Copy
The week in API strategy, news, articles, and upcoming events.
James Higginbotham, Curator  A hand-curated weekly newsletter for API developers, sponsored by LaunchAny and CaseySoftware

Find this via Twitter? Subscribe now so you don't miss out
 
 

API Developer Weekly

Sept 1, 2022 - Issue #421
This week, we have several articles on API security including challenges that continue to plague the enterprise. We have an example of wiring APIs together using the Ballerina Language, a tool that improves your API testing, and two alternatives to gRPC. Plus, a look at API business models, pricing strategies, and first vs. third-party API considerations. 

Happy Reading!
-- James
 
Hot Topics
API security: Broken access controls, injection attacks plague the enterprise security landscape in 2022
Spring4Shell and Veeam RCE exploit topped the list in Q1 2022 API-related security vulnerabilities continue to be a thorn in the side of organizations, with access control flaws now associated with high-severity CVEs. According to a new whitepaper published by API security firm Wallarm, titled 'API vulnerabilities discovered and exploited in Q1-2022', a total of 48 API-related vulnerabilities were found and reported in the first quarter. [portswigger.net]

Let's Learn API Security: More about Broken Object Level Authorization
Webapplications have reaped the benefits of evolution, and not just the web but also apps are now being built in a variety of contexts, such as the android or iOS application. However, these applications have been developed independently up until this point. by Security Lit Limited [infosecwriteups.com]

Understanding Microsoft Graph Security API: The Gateway to Microsoft's Security Universe
The Microsoft Intelligent Security Graph is a component of the central control plane Microsoft Graph, providing a data plane that centralizes telemetry from across Microsoft applications. It uses machine learning to provide actionable security alerts and recommendations. The Intelligent Security Graph lets you access data collected from all Microsoft products, which other applications can utilize. by Gilad David Maayan [nordicapis.com]

4 Top Challenges With API Development and How To Overcome Them
Nearly every logical software function you can imagine has already been written. A software developer would only build an entire application from scratch if it's simply too expensive or difficult to integrate existing libraries (or they are coding purists). APIs ( Application Programming Interfaces) make programming more modular. by Nahla Davies [nordicapis.com]

Get better API testing by using Portman
With the rise of spec-driven API development, more tools are being created that allow the use of an OpenAPI definition to design, test and validate your APIs. One tool that was recently brought to my attention is Portman which is an API testing library that makes it easy to ensure your APIs are reliable while keeping your documentation in sync with the API definition. [andmore.dev]

Get Daily Exchange Rates via SMS Using Ballerina
I developed a service using Ballerina to receive daily exchange rates of fiat currencies. It allows you to subscribe to exchange rates of any conversions and receive an SMS each morning for the subscribed conversions. by Malintha Ranasinghe [betterprogramming.pub]

fRPC: A Faster, More Flexible RPC Framework
Today we're announcing fRPC, an RPC framework that's designed from the ground up to be lightweight, extensible, and extremely performant. We built fRPC because we loved the idea of defining our message types in a standardized proto3 format and having the protobuf compiler generate all the necessary glue code for us - but we didn't like the overhead of encoding and decoding messages in the protobuf format. [loopholelabs.io]

Connect: A better gRPC
Today we're releasing Connect, a slim framework for building browser and gRPC-compatible HTTP APIs. Connect is production-ready - focused, simple, and debuggable - and it's fully compatible with gRPC clients and servers. If you're frustrated by the complexity and instability of today's gRPC libraries, we think you'll find Connect a breath of fresh air. [buf.build]

ICYMI: Webhooks.fyi
Webhooks are the foundation of modern API development. They enable us to react to changes in our systems, an incoming text message, a successful payment, or that latest pull request no matter our stack. While webhooks are universal in concept, they are unstandardized API contracts with few organizations paying attention to their design, security controls, and overall operational experience. [webhooks.fyi]

ICYMI: ngrok weekly demo + Q&A
Eventbrite - ngrok weekly demo + Q&A - Thursday, August 18, 2022 | Thursday, September 8, 2022 - Find event and ticket information. [eventbrite.com]
 
Business of APIs
 
API Business Models: Creating Value with APIs
APIs are eating the world, but in the end strictly speaking they are just a technical way of interconnecting networked applications. However, they do transform many of the ways how businesses work and collaborate with partners and the public. In 2012, John Musser (then at Programmable Web) started collecting the different ways in which organizations use APIs to improve their business. by Erik Wilde [youtube.com]

Building a Pricing Strategy for Your APIs
An API is a unique product. There is no presentable UI or outcome a developer can show and market similar to a regular product in the marketplace. The only way to perceive its usefulness is to spend time testing and understanding the value it brings. by Himasha Guruge [thenewstack.io]

First vs third-party APIs: The beginner's guide
APIs and API documentation can be very frustrating at times, especially if you are a beginner and have no clue what APIs do or what those letters even stand for. However, that is why you are here at this guide! by Branded Content [duclarion.com]

(Un)Related
Heroku's Next Chapter
Back in May, I wrote about my enthusiasm to be part of the Heroku story, and I remain just as passionate today about helping write the next chapter. I've had many customer meetings over the past few months, and the theme is consistent - you want to know where we are taking Heroku. [blog.heroku.com]

The Future of NGINX: Getting Back to Our Open Source Roots
Time flies when you're having fun. So it's hard to believe that NGINX is now 18 years old. Looking back, the community and company have accomplished a lot together. We recently hit a huge milestone - as of this writing 55.6% of all websites are powered by NGINX (either by our own software or by products built atop NGINX). [nginx.com]

Business Systems Integration is about to Get a Whole Lot Easier
A new breed of integration software is arising that syncs business data into a simplified data hub and then syncs that data to the destination system. The benefit of this integration pattern is that it reduces the number of manual transformations required (often to zero) and makes it easier to write manual transformations when you have to. [infoq.com]
 
Want to share something?
As always, if you want to chat, share a link, or make a suggestion, feel free to drop us a quick note or tagging us on Twitter (@launchany and @caseysoftware) or by emailing us at: james@launchany.com
 
UPCOMING EVENTS
Follow on Twitter    Forward to Friend    Subscribe
Copyright © 2022 LaunchAny, All rights reserved.
unsubscribe from this list