The week in API strategy, news, articles, and upcoming events.
James Higginbotham, Curator  A hand-curated weekly newsletter for API developers, sponsored by LaunchAny and CaseySoftware

Find this via Twitter? Subscribe now so you don't miss out

API Developer Weekly

Dec 6, 2018 - Issue #241
Hot Topics
Is the API in Your App a Trojan Horse?
Attackers know that API calls originating from inside an app are a blueprint for the infrastructure inside your data center. Further, they can use those same API calls to hide their malicious purposes, like a Trojan horse ready to slip through the front door. Apps are the new emerging threat vector. []

10 Resources for Getting Started with OpenAPI 3.0 in 2018
2017 marked the official release of the latest version of the OpenAPI Specification, OpenAPI 3.0.This was the first major release since the specification was donated to the OpenAPI Initiative in 2015. The release marks an important milestone in the evolution of API description... []

Amazon Giveaway: "RESTful Web Clients" by Mike Amundsen
Enter for a chance to win: "RESTful Web Clients: Enabling Reuse Through Hypermedia" by Mike Amundsen []

GraphQL vs REST API Design Paradigms Demystified
For a long time, REST was the de facto way to design APIs. Then in 2015, Facebook open-sourced GraphQL and marketed it as a hot new alternative to REST. Is GraphQL really better, or should you stick to good old-fashioned REST? Let’s explore the key similarities and differences between the two.[]

Lessons Learned - USPS API Vulnerability and 60 Million Exposed Users
By now you've probably seen the news about the USPS vulnerability where an attacker with simple access to, an understanding of the API logic and no special tools beyond a common web browser could easily manipulate that logic to get a dump of data. by Chris Westphal []

How we added Single-Sign-On (SSO) functionality to our open source API gateway
Here at Tyk we're committed to your needs. We consider every suggestion you throw at us, validate feedback we receive from a business and technology standpoint, and then add the feasible, necessary and exciting onto our product roadmap. Identity, Security and Single-Sign-On (SSO) was one such feature. []

Upcoming Web API Events
A list of upcoming Web API Events, maintained by Matthew Reinbold
The Business of APIs
World's Biggest Data Breaches & Hacks - Information is Beautiful
Data visualization of the world biggest data breaches, leaks and hacks. Constantly updated. Powered by VizSweet. []

The Heart Of APIs Is All About Doing Resource Based, Request And Response APIs Well -
What is the heart of APIs? One thing you hear in mainstream technology circles frequently is that at some point REST, RESTful, web, and HTTP APIs will eventually have to go away. []

An Example Of A Hybrid API Restaurant Real Time Payments (RTP) -
This is a brief API journey, where a restaurant owner needs to make an order for goods from one of their regular suppliers and replenish their inventory so that they can continue serving dinner for the rest of the week. []

CARDFREE Opens API access to its Order-Ahead Platform
CARDFREE has opened its order-ahead API for third party integration. Third parties can include order-ahead and payment processing in their existing apps that include support for complex menus, upselling/cross-selling, combinations and much more. The API works seamless on mobile and web. []

API First
People want more from their banks. Banks want more from their providers. App developers want more from their mashups. Apiture is in the business of open APIs for banking: we exist to deliver new capabilities to all of these audiences. by David Biesack []

(Un)Related Topics
A Technical Review of Kafka and DistributedLog
We open sourced DistributedLog in May 2016. It generated a lot of interest in the community. One frequent question we are asked is how does DistributedLog compare to Apache Kafka . Technically DistributedLog is not a full fledged partitioned pub/sub system like Apache Kafka. []

Stream Processing 101: From SQL to Streaming SQL in 10 Minutes
Together the query asks the system to "select events from BoilerStream whose property "t" is greater than 350, and from each event extracts bid and calculates tF and put them into a new stream". As with SQL, streaming SQL lets us manipulate streaming data declaratively without having to write code. []

From manual to automated testing: The roadblocks and the journey
In my previous article, I talked about practices that can be implemented to build sustainable processes for integration testing of APIs and microservices. I had mentioned transitioning from manual to automated testing as one of the items on the checklist in that article. That journey requires more of a transformation than a transition. by Kaustav Das Modak []
Want to share something?
As always, if you want to chat, share a link, or make a suggestion, feel free to drop us a quick note or tagging us on Twitter (@launchany and @caseysoftware) or by emailing us at:
Follow on Twitter    Forward to Friend    Subscribe
Copyright © 2018 LaunchAny, All rights reserved.
unsubscribe from this list