Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
The instant application having Application No. 16/779,550 filed on 1/31/2020 is presented for examination.

Examiner Notes
Examiner cites particular columns and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.

Drawings
The applicant’s drawings submitted are acceptable for examination purposes.

Authorization for Internet Communications
The examiner encourages Applicant to submit an authorization to communicate with the examiner via the Internet by making the following statement (from MPEP 502.03):
“Recognizing that Internet communications are not secure, I hereby authorize the USPTO to communicate with the undersigned and practitioners in accordance with 37 CFR 1.33 and 37 CFR 1.34 concerning any subject matter of this application by video conferencing, instant messaging, or electronic mail. I understand that a copy of these communications will be made of record in the application file.”

Please note that the above statement can only be submitted via Central Fax, Regular postal mail, or EFS Web.

Information Disclosure Statement
As required by M.P.E.P. 609, the applicant’s submissions of the Information Disclosure Statement dated 1/31/2020 is acknowledged by the examiner and the cited references have been considered in the examination of the claims now pending.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-7, 11-16, 18 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Vittal (US 2020/0366697) in view of “An Introduction to APIs” by Brian Cooksey (cited in IDS).

As per claim 1, Vittal discloses a method, comprising:
receiving, by an application programming interface (API) gateway (Fig. 1A, Appliance Gateway 200), an API request which comprises a given API endpoint to access a target service of a computing system (Paragraph 5 “receives one or more requests from one or more microservices to access the API of the microservice”);
determining, by the API gateway, if the received API request is valid (Paragraph 5 “The device determines, responsive to the policy, that at least one request is from a microservice not allowed to access the API.”); and
responsive to determining that the received API request is valid (Paragraph 6 “The method may include the device identifying a request to access the API of the microservice from a second microservice as allowed, responsive to the policy. The method may include the device forwarding the second allowed request to the microservice.”);
accessing, by the API gateway, at least one API counter associated with the given API endpoint of the received API request, wherein the at least one API counter is configured to count a number of times that the given API endpoint is accessed (Paragraph 45 “The monitoring agents 120 and 197 may monitor, measure, collect, and/or analyze data on a predetermined frequency, based upon an occurrence of given event(s), or in real time during operation of network environment 100. The monitoring agents may monitor resource consumption and/or performance of hardware, software, and/or communications resources of clients 102, networks 104, appliances 200 and/or 205, and/or servers 106. For example, network connections such as a transport layer connection, network latency, bandwidth utilization, end-user response times, application usage and performance, session connections to an application, cache usage, memory usage, processor usage, storage usage, database transactions, client and/or server utilization, active users, duration of user activity, application crashes, errors, or hangs, the time required to log-in to an application, a server, or the application delivery system, and/or other performance conditions and metrics may be monitored.”);
routing, by the API gateway, the API request to the target service for execution (Paragraph 6 “The method may include the device forwarding the second allowed request to the microservice.”).

Vittal does not expressly disclose incrementing a count of the at least one API counter by one. Vitall does disclose that “monitoring agents” which collect “performance conditions and metrics may be monitored” in paragraph 45.
In light of Cooksey, the claimed limitation of incrementing a count of the at least one API counter by one would have been obvious to one of ordinary skill in the art. For example, Cooksey discloses that APIs are to send requests from clients to servers. Page 12. In order to keep track of the number of requests, the “monitoring agents” of Vital could count the number of requests sent from clients to servers. 
Therefore it would have been obvious to one of ordinary skill in the art at the time of the invention to modify the method of Vittal to include the teachings of Cooksey because it provides for the purpose of monitoring usage of API requests. In this way, data analytics can be captured for each specific API request which allow for further optimization of the service being rendered.

As per claim 2, Vittal in view of Cooksey further discloses wherein accessing the at least one API counter comprises accessing, by the API gateway, a set of API counters associated with the given API endpoint, wherein the set of API counters comprises a first counter that is configured to count the number times that the base API endpoint of the given API endpoint is accessed, and 
at least a second counter that is configured to count a number of times that a variation of the base API endpoint is accessed.
As discussed above, Vital does not specifically disclose the claimed first and second counter. However, Vital discloses that all aspects of the API system may be monitored (Paragraph 45 “The monitoring agents 120 and 197 may monitor, measure, collect, and/or analyze data on a predetermined frequency, based upon an occurrence of given event(s), or in real time during operation of network environment 100. The monitoring agents may monitor resource consumption and/or performance of hardware, software, and/or communications resources of clients 102, networks 104, appliances 200 and/or 205, and/or servers 106. For example, network connections such as a transport layer connection, network latency, bandwidth utilization, end-user response times, application usage and performance, session connections to an application, cache usage, memory usage, processor usage, storage usage, database transactions, client and/or server utilization, active users, duration of user activity, application crashes, errors, or hangs, the time required to log-in to an application, a server, or the application delivery system, and/or other performance conditions and metrics may be monitored.”).
Cooksey discloses “endpoints” in page 48.
As such, the combination of Vittal which shows that all aspects of the API system can be monitored and Cooksey disclosing endpoints meets the claimed limitations.
Therefore it would have been obvious to one of ordinary skill in the art at the time of the invention to modify the method of Vittal to include the teachings of Cooksey because it provides for the purpose of monitoring usage of API requests. In this way, data analytics can be captured for each specific API request which allow for further optimization of the service being rendered.

As per claim 3, Vittal in view of Cooksey further discloses wherein the variation of the base API endpoint comprises the base API endpoint with an added header parameter (Cooksey page 31),
wherein the second counter is configured to count of number of times that the base API endpoint with the added header parameter is accessed (Vittal, paragraph 45 and Cooksey, paragraph 31).
Therefore it would have been obvious to one of ordinary skill in the art at the time of the invention to modify the method of Vittal to include the teachings of Cooksey because it provides for the purpose of monitoring usage of API requests. In this way, data analytics can be captured for each specific API request which allow for further optimization of the service being rendered.

As per claim 4, Vittal further discloses wherein the variation of the base API endpoint comprises the base API endpoint with a non-default method, wherein the second counter is configured to count of number of times that the base API endpoint with the non-default method is accessed (Vittal, paragraph 45 and Cooksey, paragraph 31).
Therefore it would have been obvious to one of ordinary skill in the art at the time of the invention to modify the method of Vittal to include the teachings of Cooksey because it provides for the purpose of monitoring usage of API requests. In this way, data analytics can be captured for each specific API request which allow for further optimization of the service being rendered.

As per claim 5, Vittal in view of Cooksey discloses wherein the variation of the base API endpoint comprises the base API endpoint with an added query parameter, wherein the second counter is configured to count of number of times that the base API endpoint with the added query parameter is accessed (Vittal, paragraph 45 and Cooksey, paragraph 31).
Therefore it would have been obvious to one of ordinary skill in the art at the time of the invention to modify the method of Vittal to include the teachings of Cooksey because it provides for the purpose of monitoring usage of API requests. In this way, data analytics can be captured for each specific API request which allow for further optimization of the service being rendered.

As per claim 6, Vittal in view of Cooksey discloses wherein the variation of the base API endpoint comprises the base API endpoint with an added path parameter, wherein the second counter is configured to count of number of times that the base API endpoint with the added path parameter is accessed (Vittal, paragraph 45 and Cooksey, paragraph 31).
Therefore it would have been obvious to one of ordinary skill in the art at the time of the invention to modify the method of Vittal to include the teachings of Cooksey because it provides for the purpose of monitoring usage of API requests. In this way, data analytics can be captured for each specific API request which allow for further optimization of the service being rendered.

As per claim 7, Vittal further discloses wherein determining, by the API gateway, if the received API request is valid, comprises comparing the received API request to a whitelist of permitted API requests associated with API endpoints of registered microservices of the computing system (Abstract “The systems and methods allow API granular policy control to determine which APIs may be granted or denies access based on a variety of criteria, such as but not limited to the source of the request, the specific API being called, temporal conditions, geography and so forth.”).

As per claim 11, it is an article claim having similar limitations as cited in claim 1 and is thus rejected under the same rationale.

As per claim 12, it is an article claim having similar limitations as cited in claim 2 and is thus rejected under the same rationale.

As per claim 13, it is an article claim having similar limitations as cited in claim 3 and is thus rejected under the same rationale.

As per claim 14, it is an article claim having similar limitations as cited in claim 4 and is thus rejected under the same rationale.

As per claim 15, it is an article claim having similar limitations as cited in claim 5 and is thus rejected under the same rationale.

As per claim 16, it is an article claim having similar limitations as cited in claim 6 and is thus rejected under the same rationale.

As per claim 18, it is a server claim having similar limitations as cited in claim 1 and is thus rejected under the same rationale.

As per claim 19, it is a server claim having similar limitations as cited in claim 2 and is thus rejected under the same rationale.

Allowable Subject Matter
Claims 8-10, 17 and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:  
The prior art does not expressly disclose or make obvious the following features:
Claim 8:
wherein accessing, by the API gateway, at least one API counter associated with the given API endpoint of the received API request comprises:
determining, by the API gateway, a counter group associated with an entity that issued the API request; and
accessing, by the API gateway, the at least one API counter associated with the given API endpoint of the received API request, which is included in the determined counter group.

Claim 9: 
wherein the counter group is associated with an automation test performed by a system integration testing tool.

Claim 10:
The method of claim 8, wherein the counter group is associated with a registered end-user of the computing system.

Claim 17:
wherein accessing, by the API gateway, at least one API counter associated with the given API endpoint of the received API request comprises:
determining, by the API gateway, a counter group associated with an entity that issued the API request; and
accessing, by the API gateway, the at least one API counter associated with the given API
endpoint of the received API request, which is included in the determined counter group;
wherein the counter group is associated with one of (i) an automation test performed by a system integration testing tool and (ii) a registered end-user of the computing system.

Claim 20:
wherein in accessing the at least one API counter, the API gateway is configured to:
determine a counter group associated with an entity that issued the API request; and
access the at least one API counter associated with the given API endpoint of the received API request, which is included in the determined counter group;
wherein the counter group is associated with one of (i) an automation test performed by a
system integration testing tool and (ii) a registered end-user of the computing system.

For example, Vittal discloses a tool for identifying security issues and applying security policies to the service(s) and/or microservices. Rather than a user (such as an administrator) reactively diagnosing security incidents, the systems and methods described herein may provide a tool by which the user can proactively monitor the use of the services and microservices for security issues and control the user of such microservices and services via policies. The systems and methods allow API granular policy control to determine which APIs may be granted or denies access based on a variety of criteria, such as but not limited to the source of the request, the specific API being called, temporal conditions, geography and so forth. The user can identify security concerns or issues on a per API basis, but does not expressly disclose the above claimed features.
For example, Cooksey discloses an Introduction to APIs explaining the various key components and operations of a basic API, but does not expressly disclose the above claimed features.
For example, dos Santos Silva (US 202/0401336) discloses dynamic API allocation based on data-tagging is provided. Data that is stored in a local system is parsed and normalized. One or more highly used fields is identified and tagged. A counter corresponding to each highly used field is incremented upon each reference. Upon exceeding a threshold, data is migrated to object storage. An index is created for each highly used field. A bi-directional pipeline is created between the local system and the cloud-based system. The data structure is created in object storage in the cloud-based system. Data is dynamically migrated through the pipeline from the local system to cloud-based object storage. Cloud-based system sends an API endpoint to local system. Future data accesses to local data are redirected to object storage using the API endpoint. Local system continues monitoring data utilization. Upon utilization dropping below a threshold, data accesses are redirected to local system, using the local pointer, but does not expressly disclose the above claimed limitations. 
For example, Kumar (US 2019/0384691) discloses providing an enterprise synthetic monitoring framework, wherein the enterprise synthetic monitoring framework is configured to provide exhaustive end-to-end monitoring for a variety of applications and workflows including those that are browser and non-browser based, those that are implemented on mobile devices, and those that are implemented utilizing native protocols, but does not expressly disclose the above claimed limitations.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TIMOTHY A MUDRICK whose telephone number is (571)270-3374. The examiner can normally be reached 9am-5pm Central Time.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Dennis Chow can be reached on (571) 272-7767. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/TIMOTHY A MUDRICK/Primary Examiner, Art Unit 2194                                                                                                                                                                                                        8/11/2022