The week in API strategy, news, articles, and upcoming events.
James Higginbotham, Curator  A hand-curated weekly newsletter for API developers, sponsored by LaunchAny and CaseySoftware

Find this via Twitter? Subscribe now so you don't miss out

API Developer Weekly

Aug 30, 2018 - Issue #227
Hot Topics
T-Mobile Alerts 2.3 Million Customers of Data Breach Tied to Leaky API
Wireless carrier T-Mobile notified its 2.3 million subscribers via text message earlier this week that their personal account information may have been exposed. The warnings accompanied a customer adv []

Leaky API exposes Black Hat attendees' personal data
One of the world's biggest cyber security conferences was put in an awkward position after a poorly-secured API enabled a security researcher to download the personal details and contact information of every attendee. by Adam Shepherd []

LiveCast: The Role Of Identity In API Security
At the Nordic APIs Platform Summit, both Tyk and Curity will host workshops that dive into the nuts and bolts of managing identity in API security. Get a tas... by Nordic APIs []

Our API Specification Workflow - WeWork Technology
A year ago we started trying to figure out the best way to not just document HTTP APIs, but to leverage API specifications to avoid duplicating efforts on loads of similar-but-different tasks; maintaining Postman Collections, creating mocks, contract testing, payload validation, etc. by Phil Sturgeon []

API Design, Part 2: The Arrival of REST
This is part two in a three part series about the history of API design. Before There Was REST The Arrival of REST GraphQL and the Future In the last post, we talked about the birth of the internet, HTTP, CORBA, SOAP, XML, and JSON. Now let's fast forward to... by View all posts by Chelsea []

Exploring the Burp Suite API - Laconic Wolf
With the release of Burp Suite Professional 2.0 came the addition of a REST API. This post will show how to interact with the API in a browser, as well as introduce a Python tool I wrote,, that utilizes the API to automate active scans. by Jake []

Discussing Microservices and APIs with's Taylor Barnett - The New Stack
On today's episode of The New Stack Makers podcast, TNS founder and editor-in-chief Alex Williams sat down for a discussion with's Lead Community Engineer Taylor Barnett at OSCON 2018, held in Portland earlier this year. Starting off the conversation, Williams brought up the topic of service meshes, to which Barnett quickly noted, "A lot of ... by TNS Staff, Andrea Echstenkamper []

APIs for Microservices - Part 3 - RingCentral Developers - Medium
In Part 1 of the series we took a look at what really makes microservices different from SOA, and past technologies and methodologies we've already tried - and failed to successfully implement. In Part 2 we then took a look at different API types, and best practices for building a RESTful API. by Mike Stowe []

Assisted Token Flow: The Answer to OAuth Integration in Single Page Applications | Nordic APIs |
OAuth is an incredibly popular internet standard for granting apps and web services access to the information available on other websites. Though the implementation is complex, the premise is simple: you tell a website you want to access its data, you log in with the user's details, and off you go - but without some kind of protocol the process would be a whole lot more complicated. by Thomas Bush []

How Do We Get API Developers To Follow The Minimum Viable API Documentation Guidance?
After providing some guidance the other day on how teams should be documenting their APIs, one of the follow up comments was: "Now we just have to figure out how to get the developers to follow the guidance!" Something that any API leadership and governance team is going to face as they work to implement new policies across their organization. []

Common Hypermedia Patterns with JSON Hyper-Schema - APIs You Won't Hate
In the last two JSON-Hyper Schema articles ( Getting Started - Part One and Part Two), we covered the basics: Basic Links Request and response bodies Request and response headers HTTP methods But while working with JSON Hyper-Schema I have discovered a couple of common API patterns that could use a little more explanation. by Aaron Hedges []

Writing Documentation When You Aren't A Technical Writer - Part Two
Welcome back for Part Two of Writing Documentation When You Aren't A Technical Writer! In Part One , we discussed how to write documentation people actually read and how to avoid the common pitfalls caused by code samples in your documentation. by Taylor Barnett []

It Is Hard To Go API Define First
Last year I started saying API define first, instead of API design first. In response to many of the conversations out there about designing, then mocking, and eventually deploying your APIs into a production environment. I agree that you should design and iterate before writing code, but I feel like we should be defining our APIs even before we get to the API design phase. []

How Should Teams Be Documenting Their APIs When You Have Both Legacy And New APIs?
From my vantage point, minimum viable API documentation should always include a machine readable definition, and some autogenerated documentation within a portal at a known location. If it is a SOAP service, WSDL is the format. If it is REST, OpenAPI (fka Swagger) is the format. []

Upcoming Web API Events
A list of upcoming Web API Events, maintained by Matthew Reinbold
The Business of APIs
Google Maps API Price Hike Is Threatening the Future of Some Companies
"The impact of the rise in the prices of Google Maps APIs is huge. We [would] either like to switch off our website or find an other solution," says Petri Karjalainen of Naturist BnB, an accommodation booking platform for naturists. "We are definitely not going to continue with Google Maps. by Jagmeet Singh []

23andMe to Shutter Public API, Gives Developers Two Weeks Notice
DNA testing provider 23andMe has informed developers that it will be shuttering its public API in two weeks to focus on apps that use its internal reports. The API was intended to give developers the ability to build apps and tools that took advantage of the company's genetic data sets. []

(Un)Related Topics
Brendan Eich on Creating JavaScript in 10 Days, and What He'd Do Differently Today - The New Stack
Millions of developers use a programming language today that was created in just 10 days during the hustle and bustle of the dotcom boom. JavaScript creator Brendan Eich revisited the roots of his language in some newly-released online videos, and explained how all the seeds he planted in 1995 are now finally coming to fruition. by David Cassel, TNS Staff, Mary Branscombe []

Uncle Bob Martin on Clean Software, Craftsperson, Origins of SOLID, DDD, & Software Ethics
Wes Reisz sits down and chats with Uncle Bob about The Clean Architecture, the origins of the Software Craftsperson Movement, Livable Code, and even ethics in software. Uncle Bob discusses his thoughts on how The Clean Architecture is affected by things like functional programming, services meshes, and microservices. []

How to extract a data-rich service from a monolith
There is a major shift in the industry away from monoliths towards smaller services. A key reason why organizations are investing in this shift is because smaller services built around business capabilities increase developer productivity. Teams that can own these smaller service/s can be "masters of their own destiny" which means they can evolve their service/s independently of other services in the system. by Praful Todkar []

Why Having a Feature Flag Microservice Is a Bad Idea - DZone Microservices
Perhaps you have built a tight feature flag package that you can deploy. It has a Slick REST API in a microservice where you can query a flag saying, "Are you on?" It seems easy for other services to talk to this service. by Mark Henke, See the original article here. []

Event-driven Microservices with Quebic - Hacker Noon
Hi Today I am going to discuss about how to develop Event-driven microservices using Quebic framework . If you are new to microservices you can refer my previous article which covered main concepts about microservices. And If you are new to Quebic please go through with this documents. by Tharanga Thennakoon []

Microservice Testing: Coupling and Cohesion (All the Way Down)
Over the past few months Andrew Morgan and I have been teaching several workshops on microservice testing, most notably earlier in the year at O'Reilly SACON New York and QCon London. This is always great fun - we enjoy sharing our knowledge, we typically learn a bunch, and we also get a glimpse into many of the attendees approaches to testing. by Daniel Bryant []

What they don't tell you about event sourcing - Hugo Rocha - Medium
Event sourcing and CQRS gained a lot of popularity recently. The advantages are obvious and they share a very peculiar symbiosis with each other and with the current tech state of the art making them very relevant. However after working for several years with them in production there are several caveats that one should care for. by Hugo Rocha []

Auth0 Architecture: Running In Multiple Cloud Providers And Regions - High Scalability -
Monday, August 27, 2018 at 8:56AM This is article was written by Dirceu Pereira Tiegs, Site Reliability Engineer at Auth0, and originally was originally published in Auth0. Writing better automation let us grow from partially automated environments doing ~300 logins per second to fully automated environments doing more than ~3.4 thousand logins per second This is how we achieve high availability: all services (including databases) have running instances on every availability zone (AZ). []
Want to share something?
As always, if you want to chat, share a link, or make a suggestion, feel free to drop us a quick note or tagging us on Twitter (@launchany and @caseysoftware) or by emailing us at:
Follow on Twitter    Forward to Friend    Subscribe
Copyright © 2018 LaunchAny, All rights reserved.
unsubscribe from this list