Copy
The week in API strategy, news, articles, and upcoming events.
James Higginbotham, Curator  A hand-curated weekly newsletter for API developers, sponsored by LaunchAny and CaseySoftware

Find this via Twitter? Subscribe now so you don't miss out
 
 

API Developer Weekly

Sept 22, 2022 - Issue #424
This week includes a Spectral walk-through featuring Erik Wilde and Chris Wood. The topic of using a linter to validate your OpenAPI specification documents comes up often, so I'm happy to see this available to help those that just wish to understand more about the topic to those looking for a good workflow. 

We also have an article on the origins of the Tyk API gateway from the founding team, a look at OAuth 2.0, how to improve your API design using boundary objects, how security fits into your API design process, and the challenges of defending GraphQL APIs. That and much more in this oversized edition of API Developer Weekly. 

Happy Reading!
-- James
 
Hot Topics
Hands-On With Spectral: Using API Linting for Better API Design and API Governance
Spectral is an API linting tool that helps with checking API descriptions (such as OpenAPI or AsyncAPI) to make sure that they follow certain rules. This can help a lot when it comes to checking your own API design, and even more so when it comes to API governance in large API landscapes. by Erik Wilde [youtube.com]

Open source: how and why we built the most popular cloud-native API gateway
Tyk has made a name for itself around the world as a lightweight, cloud-native API gateway. But how did the gateway come to exist in the first place and why was it open source? by Louise Taylor [tyk.io]

Apache ShenYu: Java Responsive API Gateway Announced as Apache Top-Level Project
The Apache Software Foundation (ASF) has announced that Apache ShenYu, an asynchronous, high-performance, and responsive API Gateway for service proxy, protocol conversion, and API governance, has been promoted as a Top-Level Project. It is written in Java, but supports multiple languages such as Python, Go and .NET. [infoq.com]

What Is OAuth? A Breakdown for Beginners
Happy Birthday, OAuth 2.0! It has been ten years since OAuth 2.0 was specified. Since then, the protocol has been updated, improved, and extended by numerous complementary specifications. The vast number of specifications can make it challenging for a beginner to grasp the basics of the protocol. by Judith Kahrer [nordicapis.com]

Transitioning from Monolith to Microservices Handbook - Semaphore
Microservices are the most scalable way of developing software. As projects grow in size and complexity, one of the possible ways forward is to break the system into autonomous microservices and hand them out to different teams. This book helps you bridge the gap between monoliths and microservices. [semaphoreci.com]

Improving API Design With Boundary Objects
Let's not mince words: Automatically generated interfaces fail for all but the most trivial of API cases. For the better part of the decade, vendor after data vendor has teased a promised land where all developer roads circumvent the design process. Just drop in a database schema, press a button, and PRESTO: distributed systems magic. by Matthew Reinbold [netapinotes.substack.com]

Where Security Fits in Your API Design Process
If you want to learn more about infusing security best practices in the design-stage of your API development, tune into our Security Trends Webinar on September 27. Agile methodologies have become so pervasive in the tech industry that, even if you've never officially followed an Agile process, you're probably familiar with some of the and approaches. by Julia Seidman [blog.stoplight.io]

What Makes Defending GraphQL APIs Challenging to Security Engineers
It's not enough to know how GraphQL works and how it can be attacked, what also matters a lot is whether security professionals have the necessary tools to identify suspicious queries, exploitation attempts, and solutions to protect against GraphQL-tailored attacks. by Dolev Farhi [inigo.io]

draft-nottingham-http-grease-01
Network Working Group M. Nottingham Internet-Draft October 8, 2020 Intended status: Best Current Practice Expires: April 11, 2021 Greasing HTTP draft-nottingham-http-grease-01 Abstract Like many network protocols, HTTP is vulnerable to ossification of its extensibility points. This draft explains why HTTP ossification is a problem and establishes guidelines for exercising those extensions by 'greasing' the protocol to combat it. [datatracker.ietf.org]
 
Business of APIs
Adopting an API Design-First Approach
The design of a web API is a separate and critical step of software delivery. The process of API design requires communication that extends beyond the developers that will deliver the API. When executed properly, an API design process helps to course-correct wrong assumptions while aligning business, product, and technology teams on the essential elements of the web API. by James Higginbotham [kalele.io]

How Developers Monetize APIs: Prepay Emerges as New Option
Developers are often the consumers of APIs - but where many developers struggle is monetizing their own APIs, according to Marco Palladino, co-founder and chief technology officer for API gateway provider Kong. It's something API-first companies such as Twilio and Stripe have proven can be done, Palladino added. by Loraine Lawson [thenewstack.io]

API-as-a-product: The Key to a Successful API Program
An API is no different than any other product. You need to help traditional business management understand the relevance of the API program. Let's understand the importance of treating your APIs as products and how to demonstrate that business value. by OpenAPI Initiative [youtube.com]

Nava looks to APIs to standardize federated benefits programs
The digital services firm Nava is looking to application programming interfaces (APIs) as a possible way to standardize program delivery in the highly federated government assistance space. The company is launching a six-month demo with assistance from Montana's Special Supplemental Nutrition Program for Women, Infants, and Children (WIC), to find out if APIs, which allow disparate technology systems to share data, can help reduce the hassle that program staff and recipients experience. [fcw.com]

Uber Eats Carves out a Cache to Deduplicate Images
By implementing a basic hash map and control flow logic structure, popular food delivery service Uber Eats has created a content-addressable caching layer that cuts the number of unique images sent out to 1% of what was previously delivered by its servers. by Jessica Wachtel [thenewstack.io]

How widespread is API connectivity in the LTL industry?
Application programming interfaces have become more commonplace in the less-than-truckload industry. It's a significant change yielding big efficiencies for an industry evolving from an analog world. An API allows two disparate systems to communicate with one another. It allows applications to transfer data and execute transactions in real time. by Todd Maiden [freightwaves.com]

Gravitee nabs new cash to simplify API development and management
The challenge is, as new APIs and protocols emerge, some aren't supported by existing API management and security platforms. by Kyle Wiggers [techcrunch.com]


(Un)Related
WebAssembly Users a Mix of Backend and Full Stack Developers
WebAssembly is cultivating a diverse user-base, with backend devs using WASM for cloud native work, and full-stack devs deploying it for Web development. by Lawrence E Hecht [thenewstack.io]

NATS: You Need it Now!
If you are running Kubernetes, or really any kind of microservice architecture, you will eventually run into challenges with communication and synchronization between your instances. To solve this, I recommend deploying an instance of NATS as part of your initial infrastructure setup. by Nabeel Sulieman [nabeel.dev]

Don't Break that App: Manage Schema Change with Apache Pulsar
Schemas are an essential part of any data platform. They're metadata that define the shape of the data and the properties' names and data types. Schemas are helpful in two ways. First, they provide a fixed blueprint for the data format, which can prevent badly formed data from being used within the context of the schema. by Chris Latimer [thenewstack.io]

Why Error Handling Needs to Be Part of Data Integration
Error handling is crucial for successful data integration, but error handling isn't easy, which is why it is often overlooked. Integrating data between applications has become an essential part of any business workflow, but data integration is complex. The ongoing challenge is how does an organization remove data discrepancies? by Max Smith [rtinsights.com]
 
 
Want to share something?
As always, if you want to chat, share a link, or make a suggestion, feel free to drop us a quick note or tagging us on Twitter (@launchany and @caseysoftware) or by emailing us at: james@launchany.com
 
UPCOMING EVENTS
Follow on Twitter    Forward to Friend    Subscribe
Copyright © 2022 LaunchAny, All rights reserved.
unsubscribe from this list