Copy
The week in API strategy, news, articles, and upcoming events.
James Higginbotham, Curator  A hand-curated weekly newsletter for API developers, sponsored by LaunchAny and CaseySoftware

Find this via Twitter? Subscribe now so you don't miss out
 
 

API Developer Weekly

June 9, 2022 - Issue #409
We are back after a week off, with lots of articles for you to enjoy. This week, we have a look at how to tidy up existing REST APIs for a better developer experience, Stoplight provides an API roadmap with insights from a variety of practitioners, and a look at some recent API vulnerabilities.  

Happy Reading!
-- James

 
Hot Topics
Tidying Up Existing REST APIs
What if, one morning, you discover that every internal REST API endpoint of your web application is suddenly displayed as-is in your public REST API documentation? Your Developer Portal is overflowing with messages from eager API users struggling to make integrations with the exciting new functionality the endpoints provide. [nordicapis.com]

The API Roadmap
You need a solid API strategy if your company wants to keep pace. Lucky for you, we have interviewed API experts from around the world who shared stories of API success - and sometimes failure. Download our eBook to hear from experts from Cisco, Pinterest, Wells Fargo, Ford, eBay, Microsoft, and more about how to build your own API strategy roadmap. [stoplight.io]

Over 380 000 open Kubernetes API servers
We have recently started scanning for accessible Kubernetes API instances that respond with a 200 OK HTTP response to our probes. Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. We find over 380 000 Kubernetes API daily that allow for some form of access, out of over 450 000 that we are able to identify. [shadowserver.org]

Widespread Swagger-UI library vulnerability leads to DOM XSS attacks
Dozens of bugs reported with a backlog containing hundreds more More than 60 instances of a web security flaw in the Swagger-UI library that potentially leads to account takeover have been reported to impacted organizations. [portswigger.net]

The 3 benefits of creating OpenAPI-based tools (the right way)
Supporting The OpenAPI Specification (fka. Swagger Specification) format when creating Web API tools is a must-have. Not for the sake of the format itself but rather because of the benefits you'll get from it. But those benefits will come only if OpenAPI is used the right way. by Arnaud Lauret [apihandyman.io]

From On-Premises to Cloud APIs: A Meta Example
Meta is the latest major tech player to recently announce broader developer access to their WhatsApp Cloud API. Meta owns several social media and messaging platforms including WhatsApp, Messenger, and Instagram. by Abhinav Asthana, Joyce, Kin Lane [blog.postman.com]

The Difference Between Client-Server and Publisher-Subscriber
APIs are designed to communicate with each other. Since this is the core purpose of web APIs, it's easy to take for granted how that communication actually occurs. End users might unknowingly send hundreds of API requests per day and never quite understand how that exchange works in the background. [nordicapis.com]

Moving to GraphQL from SOAP or REST
This blog is the fourth part of the series called "API Transformer Recipes". The series aims to highlight numerous ways in which developers can integrate API Transformer into their workflow in order to gain access to a wide range of tools and frameworks. [apimatic.io]

How Expensive Is an API Call?
Programming API calls on a budget can be a delicate science. For API consumers, integrating with an API runs the risk of essentially turning strangers loose with your credit card. Even $0.001 per call can quickly add up if you're making millions of calls a month. [nordicapis.com]
 
The Business of APIs
APIs Unplugged - S3 E4 - APIs for Everyone with Barb MacLean by MuleSoft
In this episode, Barb MacLean of Celero joins Mike and Matt to give a window into the Canadian community banking and credit union landscape, and the impact that digital transformation, open banking, and APIs are playing. by MuleSoft [soundcloud.com]

Are you strategic about API monetization? - Software AG
In the last blog post I talked about an alternative to the well-known direct API monetization, called indirect API monetization. As I mentioned, to construct APIs that lend themselves to indirect API monetization, you can follow one of several patterns. [blog.softwareag.com]

Style Guides Rulebook Series: Automating API Design Guidelines
Inconsistency is one of the fundamental reasons for a sub-par developer experience for APIs. Inconsistent APIs across an API platform frustrate and confuse developers both internally and externally. This leads to reduced adoption, increased time to value, and a lack of trust. by Nauman Ali [blog.stoplight.io]
 
(Un)Related
How API gateways complement ESBs
For the modern enterprise, providing delightful customer experiences may be an all-encompassing task, but obsessing about customers is well worth the effort. Forrester research reveals that customer-obsessed companies achieve 2.5 times higher revenue growth and 2.2 times better customer retention. by , Marco Palladino [infoworld.com]

Leveraging Knowledge Graphs to Enrich Machine Learning - RTInsights
By combining knowledge graphs and machine learning, organizations can extend the capabilities of ML and ensure the results derived from their models have solid explainability and trustworthiness. The current applications of Machine Learning (ML) are widespread: from deciding which trades to execute on Wall Street, determining credit decisions, optimizing inventory, improving product recommendations, predicting whether a user will click an ad, or Google's ability to improve cooling efficiency at data centers. by Al Baker [rtinsights.com]

Modern Engineering Practices Applied to Enterprise IT
I spent the first 20 years of my career in Software Engineering, and I loved every minute of it: writing and deploying code, solving complex problems with simple solutions, nonstop learning and innovation. I progressed from Developer to Architect, from Management to Senior Leadership. by Adrienne [adrienneshulman.medium.com]

Going from COBOL to Cloud Native
Virtually every technology publication these days is full of cloud stories, often about the success that has been achieved by webscale companies doing amazing things exclusively in the cloud. Unlike Netflix, Twitter and Facebook, however, most companies have a heritage that predates the availability of cloud computing. by Mark Hinkle [thenewstack.io]

Joe Duffy - Asynchronous Everything
Midori was built out of many ultra-lightweight, fine-grained processes, connected through strongly typed message passing interfaces. It was common to see programs that'd've classically been single, monolithic processes - perhaps with some internal multithreading - expressed instead as dozens of small processes, resulting in natural, safe, and largely automatic parallelism. by Joe Duffy [joeduffyblog.com]
 
Want to share something?
As always, if you want to chat, share a link, or make a suggestion, feel free to drop us a quick note or tagging us on Twitter (@launchany and @caseysoftware) or by emailing us at: james@launchany.com
 
UPCOMING EVENTS
Follow on Twitter    Forward to Friend    Subscribe
Copyright © 2022 LaunchAny, All rights reserved.
unsubscribe from this list