Copy
The week in API strategy, news, articles, and upcoming events.
James Higginbotham, Curator  A hand-curated weekly newsletter for API developers, sponsored by LaunchAny and CaseySoftware

Find this via Twitter? Subscribe now so you don't miss out
 
 

API Developer Weekly

Nov 17, 2022 - Issue #432
This week, we have a deep-dive into securing your Webhooks, plus a look at the differences between API-First and API-as-a-product. Also, the OWASP API Security project is looking for data to help shape future insights and Netflix talks about their GraphQL journey including the challenges they encountered (hint: it still requires proper workflows, tooling, and lightweight governance just like REST). The Problem Details RFC gets a nice write-up, and we will soon have a new --url-query option in cURL. 

Happy Reading!
-- James
 
Hot Topics
Webhook Security in the Real World
Webhooks are the foundation of modern API development. They enable us to react to changes in our systems, an incoming text message, a successful payment, or that latest pull request no matter our stack. While webhooks are universal in concept, they are unstandardized API contracts with few organizations paying attention to their design, security controls, and overall operational experience. [blog.ngrok.com]

The Difference Between API-First and API-as-a-Product
There are two approaches rapidly gathering steam in the tech world right now: API-first and API-as-a-product. In fact, these terms are often used as if they're interchangeable. And, if you're in the business of API development, that's a problem. by Art Anthony [nordicapis.com]

OWASP API Security Project
The OWASP API Security Project team plans to build and release a new edition of the OWASP API Security Top 10 in 2022. This is the first time we're calling for data. Unlike in 2019 when the API Security Top 10 was first published, we believe the API industry is now more mature and should be able to contribute valuable data. [owasp.org]

Scaling GraphQL Adoption at Netflix
At QCon San Francisco 2022, Tejas Shikhare, senior software engineer at Netflix, presented Scaling GraphQL Adoption at Netflix. Shikhare has been working at Netflix's federated GraphQL platform, distributed systems, and, more recently, developer tools and education. This talk is part of the editorial track Modern APIs: Building and Evolving. [infoq.com]

Event-Driven APIs with Webhook and API Gateway
There are many ways and technology options to consider when implementing an event-driven API. For example, we explored how to build event-driven APIs using these 3 well-known patterns: CQRS, API Gateway and Serverless on the previous blog post. by Bobur Umurzokov [apisix.apache.org]

Why Your Backend in Node.JS Needs an API Layer and How to Build It
In the microservice architecture, each service is independent and communicates with other services via API. Considering how popular the microservices approach is, your backend probably needs to call external APIs. Calling an API in your backend is simple and requires only a few lines of code. by Antonello Zanini, Dan Ackerson [semaphoreci.com]

APIs, we have a Problem JSON
When designing a web API, not only do you have to think about the happy path when everything is alright, but you also have to handle all the error cases: Is the payload received correct? Is there a typo in a field? Do you need more context about the problem that occured? by Guillaume Laforge [glaforge.appspot.com]

Append data to the URL query
A new curl option was born: . curl offered the -d / --data option already in its first release back in 1998. curl 4.0. A trusted old friend. curl also has some companion versions of this option that work slightly differently, but they all have the common feature that they append data to the the request body. by Daniel Stenberg [daniel.haxx.se]

Compromising Plesk via its REST API
Plesk is a commercial web hosting and server data center automation software developed for Linux and Windows-based retail hosting service providers. It's the main choice of web hosting providers these days being used by 86.7% of the websites that use a web panel for administration. by Adrian Tiron [fortbridge.co.uk]

Why contract testing can be essential for microservices
Getty Images By The ability to break applications into discrete, nimble, modular parts is what makes microservices appealing. However, this characteristic creates some challenges -- particularly when it comes to testing. The distributed nature of microservices, combined with the sheer number that live within an application, make it much harder for developers to perform the integration tests that were a straightforward, routine part of monolithic app development. [techtarget.com]
 
Business of APIs
10 Things To Do Before Your API Launch
You never get a second chance to make a first impression, as the saying goes. You've only got one chance to launch your API and have it go smoothly. Anything less could have the opposite effect of what you're going for. Imagine you're launching an API to help get your company's name out there in your industry. by J Simpson [nordicapis.com]

The Journey to API Management on the Cloud
Losio: Before going into the discussion, just a couple of words, what we mean by API management and API management on the cloud. We want to discuss basically, what are our best practices? How do we manage large deployments? What is the role of integrating software and API to connect application and data that is growing every day? [infoq.com]

Wardley Mapping, Team Topologies, & DDD | Susanne Kaiser
Susanne Kaiser discusses with Vaughn Vernon how she uses Wardley Maps, Domain-Driven Design, and Team Topologies in her strategic toolset. [adddot.io]

I Want My API: the Benefits of Stoplight for Smaller Companies
Hi! I'm Raleigh, and I lead the Engineering team here at Stoplight. Some of you may recognize from previous engineering excellence blogs on release schedules and predictability metrics. But did you know that I was once a happy, paying Stoplight customer? by Raleigh Schickel [blog.stoplight.io]

RapidAPI Rebrands To Rapid
RapidAPI today rolled out a new brand strategy, including updating its name to Rapid. More than 98% of enterprise leaders agree APIs are an essential part of an organization's digital transformation. Rapid is leading this ever-expanding digital landscape with an API platform that allows developers to seamlessly build, use, and share APIs in one central hub. [businesswire.com]

(Un)Related
Event-driven Architecture : What, Why and How
This blog is the first of a series of blogs about Integration Engineering. In them, I write about what I've learned about Integration Engineering as an IE intern. You can find the intro to this blog series here. We will be following the principle of the Five Ws (and One H) to understand the concept at hand as best as possible. by SRIJITA MALLICK [medium.com]

Stop writing bad documentation... Write RFCs instead.
If you're working in the tech world, there's a fairly decent chance that you've been tripped up or slowed down by bad documentation. There's tons of valid reasons why there might be incomplete, unclear, or outdated documentation for the feature, package, API or even app you're trying to work with. by Emma Mitchinson [medium.com]

Jamstack Panel: Multiple JavaScript Frameworks Are a Good Thing
A Jamstack panel of framework creators and developers tackled the issue of JavaScript "framework war" and largely agreed: More is better. [thenewstack.io]
 
Want to share something?
As always, if you want to chat, share a link, or make a suggestion, feel free to drop us a quick note or tagging us on Twitter (@launchany and @caseysoftware) or by emailing us at: james@launchany.com
 
UPCOMING EVENTS
Follow on Twitter    Forward to Friend    Subscribe
Copyright © 2022 LaunchAny, All rights reserved.
unsubscribe from this list