RESTful web APIs have become ubiquitous with most modern web applications embracing the micro-service architecture. A RESTful API provides data over the network using HTTP probably interacting with databases and other services and must preserve its security properties. However, REST is not a protocol but rather a set of guidelines on how to design resources accessed over HTTP endpoints. There are guidelines on how related resources should be structured with hierarchical URIs as well as how the different HTTP verbs should be used to represent well-defined actions on those resources. Whereas security has always been critical in the design of RESTful APIs, there are few or no clear model driven engineering techniques utilizing a secure-by-design approach that interweaves both the functional and security requirements. We therefore propose an approach to specifying APIs functional and security requirements with the practical Structured-Object-oriented Formal Language (SOFL). Our proposed approach provides a generic methodology for designing security aware APIs by utilizing concepts of domain models, domain primitives, Ecore metamodel and SOFL. We also describe a case study to evaluate the effectiveness of our approach and discuss important issues in relation to the practical applicability of our method.

Formalizing requirements in formal specifications is an effective way to deepen the understanding of the envisioned system and reduce ambiguities in the original requirements. However, it requires mathematical sophistication and considerable experience in using formal notations, which remains a challenge to many practitioners. To handle this challenge, this paper describes a pattern-based approach to facilitate the formalization of requirements. In this approach, a pattern system is pre-defined to guide requirements formalization where each pattern provides a specific solution for formalizing one kind of function into a formal expression. All of the patterns are classified and organized into a hierarchical structure according to the functions they can be used to formalize. The distinct characteristic of our approach is that all of the patterns are stored on computer as knowledge for creating effective guidance to facilitate the developer in requirements formalization; they are “understood” only by the computer but transparent to the developer. We also describe a prototype tool that supports the approach. It adopts Hierarchical Finite State Machine (HFSM) to represent the pattern knowledge and implements an algorithm for applying it to assist requirements formalization. Two experiments on the tool are presented to demonstrate the effectiveness of the approach.