US20220318332A1 - Intelligent naming of application program interfaces - Google Patents
Intelligent naming of application program interfaces Download PDFInfo
- Publication number
- US20220318332A1 US20220318332A1 US17/339,946 US202117339946A US2022318332A1 US 20220318332 A1 US20220318332 A1 US 20220318332A1 US 202117339946 A US202117339946 A US 202117339946A US 2022318332 A1 US2022318332 A1 US 2022318332A1
- Authority
- US
- United States
- Prior art keywords
- nodes
- same
- node
- digital data
- data structure
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 claims abstract description 39
- 230000004044 response Effects 0.000 claims description 42
- 239000003795 chemical substances by application Substances 0.000 description 16
- 239000008186 active pharmaceutical agent Substances 0.000 description 15
- 238000005516 engineering process Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 7
- 230000002093 peripheral effect Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 3
- 230000001413 cellular effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/901—Indexing; Data structures therefor; Storage structures
- G06F16/9027—Trees
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
- G06F16/9566—URL specific, e.g. using aliases, detecting broken or misspelled links
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/541—Interprogram communication via adapters, e.g. between incompatible applications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/543—User-generated data transfer, e.g. clipboards, dynamic data exchange [DDE], object linking and embedding [OLE]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/133—Protocols for remote procedure calls [RPC]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
- H04L67/303—Terminal profiles
Definitions
- API application program interface
- the present technology renames a number of uniform resource locators as application program interfaces in an intelligent way based on live traffic.
- Live traffic between a server and multiple users is monitored and intercepted by an agent.
- the agent may be within the customer server, or positioned elsewhere to intercept traffic between users and the server. Intercepted traffic is forwarded to a remote server that processes the traffic.
- Generating API names may be based on nodes in a URL.
- a URL may be considered to have a domain followed by a path. The path may have one or more portions, wherein each path portion begins with a forward slash.
- a digital data structure can be generated from a URL, wherein the domain and each path portion can correspond to a node in the digital data structure. For example, for the URL of /server/request/ 1234 , the digital data structure can be considered to have a first node of server, a second note of request, and a third node of 1234 . For URLs having matching nodes, the digital data structure represents the matching nodes as a single node. For URLs having nodes that are different, the different nodes may branch out from the previous node in the hierarchy.
- the digital data structure may have base nodes of /server/request/and to third level notes that branch out from request and consist of 123 and 234 .
- Processing includes building a digital data structure, such as a trie, that represents nodes or portions generated from each URL.
- a digital data structure such as a trie
- the present system may replace those different nodes with a representative node.
- the representative node replaces the nodes at the same hierarchical level having the same type, but having different values.
- the replacement representative node is provided in response to detecting that specifications associated with the nodes being replaced are related or the same. For example, if the specifications for requests for the nodes have a similar format and specifications for the responses for nodes have a similar format, the nodes may be replaced with a replacement representative node.
- a method can generate application program interfaces from uniform resource locator information.
- the method can include receiving intercepted requests and responses sent to a URL address at the first server by a plurality of remote computing devices.
- the method continues with building a digital data structure based on the URLs to which the requests and the responses are sent, the digital data structure including a single node for identical portions of URLs located at the same hierarchical position within the digital data structure and including a separate node for different portions of URLs located at the same hierarchical position within the digital data structure, wherein each separate node is associated with a node type and a value.
- Specification data associated with a plurality of nodes which have the same hierarchical position, the same value type, and a different value can be compared.
- An API is generated based on two or more of the plurality of nodes which have the same hierarchical position and same value type, the new name based at least in part on the compared specification.
- a non-transitory computer readable storage medium has embodied thereon a program that is executable by a processor to perform a method.
- the method generates application program interfaces from uniform resource locator information.
- the method can include receiving intercepted requests and responses sent to a URL address at the first server by a plurality of remote computing devices.
- the method continues with building a digital data structure based on the URLs to which the requests and the responses are sent, the digital data structure including a single node for identical portions of URLs located at the same hierarchical position within the digital data structure and including a separate node for different portions of URLs located at the same hierarchical position within the digital data structure, wherein each separate node is associated with a node type and a value.
- Specification data associated with a plurality of nodes which have the same hierarchical position, the same value type, and a different value can be compared.
- An API is generated based on two or more of the plurality of nodes which have the same hierarchical position and same value type, the new name based at least in part on the compared specification.
- a system can include a server, memory and one or more processors.
- One or more modules may be stored in memory and executed by the processors to receive intercepted requests and responses sent to a URL address at the first server by a plurality of remote computing devices, build a digital data structure based on the URLs to which the requests and the responses are sent, the digital data structure including a single node for identical portions of URLs located at the same hierarchical position within the digital data structure and including a separate node for different portions of URLs located at the same hierarchical position within the digital data structure, wherein each separate node is associated with a node type and a value, compare specification data associated with a plurality of nodes which have the same hierarchical position, the same value type, and a different value, and generate an API based on two or more of the plurality of nodes which have the same hierarchical position and same value type, the new name based at least in part on the compared specification.
- FIG. 1 is a block diagram of a system for intelligently naming APIs.
- FIG. 2 is a block diagram of an application that intelligently names APIs.
- FIG. 3 is a method for intelligently naming APIs.
- FIG. 4 is a method for building digital data structures from URLs.
- FIG. 5 is a method for determining if digital data structures are associated with matching specifications.
- FIG. 6 illustrates URLs from which an API can be intelligently named.
- FIG. 7 illustrates a representation of a digital data structure.
- FIG. 8 illustrates an intelligently named API based on the URLs of FIG. 6 .
- FIG. 9 is a block diagram of a system for implementing machines that implement the present technology.
- the present system renames a number of uniform resource locators as application program interfaces in an intelligent way based on live traffic.
- Live traffic between a server and multiple users is monitored and intercepted by an agent.
- the agent may be within the customer server, or positioned elsewhere to intercept traffic between users and the server. Intercepted traffic is forwarded to a remote server that processes the traffic.
- Generating API names may be based on nodes in a URL.
- a URL may be considered to have a domain followed by a path. The path may have one or more portions, wherein each path portion begins with a forward slash.
- a digital data structure can be generated from a URL, wherein the domain and each path portion can correspond to a node in the digital data structure. For example, for the URL of /server/request/ 1234 , the digital data structure can be considered to have a first node of server, a second note of request, and a third node of 1234 . For URLs having matching nodes, the digital data structure represents the matching nodes as a single node. For URLs having nodes that are different, the different nodes may branch out from the previous node in the hierarchy.
- the digital data structure may have base nodes of /server/request/and to third level notes that branch out from request and consist of 123 and 234 .
- Processing includes building a digital data structure, such as a trie, that represents nodes or portions generated from each URL.
- a digital data structure such as a trie
- the present system may replace those different nodes with a representative node.
- the representative node replaces the nodes at the same hierarchical level having the same type, but having different values.
- the replacement representative node is provided in response to detecting that specifications associated with the nodes being replaced are related or the same. For example, if the specifications for requests for the nodes have a similar format and specifications for the responses for nodes have a similar format, the nodes may be replaced with a replacement representative node.
- FIG. 1 is a block diagram of a system for intelligently naming (i.e., generating) APIs.
- the block diagram 100 of FIG. 1 includes client devices 110 - 140 , customer server 150 , network 160 , API naming server 170 , and data store 180 .
- Client devices 110 - 140 may send requests to and receive responses from customer server 150 .
- the client devices may be any device which can access the service, network page, webpage, or other content from customer server 150 .
- Client devices 110 - 140 may send a request to customer server 150 , and customer server 150 may send a response to the devices based on the request.
- the request may be sent to a particular URL provided by customer server 150 in the sponsors may be sent from the same URL or different URLs. Though only for four client devices are shown, any number of client devices may be used to interact with customer server 150 .
- Customer server 150 may provide a service to client devices 110 - 140 .
- Agent 152 on customer server 150 may monitor the communication between customer server 150 and client devices 110 - 140 and intercept traffic between the server and the devices. Upon intercepting the traffic, agent 152 may forward the traffic to application 172 on API naming server 170 .
- one or more agents may be installed on customer server 150 , which may be implemented by one or more physical or logical machines. In some instances, server 150 may actually be implemented by multiple servers in different locations, providing a distributed service for devices 110 - 140 . In any case, one or more agents 152 may be installed to intercept requests and responses sent between devices 110 - 140 and customer server 150 and for those requests and responses to application 172 on server 170 .
- Network 140 may include one or more private networks, public networks, intranets, the Internet, an intranet, wide-area networks, local area networks, cellular networks, radio-frequency networks, Wi-Fi networks, any other network which may be used to transmit data, and any combination of these networks.
- Client devices 110 - 140 , customer server 150 , API naming server 170 , and data store 180 may all communicate over network 160 .
- API naming server 170 may be implemented as one or more physical or logical machines that provide API naming functionality as described herein.
- API naming server may include one or more applications 172 .
- the application 172 may be stored on one or more API naming servers 170 and be executed to perform functionality as described herein.
- API naming server and application 172 may both communicate over network 160 and data store 180 .
- data store 180 may include one or more URLs, generated API names, and other data.
- FIG. 2 is a block diagram of an application that intelligently names APIs.
- Application 172 of FIG. 2 provides more detail for application 172 of the system of FIG. 1 .
- Application 172 includes one or more modules, including digital data structure builder to 10 , specification analyzer 220 , node threshold engine 230 , and API naming manager 240 .
- Digital data structure builder 210 may build a data structure from received URLs at application 172 .
- Digital data structure may replace nodes, increment node counters, and otherwise build and manage digital data structures.
- Specification analyzer 220 may analyze specifications related to intercepted URLs.
- specification analyzer 220 may access and compare the specification between URL requests, URL responses, and other data associated with a URL.
- Node threshold engine 230 may determine if the number of occurrences of a particular node value and type at a particular position in a node hierarchy has exceeded a threshold associated with a particular node hierarchy position and type.
- the node threshold engine may maintain a counter, increment a counter, and flag nodes for which the threshold has or has not been exceeded.
- API naming manager 240 may generate an API name based on URL similarity and specification analysis. API naming manager may generate the API name and store the API locally at server 170 or remotely at data store 180 .
- Application 172 may include more or fewer modules and the listed, and the modules as it may be grouped together or divided into multiple modules to implement the technology described herein.
- FIG. 3 is a method for intelligently naming APIs.
- the method of FIG. 3 begins with installing an agent in a customer system to intercept customer traffic at step 310 .
- Installing the agent may be performed remotely or locally by an admin.
- the agent may be installed, within the customer server or elsewhere, to intercept traffic between the server and computing devices associated with users of the server. Once installed, the agent may intercept traffic between the customer computing devices and the server.
- Live traffic consisting of URL requests and responses sent between computing devices and a server are intercepted at step 320 .
- the computing devices may be associated with customers of the particular server.
- the request may be intercepted by one or more agents located within a customer server or otherwise positioned to intercept traffic between users of the server, for example from one or more computing devices to the customer servers.
- intercepted traffic includes requests and responses sent to and from URLs supported by the customer server.
- the URL traffic is forwarded by the agent to the API naming server at step 330 .
- the URL traffic may include a request, a corresponding response, the URL to which the request and response were sent to and from, and other data.
- the agent may send the data in batches, periodically, or based on an event.
- a digital data structure is built from URLs at step 340 .
- a digital data structure may include nodes generated at least in part from or derived from received URLs.
- the digital data structure may be a trie.
- the digital data structure may be built and updated as additional traffic information is received from one or more remote agents. More data for building digital data structures is discussed with respect to the method of FIG. 4 .
- the specifications may be associated with nodes at the same level, and may be specifications related to a node request, response, or some other specification. Determining if digital data structure nodes at the same level in a URL hierarchy are associated with matching specifications is discussed in more detail with respect to the method of FIG. 5 .
- An API is renamed with related digital data structure nodes at the same level at step 360 .
- Renaming an API with digital data structure nodes that are related may be performed if the digital data structure nodes represent the same type, are the same hierarchical level, and have specifications that match.
- FIG. 6 An example of APIs that are generated or renamed are illustrated in FIG. 6 .
- the APIs 600 of FIG. 6 begin with a path of /api/profiles/.
- the next path portion in each URL of FIG. 6 is a number.
- the path portions after each number include text “view” and “requests.”
- the digital data structure constructed from the URLs of FIG. 6 is displayed in FIG. 7 .
- the numbers that make up the third node of the digital data structure can be examined to see if they're the same type (e.g., integer, GUID, etc.), and their related specifications match.
- the nodes have specifications that match.
- the API names generated from the URLs are those as illustrated in FIG. 8 .
- FIGS. 6-8 are discussed in more detail below.
- the renamed APIs may be stored at step 370 .
- the APIs may be stored locally at API naming server 170 or at a remote location, such as for example a data store 180 .
- FIG. 4 is a method for building digital data structures from URLs.
- the method of FIG. 4 provides more detail for step 340 of the method of FIG. 3 .
- a digital data structure is built from the received URLs at step 410 .
- the digital data structure may be built in any of several ways, including as a trie.
- a trie may have several nodes, each of which correspond to a portion of a URL path separated by a forward slash.
- An example of a trie built from a series of URLs is illustrated and discussed in more detail with respect to FIG. 7 .
- a node counter is incremented for the nodes at step 420 .
- the node counter is used to track how many occurrences of a particular node occur in order to determine if that particular node should be combined to a single node within a named API.
- the threshold may depend on the type associated with the node. For example, if a node has an integer type, the threshold may be 5, 8, 10, 12, or some other value between 5-25. If a node represents a GUID type, the threshold may also be somewhere between 5-25. If a node represents a string type, the threshold may be much larger, such as for example 100, 200 or even higher. In some instances, a threshold for any type may be as low as 2 or greater than 10,000, depending on design preferences. If the node counter is not exceeded a threshold for a node type at step 430 , the method returns to step 420 . If the node counter does exceed the threshold for the node type, then the particular note is flagged for a naming replacement at step 440 .
- FIG. 5 is a method for determining if digital data structures are associated with matching specifications.
- the method of FIG. 5 provides more detail for step 350 of the method of FIG. 3 .
- URL requests are accessed for a digital data structure node level that satisfies a threshold at step 510 . These URL requests include requests that were made to the URL by computing devices in communication with the server providing the URL.
- the access URL request specifications are then compared at step 250 .
- a determination is then made if the request for stations match at step 530 .
- the request specifications match if they include similar formats in the request header, request body, and other aspects of the request. If the request specifications do not match, then the request may be associated with different URLs, and should not be combined into a single API. In this case, the method of FIG. 5 continues to step 570 where the digital data structure nodes are determined to not match at step 570 .
- access URL response specifications are compared at step 540 .
- the response specifications may be compared to determine if the response header, response body, and other portions of the responses match in content and/or format. If the response specifications match at step 550 , the digital data structure nodes are determined to match at step 560 . If the response specifications do not match at step 550 , it is determined that the digital data structure nodes do not match at step 570 .
- FIG. 6 illustrates URLs from which an API can be intelligently named.
- the URLs of FIG. 6 can be provided by a server which receives requests and provides responses to computing devices accessing services provided by the server.
- the URLs each include a path that contains “/api/profiles/” but have subsequent portions of a path that differ.
- a digital data structure for the URLs in FIG. 6 is shown in FIG. 7 .
- FIG. 7 illustrates a representation of a digital data structure.
- the digital data structure of FIG. 7 is a trie, other types of digital data structures can be used to organize URL paths into nodes.
- the top or parent node is API
- the second note is profiles, corresponding to the first portions of the path of the URLs in FIG. 6 .
- From the profiles note there are three child nodes, 123 , 234 , and 456 . These correspond to the different sub paths from the “profiles” path portion.
- the child node 123 includes child nodes of view and requests
- the child node 234 includes a child node of view
- the child node of 456 includes a child node of requests.
- APIs may be named from the trie illustrated in FIG. 7 , each of which include replacement type after the node “profiles.” The two named APIs are illustrated in FIG. 8 .
- FIG. 9 is a block diagram of a system for implementing machines that implement the present technology.
- System 900 of FIG. 9 may be implemented in the contexts of the likes of machines that implement client devices 110 - 140 , customer server 150 , API naming server 170 , and data store 180 .
- the computing system 900 of FIG. 9 includes one or more processors 910 and memory 920 .
- Main memory 920 stores, in part, instructions and data for execution by processor 910 .
- Main memory 920 can store the executable code when in operation.
- the system 900 of FIG. 9 further includes a mass storage device 930 , portable storage medium drive(s) 940 , output devices 950 , user input devices 960 , a graphics display 970 , and peripheral devices 980 .
- processor unit 910 and main memory 920 may be connected via a local microprocessor bus, and the mass storage device 930 , peripheral device(s) 980 , portable storage device 940 , and display system 970 may be connected via one or more input/output (I/O) buses.
- I/O input/output
- Mass storage device 930 which may be implemented with a magnetic disk drive, an optical disk drive, a flash drive, or other device, is a non-volatile storage device for storing data and instructions for use by processor unit 910 . Mass storage device 930 can store the system software for implementing embodiments of the present invention for purposes of loading that software into main memory 920 .
- Portable storage device 940 operates in conjunction with a portable non-volatile storage medium, such as a floppy disk, compact disk or Digital video disc, USB drive, memory card or stick, or other portable or removable memory, to input and output data and code to and from the computer system 900 of FIG. 9 .
- a portable non-volatile storage medium such as a floppy disk, compact disk or Digital video disc, USB drive, memory card or stick, or other portable or removable memory
- the system software for implementing embodiments of the present invention may be stored on such a portable medium and input to the computer system 900 via the portable storage device 940 .
- Input devices 960 provide a portion of a user interface.
- Input devices 960 may include an alpha-numeric keypad, such as a keyboard, for inputting alpha-numeric and other information, a pointing device such as a mouse, a trackball, stylus, cursor direction keys, microphone, touch-screen, accelerometer, and other input devices.
- the system 900 as shown in FIG. 9 includes output devices 950 . Examples of suitable output devices include speakers, printers, network interfaces, and monitors.
- Display system 970 may include a liquid crystal display (LCD) or other suitable display device. Display system 970 receives textual and graphical information and processes the information for output to the display device. Display system 970 may also receive input as a touch-screen.
- LCD liquid crystal display
- Peripherals 980 may include any type of computer support device to add additional functionality to the computer system.
- peripheral device(s) 980 may include a modem or a router, printer, and other device.
- the system of 900 may also include, in some implementations, antennas, radio transmitters and radio receivers 990 .
- the antennas and radios may be implemented in devices such as smart phones, tablets, and other devices that may communicate wirelessly.
- the one or more antennas may operate at one or more radio frequencies suitable to send and receive data over cellular networks, Wi-Fi networks, commercial device networks such as a Bluetooth device, and other radio frequency networks.
- the devices may include one or more radio transmitters and receivers for processing signals sent and received using the antennas.
- the components contained in the computer system 900 of FIG. 9 are those typically found in computer systems that may be suitable for use with embodiments of the present invention and are intended to represent a broad category of such computer components that are well known in the art.
- the computer system 900 of FIG. 9 can be a personal computer, handheld computing device, smart phone, mobile computing device, workstation, server, minicomputer, mainframe computer, or any other computing device.
- the computer can also include different bus configurations, networked platforms, multi-processor platforms, etc.
- Various operating systems can be used including Unix, Linux, Windows, Macintosh OS, Android, as well as languages including Java, .NET, C, C++, Node.JS, and other suitable languages.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computational Linguistics (AREA)
- Biomedical Technology (AREA)
- Evolutionary Computation (AREA)
- General Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- Biophysics (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- Information Transfer Between Computers (AREA)
- Debugging And Monitoring (AREA)
- Computer And Data Communications (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
A system generates a number of uniform resource locators as application program interfaces in an intelligent way based on live traffic. Live traffic between a server and multiple users is monitored and intercepted and forwarded to a remote server that processes the traffic. Traffic URLs are processed to build a digital data structure that represents nodes or portions within each URL. For URLs having different nodes at the same hierarchical level that have the same type, the present system may replace those different nodes with a representative node. The representative node replaces the nodes at the same hierarchical level having the same type, but having different values.
Description
- The present application claims the priority benefit of U.S. provisional patent application 63/167,649, filed on Mar. 30, 2021, titled “INTELLIGENT APPLICATION PROTECTION,” the disclosure of which IS incorporated herein by reference.
- When analyzing, tracking, or monitoring a system, it is often important to know the specification of the system, including application program interface (API) specifications. However, when monitoring a new system, the API specification and related data is often unknown. This forces administrators and users working with the system to work with uniform resource locators (URL), and for example associate each URL with a particular API. This results in very large numbers of APIs, which requires a large number of resources to work with. What is needed is an improved method for naming APIs.
- The present technology, roughly described, renames a number of uniform resource locators as application program interfaces in an intelligent way based on live traffic. Live traffic between a server and multiple users is monitored and intercepted by an agent. The agent may be within the customer server, or positioned elsewhere to intercept traffic between users and the server. Intercepted traffic is forwarded to a remote server that processes the traffic.
- Generating API names may be based on nodes in a URL. A URL may be considered to have a domain followed by a path. The path may have one or more portions, wherein each path portion begins with a forward slash. A digital data structure can be generated from a URL, wherein the domain and each path portion can correspond to a node in the digital data structure. For example, for the URL of /server/request/1234, the digital data structure can be considered to have a first node of server, a second note of request, and a third node of 1234. For URLs having matching nodes, the digital data structure represents the matching nodes as a single node. For URLs having nodes that are different, the different nodes may branch out from the previous node in the hierarchy. For example, for the URL of /server/request/123 and a URL of /server/request/234, the digital data structure may have base nodes of /server/request/and to third level notes that branch out from request and consist of 123 and 234.
- Processing includes building a digital data structure, such as a trie, that represents nodes or portions generated from each URL. For URL based nodes at the same hierarchical level that have the same type, the present system may replace those different nodes with a representative node. The representative node replaces the nodes at the same hierarchical level having the same type, but having different values. In some instances, the replacement representative node is provided in response to detecting that specifications associated with the nodes being replaced are related or the same. For example, if the specifications for requests for the nodes have a similar format and specifications for the responses for nodes have a similar format, the nodes may be replaced with a replacement representative node.
- In some instances, a method can generate application program interfaces from uniform resource locator information. The method can include receiving intercepted requests and responses sent to a URL address at the first server by a plurality of remote computing devices. The method continues with building a digital data structure based on the URLs to which the requests and the responses are sent, the digital data structure including a single node for identical portions of URLs located at the same hierarchical position within the digital data structure and including a separate node for different portions of URLs located at the same hierarchical position within the digital data structure, wherein each separate node is associated with a node type and a value. Specification data associated with a plurality of nodes which have the same hierarchical position, the same value type, and a different value can be compared. An API is generated based on two or more of the plurality of nodes which have the same hierarchical position and same value type, the new name based at least in part on the compared specification.
- In some instances, a non-transitory computer readable storage medium has embodied thereon a program that is executable by a processor to perform a method. The method generates application program interfaces from uniform resource locator information. The method can include receiving intercepted requests and responses sent to a URL address at the first server by a plurality of remote computing devices. The method continues with building a digital data structure based on the URLs to which the requests and the responses are sent, the digital data structure including a single node for identical portions of URLs located at the same hierarchical position within the digital data structure and including a separate node for different portions of URLs located at the same hierarchical position within the digital data structure, wherein each separate node is associated with a node type and a value. Specification data associated with a plurality of nodes which have the same hierarchical position, the same value type, and a different value can be compared. An API is generated based on two or more of the plurality of nodes which have the same hierarchical position and same value type, the new name based at least in part on the compared specification.
- In embodiments, a system can include a server, memory and one or more processors. One or more modules may be stored in memory and executed by the processors to receive intercepted requests and responses sent to a URL address at the first server by a plurality of remote computing devices, build a digital data structure based on the URLs to which the requests and the responses are sent, the digital data structure including a single node for identical portions of URLs located at the same hierarchical position within the digital data structure and including a separate node for different portions of URLs located at the same hierarchical position within the digital data structure, wherein each separate node is associated with a node type and a value, compare specification data associated with a plurality of nodes which have the same hierarchical position, the same value type, and a different value, and generate an API based on two or more of the plurality of nodes which have the same hierarchical position and same value type, the new name based at least in part on the compared specification.
-
FIG. 1 is a block diagram of a system for intelligently naming APIs. -
FIG. 2 is a block diagram of an application that intelligently names APIs. -
FIG. 3 is a method for intelligently naming APIs. -
FIG. 4 is a method for building digital data structures from URLs. -
FIG. 5 is a method for determining if digital data structures are associated with matching specifications. -
FIG. 6 illustrates URLs from which an API can be intelligently named. -
FIG. 7 illustrates a representation of a digital data structure. -
FIG. 8 illustrates an intelligently named API based on the URLs ofFIG. 6 . -
FIG. 9 is a block diagram of a system for implementing machines that implement the present technology. - The present system renames a number of uniform resource locators as application program interfaces in an intelligent way based on live traffic. Live traffic between a server and multiple users is monitored and intercepted by an agent. The agent may be within the customer server, or positioned elsewhere to intercept traffic between users and the server. Intercepted traffic is forwarded to a remote server that processes the traffic.
- Generating API names may be based on nodes in a URL. A URL may be considered to have a domain followed by a path. The path may have one or more portions, wherein each path portion begins with a forward slash. A digital data structure can be generated from a URL, wherein the domain and each path portion can correspond to a node in the digital data structure. For example, for the URL of /server/request/1234, the digital data structure can be considered to have a first node of server, a second note of request, and a third node of 1234. For URLs having matching nodes, the digital data structure represents the matching nodes as a single node. For URLs having nodes that are different, the different nodes may branch out from the previous node in the hierarchy. For example, for the URL of /server/request/123 and a URL of /server/request/234, the digital data structure may have base nodes of /server/request/and to third level notes that branch out from request and consist of 123 and 234.
- Processing includes building a digital data structure, such as a trie, that represents nodes or portions generated from each URL. For URL based nodes at the same hierarchical level that have the same type, the present system may replace those different nodes with a representative node. The representative node replaces the nodes at the same hierarchical level having the same type, but having different values. In some instances, the replacement representative node is provided in response to detecting that specifications associated with the nodes being replaced are related or the same. For example, if the specifications for requests for the nodes have a similar format and specifications for the responses for nodes have a similar format, the nodes may be replaced with a replacement representative node.
-
FIG. 1 is a block diagram of a system for intelligently naming (i.e., generating) APIs. The block diagram 100 ofFIG. 1 includes client devices 110-140,customer server 150,network 160,API naming server 170, anddata store 180. - Client devices 110-140 may send requests to and receive responses from
customer server 150. The client devices may be any device which can access the service, network page, webpage, or other content fromcustomer server 150. Client devices 110-140 may send a request tocustomer server 150, andcustomer server 150 may send a response to the devices based on the request. The request may be sent to a particular URL provided bycustomer server 150 in the sponsors may be sent from the same URL or different URLs. Though only for four client devices are shown, any number of client devices may be used to interact withcustomer server 150. -
Customer server 150 may provide a service to client devices 110-140.Agent 152 oncustomer server 150 may monitor the communication betweencustomer server 150 and client devices 110 - 140 and intercept traffic between the server and the devices. Upon intercepting the traffic,agent 152 may forward the traffic toapplication 172 onAPI naming server 170. In some instances, one or more agents may be installed oncustomer server 150, which may be implemented by one or more physical or logical machines. In some instances,server 150 may actually be implemented by multiple servers in different locations, providing a distributed service for devices 110-140. In any case, one ormore agents 152 may be installed to intercept requests and responses sent between devices 110-140 andcustomer server 150 and for those requests and responses toapplication 172 onserver 170. -
Network 140 may include one or more private networks, public networks, intranets, the Internet, an intranet, wide-area networks, local area networks, cellular networks, radio-frequency networks, Wi-Fi networks, any other network which may be used to transmit data, and any combination of these networks. Client devices 110-140,customer server 150,API naming server 170, anddata store 180 may all communicate overnetwork 160. -
API naming server 170 may be implemented as one or more physical or logical machines that provide API naming functionality as described herein. In some instances, API naming server may include one ormore applications 172. Theapplication 172 may be stored on one or moreAPI naming servers 170 and be executed to perform functionality as described herein. API naming server andapplication 172 may both communicate overnetwork 160 anddata store 180. In some instances,data store 180 may include one or more URLs, generated API names, and other data. -
FIG. 2 is a block diagram of an application that intelligently names APIs.Application 172 ofFIG. 2 provides more detail forapplication 172 of the system ofFIG. 1 .Application 172 includes one or more modules, including digital data structure builder to 10,specification analyzer 220,node threshold engine 230, andAPI naming manager 240. - Digital
data structure builder 210 may build a data structure from received URLs atapplication 172. Digital data structure may replace nodes, increment node counters, and otherwise build and manage digital data structures. -
Specification analyzer 220 may analyze specifications related to intercepted URLs. In particular,specification analyzer 220 may access and compare the specification between URL requests, URL responses, and other data associated with a URL. -
Node threshold engine 230 may determine if the number of occurrences of a particular node value and type at a particular position in a node hierarchy has exceeded a threshold associated with a particular node hierarchy position and type. The node threshold engine may maintain a counter, increment a counter, and flag nodes for which the threshold has or has not been exceeded. -
API naming manager 240 may generate an API name based on URL similarity and specification analysis. API naming manager may generate the API name and store the API locally atserver 170 or remotely atdata store 180. -
Application 172 may include more or fewer modules and the listed, and the modules as it may be grouped together or divided into multiple modules to implement the technology described herein. -
FIG. 3 is a method for intelligently naming APIs. The method ofFIG. 3 begins with installing an agent in a customer system to intercept customer traffic atstep 310. Installing the agent may be performed remotely or locally by an admin. The agent may be installed, within the customer server or elsewhere, to intercept traffic between the server and computing devices associated with users of the server. Once installed, the agent may intercept traffic between the customer computing devices and the server. - Live traffic consisting of URL requests and responses sent between computing devices and a server are intercepted at
step 320. In some instances, the computing devices may be associated with customers of the particular server. The request may be intercepted by one or more agents located within a customer server or otherwise positioned to intercept traffic between users of the server, for example from one or more computing devices to the customer servers. In some instances, intercepted traffic includes requests and responses sent to and from URLs supported by the customer server. - URL traffic is forwarded by the agent to the API naming server at
step 330. The URL traffic may include a request, a corresponding response, the URL to which the request and response were sent to and from, and other data. In some instances, the agent may send the data in batches, periodically, or based on an event. - A digital data structure is built from URLs at
step 340. A digital data structure may include nodes generated at least in part from or derived from received URLs. In some instances, the digital data structure may be a trie. In any case, the digital data structure may be built and updated as additional traffic information is received from one or more remote agents. More data for building digital data structures is discussed with respect to the method ofFIG. 4 . - A determination is made as to whether digital data structure nodes at the same level are associated with matching specifications at
step 350. The specifications may be associated with nodes at the same level, and may be specifications related to a node request, response, or some other specification. Determining if digital data structure nodes at the same level in a URL hierarchy are associated with matching specifications is discussed in more detail with respect to the method ofFIG. 5 . - An API is renamed with related digital data structure nodes at the same level at
step 360. Renaming an API with digital data structure nodes that are related may be performed if the digital data structure nodes represent the same type, are the same hierarchical level, and have specifications that match. - An example of APIs that are generated or renamed are illustrated in
FIG. 6 . TheAPIs 600 ofFIG. 6 begin with a path of /api/profiles/. The next path portion in each URL ofFIG. 6 is a number. The path portions after each number include text “view” and “requests.” - The digital data structure constructed from the URLs of
FIG. 6 is displayed inFIG. 7 . The numbers that make up the third node of the digital data structure can be examined to see if they're the same type (e.g., integer, GUID, etc.), and their related specifications match. With respect to the present example ofFIGS. 6-7 , it is presumed that the nodes have specifications that match. In this example, the API names generated from the URLs are those as illustrated inFIG. 8 .FIGS. 6-8 are discussed in more detail below. - After renaming (e.g., generating) the APIs, the renamed APIs may be stored at
step 370. The APIs may be stored locally atAPI naming server 170 or at a remote location, such as for example adata store 180. -
FIG. 4 is a method for building digital data structures from URLs. The method ofFIG. 4 provides more detail forstep 340 of the method ofFIG. 3 . First, a digital data structure is built from the received URLs atstep 410. The digital data structure may be built in any of several ways, including as a trie. A trie may have several nodes, each of which correspond to a portion of a URL path separated by a forward slash. An example of a trie built from a series of URLs is illustrated and discussed in more detail with respect toFIG. 7 . - For nodes within a digital data structure that have the same hierarchical level and type but have different values, a node counter is incremented for the nodes at
step 420. The node counter is used to track how many occurrences of a particular node occur in order to determine if that particular node should be combined to a single node within a named API. - A determination is made as whether the node counter exceeds a threshold for the node type at
step 430. In some instances, the threshold may depend on the type associated with the node. For example, if a node has an integer type, the threshold may be 5, 8, 10, 12, or some other value between 5-25. If a node represents a GUID type, the threshold may also be somewhere between 5-25. If a node represents a string type, the threshold may be much larger, such as for example 100, 200 or even higher. In some instances, a threshold for any type may be as low as 2 or greater than 10,000, depending on design preferences. If the node counter is not exceeded a threshold for a node type atstep 430, the method returns to step 420. If the node counter does exceed the threshold for the node type, then the particular note is flagged for a naming replacement atstep 440. -
FIG. 5 is a method for determining if digital data structures are associated with matching specifications. The method ofFIG. 5 provides more detail forstep 350 of the method ofFIG. 3 . URL requests are accessed for a digital data structure node level that satisfies a threshold atstep 510. These URL requests include requests that were made to the URL by computing devices in communication with the server providing the URL. The access URL request specifications are then compared at step 250. A determination is then made if the request for stations match atstep 530. The request specifications match if they include similar formats in the request header, request body, and other aspects of the request. If the request specifications do not match, then the request may be associated with different URLs, and should not be combined into a single API. In this case, the method ofFIG. 5 continues to step 570 where the digital data structure nodes are determined to not match atstep 570. - If the request specifications match, access URL response specifications are compared at
step 540. The response specifications may be compared to determine if the response header, response body, and other portions of the responses match in content and/or format. If the response specifications match atstep 550, the digital data structure nodes are determined to match atstep 560. If the response specifications do not match atstep 550, it is determined that the digital data structure nodes do not match atstep 570. -
FIG. 6 illustrates URLs from which an API can be intelligently named. The URLs ofFIG. 6 can be provided by a server which receives requests and provides responses to computing devices accessing services provided by the server. The URLs each include a path that contains “/api/profiles/” but have subsequent portions of a path that differ. A digital data structure for the URLs inFIG. 6 is shown inFIG. 7 . -
FIG. 7 illustrates a representation of a digital data structure. Although the digital data structure ofFIG. 7 is a trie, other types of digital data structures can be used to organize URL paths into nodes. In thetrie 700 ofFIG. 7 , the top or parent node is API, and the second note is profiles, corresponding to the first portions of the path of the URLs inFIG. 6 . From the profiles note, there are three child nodes, 123, 234, and 456. These correspond to the different sub paths from the “profiles” path portion. Thechild node 123 includes child nodes of view and requests, thechild node 234 includes a child node of view, and the child node of 456 includes a child node of requests. - Though the values of the child nodes below the child node profile have different numbers, they are all of the same type: integers. As such, they can be combined as a replacement type in a named API. From that replacement type node, the four remaining child nodes have two different values. As such, APIs may be named from the trie illustrated in
FIG. 7 , each of which include replacement type after the node “profiles.” The two named APIs are illustrated inFIG. 8 . -
FIG. 9 is a block diagram of a system for implementing machines that implement the present technology.System 900 ofFIG. 9 may be implemented in the contexts of the likes of machines that implement client devices 110-140,customer server 150,API naming server 170, anddata store 180. Thecomputing system 900 ofFIG. 9 includes one ormore processors 910 andmemory 920.Main memory 920 stores, in part, instructions and data for execution byprocessor 910.Main memory 920 can store the executable code when in operation. Thesystem 900 ofFIG. 9 further includes amass storage device 930, portable storage medium drive(s) 940,output devices 950,user input devices 960, agraphics display 970, andperipheral devices 980. - The components shown in
FIG. 9 are depicted as being connected via asingle bus 990. However, the components may be connected through one or more data transport means. For example,processor unit 910 andmain memory 920 may be connected via a local microprocessor bus, and themass storage device 930, peripheral device(s) 980,portable storage device 940, anddisplay system 970 may be connected via one or more input/output (I/O) buses. -
Mass storage device 930, which may be implemented with a magnetic disk drive, an optical disk drive, a flash drive, or other device, is a non-volatile storage device for storing data and instructions for use byprocessor unit 910.Mass storage device 930 can store the system software for implementing embodiments of the present invention for purposes of loading that software intomain memory 920. -
Portable storage device 940 operates in conjunction with a portable non-volatile storage medium, such as a floppy disk, compact disk or Digital video disc, USB drive, memory card or stick, or other portable or removable memory, to input and output data and code to and from thecomputer system 900 ofFIG. 9 . The system software for implementing embodiments of the present invention may be stored on such a portable medium and input to thecomputer system 900 via theportable storage device 940. -
Input devices 960 provide a portion of a user interface.Input devices 960 may include an alpha-numeric keypad, such as a keyboard, for inputting alpha-numeric and other information, a pointing device such as a mouse, a trackball, stylus, cursor direction keys, microphone, touch-screen, accelerometer, and other input devices. Additionally, thesystem 900 as shown inFIG. 9 includesoutput devices 950. Examples of suitable output devices include speakers, printers, network interfaces, and monitors. -
Display system 970 may include a liquid crystal display (LCD) or other suitable display device.Display system 970 receives textual and graphical information and processes the information for output to the display device.Display system 970 may also receive input as a touch-screen. -
Peripherals 980 may include any type of computer support device to add additional functionality to the computer system. For example, peripheral device(s) 980 may include a modem or a router, printer, and other device. - The system of 900 may also include, in some implementations, antennas, radio transmitters and
radio receivers 990. The antennas and radios may be implemented in devices such as smart phones, tablets, and other devices that may communicate wirelessly. The one or more antennas may operate at one or more radio frequencies suitable to send and receive data over cellular networks, Wi-Fi networks, commercial device networks such as a Bluetooth device, and other radio frequency networks. The devices may include one or more radio transmitters and receivers for processing signals sent and received using the antennas. - The components contained in the
computer system 900 ofFIG. 9 are those typically found in computer systems that may be suitable for use with embodiments of the present invention and are intended to represent a broad category of such computer components that are well known in the art. Thus, thecomputer system 900 ofFIG. 9 can be a personal computer, handheld computing device, smart phone, mobile computing device, workstation, server, minicomputer, mainframe computer, or any other computing device. The computer can also include different bus configurations, networked platforms, multi-processor platforms, etc. Various operating systems can be used including Unix, Linux, Windows, Macintosh OS, Android, as well as languages including Java, .NET, C, C++, Node.JS, and other suitable languages. - The foregoing detailed description of the technology herein has been presented for purposes of illustration and description. It is not intended to be exhaustive or to limit the technology to the precise form disclosed. Many modifications and variations are possible in light of the above teaching. The described embodiments were chosen to best explain the principles of the technology and its practical application to thereby enable others skilled in the art to best utilize the technology in various embodiments and with various modifications as are suited to the particular use contemplated. It is intended that the scope of the technology be defined by the claims appended hereto.
Claims (20)
1. A method for generating application program interfaces (APIs) from uniform resource locator (URL) information, comprising:
receiving intercepted requests and responses sent to a URL address at the first server by a plurality of remote computing devices;
building a digital data structure based on the URLs to which the requests and the responses are sent, the digital data structure including a single node for identical portions of URLs located at the same hierarchical position within the digital data structure and including a separate node for different portions of URLs located at the same hierarchical position within the digital data structure, wherein each separate node is associated with a node type and a value;
comparing specification data associated with a plurality of nodes which have the same hierarchical position, the same value type, and a different value; and
generating an API based on two or more of the plurality of nodes which have the same hierarchical position and same value type, the new name based at least in part on the compared specification.
2. The method of claim 1 , wherein the specification has the same format for each of the two or more of the plurality of nodes which have the same hierarchical position and same value type.
3. The method of claim 1 , wherein the specification data for the plurality of nodes which have the same hierarchical position and the same value type includes a specification for a request sent to a URL associated with the node.
4. The method of claim 1 , wherein the specification data for the plurality of nodes which have the same hierarchical position and the same value type includes a specification for a response sent from a URL associated with the node.
5. The method of claim 1 , wherein the digital data structure is a trie
6. The method of claim 1 , further comprising:
determining if the number of nodes which have the same hierarchical position and the same value type exceed a threshold number of nodes; and
comparing the specification data if the number of nodes exceeds the threshold.
7. The method of claim 6 , wherein the threshold is greater than five nodes having a numerical value type.
8. The method of claim 6 , wherein the threshold is greater than 5 for nodes having a unique identifier type.
9. The method of claim 1 , wherein the requests and responses are intercepted by an agent installed on a first server, the building, comparing and generating performed by an application on a second server in response to the agent transmitting the URL requests and responses to the application.
10. A non-transitory computer readable storage medium having embodied thereon a program, the program being executable by a processor to perform a method for generating application program interfaces (APIs) from uniform resource locator (URL) information, the method comprising:
receiving intercepted requests and responses sent to a URL address at the first server by a plurality of remote computing devices;
building a digital data structure based on the URLs to which the requests and the responses are sent, the digital data structure including a single node for identical portions of URLS located at the same hierarchical position within the digital data structure and including a separate node for different portions of URLs located at the same hierarchical position within the digital data structure, wherein each separate node is associated with a node type and a value;
comparing specification data associated with a plurality of nodes which have the same hierarchical position, the same value type, and a different value; and
generating an API based on two or more of the plurality of nodes which have the same hierarchical position and same value type, the new name based at least in part on the compared specification.
11. The non-transitory computer readable storage medium of claim 10 , wherein the specification has the same format for each of the two or more of the plurality of nodes which have the same hierarchical position and same value type.
12. The non-transitory computer readable storage medium of claim 10 , wherein the specification data for the plurality of nodes which have the same hierarchical position and the same value type includes a specification for a request sent to a URL associated with the node.
13. The non-transitory computer readable storage medium of claim 10 , wherein the specification data for the plurality of nodes which have the same hierarchical position and the same value type includes a specification for a response sent from a URL associated with the node.
14. The non-transitory computer readable storage medium of claim 10 , wherein the digital data structure is a trie.
15. The non-transitory computer readable storage medium of claim 10 , the method further comprising:
determining if the number of nodes which have the same hierarchical position and the same value type exceed a threshold number of nodes; and
comparing the specification data if the number of nodes exceeds the threshold.
16. The non-transitory computer readable storage medium of claim 15 , wherein the threshold is greater than 5 for nodes having a numerical value type.
17. The non-transitory computer readable storage medium of claim 15 , wherein the threshold is greater than 5 for nodes having a unique identifier type.
18. The non-transitory computer readable storage medium of claim 10 , wherein the requests and responses are intercepted by an agent installed on a first server, the building, comparing and generating performed by an application on a second server in response to the agent transmitting the URL requests and responses to the application.
19. A system for generating application program interfaces (APIs) from uniform resource locator (URL) information, comprising:
a server including a memory and a processor; and
one or more modules stored in the memory and executed by the processor to receive intercepted requests and responses sent to a URL address at the first server by a plurality of remote computing devices, build a digital data structure based on the URLs to which the requests and the responses are sent, the digital data structure including a single node for identical portions of URLs located at the same hierarchical position within the digital data structure and including a separate node for different portions of URLs located at the same hierarchical position within the digital data structure, wherein each separate node is associated with a node type and a value, compare specification data associated with a plurality of nodes which have the same hierarchical position, the same value type, and a different value, and generate an API based on two or more of the plurality of nodes which have the same hierarchical position and same value type, the new name based at least in part on the compared specification.
20. The system of claim 19 , wherein the specification has the same format for each of the two or more of the plurality of nodes which have the same hierarchical position and same value type.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US17/339,946 US20220318332A1 (en) | 2021-03-30 | 2021-06-05 | Intelligent naming of application program interfaces |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US202163167649P | 2021-03-30 | 2021-03-30 | |
US17/339,946 US20220318332A1 (en) | 2021-03-30 | 2021-06-05 | Intelligent naming of application program interfaces |
Publications (1)
Publication Number | Publication Date |
---|---|
US20220318332A1 true US20220318332A1 (en) | 2022-10-06 |
Family
ID=83448116
Family Applications (5)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/339,946 Pending US20220318332A1 (en) | 2021-03-30 | 2021-06-05 | Intelligent naming of application program interfaces |
US17/339,949 Pending US20220318081A1 (en) | 2021-03-30 | 2021-06-05 | Automatic generation of an api interface description |
US17/339,951 Pending US20220321587A1 (en) | 2021-03-30 | 2021-06-05 | Automatic anomaly detection based on api sessions |
US17/348,785 Pending US20220318618A1 (en) | 2021-03-30 | 2021-06-16 | Multi-api metric modeling using lstm system |
US17/349,942 Pending US20220318378A1 (en) | 2021-03-30 | 2021-06-17 | Detecting threats based on api service business logic abuse |
Family Applications After (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/339,949 Pending US20220318081A1 (en) | 2021-03-30 | 2021-06-05 | Automatic generation of an api interface description |
US17/339,951 Pending US20220321587A1 (en) | 2021-03-30 | 2021-06-05 | Automatic anomaly detection based on api sessions |
US17/348,785 Pending US20220318618A1 (en) | 2021-03-30 | 2021-06-16 | Multi-api metric modeling using lstm system |
US17/349,942 Pending US20220318378A1 (en) | 2021-03-30 | 2021-06-17 | Detecting threats based on api service business logic abuse |
Country Status (1)
Country | Link |
---|---|
US (5) | US20220318332A1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11921847B1 (en) * | 2023-07-13 | 2024-03-05 | Intuit, Inc. | Detection of abnormal application programming interface (API) sessions including a sequence of API requests using space partitioning data structures |
Citations (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7058633B1 (en) * | 2002-09-09 | 2006-06-06 | Cisco Technology, Inc. | System and method for generalized URL-rewriting |
US20070250624A1 (en) * | 2006-04-24 | 2007-10-25 | B-Hive Networks, Inc. | Method and System for Learning Web Applications |
US20080034424A1 (en) * | 2006-07-20 | 2008-02-07 | Kevin Overcash | System and method of preventing web applications threats |
US20080184340A1 (en) * | 2007-01-30 | 2008-07-31 | Seiko Epson Corporation | Application Execution System, Computer, Application Execution Device, And Control Method And Program For An Application Execution System |
US20100235918A1 (en) * | 2009-03-13 | 2010-09-16 | Rami Mizrahi | Method and Apparatus for Phishing and Leeching Vulnerability Detection |
US20100325588A1 (en) * | 2009-06-22 | 2010-12-23 | Anoop Kandi Reddy | Systems and methods for providing a visualizer for rules of an application firewall |
US20110145930A1 (en) * | 2009-12-14 | 2011-06-16 | International Business Machines Corporation | Method, Program Product and Server for Controlling a Resource Access to an Electronic Resource Stored Within a Protected Data |
US20150180745A1 (en) * | 2013-12-20 | 2015-06-25 | Netapp, Inc. | System, Method and Computer program Product for Accessing Hierarchical Nodes in Information Associated with Computer System Infrastructure and Assets |
US20160057107A1 (en) * | 2014-08-22 | 2016-02-25 | Shape Security, Inc. | Application programming interface wall |
US9667704B1 (en) * | 2014-04-26 | 2017-05-30 | Google Inc. | System and method for classifying API requests in API processing systems using a tree configuration |
US20170337052A1 (en) * | 2016-05-17 | 2017-11-23 | Dropbox, Inc. | Interface description language for application programming interfaces |
US20180121320A1 (en) * | 2016-10-31 | 2018-05-03 | International Business Machines Corporation | Analysis to check web api code usage and specification |
US20180196643A1 (en) * | 2017-01-10 | 2018-07-12 | International Business Machines Corporation | Generating web api specification from online documentation |
US20180314622A1 (en) * | 2017-04-26 | 2018-11-01 | Jpmorgan Chase Bank, N.A. | System and method for implementing an api validator tool |
US20180357154A1 (en) * | 2017-06-12 | 2018-12-13 | International Business Machines Corporation | Automatically Running Tests Against WEB APIs Based on Specifications |
US20190196890A1 (en) * | 2017-12-22 | 2019-06-27 | MuleSoft, Inc. | Api query |
US20190196811A1 (en) * | 2017-12-21 | 2019-06-27 | Fujitsu Limited | Api specification generation |
US20190213326A1 (en) * | 2018-01-11 | 2019-07-11 | ArecaBay, Inc. | Self-adaptive application programming interface level security monitoring |
US10747505B1 (en) * | 2019-05-17 | 2020-08-18 | Google Llc | API specification generation |
US20200301760A1 (en) * | 2019-03-19 | 2020-09-24 | Honeywell International Inc. | Methods and systems for generating and recommending api mashups |
US20200326913A1 (en) * | 2019-04-10 | 2020-10-15 | International Business Machines Corporation | Probabilistic Matching of Web Application Program Interface Code Usage to Specifications |
US10873618B1 (en) * | 2020-01-07 | 2020-12-22 | Volterra, Inc. | System and method to dynamically generate a set of API endpoints |
US10917401B1 (en) * | 2020-03-24 | 2021-02-09 | Imperva, Inc. | Data leakage prevention over application programming interface |
US20210211486A1 (en) * | 2020-01-07 | 2021-07-08 | Volterra, Inc. | System and method for generating api schemas for networked services |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6226408B1 (en) * | 1999-01-29 | 2001-05-01 | Hnc Software, Inc. | Unsupervised identification of nonlinear data cluster in multidimensional data |
US9781148B2 (en) * | 2008-10-21 | 2017-10-03 | Lookout, Inc. | Methods and systems for sharing risk responses between collections of mobile communications devices |
BR112014005119A2 (en) * | 2011-09-09 | 2017-04-18 | Hewlett Packard Development Co Lp | event evaluation method, event evaluation system and non-transient computer readable media |
US9699205B2 (en) * | 2015-08-31 | 2017-07-04 | Splunk Inc. | Network security system |
EP3423980A4 (en) * | 2016-02-29 | 2019-10-16 | Palo Alto Networks, Inc. | Automatically grouping malware based on artifacts |
US10360082B2 (en) * | 2017-01-19 | 2019-07-23 | International Business Machines Corporation | Analysis of application programming interface usage for improving a computer system |
EP3408965B1 (en) * | 2017-03-03 | 2020-08-19 | Google LLC | Systems and methods for establishing a link between identifiers without disclosing specific identifying information |
US11258815B2 (en) * | 2018-07-24 | 2022-02-22 | Wallarm, Inc. | AI-based system for accurate detection and identification of L7 threats |
SG10201806602VA (en) * | 2018-08-02 | 2020-03-30 | Mastercard International Inc | Methods and systems for identification of breach attempts in a client-server communication using access tokens |
US11157816B2 (en) * | 2018-10-17 | 2021-10-26 | Capital One Services, Llc | Systems and methods for selecting and generating log parsers using neural networks |
US11831420B2 (en) * | 2019-11-18 | 2023-11-28 | F5, Inc. | Network application firewall |
US11265342B2 (en) * | 2020-07-02 | 2022-03-01 | Qualys, Inc. | Rest api scanning for security testing |
-
2021
- 2021-06-05 US US17/339,946 patent/US20220318332A1/en active Pending
- 2021-06-05 US US17/339,949 patent/US20220318081A1/en active Pending
- 2021-06-05 US US17/339,951 patent/US20220321587A1/en active Pending
- 2021-06-16 US US17/348,785 patent/US20220318618A1/en active Pending
- 2021-06-17 US US17/349,942 patent/US20220318378A1/en active Pending
Patent Citations (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7058633B1 (en) * | 2002-09-09 | 2006-06-06 | Cisco Technology, Inc. | System and method for generalized URL-rewriting |
US20070250624A1 (en) * | 2006-04-24 | 2007-10-25 | B-Hive Networks, Inc. | Method and System for Learning Web Applications |
US20080034424A1 (en) * | 2006-07-20 | 2008-02-07 | Kevin Overcash | System and method of preventing web applications threats |
US20080184340A1 (en) * | 2007-01-30 | 2008-07-31 | Seiko Epson Corporation | Application Execution System, Computer, Application Execution Device, And Control Method And Program For An Application Execution System |
US20100235918A1 (en) * | 2009-03-13 | 2010-09-16 | Rami Mizrahi | Method and Apparatus for Phishing and Leeching Vulnerability Detection |
US20100325588A1 (en) * | 2009-06-22 | 2010-12-23 | Anoop Kandi Reddy | Systems and methods for providing a visualizer for rules of an application firewall |
US9215212B2 (en) * | 2009-06-22 | 2015-12-15 | Citrix Systems, Inc. | Systems and methods for providing a visualizer for rules of an application firewall |
US20110145930A1 (en) * | 2009-12-14 | 2011-06-16 | International Business Machines Corporation | Method, Program Product and Server for Controlling a Resource Access to an Electronic Resource Stored Within a Protected Data |
US20150180745A1 (en) * | 2013-12-20 | 2015-06-25 | Netapp, Inc. | System, Method and Computer program Product for Accessing Hierarchical Nodes in Information Associated with Computer System Infrastructure and Assets |
US9667704B1 (en) * | 2014-04-26 | 2017-05-30 | Google Inc. | System and method for classifying API requests in API processing systems using a tree configuration |
US20160057107A1 (en) * | 2014-08-22 | 2016-02-25 | Shape Security, Inc. | Application programming interface wall |
US20170337052A1 (en) * | 2016-05-17 | 2017-11-23 | Dropbox, Inc. | Interface description language for application programming interfaces |
US20180121320A1 (en) * | 2016-10-31 | 2018-05-03 | International Business Machines Corporation | Analysis to check web api code usage and specification |
US20180196643A1 (en) * | 2017-01-10 | 2018-07-12 | International Business Machines Corporation | Generating web api specification from online documentation |
US20180314622A1 (en) * | 2017-04-26 | 2018-11-01 | Jpmorgan Chase Bank, N.A. | System and method for implementing an api validator tool |
US20180357154A1 (en) * | 2017-06-12 | 2018-12-13 | International Business Machines Corporation | Automatically Running Tests Against WEB APIs Based on Specifications |
US20190196811A1 (en) * | 2017-12-21 | 2019-06-27 | Fujitsu Limited | Api specification generation |
US20190196890A1 (en) * | 2017-12-22 | 2019-06-27 | MuleSoft, Inc. | Api query |
US20190213326A1 (en) * | 2018-01-11 | 2019-07-11 | ArecaBay, Inc. | Self-adaptive application programming interface level security monitoring |
US20200301760A1 (en) * | 2019-03-19 | 2020-09-24 | Honeywell International Inc. | Methods and systems for generating and recommending api mashups |
US20200326913A1 (en) * | 2019-04-10 | 2020-10-15 | International Business Machines Corporation | Probabilistic Matching of Web Application Program Interface Code Usage to Specifications |
US10747505B1 (en) * | 2019-05-17 | 2020-08-18 | Google Llc | API specification generation |
US20200364033A1 (en) * | 2019-05-17 | 2020-11-19 | Google Llc | API Specification Generation |
US10873618B1 (en) * | 2020-01-07 | 2020-12-22 | Volterra, Inc. | System and method to dynamically generate a set of API endpoints |
US20210211486A1 (en) * | 2020-01-07 | 2021-07-08 | Volterra, Inc. | System and method for generating api schemas for networked services |
US10917401B1 (en) * | 2020-03-24 | 2021-02-09 | Imperva, Inc. | Data leakage prevention over application programming interface |
Also Published As
Publication number | Publication date |
---|---|
US20220318081A1 (en) | 2022-10-06 |
US20220321587A1 (en) | 2022-10-06 |
US20220318378A1 (en) | 2022-10-06 |
US20220318618A1 (en) | 2022-10-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11934417B2 (en) | Dynamically monitoring an information technology networked entity | |
US10713108B2 (en) | Computing system issue detection and resolution | |
US8005943B2 (en) | Performance monitoring of network applications | |
EP3399415B1 (en) | Computing resource identification | |
JP2018522317A (en) | Software development and distributed platform | |
CN110602270B (en) | Domain name resolution method and device, computer equipment and storage medium | |
US10565372B1 (en) | Subscription-based multi-tenant threat intelligence service | |
KR102504075B1 (en) | Matching and attributes of user device events | |
CN110109840A (en) | Code audit method, audit device and the medium compared based on version number | |
US20160224400A1 (en) | Automatic root cause analysis for distributed business transaction | |
US9535666B2 (en) | Dynamic agent delivery | |
US10754830B2 (en) | Activity information schema discovery and schema change detection and notification | |
US20190258564A1 (en) | Service regression detection using real-time anomaly detection of application performance metrics | |
US10775751B2 (en) | Automatic generation of regular expression based on log line data | |
US7284037B2 (en) | Survey method | |
US11086919B2 (en) | Service regression detection using real-time anomaly detection of log data | |
US10291492B2 (en) | Systems and methods for discovering sources of online content | |
US20220318332A1 (en) | Intelligent naming of application program interfaces | |
US20170222893A1 (en) | Distributed Business Transaction Path Network Metrics | |
US20160125060A1 (en) | Asynchronous processing time metrics | |
US20210304102A1 (en) | Automatically allocating network infrastructure resource usage with key performance indicator | |
US20230224314A1 (en) | Session based anomaly dectection | |
US20220245470A1 (en) | Automatically generating an application knowledge graph | |
CN111368039B (en) | Data management system | |
CN115496544A (en) | Data processing method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |