Producing secure software is challenging. The poor usability
of security Application Programming Interfaces (APIs) makes this even
harder. Many recommendations have been proposed to support developers
by improving the usability of cryptography libraries and APIs; rooted in
wider best practice guidance in software engineering and API design. In
this SLR, we systematize knowledge regarding these recommendations.
We identify and analyze 65 papers spanning 45 years, offering a total of
883 recommendations. We undertake a thematic analysis to identify
7 core ways to improve usability of APIs. We find that most of the
recommendations focus on helping API developers to construct and
structure their code and make it more usable and easier for programmers
to understand. There is less focus, however, on documentation, writing
requirements, code quality assessment and the impact of organizational
software development practices. By tracing and analyzing paper ancestry,
we map how this knowledge becomes validated and translated over
time. We find evidence that less than a quarter of all API usability
recommendations are empirically validated, and that recommendations
specific to usable security APIs lag even further behind in this regard.
The dataset for our SLR is in an Excel Workbook format.