Copy
The week in API strategy, news, articles, and upcoming events.
James Higginbotham, Curator  A hand-curated weekly newsletter for API developers, sponsored by LaunchAny and CaseySoftware

Find this via Twitter? Subscribe now so you don't miss out
 
 

API Developer Weekly

Sept 17, 2020 - Issue #326
This week we have "9 Common API Threats, and How to Avoid Them" that nicely summarizes the common attack vectors for APIs, along with a great historical article titled "The land before modern APIs" that documents where HTTP response status codes originated from. There are not one but two API tools roundups, and an RFC that provides an update to the HTTP SEARCH method outlined in RFC 5323. Plus, an update on QUIC and HTTP/3. Be sure to scroll to the bottom to check out some other great articles. 

Happy reading! -- James
 
Hot Topics
9 Common API Threats, And How To Avoid Them
We idenfity the top nine most common API threats out there, and and the ways to prevent them. Learn how to avoid pagination attacks, insecure API key generation, DDoS attacks using API key pools, and many other vulnerabilities unique to APIs. [nordicapis.com]

The land before modern APIs - Increment: APIs
When developers are working on a technology project, we often wonder how it might shape the future. We might assume the most important decisions we'll make will be about the product design, the technical architecture, or the stack we use. by Darius Kazemi [increment.com]

Frontend Architectural Patterns: Backends-For-Frontends
The backends-for-frontends architectural pattern describes a world in which each client application has its own server-side component- a backend for a particular frontend. This pattern is highly applicable if you have multiple client interfaces with significantly different needs that all consume the same underlying resources. by Bowei Han [medium.com]

How to Use Postman for API Testing
APIs are everywhere on the Internet. Each time you send and receive messages using an instant messaging app, or while checking the news on the Internet, API requests are being requested and received in the background. Some of the HTTP methods associated with APIs are GET, POST, PUT, DELETE, and PATCH. [nordicapis.com]

draft-snell-search-method-02 - HTTP SEARCH Method
This specification updates the definition and semantics of the HTTP SEARCH request method originally defined by RFC 5323. [tools.ietf.org]

The state of QUIC and HTTP/3 2020
QUIC and HTTP/3 have entered the final stages of development at the IETF. Distinguished Engineer, Jana Iyengar, elaborates on the current state of the protocols, their deployment across the internet, and his expectations for QUIC and HTTP/3 in the future. [fastly.com]

Great Tools To Help You Build an Awesome API
Learn more about API-FIRST and how it can deliver practical solutions to today's modern IT environment. API-First is an approach of defining your API specification before jumping into the development phase. With an API-first approach, instead of starting with code, you could start with design, planning, mocks, and tests. [hackernoon.com]

REST API Tools Smackdown
Hand-picked selection of modern REST API tools to help you at every API development phase. Comes with feature comparison charts. [dzone.com]

What is Hypermedia Authentication API
The authentication API is currently in Beta General Availability (GA) of the Curity Authentication API will come soon. This information will help you prepare. OAuth and OpenID Connect has provided the industry with solid standards for authorization and authentication. Both standards are battle-tested and implemented across a vast number of websites and applications. [curity.io]

Introducing Pizzly - an open-sourced, free, fast & simple API Integrations Manager
Within my company, Bearer, the whole team is focused on helping developers that rely on third-party APIs. In 2019, our engineers developed a solution that eased how to integrate with any API that uses OAuth. It saved hours of engineering time when working with API integrations, by handling both the authentication strategy (with refresh tokens) as well as proxying the request. [dev.to]

The Business of APIs
A Pragmatic Guide to Launching an API Product
Aspiring startup founders often think of building a web or a mobile app. However, launching such products requires lots of efforts and collaboration from people with various skill sets: engineering... by Andrei Gridnev [medium.com]

API monetization: The road to premium starts with freemium
Get ready to have everything you knew about business monetization turned upside down and inside out. It's been right around a decade since businesses have started effort at formally monetizing APIs and there have been notable successes (e.g. Twilio, AWS), failures (e.g., Edmunds, ESPN) and creative pivots (e.g., Twitter). by Stephen Fishman [blogs.mulesoft.com]

Amazon Introduces Data API for Redshift
Amazon has announced that Amazon Redshift (a managed cloud data warehouse) is now accessible from the built-in Redshift Data API. Such access makes it easier for developers to build web services applications that include integrations with services such as AWS Lambda, AWS AppSync, and AWS Cloud9. [programmableweb.com]


Announcing Google's API Gateway
Send feedback Develop, deploy, secure, and manage APIs with a fully managed gateway. View documentation for this product. With API Gateway, you can create, secure, and monitor APIs for Google Cloud serverless back ends, including Cloud Functions, Cloud Run, and App Engine. [cloud.google.com]
 
(Un)Related Topics
From Monolith to Event-Driven: Finding Seams in Your Future Architecture
One of the challenges of migrating your system's architecture is excluding non-desirable attributes and leaving the target state uncorrupted. An event-driven architecture and its related patterns, CQRS and Event Sourcing, are positioned well to introduce seams into the architecture that allow you to separate legacy and modern elements. [infoq.com]

AWS is bursting with pride for its Arm CPU cores - so much it's put them behind a burstable instance type
Amazon Web Services has found another use for its home-brewed Graviton2 Arm processors: powering an instance type designed for burstable performance. Most instance types in Amazon's EC2 service define a server with particular specifications. The T3 instance type instead offers servers with a baseline level of CPU performance, and the systems can hike their performance if their workloads need more grunt - hence their burstable label. [theregister.com]

Warning: Helpful Warnings Ahead
As Kubernetes maintainers, we're always looking for ways to improve usability while preserving compatibility. As we develop features, triage bugs, and answer support questions, we accumulate information that would be helpful for Kubernetes users to know. In the past, sharing that information was limited to out-of-band methods like release notes, announcement emails, documentation, and blog posts. [kubernetes.io]

Useful Resources
Upcoming Net API Events
A list of upcoming Net API Events, maintained by Matthew Reinbold

API Security Events
A list of upcoming API security events from apisecurity.io

Tyk Whitepaper: Approaching your API Strategy
As well as writing for the James Higginbotham is an Executive API Consultant with experience in API strategy and software architecture. James guides enterprises through their digital transformation journey to deliver a great customer experience and provides training in API and microservice design. [content.tyk.io]


Book: A Practical Approach to API Design by Casey and Higginbotham
If you read the tech press, everyone knows they need an API but most aren't really sure what it is. They treat it as another checkbox like "Web 2.0" was a few years ago or a mobile app was most recently. In fact, there’s an entire “API-first” movement in development circles that most people don’t understand or even realize why. In this book, we'll start by discussing the what an API is, why you might need one, and follow up with the how to build one. [leanpub.com]

 
Want to share something?
As always, if you want to chat, share a link, or make a suggestion, feel free to drop us a quick note or tagging us on Twitter (@launchany and @caseysoftware) or by emailing us at: james@launchany.com
 
UPCOMING EVENTS
Follow on Twitter    Forward to Friend    Subscribe
Copyright © 2020 LaunchAny, All rights reserved.
unsubscribe from this list