Copy
The week in API strategy, news, articles, and upcoming events.
James Higginbotham, Curator  A hand-curated weekly newsletter for API developers, sponsored by LaunchAny and CaseySoftware

Find this via Twitter? Subscribe now so you don't miss out
 
 

API Developer Weekly

Nov 21, 2019 - Issue #286
This week's articles focus on API documentation, API description formats, and the API design review process. I also found a few articles on service mesh that may be helpful for those embarking on the journey and just looking to learn a bit more. Happy reading! -- James
 
Hot Topics
What nobody tells you about documentation
There is a secret that needs to be understood in order to write good software documentation: there isn't one thing called documentation, there are four. They are: tutorials, how-to guides, explanation and technical reference. They represent four different purposes or functions, and require four different approaches to their creation. [divio.com]

How to Engage Developers with a World-Class API Portal
One of the hottest topics among API providers has to do with how to best engage developers through a developer portal. In this special report, ProgrammableWeb has compiled a comprehensive list of features (based on real world examples) that all developer portals should aspire to. [programmableweb.com]

Bringing law and order to APIs with OpenAPI Specifications
If you're building cars, a specification tells you how a car works. It includes the most important details and perhaps a list of requirements that the end product should fulfill. Once the car gets... by Joyce Lin [medium.com]

API Design Reviewer's Starter Set
What could go possibly wrong when designing APIs? Everything. Among many other things, API Design may be inconsistent with pre-existing elements, may be bugged, may not fulfill needs, may be hard to understand or use, may be too specific and impossible to reuse, ... by Arnaud Lauret API Handyman [speakerdeck.com]

Five stages of the API product lifecycle
Just like any product, APIs have their own lifecycle with distinct phases. And recognizing them means you can take advantage of them by focusing on the right aims and the proper convenance at each step along the way. This was one of the key lessons we focused on when we wrote the "Continuous API Management" [...] by Mike Amundsen [blogs.mulesoft.com]

Generate Your Own API Gateway Developer Portal | Amazon Web Services
Shiva Krishnamurthy, Sr. Product Manager Amazon API Gateway helps you quickly build highly scalable, secure, and robust APIs. Developers who want to consume your API to build web, mobile, or other types of apps need a site where they can learn about the API, acquire access, and manage their consumption. [aws.amazon.com]

Do Not Write Contract Tests
API testing is hard! Many teams are starting to invest in live contract testing. With live testing, there's no need to manually curate test cases. Instead, teams collect samples from their development and staging environments and run OpenAPI validators on the requests/responses their APIs handle. [useoptic.com]

CPDoS Attacks Cause CDNs to Deliver Error Pages instead of Expected Results
Security researchers disclosed three new variants of the cache poisoning attack first discussed at the 2018 DEFCON conference. These three new attacks are being categorized as cache poisoning denial of service (CPDoS) attacks. These vulnerabilities allow an attacker to inject their own malicious content to be served by the cache in lieu of the expected web pages. [infoq.com]

The hidden costs of microservices - Techerati
For the best microservices results, you need to do your homework. By Wayne Geils, AWS technology evangelist at ServerCentral Turing Group and Mike Hostetler, senior director of engineering at Cars.com Microservices are hot right now. IT colleagues I talk with are excited about their potential, and thought leaders in various industries are speculating about their transformative power - and with good reason. [techerati.com]

JWT revocation
Over the last weekend, I took a look at a web app built by some folk. It uses JWT and the first thing I usually test whenever I come across apps like this is to check if there is a revocation strategy for these tokens. [lanre.wtf]
  
The Business of APIs
Overcoming the 3 Largest Obstacles to Digital Transformation - RTInsights
The key to digital transformation success is to address issues related to customer orientation, business models, and technology. Let's start by defining "Digital Transformation." If we do not have an agreed upon definition, we certainly will not agree upon how to overcome the obstacles! But, agreement on this definition is not so simple. by Alan Glickenhouse [rtinsights.com]

'Low-Code' Becomes High Priority as Automation Demands Soar
Chief information officers, on the hook to automate manual and repetitive business processes, are increasingly turning to tools designed to create applications quickly, without the sweat of writing and debugging lines of code. Collectively known as "low-code," these tools have been available in some form for decades. by Agam Shah [wsj.com]
 
(Un)Related Topics
The Service Mesh: What Every Software Engineer Needs to Know about the World's Most Over-Hyped Technology
In this guide I'm going to attempt to provide an honest, deep, engineer-focused guide to the service mesh. I'm going to cover not just the what but also the why and the why now. Finally, I'm going to attempt to describe why I think this particular technology has attracted such a crazy level of hype, which is an interesting story in and of itself. by William Morgan [servicemesh.io]

We've Made Quite a Mesh
Kubernetes has evolved many service-mesh-like properties. by Tim Hockin [speakerdeck.com]

The Art of the Service Mesh Policy - The New Stack
Aspen Mesh sponsored this post. Picture this: You're the director of engineering at an enterprise organization. You have had a successful career managing small engineering teams and you're now balancing the demands of managing an engineering organization while contributing to overall planning and strategy as part of senior staff. by Andrew Jenkins, Emily Omier, B. Cameron Gain [thenewstack.io]

What Is Site Reliability Engineering (SRE)? | Nordic APIs |
How an organization operates is just as important as the business itself. The way teams are structured, and the methods they employ in carrying out their work is vital to the end product. To improve efficacy, efficiency, and quality, software companies adopt approaches like DevOps and Site Reliability Engineering, two paradigms currently employed throughout the industry. by Kristopher Sandoval [nordicapis.com]

What Happens When Data Quality Goes Wrong And How to Fix It
Corporate decisions are always driven by data and it determines a company's long-term success. The quality of data a company can access determines their customer experiences, analytics, insights, retention, and revenue. This article looks at ways a company can improve its data quality. [programmableweb.com]

How to connect your Dapr microservices using NATS
Microsoft Azure Dapr version 0.2.0 comes with a bunch of new components added to the runtime. One such component includes pubsub capability with NATS which is a Go based open source messaging system for cloud native applications, IoT messaging, and microservices architectures. This blog will provide a step-by-step walk through of how to use it. by Abhishek Gupta [dev.to]

Useful Resources
Upcoming Web API Events
A list of upcoming Web API Events, maintained by Matthew Reinbold

Tyk Whitepaper: Approaching your API Strategy
As well as writing for the James Higginbotham is an Executive API Consultant with experience in API strategy and software architecture. James guides enterprises through their digital transformation journey to deliver a great customer experience and provides training in API and microservice design. [content.tyk.io]


Book: A Practical Approach to API Design by Casey and Higginbotham
If you read the tech press, everyone knows they need an API but most aren't really sure what it is. They treat it as another checkbox like "Web 2.0" was a few years ago or a mobile app was most recently. In fact, there’s an entire “API-first” movement in development circles that most people don’t understand or even realize why. In this book, we'll start by discussing the what an API is, why you might need one, and follow up with the how to build one. [leanpub.com]

 
Want to share something?
As always, if you want to chat, share a link, or make a suggestion, feel free to drop us a quick note or tagging us on Twitter (@launchany and @caseysoftware) or by emailing us at: james@launchany.com
 
Follow on Twitter    Forward to Friend    Subscribe
Copyright © 2019 LaunchAny, All rights reserved.
unsubscribe from this list