Developer Channel Compliance

摘要

Novel tools and techniques might provide for implementing application programming interface (“API”) use compliance, and, in some cases, by implementing application auditing for API use compliance within virtual environments in which target APIs are executed. In some embodiments, a method might comprise identifying misuse of an application programming interface (“API”) that is used in a developer channel, by intercepting data streams between the API and one or more computing systems, parsing the intercepted data streams, and determining whether the API is use non-compliant, based at least in part on identifying use non-compliant characteristics in the parsed data streams.

主权项

1. A method for automatically auditing a developer channel for use compliance, comprising:
identifying, with a first computer, a target application (“app”) in an on-line app store that may be non-compliant in terms of use of an application programming interface (“API”); downloading and installing, with a test device, the target app on the test device; establishing a virtual environment in a network to which the test device is connected, the virtual environment being configured to simulate replication of a validation process for the target app and to forward validation requests to a second computer associated with a service provider that owns the API (“API owner”); surveying, with the virtual environment, at least one flow of information to or from the target app via the API; generating a unique identifier (“unique ID”) for the target app; testing, with the test device, the target app; transmitting, with the test device, data to a client-side server; capturing the one or more data streams travelling both ways between the test device and the client-side server while the data is being transmitted from the test device to the client-side server; storing, in a database in or communicatively coupled with the virtual environment, at least one of the captured one or more data streams or a log of the captured one or more data streams; and generating and validating one or more certificate of authority requests required by the client-side server.