Copy
The week in API strategy, news, articles, and upcoming events.
James Higginbotham, Curator  A hand-curated weekly newsletter for API developers, sponsored by LaunchAny and CaseySoftware

Find this via Twitter? Subscribe now so you don't miss out
 
 

API Developer Weekly

July 14, 2022 - Issue #414
This week, we have a video from Alissa Knight on how she hacked 55 banks and cryptocurrency exchanges to help you understand how it works and how to defend against it. Some of the attacks use APIs and mention various OWASP API top 10 items. Meanwhile, Google is releasing Advanced API Security to help protect APIs. On the same topic, we see how to use the backend for front-end (BFF) pattern to secure APIs used by web apps. Plus, a number of articles that discuss templating JSON and YAML, and the 'yq' tool that aims to replace 'jq' as your CLI tool of choice for parsing JSON, YAML, and XML.  

Happy Reading!
-- James

 
Hot Topics
LevelUpX - Series 3: How I hacked 55 Banks & Cryptocurrency Exchanges with Alissa Knight
Welcome to the third piece in Bugcrowd's LevelUpX series! Our speaker in the series is Alissa Knight. In this presentation, Alissa demystifies her tactics an... [youtube.com]

Google Launches Advanced API Security to Combat API Threats
Google launched a preview version of a service called Advanced API Security aimed at helping organizations combat growing threats targeting application programming interfaces (APIs). The goal of the service, built on the API management platform Apigee that Google acquired in 2016, is to make it easier to identify API proxies that do not conform to security standards. [securityboulevard-com.cdn.ampproject.org]

Secure the Web with an API-Driven Backend for Frontend
Building and securing browser-based apps has always been a challenge. Development is much easier these days, with far better technical choices than we had only a decade ago. There are also fewer incompatibilities between browser vendors and some great JavaScript and CSS frameworks that allow us to build modern frontend web experiences. by Gary Archer [thenewstack.io]

Why “API-First” Should Matter To Every Company with Peter Shafton
In this Breaking Changes episode, Postman Chief Evangelist Kin Lane is joined by ngrok CTO Peter Shafton. Peter is an engineering leader and architect with extensive experience in large-scale distributed systems, cloud computing, video, graphics, and digital media applications. In their conversation, Peter shares his view of the API economy from his experience leading architecture for Twilio over the last decade. [youtube.com]

Working with sticky notes and tags with the REST API
Miro's REST API 2.0 supports the major functions of sticky note and tag creation and management. This consists mainly of the available CRUD methods (create, read, update, delete), as described in our reference documentation. Sticky notes and tags are a great way to organize associated data points on a Miro board in a flexible visual manner. [developers.miro.com]

GraphQL - Diving Deep
This blog is a part of a series on GraphQL where we will dive deep into GraphQL and its ecosystem one piece at a time The GraphQL specification was open sourced in 2015 by Facebook along with some basic implementations with a completely unique approach on how to structure, consume, transmit and process data and data graphs. [dev.to]

ytt: The YAML Templating Tool that simplifies complex configuration management
Last week we released the YAML Templating Tool, ytt v0.1.0, which brings a new approach to YAML templating. Based on our experiences of managing complex software configurations with YAML, we believe ytt makes YAML templating easier, and in this blog post we intend to tell you why and how. [developer.ibm.com]


GitHub - mikefarah/yq: yq is a portable command-line YAML, JSON and XML processor
a lightweight and portable command-line YAML, JSON and XML processor. yq uses jq like syntax but works with yaml files as well as json and xml. It doesn't yet support everything jq does - but it does support the most common operations and functions, and more is being added continuously. by mikefarah [github.com]

Jsonnet - The Data Templating Language
A powerful DSL for elegant description of JSON data. [jsonnet.org]
 
The Business of APIs
The Importance of APIs For CRM Development | Nordic APIs |
A good customer relationship management (CRM) system is essential to any business's success. A well-run CRM system will allow companies to keep track of customer interactions and understand their needs and preferences. It also provides the resources they need to keep customers happy. Integrating with APIs is one of the essential parts of a CRM system. by Dan Martin [nordicapis.com]

API Collaboration: Typical Governance Models
We all know that APIs are the ultimate collaboration technology for the industry, but we don't talk enough about how APIs are also a great collaboration opportunity for your internal team. Why is collaboration such a key feature of work on APIs? First, APIs inherently require multi-disciplinary teams in both the creation and maintenance stages. by Danielle Gaither [blog.stoplight.io]

Pinterest Launches New API to Support Shopping Data and Integrations
Pinterest has announced a new Pinterest API for Shopping, which is intended to provide developers with streamlined access to catalogue and product metadata. Utilizing this API, partners can improve accuracy while also integrating data more deeply into products. [programmableweb.com]
 
(Un)Related
What Is Messaging and What Do I Get out of It?
If you are a developer or an architect, you may have heard of messaging. Messaging is a popular trend if you want to work with software development, design solutions that involve distributed systems, or if you're thinking about asynchronous ways to build your application. It can even help solve some integration challenges. by Adriano Mota [nordicapis.com]

Marriott's Been Hacked 7 Times - See Data Breach Details
Marriott's been hacked - again. According to a report from DataBreaches, hackers obtained around 20GB of data from a hotel server at a BWI Airport Marriott in Maryland, including confidential information such as credit card numbers and reservation details. by Madeline Garfinkle [entrepreneur.com]

Pyscript: A Browser-Based Python Framework for the 99%
Pyscript leverages Web Assembly to offer non-traditional programmers a browser-based framework for running Python. by Loraine Lawson [thenewstack.io]

Capital One sees win-win in selling software built on Snowflake cloud - SiliconANGLE
From General Electric Corp. and Xerox Corp. to Radioshack Corp., PerkinElmer Inc. and Sears Holding Corp., the history of computing is littered with companies that were very good at using technology but not as good at making and selling it. Capital One Financial Corp. intends to buck that trend. [siliconangle.com]
 
Want to share something?
As always, if you want to chat, share a link, or make a suggestion, feel free to drop us a quick note or tagging us on Twitter (@launchany and @caseysoftware) or by emailing us at: james@launchany.com
 
UPCOMING EVENTS
Follow on Twitter    Forward to Friend    Subscribe
Copyright © 2022 LaunchAny, All rights reserved.
unsubscribe from this list