Copy
The week in API strategy, news, articles, and upcoming events.
James Higginbotham, Curator  A hand-curated weekly newsletter for API developers, sponsored by LaunchAny and CaseySoftware

Find this via Twitter? Subscribe now so you don't miss out
 
 

API Developer Weekly

May 27, 2021 - Issue #359
This week, eBay adopts AsyncAPI, Instagram has an API vulnerability from lack of proper authorization in their GraphQL API, we take a deep-dive into Uber's API gateway, and Routable decides to revisit their API design in an effort to evolve away from 1-to-1 mapping with a database. Also included is a healthy debate from @APIHandyman on HTTP status codes 204 vs. 403 vs 404 vs 410. Oh, and there is a D&D 5th Edition API for the RPGers out there.   

Happy Reading!
-- James

 
Hot Topics
eBay Adopts AsyncAPI for Asynchronous API Contracts
eBay recently announced that it adopted AsyncAPI for its external asynchronous API contracts. In March 2021, eBay launched its first AsyncAPI-based contracts for its new business event notification capabilities. Late last year, eBay initiated work on a new event notification platform designed to meet current and future demands for asynchronous communication to API partners. [infoq.com]

Account takeover of Instagram accounts due to unrestricted permissions of third-party application's generated tokens
Access tokens returned when an Instagram user authorize a third-party Instagram application which was created to use the Instagram Basic Display API, could be used to access graph.instagram.com/graphql endpoint which allows the owner of the application to make Query/Mutations and bypass the API permissions given or in some scenarios full takeover the account. [ysamm.com]

Move along, no resource to see here (truly), HTTP status code 204 vs 403 vs 404 vs 410
When designing APIs, choosing HTTP status codes is not always that obvious and prone to errors, I hope this post series will help you to avoid common mistakes and choose an adapted one according to the context. by Arnaud Lauret [apihandyman.io]

The Architecture of Uber's API gateway
API gateways are an integral part of microservices architecture in recent years. An API gateway provides a single point of entry for all our apps and provides an interface to access data, logic, or functionality from back-end microservices. by Madan Thangavelu, Abhishek Parwal, Rohit Patali [eng.uber.com]

What's next for the Routable API?
We released the first version of our API back in November 2018. Since then, we've helped dozens of engineering and finance teams streamline their vendor onboarding and business payments. In that time, we've evolved the API over a handful of revisions and learned a lot from our customers about what they need in our API product. [blog.routable.com]

WebSocket, Shrek, and AsyncAPI - An Opinionated Intro | AsyncAPI Initiative for event-driven APIs
This is a pretty subjective post. I'm sharing my perspective, taking into account years of experience building backend and frontend with user experience in mind. If you do not want to read this article, then watch the recording of the live stream about the same: Everything we hear is an opinion, not a fact. [asyncapi.com]

High Performance API Management Testing
This report focuses on API management platforms deployed in the cloud. The cloud enables enterprises to differentiate and innovate with microservices at a rapid pace. It allows API endpoints to be cloned and scaled in a matter of minutes. And it offers elastic scalability compared with on-premises deployments, enabling faster server deployment and application development, and allowing less costly compute. by Andrew J. Brust, William McKnight, Jake Dolezal [gigaom.com]

D&D 5th Edition API
REST API to access D&D 5th Edition SRD database [dnd5eapi.co]
 
The Business of APIs
Developer Marketing Does Not Exist
Developer Marketing Does Not Exist [DuVander, Adam] on Amazon.com. *FREE* shipping on qualifying offers. Developer Marketing Does Not Exist [amazon.com]

(Un)Related
Jolie - A Service-Oriented Programming Language for Distributed Applications
The Jolie programming language recently attracted the attention of developers on Hacker News. Jolie is a service-oriented language that encourages developers to model distributed software as composable services whose orchestration is described separately from communication protocols (SOAP, HTTP, XML-RPC) and deployment architecture. Jolie adopts services as a first-class concept. [infoq.com]

Google tests an RSS follow feature in Chrome | Engadget
Eight years after the untimely demise of Google Reader, Google is embracing RSS again. The company is testing a "Follow" button for Chrome that lets you keep up with your favorite sites on the web browser. In the coming weeks, users of the Chrome Canary channel for developers should start seeing the new feature on Android. [engadget.com]

Designing a unified Intent-driven API for all AsyncAPI's parsers
The Free and Open-Source Software (FOSS) model, since its inception, has brought a flurry of libraries and applications available to everyone. Thanks to the growth of the open-source community, we can now enjoy free software and, in most cases, generate profit from it. [asyncapi.com]

Useful Resources
 
A list of upcoming Net API Events, maintained by Matthew Reinbold

API Security Events
A list of upcoming API security events from apisecurity.io

Tyk Whitepaper: Approaching your API Strategy
As well as writing for the James Higginbotham is an Executive API Consultant with experience in API strategy and software architecture. James guides enterprises through their digital transformation journey to deliver a great customer experience and provides training in API and microservice design. [content.tyk.io]


Book: A Practical Approach to API Design by Casey and Higginbotham
If you read the tech press, everyone knows they need an API but most aren't really sure what it is. They treat it as another checkbox like "Web 2.0" was a few years ago or a mobile app was most recently. In fact, there’s an entire “API-first” movement in development circles that most people don’t understand or even realize why. In this book, we'll start by discussing the what an API is, why you might need one, and follow up with the how to build one. [leanpub.com]

 
Want to share something?
As always, if you want to chat, share a link, or make a suggestion, feel free to drop us a quick note or tagging us on Twitter (@launchany and @caseysoftware) or by emailing us at: james@launchany.com
 
UPCOMING EVENTS
Follow on Twitter    Forward to Friend    Subscribe
Copyright © 2021 LaunchAny, All rights reserved.
unsubscribe from this list