The week in API strategy, news, articles, and upcoming events.
James Higginbotham, Curator  A hand-curated weekly newsletter for API developers, sponsored by LaunchAny and CaseySoftware

Find this via Twitter? Subscribe now so you don't miss out

API Developer Weekly

Oct 11, 2018 - Issue #233
Hot Topics
Making the Most of Your API Specification - Stoplight API Corner
It wasn't so long ago that an API specification was just a thing that got generated. Write some code, add some annotations, and let your build tool create an API specification document you shared with your colleagues, community, friends, and family. Job done. All that's changed with the advent of design-first APIs. by Chris Wood []

Five Things to do Before Opening Your Internal API
What happens when you are ready to take your API from a small subset of users to something more open? What are the things you want to make sure are locked down tight before rolling out an open API program? James Higginbotham offered some tips for making sure your API is ready. []

Building Secure APIs
In my team at Okta, we're interviewing a number of non-customers to understand your perspective on APIs, the problem you're solving, and how you look at the world. This is *not* a sales pitch and any information shared with us will not be shared directly with our Sales team in any personally-identifiable way. []

HTTP-REPL Tool to test WEB API in ASP.NET Core 2.2 #aspnetcore
Today there are no tools built into Visual Studio to test WEB API. Using browsers, one can only test http GET requests. You need to use third-party tools like , , or to perform a complete testing of the WEB API. by Talking Dotnet []

Creating and testing REST and Messaging contracts with Spring Cloud Contract - JDD 2018
REST and Messaging solutions do not come with an in-built contract compliance mechanism, which in many ways is a great thing. However, while working with microservice-based systems, it often appears that a practical mechanism that would provide help in shaping and describing REST and Messaging contracts would come in handy. by Olga Maciaszek-Sharma []

5 Things You Have Never Done with a REST Specification
RESTful APIs are a popular myth in web development-but they're a myth we can work with. The right tools can help keep documentation consistent and streamline automated testing. In this article, Alexander Zinchuk explores several time-saving REST specification techniques, with examples in Node.js and Ruby on Rails. []

Editorial Services as a Central Utility for API Teams
Most organizations never consciously address the experience of the developers that create APIs, the upstream. This is only logical, upstream Developer eXperience doesn't always need attention: a team that is dedicated to APIs will overcome friction on its own terms. In large enterprise organizations, however, where API development might be a secondary priority of a team, upstream DX can make the difference between a failed and a successful digital transformation initiative. []

The Layers Of Completeness For An OpenAPI Definition
Everyone wants their OpenAPIs to be complete, but what that really means will depend on who you are, what your knowledge of OpenAPI is, as well as being driven by your motivation for having an OpenAPI in the first place. []

REST Beyond the Obvious - API Design for Ever-Evolving Systems
Most APIs built today are considered REST APIs these days, when in fact they merely exchange data via HTTP and JSON. At the same time, systems almost never act autonomously but rather live alongside others. In that context, being able to evolve an API becomes a crucial aspect in its design and the only knee-jerk, but often problematic reaction usually is: versioning. by SpringDeveloper []

Video tutorial: Securing APIs with authentication and authorisation using Tyk & Okta - Tyk API Gateway and API Management
From the Cambridge Analytica scandal to the recent SingHealth cyber attack, data security continues to be a hot topic around the world. APIs are in no way immune to these concerns - if anything, an understanding of the importance of API authentication and authorisation is critical to ensuring your API and API users are safe ... []

Your Guide To Messaging APIs for Enabling Web 3.0 Internet Communication | PubNub
Given all the promise of the Internet, we initially experienced it only as an information dump with millions of websites containing billions of web pages hyperlinked to one another. With Web 2.0 we envisaging a semantic web powered by dynamic web applications where information was stored and retrieved structurally. by PubNub Staff []

draft-nottingham-json-home-06 - Home Documents for HTTP APIs
Network Working Group M. Nottingham Internet-Draft February 15, 2017 Intended status: Informational Expires: August 19, 2017 Home Documents for HTTP APIs draft-nottingham-json-home-06 Abstract This document proposes a "home document" format for non-browser HTTP clients. Note to Readers The issues list for this draft can be found at . []

API Digest #102: Guys, REST APIs are not Databases
Welcome back to our API Digest series! We are continuing to deliver the most interesting news from the world of APIs via our digest. In today's edition you will find a brief overview of the following articles: Guys, REST APIs are not Databases 3 Tips For Connecting To Your First API API Security in the ... by Khrystyna Oliinyk []

Upcoming Web API Events
A list of upcoming Web API Events, maintained by Matthew Reinbold
The Business of APIs
To Help Developers Get A Grip On APIs, Stoplight Raises $3.25M
Stoplight, which describes itself as an an online platform that helps developers build, test, and improve their web APIs, has raised $3.25 million in seed funding that it plans to use toward the hiring of engineers and product development. The infusion brings Stoplight's total funds raised to $4.65 million since its 2015 inception. by Mary Ann Azevedo, Jason D. Rowley, Holden Page, Alex Wilhelm, Savannah Dowling []

Rapid7 Introduces InsightAppSec API
Rapid7 has announced API access to its InsightAppSec security solution. InsightAppSec is a security suite based on Dynamic Application Security Testing (DAST). Prior to the API, usage of the DAST features were limited to the user UI options offered by Rapid7. Now, developers can get more granular. []

Health Data Sharing Will Follow the Open Banking Model
The trend toward API-based banking offers a model for health records, giving patients access to and control over their personal health data. There's a data crisis in healthcare today, with patient care hindered by paper-based record systems and information that's siloed within different provider systems. Electronic health record (EHR) systems were designed to solve these problems, but a lack of interoperability is holding the industry back. []

Facebook Data Breach Highlights API Vulnerabilities
The vast majority of API attacks are actually undetected and therefore not visible to most organizations. But when a poorly secured API leads to a damaging data breach, the consequences of ignoring this attack vector becomes immediately apparent. On Friday, we saw the most recent example of this. []

Securing Your APIs Like the Pros: A Panel Discussion
Join us for a panel discussion about the API threat landscape, and how enterprises are combining access control with advanced API cybersecurity for comprehensive protection. []

Twilio Previews a Serverless Capability, Called Functions, to Manage Messaging Apps - The New Stack
Twilio has launched a preview service, called Functions, that lets developers write and run serverless code within the Twilio Runtime console, giving them more control over how to manage their Twilio API-driven messaging applications. This pre-configured environment has helper libraries, API keys, asset storage and debugging tools, which can be accessed inside the Twilio web portal. by Mary Branscombe, Susan Hall, Steve Dyer []

The New Atlanta Billionaires Behind An Unlikely Tech Unicorn
wo years ago, Ben Chestnut found a crumpled piece of paper in the trunk of his Mercedes GL63 SUV, alongside the muddy shoes and helmets he uses while mountain biking in the hills of northern Georgia. Forgotten there for a year, the paper assessed how much a top private equity firm in New York thought his company was worth: $2 billion. by Alex Konrad [] Launches Print on Demand CloudPublish API
Last week, cloud based printing company launched the CloudPublish API. The API offers publishers a print on demand service that lets publishing apps be connected to hundreds of print partners. This allows content to be printed not only locally but around the world as well. []

Google Expands G Suite Delegate Settings via Gmail API
Google announced that it is changing the way that delegate settings are managed within G Suite. The Gmail API is being expanded to handle these settings, and the Email Settings API, which had previously been used for controlling delegate relationships, will be deprecated as of October 16, 2019. []

(Un)Related Topics
The original sources of MS-DOS 1.25 and 2.0, for reference purposes - Microsoft/MS-DOS []

Draw a bigger picture
When I was in college, I had the pleasure of taking a couple math classes taught by Mike Starbird. One of the things he told us about problem solving was this: when you're stuck, draw a picture. Good advice, though hardly original. But then he said something else: If you're still stuck, draw a bigger picture. by John []

Google GKE vs Microsoft AKS vs Amazon EKS on
There have been many comparisons done between these cloud hosted Kubernetes providers already. However, probably none as honest as this one. Below is a screenshot of the Google sheet comparing GKE, AKS and EKS. You may notice that some of the cells have comments in already. []

Five Tips for Kubernetes Network Security and Compliance | Tigera
Kubernetes is dynamic and hard to secure or monitor using existing tools. This has a significant impact on your security and compliance controls. Traditional solutions like perimeter security, zone-based security, and static firewalls are not sufficiently scalable or flexible enough to meet security controls for Kubernetes. Monitoring tools do not ... []

Introducing the Non-Code Contributor's Guide
Author: Noah Abrahams (InfoSiftr), Jonas Rosland (VMware), Ihor Dvoretskyi (CNCF) It was May 2018 in Copenhagen, and the Kubernetes community was enjoying the contributor summit at KubeCon/CloudNativeCon, complete with the first run of the New Contributor Workshop. As a time of tremendous collaboration between contributors, the topics covered ranged from signing the CLA to deep technical conversations. []

Knative: Serving your Serverless Services - Red Hat OpenShift Blog
There has been a lot of talk about serverless. so let's ask first: What is serverless computing? To understand, here is the CNCF definition of serverless computing: "Serverless computing refers to the concept of building and running applications that do not require server management. by Kamesh Sampath []

Modeling Uncertainty with Reactive DDD
Vaughn Vernon has written several books on DDD and reactive messaging patterns, and has found that the nature of distributed systems means you must deal with uncertainty. How to respond to a missing message, or a message that is received twice, should be a business decision, and therefore must be part of the domain model. []

Why One Tech Security Expert Is Increasingly Worried About Google
Facebook Wants Us to Trust Our Privacy to Its New Video Chat Device. Really? The U.S. May Get a Back Door to Encryption Back Doors, Thanks to Australia We're Finally Having a Real Conversation About Privacy. Why Aren't We Looking Closely at Data Brokers? by Matthew Green []
Want to share something?
As always, if you want to chat, share a link, or make a suggestion, feel free to drop us a quick note or tagging us on Twitter (@launchany and @caseysoftware) or by emailing us at:
Follow on Twitter    Forward to Friend    Subscribe
Copyright © 2018 LaunchAny, All rights reserved.
unsubscribe from this list