The week in API strategy, news, articles, and upcoming events.
James Higginbotham, Curator  A hand-curated weekly newsletter for API developers, sponsored by LaunchAny and CaseySoftware

Find this via Twitter? Subscribe now so you don't miss out

API Developer Weekly

June 10, 2021 - Issue #361
This week's articles include 10 API security best practices, using conditional GET requests to avoid sending response bodies for improved performance, and a discussion of HTTP status codes when there are no results for a list/filter operation. Plus, a tweet that says that aggressive schedules are possible only if you have good APIs. Postman is launching a new podcast, "Breaking Changes", and Uber shares their API gateway architecture. Happy Reading!
-- James

Hot Topics
10 API Security Best Practices
Application Programming Interfaces (APIs) provide a way for application developers to reuse the information and functions of any other application within their own. APIs simplify the coding process and help enterprises produce applications more quickly. With the rise of mobile utility apps in the last decade, APIs experienced exponential growth. []

Conditional HTTP GET: The fastest requests need no response body
HTTP caching 101 Every browser implements its own in-memory caching. The information about the cache size per browser is spotty, but there's one thing for sure: the cache sizes vary. The great thing is that browsers are smart nowadays - they manage their caches opaquely for us, the end-users. by Ilija []

Empty list, HTTP status code 200 vs 204 vs 404
When designing APIs, choosing HTTP status codes is not always that obvious and prone to errors, I hope this post series will help you to avoid common mistakes and choose an adapted one according to the context. This fourth post answers the following question: given that /users is a collection (a list) and no users are named Spock, what should return GET /users?name=spock? by Arnaud Lauret []

The Mythology of REST
No other technology in the IT history generated as many fierce debates as REST did. The most remarkable thing is that disputants usually demonstrate totally no understanding of the subject under discussion. Let's start with the very beginning. by Sergey Konstantinov []

Event Storming and Domain Driven Design for Subway
Should Item, Product and Menu have their own bounded contexts or are they part of the same bounded context? This is where deeper analysis is required for each of the identified aggregates to understand how tightly coupled they are with each other and whether they belong to same domain boundary or different. by Atul Agarwal []

"The aggressive schedule was possible because we *already had* good APIs"
"The aggressive schedule was possible because we *already had* good APIs. We used them to ship the 1.0 iPhone! The SDK task became making those internal APIs public. Much of that was name scrubbing and deciding what features we cared to support for the long haul." []

Announcing Postman's New API Talk Show: Breaking Changes with Kin Lane | Postman Blog
We are thrilled to announce Breaking Changes, a new weekly talk show premiering in early June that covers the things you need to know about the industry, the business, and the technology that powers an API-first world. []
The Business of APIs
Authzed scores $3.9M seed to build permissions API service
Authzed, an early-stage startup that wants to make it easier for developers to build permissions in their applications, announced a $3.9 million seed round today. The investment was led by Work-Bench with participation from Y Combinator and Amplify Partners. CEO and co-founder Jake Moshenko says th... []

The Ultimate Brand Dictionary
One of the hardest parts about communicating brand strategy is getting the whole team to speak the same language. The Ultimate Brand Dictionary creates a common lexicon between you and your team. Share it, bookmark it! Anchoring is a cognitive bias whereby a customer or stakeholder is exposed to some information (such as product features, benefits, price, packaging, etc.) []

Uber Reveals Its API Gateway's Architecture
Uber recently detailed the architecture of its internally built API gateway. It described how independent layered components handle each request in the gateway, with each layer being responsible for a different facet of the request lifecycle. A combination of YAML and Apache Thrift defines the gateway configuration, and a code-generated artifact in Go makes up the gateway implementation. []

Ontology Change Management
Continuing the posts about building components of modern search in my last post, I wrote about ontolgy. Now, I'd like to discuss why we would even need to know about changes in ontology. by Anton V Goldberg []

Useful Resources
A list of upcoming Net API Events, maintained by Matthew Reinbold

API Security Events
A list of upcoming API security events from

Tyk Whitepaper: Approaching your API Strategy
As well as writing for the James Higginbotham is an Executive API Consultant with experience in API strategy and software architecture. James guides enterprises through their digital transformation journey to deliver a great customer experience and provides training in API and microservice design. []

Book: A Practical Approach to API Design by Casey and Higginbotham
If you read the tech press, everyone knows they need an API but most aren't really sure what it is. They treat it as another checkbox like "Web 2.0" was a few years ago or a mobile app was most recently. In fact, there’s an entire “API-first” movement in development circles that most people don’t understand or even realize why. In this book, we'll start by discussing the what an API is, why you might need one, and follow up with the how to build one. []

Want to share something?
As always, if you want to chat, share a link, or make a suggestion, feel free to drop us a quick note or tagging us on Twitter (@launchany and @caseysoftware) or by emailing us at:
Follow on Twitter    Forward to Friend    Subscribe
Copyright © 2021 LaunchAny, All rights reserved.
unsubscribe from this list