercial large language models (LLMs)—specifically ChatGPT and GitHub Copilot—without fine-tuning. Our approach employs test-quality-oriented prompt engineering to systematically validate LLMs’ effectiveness in generating protocol-compliant boundary values, yielding 12 reusable, empirically grounded prompt design principles. Experimental evaluation demonstrates that the generated tests significantly improve path and parameter boundary coverage while maintaining high semantic clarity and human interpretability. This work constitutes the first systematic empirical validation of zero-shot LLMs for practical API test augmentation, establishing a novel paradigm for low-barrier, high-quality API testing.

Challenges in writing automated tests for REST APIsComparing test coverage and understandability from generated testsUsing large language models to amplify REST API test suites

Existing REST API testing approaches often fail to effectively cover business-sensitive functionality due to the absence of business-level constraints. This work proposes LoBREST, the first method to incorporate business context derived from historical request logs into REST API testing. By slicing operation sequences, identifying missing operations, and completing resource dependencies, LoBREST constructs business-aware enhanced inputs and integrates them with a business-logic-guided fuzzing strategy, thereby overcoming the limitations of specification-driven testing. Evaluation on 17 real-world services demonstrates that LoBREST substantially outperforms eight state-of-the-art tools, achieving 2.1× higher operation coverage and 1.2× greater line coverage on average, while uncovering 108 distinct 5XX errors—38 of which were uniquely identified by LoBREST.

business constraintsmicroservicesREST API testing

You Can REST Now: Automated Specification Inference and Black-Box Testing of RESTful APIs with Large Language Models

Feb 07, 2024
AD
Alix Decrop
🏛️ University of Namur | University of Luxembourg

REST API documentation frequently suffers from incompleteness, obsolescence, or inaccessibility, hindering both automated testing efficiency and human comprehension. This paper introduces the first LLM-driven, end-to-end framework for OpenAPI specification inference and black-box API testing—requiring only an API name and an LLM API key. It automatically generates and mutates HTTP requests, then infers specifications and detects defects via response analysis. A novel context-aware prompt masking strategy enables zero-shot discovery of undocumented routes and parameters without model fine-tuning. Evaluated on a standardized benchmark, the framework achieves 85.05% average recall for GET routes and 81.05% for query parameters, successfully uncovering hidden endpoints and diverse server-side errors (e.g., 5xx, logic flaws). The inferred OpenAPI specifications are directly compatible with mainstream API testing tools, enabling seamless integration into existing CI/CD and security validation pipelines.

Automate REST API documentation to reduce errors and save timeEnhance API testing efficiency with minimal user input requiredInfer and validate API routes and parameters using LLMs

Latest Papers

What's happening recently
View more

This work addresses the challenge of automatically modeling, documenting, and detecting anomalous behaviors in REST APIs without relying on prior knowledge. The authors propose Map Reduce Graph (MRG), an unsupervised framework that employs a three-stage pipeline—training, updating, and detection—to reconstruct API structures directly from live traffic, generate OpenAPI specifications, and enable real-time visualization and anomaly detection in dynamic microservice environments. MRG is the first approach to achieve fully automated, annotation-free API structural learning and security monitoring. By integrating a graph-based validation mechanism with deep autoencoders, it attains 100% precision across multiple API attack types and improves recall by up to 11.4% compared to state-of-the-art methods such as HRAL and FT-ANN, while accelerating inference by over 20×.

Anomaly DetectionAPI SecurityOpenAPI Specification

This work addresses the lack of unified and reproducible evaluation criteria for service boundary identification in the migration from monolithic systems to microservices. It presents the first systematic comparison of mainstream microservice decomposition approaches—static, dynamic, and hybrid—within a consistent experimental framework. Using standardized metric computation procedures and multiple benchmark systems (JPetStore, AcmeAir, DayTrader, Plants), the study evaluates key dimensions including structural modularity (SM), interface count (IFN), inter-component communication (ICP), and non-extreme distribution (NED). Experimental results demonstrate that HDBScan with hierarchical clustering consistently yields highly cohesive and loosely coupled microservice partitions across benchmarks, achieving an optimal trade-off between modularity strength and communication overhead, thereby significantly enhancing the objectivity and reproducibility of microservice decomposition evaluation.

benchmark evaluationmicroservice decompositionmonolithic architecture

This study addresses the security risks in modern web applications—such as cache poisoning and supply chain attacks—stemming from redundant HTTP API requests, missing cache headers, high load, and excessive reliance on third-party services, for which systematic evaluation methods are lacking. The authors present the first empirical baseline of HTTP API quality across diverse production websites, collecting 108 HAR traces from 18 sites using Playwright automation. They design eight heuristic-based anti-pattern detectors to quantify API quality on a 0–100 scale and correlate it with security implications. Findings reveal that minimal server-rendered sites achieve a perfect score of 100, while content-heavy commercial sites score as low as 56.8; 67% of sites exhibit redundant requests or cache misconfigurations, and 72% have over 20% third-party requests, with one page issuing up to 2,684 such calls. The open-sourced framework enables reproducible, systematic linkage between performance anti-patterns and security risks.

anti-patternsHTTP APInetwork layer quality

This work proposes the first cloud-native framework that integrates public cloud infrastructure with edge Pods to lower the barrier to remote access and sharing of wireless testbeds. Built on the AWS platform, the framework leverages containerized edge environments, persistent SSH tunnels, and elastic resource scheduling to enable automated deployment, seamless remote access, and stable graphical user interface support for testbeds. The system has been successfully integrated with two types of wireless testbeds—radio frequency signal generation and 5G(B) communication—demonstrating significant improvements in resource-sharing efficiency, experimental observability, and system scalability.

cloud-nativeedge podOTA experimentation

This work addresses the significant underestimation of service-level energy consumption in cloud-native microservices, which commonly arises from focusing solely on computational overhead while neglecting network and storage components—leading to underestimations of up to 63%. To bridge this gap, we propose GOXN, the first service-level experimental engine capable of full-stack energy modeling encompassing computation, networking, and storage. Built on Kubernetes, GOXN integrates container-level metrics from Kepler and cAdvisor and incorporates OpenTelemetry Demo, service mesh, and distributed tracing systems. Experimental results demonstrate that under high tracing loads, the energy consumption of non-computational components becomes substantial, revealing that reliance on computational metrics alone severely underestimates the true energy cost of auxiliary services.

cloud-native microservicesenergy measurementnetwork energy

Hot Scholars