Explore the vast range of titles available.

Internet of Things (IoT) devices are embedded with software, electronics, and sensors, and feature connectivity with constrained resources. They require the edge computing paradigm, with modular characteristics relying on microservices, to provide an extensible and lightweight computing framework at the edge of the network. Edge computing can relieve the burden of centralized cloud computing by performing certain operations, such as data storage and task computation, at the edge of the network. Despite the benefits of edge computing, it can lead to many challenges in terms of security and privacy issues. Thus, services that protect privacy and secure data are essential functions in edge computing. For example, the end user’s ownership and privacy information and control are separated, which can easily lead to data leakage, unauthorized data manipulation, and other data security concerns. Thus, the confidentiality and integrity of the data cannot be guaranteed and, so, more secure authentication and access mechanisms are required to ensure that the microservices are exposed only to authorized users. In this paper, we propose a microservice security agent to integrate the edge computing platform with the API gateway technology for presenting a secure authentication mechanism. The aim of this platform is to afford edge computing clients a practical application which provides user authentication and allows JSON Web Token (JWT)-based secure access to the services of edge computing. To integrate the edge computing platform with the API gateway, we implement a microservice security agent based on the open-source Kong in the EdgeX Foundry framework. Also to provide an easy-to-use approach with Kong, we implement REST APIs for generating new consumers, registering services, configuring access controls. Finally, the usability of the proposed approach is demonstrated by evaluating the round trip time (RTT). The results demonstrate the efficiency of the system and its suitability for real-world applications.

In the rapidly evolving API Economy, quality of API management software has become a critical concern. This work analyzed the API management industry with a particular focus on the metrics available for various API Gateway products. The primary artifact is a catalog with 59 metrics, compiled from global industry reports and technical documentation of 68 leading API Gateway products. The Design Science Research (DSR) approach was adopted to design the catalog, and metrics were categorized based on clear definitions in recent scientific literature. Secondly, a quantitative analysis method was proposed and systematically performed. Findings indicate that the metrics mainly focus on latency, response time, API performance, error capturing, and traffic monitoring. Features such as caching, resource utilization, and system health were scarcely addressed by the examined products. The proposed artifacts provide an objective foundation for a deeper understanding of API Management software quality, and lay the groundwork for future research. En la Economía de las API, la calidad del software de administración de API se ha convertido en una preocupación crítica. Este trabajo analizó productos de administración de API con un enfoque particular en las métricas disponibles en productos API Gateway. Se obtuvo un catálogo de 59 métricas, compiladas y categorizadas a partir de la literatura vigente, reportes globales y documentación técnica de 68 API Gateways. Se adoptó el enfoque Design Science Research (DSR) para el diseño. Adicionalmente, se propuso y se implementó un método de análisis cuantitativo. Los hallazgos indican que las métricas se centran principalmente en latencia, tiempo de respuesta, rendimiento, captura de errores y monitoreo del tráfico. Características como almacenamiento en caché, utilización de recursos y estado del sistema fueron escasamente abordadas. Los artefactos propuestos proporcionan una base objetiva para comprender más profundamente la calidad del software de administración de API, y sientan bases para futuras investigaciones.

Aiming at the lack of dynamic and comprehensiveness of trust evaluation methods in current adjudication algorithms, an adjudication algorithm for mimic API gateway based on trust distribution is proposed. The algorithm comprehensively considers the direct and indirect trust relationships between equipment executives from the perspective of trust distribution, and on this basis introduces a dynamic penalty strategy, which greatly improves the dynamics and effectiveness of the algorithm. In addition, the algorithm is simulated and tested in the simulated API gateway environment, and the simulation results show that the proposed algorithm has significantly improved the reliability and security of trust evaluation compared with the previous adjudication algorithms.

After decades of advances, mainly theoretical, in recent years quantum computing has begun to show its first practical applications. This new and revolutionary technology aims to enhance essential areas such as cybersecurity, financial services, or medicine. The growth of this technology has encouraged different research centers and big companies such as IBM, Amazon, and Google to dedicate considerable efforts to developing new technologies that bring quantum computing to the market. However, these technologies are not yet mature and create a significant vendor lock-in problem. Therefore, new tools are needed that facilitate access to this technology and that allow developers to increase the abstraction level at which they work. Given that the integration of quantum software should not be very different from that of classical services, we can take advantage of the knowledge acquired and use current techniques of service-oriented computing. In this work, we have carried out a technical comparison between different quantum computing service providers using a case study, by performing empirical tests based on the Travelling Salesman Problem. This study highlights the differences between the main providers. To address these differences and reduce the vendor lock-in effect, we propose an extension of the Quantum API Gateway to support the different providers and the casuistry that each one presents. This would allow programmers to deploy quantum code without vendor-specific knowledge of the major providers, which would facilitate access and simplify the development of quantum applications.

This paper proposes a technological framework designed to mitigate the inherent risks associated with the deployment of artificial intelligence (AI) in decision-making and task execution within the management processes. The Agreement Validation Interface (AVI) functions as a modular Application Programming Interface (API) Gateway positioned between user applications and LLMs. This gateway architecture is designed to be LLM-agnostic, meaning it can operate with various underlying LLMs without requiring specific modifications for each model. This universality is achieved by standardizing the interface for requests and responses and applying a consistent set of validation and enhancement processes irrespective of the chosen LLM provider, thus offering a consistent governance layer across a diverse LLM ecosystem. AVI facilitates the orchestration of multiple AI subcomponents for input–output validation, response evaluation, and contextual reasoning, thereby enabling real-time, bidirectional filtering of user interactions. A proof-of-concept (PoC) implementation of AVI was developed and rigorously evaluated using industry-standard benchmarks. The system was tested for its effectiveness in mitigating adversarial prompts, reducing toxic outputs, detecting personally identifiable information (PII), and enhancing factual consistency. The results demonstrated that AVI reduced successful fast injection attacks by 82%, decreased toxic content generation by 75%, and achieved high PII detection performance (F1-score ≈ 0.95). Furthermore, the contextual reasoning module significantly improved the neutrality and factual validity of model outputs. Although the integration of AVI introduced a moderate increase in latency, the overall framework effectively enhanced the reliability, safety, and interpretability of LLM-driven applications. AVI provides a scalable and adaptable architectural template for the responsible deployment of generative AI in high-stakes domains such as finance, healthcare, and education, promoting safer and more ethical use of AI technologies.

Today, more and more geospatial services are provided by the governments and enterprises to share various geographic information data and functions, and services-based application integration has become a trend. However, many problems existed in the geo-platform for Geographic information sharing while providing services in the form of API, such as the coexistence of different versions of the same service, similar service routes of different APIs, cluttered service protocols, and complex authority management, that makes the integration among different geographic information services difficult and reduces the development efficiency. There are already some API gateway technologies to solve the problem, but the characteristics of geospatial services are not considered in the existing product. To address these problems, this paper proposed a high-currency geospatial service gateway system for National Geo-Information Service Platform based on the opensource framework of Kong for realizing the unified management and authorized open. The system provides the whole lifecycle management and fine-grained control for the service, and the functions such as unified geospatial service access, protocol conversion, service management, authorization verification, rate limiting, and security protection are also equipped. The system has been released and integrated in the National Geo-Information Service Platform, supporting hundreds of millions of service invocation every day. The result proves it simplifies geospatial services management, deployment, and application, and benefits the exchanging and sharing of geographic information.

Regression testing is required in each development iteration of microservice systems. Test case prioritization, which improves the fault detection rate by optimizing the execution order of test cases, is one of the main techniques to optimize regression testing. Existing test case prioritization techniques mainly rely on artifacts such as codes and system models, which are limited to microservice systems with service autonomy, development method diversity, and large service scale. This paper proposes a test case prioritization approach based on service ranking referred to as TCP-SR. TCP-SR ranks the services based on API gateway logs. The weights of test cases are calculated with the result of service ranking, which could be used to order test cases with single-objective and multi-objective strategies. To evaluate the effectiveness of TCP-SR, the empirical study based on four microservice systems is presented. The results show that the fault detection rate of TCP-SR is almost twice as high as that of the random prioritization technique, and almost the same as the prioritization technique based on WS-BPEL but requires much less prioritization time cost.

Geospatial web services adhering to OGC (Open Geospatial Consortium) and OSGeo (Open Source Geospatial Foundation) standards are widely used for distributing raster and vector geospatial data on the web. These standards ensure interoperability across various desktop and web GIS platforms, making geospatial web services increasingly accessible. However, the ease with which these services can be anonymously accessed and disseminated raises concerns about protecting them from unauthorized use, particularly when data providers intend to share sensitive information with specific individuals or groups. Consequently, there is a growing need for implementing AAA (Authentication, Authorization, and Accountability) measures to ensure secure and legitimate usage of geospatial web services. Traditional approaches for implementing AAA measures typically rely on Web Servers/Reverse Proxy Servers or open-source software like GeoServer, MapServer, and Mapnik. However, these approaches face limitations in supporting diverse AAA methods, which pose challenges in terms of implementation, usability, scalability, and resource intensity. Additionally, their dependence on geospatial web service generation and dissemination software adds significant complexity, particularly when services are distributed through various Map Servers or Web Servers. To address these constraints, this paper proposes a generic architecture that leverages state-of-the-art open-source API Gateway technology. This architecture facilitates the implementation of widely adopted industry-standard AAA methods for WMS (Web Map Service) and TMS (Tile Map Service) standards. It represents a novel approach by operating independently from geospatial web service generation and dissemination software while effectively implementing AAA measures.

The Internet of Things (IoT) is a remarkable data producer and these data may be used to prevent or detect security vulnerabilities and increase productivity by the adoption of statistical and Artificial Intelligence (AI) techniques. However, these desirable benefits are gained if data from IoT networks are dependable—this is where blockchain comes into play. In fact, through blockchain, critical IoT data may be trusted, i.e., considered valid for any subsequent processing. A simple formal model named “the Mirror Model” is proposed to connect IoT data organized in traditional models to assets of trust in a blockchain. The Mirror Model sets some formal conditions to produce trusted data that remain trusted over time. A possible practical implementation of an application programming interface (API) is proposed, which keeps the data and the trust model in synch. Finally, it is noted that the Mirror Model enforces a top-down approach from reality to implementation instead of going the opposite way as it is now the practice when referring to blockchain and the IoT.