Security Application Programming Interfaces (APIs) are crucial for ensuring software security. However, their misuse introduces vulnerabilities, potentially leading to severe data breaches and substantial financial loss. Complex API design, inadequate documentation, and insufficient security training often lead to unintentional misuse by developers. The software security community has devised and evaluated several approaches to detecting security API misuse to help developers and organizations. This study rigorously reviews the literature on detecting misuse of security APIs to gain a comprehensive understanding of this critical domain. Our goal is to identify and analyze security API misuses, the detection approaches developed, and the evaluation methodologies employed along with the open research avenues to advance the state-of-the-art in this area. Employing the systematic literature review (SLR) methodology, we analyzed 69 research papers. Our review has yielded (a) identification of 6 security API types; (b) classification of 30 distinct misuses; (c) categorization of detection techniques into heuristic-based and ML-based approaches; and (d) identification of 10 performance measures and 9 evaluation benchmarks. The review reveals a lack of coverage of detection approaches in several areas. We recommend that future efforts focus on aligning security API development with developers' needs and advancing standardized evaluation methods for detection technologies.

翻译：安全应用程序编程接口（API）对于确保软件安全至关重要。然而，其误用会引入漏洞，可能导致严重的数据泄露和重大财务损失。复杂的API设计、不充分的文档以及不足的安全培训常常导致开发者的无意误用。软件安全社区已设计并评估了多种检测安全API误用的方法，以帮助开发者和组织。本研究严格综述了关于检测安全API误用的文献，以全面理解这一关键领域。我们的目标是识别并分析安全API误用、已开发的检测方法、所采用的评估方法论以及推动该领域前沿发展的开放研究方向。采用系统性文献综述（SLR）方法，我们分析了69篇研究论文。我们的综述取得了以下成果：（a）识别出6种安全API类型；（b）分类了30种不同的误用；（c）将检测技术分类为基于启发式的方法和基于机器学习的方法；（d）识别出10种性能指标和9种评估基准。该综述揭示了检测方法在多个领域覆盖不足。我们建议未来的工作应聚焦于使安全API开发与开发者需求保持一致，并推进检测技术的标准化评估方法。