Copy
The week in API strategy, news, articles, and upcoming events.
James Higginbotham, Curator  A hand-curated weekly newsletter for API developers, sponsored by LaunchAny and CaseySoftware

Find this via Twitter? Subscribe now so you don't miss out
 
 

API Developer Weekly

Mar 18, 2021 - Issue #349
This week's selection of articles include a GraphQL reference, a look at how SLAs might be modeled using the OpenAPI Specification, and a look at how the AsyncAPI Initiative is seeking a good open governance model. Finally, we have a spotlight on API security including some recent vulnerabilities that we can all use to learn something new. 

Happy Reading!
-- James
 
Hot Topics
GraphQL Reference Guide: Building Flexible and Understandable APIs
This online guide aims to answer pertinent questions for software architects and tech leaders, such as: Why would you use GraphQL? Why should you pay attention to GraphQL now? How can GraphQL help with data modelling in the Enterprise? [infoq.com]

OpenAPI meets SLA - OpenAPI Initiative
This post is authored by Dr. Pedro J. Molina, Founder at Metadev & Member at ISA Group, University of Seville . The Special Interest Group on SLAs inside OpenAPI is working to create an extension to define Service Level Agreements for API. by ncaidin [openapis.org]

Finding a Good Open Governance Model for AsyncAPI | AsyncAPI Initiative
AsyncAPI can be successful if the initiative is community-driven. To be community-driven, we need the community to see it can drive things and make an impact. For that, we need a proper open governance model. What model would be the best? [asyncapi.com]

gRPC Long-lived Streaming - Code The Cloud
In this blog post I'll explore a way to implement gRPC long-lived streaming. Using gRPC is perfect for cloud native applications mainly since it is modern, bandwidth and CPU efficient and low latency which is exactly what distributed systems require. If you're reading this I assume you are already familiar with gRPC. [dev.bitolog.com]

 
Spotlight: API Security and Vulnerabilities
API Scanning with Burp Suite
Both Burp Suite Professional and Burp Suite Enterprise Edition contain Burp Scanner - allowing users to easily scan web applications for vulnerabilities. Other blog posts cover how Burp Scanner's crawler follows links in web pages to find attack surfaces that might expose security vulnerabilities. [portswigger.net]

How we could have tracked anyone's live location using Truecaller's "Guardians" app
Truecaller has recently launched a new application named "Guardians," a safety app that lets users share their live location permanently with Guardians that they have chosen from their contacts.If you are using this application, your selected contacts are supposed to track your location in real-time. [pingsafe.ai]

Issue 122: API issues at Clubhouse and healthcare apps, scope-based recon, OAS v3.1.0 - API Security News
This week, we take a look at the recent data spill incident at Clubhouse, the (poor) state of API security in major healthcare mobile applications, how scope-based reconnaissance methodology works, and the latest update (v3.1.0) to the OpenAPI Specification. Clubhouse is an audio-only social network app for iPhone. [apisecurity.io]

Authentication as a Hypermedia API
User Authentication - the process of answering the question of who someone is - has evolved greatly over the last few years. From the dawn of computer security until fairly recently, User Authentication has been predominantly represented by password protection. [nordicapis.com]

API Management for Asynchronous APIs
WSO2 sponsored this post. Today, customers increasingly demand access to real-time information like stock prices, train times, etc. Delivering this critical information, as it occurs, is a challenging task for every business. Traditionally, applications polled backend servers to fetch the latest information; however, this proved to be inefficient, as it consumes a significant amount of resources.... by Menaka Jayawardena, Andrew Davis, Saif Gunja [thenewstack.io]
 
The Business of APIs
The DevRel Path to Success: Awareness, Enablement, Engagement - Mary Thengvall
Whether you're trying to figure out what type of Developer Relations professional to hire or trying to decide which of your team members is responsible for which tasks, having a clear framework with which to divide the responsibilities and focus our work is important. In this blogpost we'll talk abo [marythengvall.com]

Adopting Open Banking APIs Improves Customer Experience
Satisfying customer demands has become a daunting task in the 21st century, especially in the banking sector. Thus, this has made many financial institutions rethink how to carry out business and offer a rich customer experience to meet consumers' expectations in the digital era. [nordicapis.com]

API Management Market to See Massive Growth by 2028
" This research study focuses on the various styles, principles, applications, and major players in the API Management market. It also contains a systematic review of market conditions (2014-2019), enterprise products advantages and disadvantages, company competition dynamics, regional industrial layout characteristics and macroeconomic policies, industry development patterns (2019-2024), and industrial policy. [neighborwebsj.com]

(Un)Related Topics
ESP8266-Powered Receipt Printer Puts RESTful API On Dead Trees
Taking his digital information into the real-world, [Davide Gironi] has built his own note transcriber from a point-of-sale receipt printer and an ESP8266. You've seen these receipt printers at the order window of restaurants. by Mike Szczys [hackaday.com]
 
Dropbox Reveals Atlas - a Managed Service Orchestration Platform
In a recent blog post, Dropbox revealed Atlas, a platform whose aim is to provide various benefits of a Service Oriented Architecture while minimizing the operational cost of owning a service. Atlas' goal is to support small, self-contained functionality, saving product teams the overhead of managing a full-blown service, including capacity planning, alert setup, etc. [infoq.com]

How to Choose Message Queue Technology Selection
With dozens of options for message queue technology, even experienced professionals can feel frustrated when choosing the right microservices for their needs. The perfect messaging queue for your organization will depend on unique factors, such as how much you can afford to spend and how quickly you need your apps to process requests. [blog.iron.io]


Useful Resources
Upcoming Net API Events
A list of upcoming Net API Events, maintained by Matthew Reinbold

API Security Events
A list of upcoming API security events from apisecurity.io

Tyk Whitepaper: Approaching your API Strategy
As well as writing for the James Higginbotham is an Executive API Consultant with experience in API strategy and software architecture. James guides enterprises through their digital transformation journey to deliver a great customer experience and provides training in API and microservice design. [content.tyk.io]

Book: A Practical Approach to API Design by Casey and Higginbotham
If you read the tech press, everyone knows they need an API but most aren't really sure what it is. They treat it as another checkbox like "Web 2.0" was a few years ago or a mobile app was most recently. In fact, there’s an entire “API-first” movement in development circles that most people don’t understand or even realize why. In this book, we'll start by discussing the what an API is, why you might need one, and follow up with the how to build one. [leanpub.com]
 
Want to share something?
As always, if you want to chat, share a link, or make a suggestion, feel free to drop us a quick note or tagging us on Twitter (@launchany and @caseysoftware) or by emailing us at: james@launchany.com
 
UPCOMING EVENTS
Follow on Twitter    Forward to Friend    Subscribe
Copyright © 2021 LaunchAny, All rights reserved.
unsubscribe from this list