Copy
The week in API strategy, news, articles, and upcoming events.
James Higginbotham, Curator  A hand-curated weekly newsletter for API developers, sponsored by LaunchAny and CaseySoftware

Find this via Twitter? Subscribe now so you don't miss out
 
 

API Developer Weekly

April 21, 2022 - Issue #403
This week, we have a focus on API security, starting by keeping you awake at night as we answer the question, "Are New APIs Compromising Security?" We also have a complete guide to OAuth2 and a recent unprotected API vulnerability report. EventStack looks at reusability problems when using the AsyncAPI specification, Postman hits 20M users, Zapier discusses the $5B unbundling opportunity (and I thought we were back to bundling again. I can never keep up), and what cloud-native looks like for the US Department of Defense. 

Happy Reading!
-- James

 
Hot Topics
The Cost of Innovation: Are New APIs Compromising Security?
Motivated attackers look for the money. To date, most have gone after data that is ultimately sold, or they engage in various acts of fraud, such as using stolen credentials to abuse services, such as transactions or payment processing. [toolbox.com]

The complete guide to protecting your APIs with OAuth2 (part 1)
Many apps today are actually a front-end for a series of API calls. APIs are necessary to proper functioning of such applications, but if you don't protect them, bad actors can exfiltrate data, DDoS your servers, or otherwise abuse them. OAuth is one of many solutions you can use to protect your APIs and other resources. by Dan Moore, Sam Scott, Graham Neray, Joyce Lin, James Ciesielski, CTO of Rewind [stackoverflow.blog]

API Security: The New North, South, East and West of Cybersecurity
Smart security for the data breach era shifted the emphasis from the traditional enterprise focus on 'North-South' ('command and control' and exfiltration) traffic to internally-oriented 'East-West' traffic involving reconnaissance and lateral movement. As security challenges shift to applications and focus on business process-oriented monitoring and protection around APIs, the terms North, South, East and West have new meaning, context and import. by Giora Engel [cyberprotection-magazine.com]

Access control vulnerability in Easy!Appointments platform exposed sensitive personal data
Unprotected API could expose names, places, times of bookings made using app An access control vulnerability in open source scheduling platform Easy!Appointments gave unauthenticated attackers easy access to personally identifiable information (PII), a security researcher has revealed. [portswigger.net]

Make the most of SharePoint search APIs
Our organizations thrive on content, with documents still at the heart of our myriad workflows. Once those documents have served their initial purpose, they're still important; those forms, reports, and papers all capture essential business knowledge. by Simon Bisson [infoworld.com]

How Netflix Content Engineering makes a federated graph searchable
By Alex Hutter, Falguni Jhaveri and Senthil Sayeebaba Over the past few years Content Engineering at Netflix has been transitioning many of its services to use a federated GraphQL platform. GraphQL federation enables domain teams to independently build and operate their own Domain Graph Services (DGS) and, at the same time, connect their domain with other domains in a unified GraphQL schema exposed by a federated gateway. by Netflix Technology Blog [netflixtechblog.com]

Everything You Wanted to Know About GraphQL (But Were Afraid to Ask)
If you are bored "Try a food you don't like" is one of the result when you send Bored API a request. Try yourself On Browser URL or request on the website. The world of API's are unlimited and undeniably the power in modern platforms. If you are not familiar about API (Application Program Interface), It is a way 2 application programs interact with each other. by Satyen Kumar [medium.datadriveninvestor.com]

Reusability causing problems
When you enforce reusability, using such a sharded document can be rather problematic at times in tooling. I encountered this problem when I wanted to render the AsyncAPI files within the developer platform for GamingAPI. The way I solved the problem was to provide a bundled AsyncAPI document instead of multiple small files. by EventStack [eventstack.tech]
 
The Business of APIs
Postman API platform hits 20M users, helps drive the 'API economy'
We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today! Remember the "Which will it be going forward: the API economy or the application economy?" argument from a few years ago? by Chris J. Preimesberger [venturebeat.com]

Hookdeck snares $2.4M seed to help developers manage webhooks
Hookdeck founders Alexandre Bouchard and Eric Tran were working on a product to help manage webhooks in 2020 when they became discouraged and decided to step away to gain some perspective. The founders went rock climbing for a few months, and while they were away, people discovered their solution a... [techcrunch.com]

FHIR API Interoperability Relies on Standardized Endpoint Publication
The ONC 21st Century Cures Act Final Rule requires certain developers of certified health IT to provide their customer base with a certified FHIR API to support patient access to health information by December 31, 2022 [ehrintelligence.com]

Zapier: The $5B Unbundling Opportunity
Note: This post got picked up on hackers news - a bunch of great conversations were had around the topic. In September 2019, A16Z described a strategy for identifying new startup opportunities: look at broad horizontal platforms that are near their breaking point. by George Sequeira [medium.com]
 
(Un)Related
This is what cloud-native looks like for the Department of Defense
The public sector is moving boldly into the cloud-native future. It's one thing to employ open source for streaming movies or ordering meals from the convenience of mobile apps. It's a wholly different proposition when open source drives the military's F-16 fighter jet, a $64 million marvel flying 1,300 miles per hour at 50,000 feet. [siliconangle.com]

Measuring container size and startup latency for serverless apps written in C#, Node.js, Go, and Java
Do you like using function-as-a-service (FaaS) platforms to quickly build scalable systems? Me too. There are constraints around what you can do with FaaS, which is why I also like this new crop of container-based serverless compute services. These products-the terrific Google Cloud Run is the most complete example and has a generous free tier-let... by View all posts by Richard Seroter [seroter.com]

My awakening moment about how smartphones fragment our attention span
Journey away from smartphones I recently realized that absorbing the constant inflow of information from my smartphone, always readily available in my pocket to capture any free moment of attention, had fragmented my attention span. by Tom Johnson [idratherbewriting.com]

Low-Code Backend Builder Canonic Starts with a Graph
You're so tired of building applications in which the backend is essentially similar, with only the frontend substantially different. So is everyone. That's why there are so many backend-as-a-service providers out there. The team at Canonic, however, has taken the low-code route, enabling a wider swath of users - sales and marketing teams perhaps, who aren't necessarily developers - to share the love. by Susan Hall, Mike Melanson, Emily Omier [thenewstack.io]
 
Want to share something?
As always, if you want to chat, share a link, or make a suggestion, feel free to drop us a quick note or tagging us on Twitter (@launchany and @caseysoftware) or by emailing us at: james@launchany.com
 
UPCOMING EVENTS
Follow on Twitter    Forward to Friend    Subscribe
Copyright © 2022 LaunchAny, All rights reserved.
unsubscribe from this list