The week in API strategy, news, articles, and upcoming events.
James Higginbotham, Curator  A hand-curated weekly newsletter for API developers, sponsored by LaunchAny and CaseySoftware

Find this via Twitter? Subscribe now so you don't miss out

API Developer Weekly

March 24, 2022 - Issue #399
This week, we have a report from APImatic on the top API specification trends, a look at how to make extending API formats safe and easy from Mike Amundsen, and an interview with me on the ADDR API design process. We also have an interesting article on using a hexagonal architecture to help your app adopt new API versions easily, and some security announcements and case studies. 

Happy Reading!
-- James

Hot Topics
Top API Specification Trends: 2019-2022
Unsurprisingly, the pandemic-ridden era has fueled the rise of APIs in the world. What is more interesting, however, is that with the rise of APIs, a rise in the number of API specification documents has been observed as well. by Faria Rehman []

Let's Make Extending API Formats Safe and Easy
One of the common challenges in creating long-lasting, stable APIs is designing them in a way that supports easily updating them with new fields, modified responses, and other details. Getting the API design right the first time is extremely unlikely. On the flip side, getting requests to modify an existing API design is almost inevitable. by Mike Amundsen []

Design Better APIs with the ADDR Method
Developing good APIs very much depends on building the right thing, and then building it right. This process requires a perspective on APIs that not just loo... []

Adopting New API Versions With Hexagonal Architecture
When you've been comfortable working with your old API for a long time, it can be onerous to adopt a new API version; particularly if you never designed for it. In this guide, I'll show you a method to adopt even drastically new iterations, with minimal churn to your code. by Andrew O'Hara []

Important security bypassing vulnerability patched in cURL. Update now
Cybersecurity specialists report the detection of a severe vulnerability in cURL , a software project consisting of a library and a command interpreter oriented to file transfer. According to the report, the successful exploitation of this flaw would allow threat actors to evade some security measures. by Atul Narula []

Even 'Perfect' APIs Can Be Abused
In the world of API security, the words "attack" and "vulnerability" are often used interchangeably. But as the API threat landscape explodes - and security teams scramble to respond - it's more important than ever to develop a precise vocabulary for both, describing and defending against highly specific types of API threats. []

A Case Study of API Vulnerabilities
OverviewThis writeup details a series of vulnerabilities I encountered a few months ago on a single private program. The company did specify that they would like to read the writeup before publication to approve it first. Unfortunately, the private program has since been shut down, and the email account that []

Organizing APIs in System, Business, and Experience Layers
Either for historical, organizational, or technical reasons, not all APIs are at the same level, especially in organizations that do not start their API-First journey from scratch. APIs can be organized into three different layers: system APIs, business APIs, and experience APIs. by Arnaud Lauret []

How to Use API Keys in Postman
If you work with APIs, then you already know there's many ways to prove your identity and gain access to an API, such as API keys. To help you use API keys as effectively as possible, let's walk through some common pitfalls we see come up, and learn how to handle sensitive data in Postman. []
The Business of APIs
Put Yourself in Your Customers Shoes When Developing APIs
The great thing about developing B2B API products is that it forces you to be customer centric as you build technology. []

How To Find An Audience For Your API?
So, you've built your API. Or maybe you're not quite there yet? Whatever stage in the process you're at, it's never too early to start thinking about who will actually use your API. Of course, that's easier said than done. []

A Standardized, Specification-Driven API Lifecycle
At QCon Plus last November, Kin Lane, Chief Evangelist with Postman, and the Open Technologies Team lead presented on API specifications. API specifications are essential to him and at Postman. So he wanted to share a bit of how they see API specifications impacting how they produce and consume APIs. []
Scaling Engineering Decision making with Architecting Tenets
Jungle Scout's heritage is rooted in moving fast to err on the side of delivering customer value and either scaling what works or decommissioning and then learning from the failures. With this in mind, the architecting tenets aim to support the scaling of architectural decision making. by Jungle Scout Engineering []

Apache Airflow for Data Science - How to Work with REST APIs
What do 90% of data pipelines have in common? You've guessed it - extracting and transforming data from REST APIs. If you're an avid Apache Airflow user, there are multiple ways you can approach this. In an earlier article, you saw how to handle API calls with the PythonOperator, but I mentioned it's not a recommended method. by Dario Radečić []

Why Uber's DOMA is WRONG
Dear Uber, please do not mistake the map for the territory. Domain-Oriented Microservices Architecture 😑. Let me start with what is wrong with the highest-level idea. Microservices Architecture "Microservices" is definitely not a type of architecture. Microservices is a deployment strategy. What is the difference? by Rogelio Consejo []
Want to share something?
As always, if you want to chat, share a link, or make a suggestion, feel free to drop us a quick note or tagging us on Twitter (@launchany and @caseysoftware) or by emailing us at:
Follow on Twitter    Forward to Friend    Subscribe
Copyright © 2022 LaunchAny, All rights reserved.
unsubscribe from this list