Copy
The week in API strategy, news, articles, and upcoming events.
James Higginbotham, Curator  A hand-curated weekly newsletter for API developers, sponsored by LaunchAny and CaseySoftware

Find this via Twitter? Subscribe now so you don't miss out
 
 

API Developer Weekly

May 12, 2022 - Issue #406
Well, the winds here have reached 60-90 mph (Category 1 hurricane strength and beyond) for the last few weeks. Shipping trucks are tipping over. Garbage cans are ending up a few doors down. Must be spring in Colorado. I'm going to double check the tent stake holding me down is still in good shape. In the meantime, let's see what articles we have...

This week, Bill Doerrfeld asks the question, "Does GraphQL Introduce New Security Risks?", we discover that your API needs Webhooks (I think so as well), and we take a look at the REST architecture constraints when applied to APIs. We also have a new IETF draft for the Idempotency-Key request header, a critical F5 security flaw that allows shell access via a vulnerable REST API, and a look at the Ballerina language. That and much more!

Happy Reading!
-- James

 
Hot Topics
Does GraphQL Introduce New Security Risks?
By: Bill Doerrfeld on The GraphQL query language is an excellent tool for increasing the ease of data sharing. The premise is that you request the fields you need in a single bundled request, avoiding multiple network calls. Due to its usability, GraphQL is a growing area of development. by Bill Doerrfeld, Ritesh Patel, Richi Jennings, Dawid Ziolkowski, Peter Wassel, Sune Engsig, Amol Gawas [devops.com]

Why Your API Needs Webhooks
Most people are familiar with the famous quote from Marc Andreessen that "software is eating the world." Now, APIs are eating software. As APIs become ubiquitous, developers are demanding real-time event data from their API providers. And a common solution for real-time updates from APIs is API polling. [nordicapis.com]

What are REST API's constraints?
REST or REpresentational State Transfer is an API architecture style that uses a uniform interface. A REST API is a type of API that is designed to be very flexible but follow the REST constraints. REST is not a protocol or standard - it's a set of architectural constraints. by Brian R. Cline [medium.com]

The Idempotency-Key HTTP Header Field draft-ietf-httpapi-idempotency-key-header-01
The HTTP Idempotency-Key request header field can be used to carry idempotency key in order to make non-idempotent HTTP methods such as POST or PATCH fault-tolerant. [datatracker.ietf.org]

Exploits Emerge for Critical F5 Flaw
Two separate proof-of-concept exploits are circulating for a critical remote code execution vulnerability in many versions of the F5 BIG-IP system that F5 disclosed last week, and attackers are actively scanning for vulnerable installations. F5 released an advisory for the vulnerability (CVE-2022-1388) in the iControl REST API on May 4 and advised customers to patch immediately or apply mitigations to prevent exploitation. [duo.com]

Rearchitecting apps for scale
How Coinbase is using Relay and GraphQL to enable hypergrowth By Chris Erickson and Terence Bezman A little over a year ago, Coinbase completed the migration of our primary mobile application to React Native. by Coinbase [blog.coinbase.com]

GraphQL Syntax Used for a Novel Approach to Schema Validation and Code Generation
Nav Technologies has created an open-source schema definition and code generator that uses GraphQL syntax to define events and message formats. GraphQL was chosen for its expressiveness and familiarity among developers, but it is only used for its syntax; the Nav Schema Architecture (NSA) does not use the GraphQL runtime. [infoq.com]

Decoupling the Presentation Layer From the Backend Using BFF
Web development as we know it today has migrated away from a popular pattern used in the 2000s called MVC (Model View Control). This pattern involves splitting into layers everything related to entities, business logic, database (model), from the frontend (view) and the redirections (control). [nordicapis.com]
 
The Business of APIs
Introducing Style Guide Projects
The #1 goal of API Governance is consistency . The larger an organization becomes the more APIs they will build and consume, and the more likely they are to want to create a cohesive platform. "The API economy is booming and more and more companies are launching API-first platforms rather than products. by Anna Daugherty [blog.stoplight.io]

Don't just monetize your APIs - do this instead
"How can we make money with our APIs?" This is a question I get asked quite often when working with customers on their API strategy. For some, this question comes up when they are starting their API initiative - for others it comes up much later in their journey, after having grown their internal API portfolio and planning to selectively open up some APIs. by Matthias Biehl [blog.softwareag.com]

Incident Response Is Shifting Left, Closer to the Customer
For too long in the tech industry, incident management and incident response have been siloed within the site reliability engineering (SRE) team. by John Egan [thenewstack.io]
 
(Un)Related
Ballerina: A Data-Oriented Programming Language
Ballerina's flexible type system brings the best of statically typed and dynamically typed languages in terms of safety, clarity, and speed of development. Ballerina treats data as a first-class citizen that can be created without extra ceremony, just like strings and numbers. [infoq.com]

Python MQTT Tutorial: Store IoT Metrics with InfluxDB
This article was written by Alexandre Couëdelo and was first published in The New Stack. Scroll down for the author's bio and photo. MQTT is a standard messaging protocol used for the Internet of Things (IoT) because it requires minimal resources and can be executed by small microcontrollers found in connected devices. by Community [influxdata.com]

Low-code and no-code AI tools pose new risks
Companies that need to make these types of decisions leverage foot traffic patterns coupled with additional data sources to build a sound approach to real estate and investment decisions. Below, we take a closer look at points of interest and foot traffic patterns to demonstrate how location data can be leveraged to inform better site selecti­on strategies. by Kate Kaye [protocol.com]
 
Want to share something?
As always, if you want to chat, share a link, or make a suggestion, feel free to drop us a quick note or tagging us on Twitter (@launchany and @caseysoftware) or by emailing us at: james@launchany.com
 
UPCOMING EVENTS
Follow on Twitter    Forward to Friend    Subscribe
Copyright © 2022 LaunchAny, All rights reserved.
unsubscribe from this list