Copy
The week in API strategy, news, articles, and upcoming events.
James Higginbotham, Curator  A hand-curated weekly newsletter for API developers, sponsored by LaunchAny and CaseySoftware

Find this via Twitter? Subscribe now so you don't miss out
 
 

API Developer Weekly

Jan 9, 2020 - Issue #290
We are back with some articles that appeared since our last newsletter. This week's articles include findings from the 2019 Postman survey, some API security troubles, and the release of the OWASP API Security Top 10. Happy New Year and happy reading! -- James
 
Hot Topics
Managing APIs Is a Time Suck
Surveys published in December 2019 by Kong and Postman shed new light on the challenges of creating and managing an application programming interface (API) as opposed to just consuming APIs. The effort needed to provide an API is significant, with 63% of the over 10,000 people surveyed for the "2019 Postman State of the API... by Lawrence E Hecht [thenewstack.io]

Oracle copied Amazon's API-was that copyright infringement?
Charles Duan is the Director of Technology and Innovation Policy at the R Street Institute, a nonprofit think tank based in Washington, DC . He has authored several amicus curiae briefs in the litigation between Oracle and Google, as well as the article Internet of Infringing Things: The Effect of Computer Interfaces on Technology Standards. [arstechnica.com]

Breaking Down the OWASP API Security Top 10, Part 2
By Erez Yalon on Due to the widespread usage of APIs, and the fact that attackers realize APIs are a new attack frontier, the OWASP API Security Top 10 Project was launched. From the beginning, the project was designed to help organizations, developers and application security teams become increasingly aware of the risks associated with APIs. by Erez Yalon, Mike Vizard, Michael K. Levine, George V. Hulme, Marc Hornbeek, Lior Nabat, Sagar Nangare, David Wagner [devops.com]

How to Manage API Security
Protecting the places where application services meet is critical for protecting enterprise IT. Here's what security pros need to know about "the invisible glue" that keeps apps talking to each other. [darkreading.com]

App Analysis: Plenty of Fish
Plenty of Fish is a Canadian online dating service. Their service is distributed via their Android and iOS apps as well as their web application. Their entire user-base is reported to be ~100 million users with ~400k online at any given time. [theappanalyst.com]

Hiding and Securing Your API Keys
API keys are both incredibly powerful and extremely vulnerable. API key exposure can result in significant damage, both to a company and to the data it holds. As such, hiding and securing keys (as well as mitigating potential loss) is critical for any security plan in the modern API space. by Kristopher Sandoval [nordicapis.com]

How Shopify Manages API Versioning and Breaking Changes
Earlier this year I took the train from Ottawa to Toronto. While I was waiting in line in the main hall of the station, I noticed a police officer with a detection dog. The police officer was giving the dog plenty of time at each bag or person as they worked and weaved their way back and forth along the lines. [engineering.shopify.com]

Review of Postwoman
We review Postwoman, a comunity-based open-source project. It's a lean API request builder and a simpler alternative to Postman. by Kristopher Sandoval [nordicapis.com]

Deploying My Postman OpenAPI To AWS API Gateway
I created a bunch of different Postman collections for AWS services leading up to re:Invent this year, and now I'm using individual requests to deliver on some different Postman AWS API life cycle workflows. by Kin Lane [apievangelist.com]

How to Build a Streaming API Using GraphQL Subscriptions
GraphQL Subscriptions are a game-changer in the way developers interact with an API. In contrast to the more commonly found REST architectural style (HTTP APIs), GraphQL's Subscriptions complement GraphQL's default non-subscription behavior in a way that both synchronous HTTP request/response communication and asynchronous event-driven interactions are available from a single API experience. [programmableweb.com]

The Business of APIs
Tips for Starting a Partner Developer Program
Partner programs are hotter than ever in the tech space. By collaborating with third-party service providers, development houses, and individual app developers, you can build powerful, mutually beneficial relationships. Whether you're looking to develop new revenue streams or increase the value provided by your core offering, a partner program is seriously worth considering. by Thomas Bush [nordicapis.com]

Managers and technical ability
There's a belief in the software development world that you can't manage developers unless you've been one yourself. This often gets reduced to the shorthand that some manager "isn't technical." We say someone is "technical" or "not technical" as if this is a binary choice. In reality, it's a giant scale. [kalsey.com]

Why Dutch Railways is following an API-first dev strategy
The Dutch railway system is among the most efficient in the world, with only Japan and Switzerland scoring higher when it comes to punctuality. Currently, an average working day in the Netherlands sees about a million commuters traveling by train. The company Dutch Railways (also known as NS) is constantly innovating to keep its spot in the global top three. by Dutch Railways [thenextweb.com]
 
(Un)Related Topics
Randy Suess, Computer Bulletin Board Inventor, Dies at 74
The messaging system that he and a friend created in 1978 was a forerunner of social media services like Twitter, Facebook and YouTube. Randy Suess, a computer hobbyist who helped build the first online bulletin board, anticipating the rise of the internet, messaging apps and social media, died on Dec. [nytimes.com]

Adopting a new approach to HTTP prioritization
Friday the 13th is a lucky day for Cloudflare for many reasons. On December 13, 2019 Tommy Pauly, co-chair of the IETF HTTP Working Group, announced the adoption of the "Extensible Prioritization Scheme for HTTP" - a new approach to HTTP prioritization. [blog.cloudflare.com]

My Business Card Runs Linux
I'm an embedded systems engineer. I spend a lot of my free time looking for things I could use in future designs, or things that tickle one of my fancies. One of those things is cheap Linux-capable computers, the cheaper the better. So I started diving into the very deep rabbit hole of obscure processors. [thirtythreeforty.net]

The Linux Kernel as a Case Study on Rapid Development for Complex Software
Application development is a process, and the bigger and more complex the application, the more complicated the process. In the world of open source, there are a number of development projects that scale out beyond the scope of most. Projects like Kubernetes, Nextcloud, OpenShift, SUSE Manager, and (of course) the Linux kernel. by Jack Wallen, David Cassel, drtorq [thenewstack.io]

Useful Resources
Upcoming Web API Events
A list of upcoming Web API Events, maintained by Matthew Reinbold

API Security Events
A list of upcoming API security events from apisecurity.io

Tyk Whitepaper: Approaching your API Strategy
As well as writing for the James Higginbotham is an Executive API Consultant with experience in API strategy and software architecture. James guides enterprises through their digital transformation journey to deliver a great customer experience and provides training in API and microservice design. [content.tyk.io]


Book: A Practical Approach to API Design by Casey and Higginbotham
If you read the tech press, everyone knows they need an API but most aren't really sure what it is. They treat it as another checkbox like "Web 2.0" was a few years ago or a mobile app was most recently. In fact, there’s an entire “API-first” movement in development circles that most people don’t understand or even realize why. In this book, we'll start by discussing the what an API is, why you might need one, and follow up with the how to build one. [leanpub.com]

 
Want to share something?
As always, if you want to chat, share a link, or make a suggestion, feel free to drop us a quick note or tagging us on Twitter (@launchany and @caseysoftware) or by emailing us at: james@launchany.com
 
Follow on Twitter    Forward to Friend    Subscribe
Copyright © 2020 LaunchAny, All rights reserved.
unsubscribe from this list