The week in API strategy, news, articles, and upcoming events.
James Higginbotham, Curator  A hand-curated weekly newsletter for API developers, sponsored by LaunchAny and CaseySoftware

Find this via Twitter? Subscribe now so you don't miss out

API Developer Weekly

Nov 27, 2019 - Issue #287
This week's articles are a day early, ahead of the U.S. Thanksgiving holiday. I kept them a bit lighter than normal but enough for those looking for some interesting tidbits. Happy reading! -- James
Hot Topics
When Should gRPC be Used Instead of HTTP?
This blog post compares gRPC to JSON HTTP APIs, discusses gRPC’s strengths and weaknesses, and when you could use gRPC to build your apps. []

4 Ways Your API Specification Can Fall Short (And What to Do About It)
The use of API specification tooling like the OpenAPI Specification has revolutionized the way we design, build, and manage APIs. In addition to helping us plan out functionality, generate documentation, and run tests, a specification can serve the all-important role of the API contract: defining precisely what consumers can expect from our API. by Thomas Bush []

Review of GROQ, A New JSON Query Language
Query languages are fundamental to the nature of the modern web. As data grows and the internet becomes more complex, bigger datasets are the natural result. To act on that data, though, we need to have systems in place that allow for filtering and transformation. by Kristopher Sandoval []
The Business of APIs
Stream's Interactive Developer Portal Reduces Time to Hello API
Stream's API portal has nailed the critical part of the DX called Time to Hello API. The getting started guide helps users onboard with minimal friction and lets them see how the API works under several use cases, all within five minutes. This helped Stream earn an Editor's Choice Award for DX. []

Is OAuth Enough for Financial-Grade API Security?
"If you think about where OAuth started, it was really about securing comments on blog posts and now we're talking about enterprises, so it's a whole different class of security." by Art Anthony []

Panasonic Announces Facial Recognition API
Panasonic has announced a facial recognition API under its μSockets B2B IoT service. Although Panasonic has built a strong portfolio of facial recognition technology over the years, it has never provided access to the developer community at large through an API. It is currently available in Japan. []
(Un)Related Topics
Adoption of Cloud-Native Architecture, Part 1: Architecture Evolution and Maturity
In this article, authors Srini Penchikala and Marcio Esteves discuss what organizations should assess when adopting cloud native architectures for hosting their applications on cloud. It focuses on architecture hosting models. They also discuss how architecture patterns like microservices, containers, serverless, and service mesh can help with organizational adoption of cloud native solutions. []

How to Integrate Infosec and DevOps Using Chaos Engineering
Kelly Shortridge from Capsule8 talked at the Velocity conference in Berlin about how using chaos engineering can help to integrate Infosec within a DevOps culture. Shortridge discussed how distributed, immutable, and ephemeral infrastructure, or the D.I.E. model, is an organizationally friendly way to building security by design. []

Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service
November 20, 2019: We've added a link to the re:Invent session about this topic. Since it first launched over 10 years ago, the Amazon EC2 Instance Metadata Service (IMDS) has helped customers build secure and scalable applications. The IMDS solved a big security headache for cloud users by providing access to temporary, frequently rotated credentials, [...] []


Useful Resources
Upcoming Web API Events
A list of upcoming Web API Events, maintained by Matthew Reinbold

Tyk Whitepaper: Approaching your API Strategy
As well as writing for the James Higginbotham is an Executive API Consultant with experience in API strategy and software architecture. James guides enterprises through their digital transformation journey to deliver a great customer experience and provides training in API and microservice design. []

Book: A Practical Approach to API Design by Casey and Higginbotham
If you read the tech press, everyone knows they need an API but most aren't really sure what it is. They treat it as another checkbox like "Web 2.0" was a few years ago or a mobile app was most recently. In fact, there’s an entire “API-first” movement in development circles that most people don’t understand or even realize why. In this book, we'll start by discussing the what an API is, why you might need one, and follow up with the how to build one. []

Want to share something?
As always, if you want to chat, share a link, or make a suggestion, feel free to drop us a quick note or tagging us on Twitter (@launchany and @caseysoftware) or by emailing us at:
Follow on Twitter    Forward to Friend    Subscribe
Copyright © 2019 LaunchAny, All rights reserved.
unsubscribe from this list