Copy
The week in API strategy, news, articles, and upcoming events.
James Higginbotham, Curator  A hand-curated weekly newsletter for API developers, sponsored by LaunchAny and CaseySoftware

Find this via Twitter? Subscribe now so you don't miss out
 
 

API Developer Weekly

July 15, 2021 - Issue #366
This week, we have an article on how eBay is using the AsyncAPI specification for their event-driven APIs, a spotlight on the recent Coursera API security breach, and a data-driven investigation into whether GraphQL has reached the top of the hype cycle and starting to decline. Finally, API Handyman discusses designer experience, a complement to the often talked about developer experience. 

Happy Reading!
-- James

 
Hot Topics
AsyncAPI 2.0: Enabling the Event-Driven World
Though RESTful APIs remain the mainstay of the programmable world, there is rapid adoption of reactive event-driven architecture and a distinct shift from the traditional polling-based legacy integrations. The considerations of an event-based approach are not just limited to the obvious candidates, such as designing a system that reacts to changes in real time, but also include things like increasing adoption in resilient, highly decoupled microservices architectures. [tech.ebayinc.com]

Coursera Flunks API Security Test in Researchers' Exam
The problem APIs included numero uno on the OWASP API Security Top 10: a Broken Object Level Authorization (BOLA) issue that could have exposed personal data. [threatpost.com]

Where in the HypeCycle is GraphQL in 2021?
Is the GraphQL hype over? Was it just a trend? If you're a regular on reddit/r/graphql you might have noticed the discussion about GraphQL and Google Trends recently. If you look at a single graph from Google Trends, you might be thinking that GraphQL is indeed through the hype cycle and interest is declining. [wundergraph.com]

Coursera API Vulnerability Could Affect Learners' Experience
Popular online learning platform Coursera addressed a serious API vulnerability affecting potential students. Exploiting this bug could allow an attacker to manipulate how users view and access the content by abusing users' preferences. Researchers from Checkmarx Security Research Team discovered a serious vulnerability affecting Coursera API. by Abeerah Hashim [latesthackingnews.com]

API security testing: Key tool trends-and pro tips to stay a step ahead
With API use proliferating rapidly within enterprise IT environments, concerns over API security have been growing as well. The trend is driving interest in-and an emerging market for-extending application security testing tool sets to include tools for automated API security testing. [techbeacon.com]

Cobalt Launches New Penetration Testing API
Cobalt, the Pentest as a Service company, today announced the launch of its public API. The Cobalt API allows customers to integrate their pentest data into other tools within their technology stack, enabling streamlined workflows and holistic analysis of their security program. [programmableweb.com]

HTTP API Lean Workflow: from contract to documentation
How do we rely on open source software to achieve collaborative API design and produce our documentation? A contract-first approach enables high collaboration and removes overhead. Versioning contracts with the code since they share the same lifecycle. Stoplight.io DX is a powerful API IDE for OpenAPI. [dev.to]

API Designer Experience, the other DX
Nobody expects the API inquisition! Literally. When creating public or private APIs, an organization must work hard on creating the best possible developer experience or DX. That requires to ensure that API designers "do their job well": creating APIs that fulfill actual needs and are easy to understand and use. by Arnaud Lauret [apihandyman.io]
 
The Business of APIs
Book pre-order now available
Hi All, Firstly we are sorry for the lack of content recently. Turns out writing a book is hard work, who knew! Anyway, we are delighted that the book pre-order link has now gone live on the Apress website, and we can share the final cover design for the first time. by Developer Relations - The Book [devrelbook.substack.com]


API Storytelling with Matt Trask
This is a gathering of API storytellers, exploring what is going on around us each day, using API technology to make sense of who we are. In this episode we ... [youtube.com]


8 APIs to Automate Video Encoding, Processing, and Streaming | Nordic APIs |
Video APIs provide access to the server infrastructure required to process and deliver video content and video streams. These APIs allow applications to integrate video without the hassle of uploading, encoding, hosting, and delivering content. There are three main types of video APIs: streaming APIs, analytics APIs, and client-side video player APIs. [nordicapis.com]


Choreo, WSO2's New iPaaS Built on Top of Ballerina - The New Stack
Prior to the emergence of cloud computing, enterprise integration projects were either internal, serviced through an on-premises middleware platform, or external business to business (B2B) projects generally serviced through Electronic Data Interchange gateways. Increasingly though, many enterprises need to integrate data from a wider variety of sources, including IoT devices and mobile apps, causing a... by Charles Humble, Ram Iyengar, Rajiv Kapoor [thenewstack.io]

Announcing Portman - Better API testing
We're super excited to announce the beta release of Portman. The Portman CLI takes care of the OpenAPI Spec to Postman conversion while injecting contract & variation tests with a minimum of configuration. It includes options to customize Postman requests & variables with a wide range of settings to assign & overwrite variables. [blog.apideck.com]

(Un)Related
Svetlitski/fcp
fcp is a significantly faster alternative to the classic Unix command. fcp aims to handle the most common use-cases for cp with much higher performance. fcp does not aim to completely replace cp with its myriad options. Note: fcp is optimized for systems with an SSD. by Svetlitski [github.com]

Useful Resources
 
A list of upcoming Net API Events, maintained by Matthew Reinbold

API Security Events
A list of upcoming API security events from apisecurity.io

Tyk Whitepaper: Approaching your API Strategy
As well as writing for the James Higginbotham is an Executive API Consultant with experience in API strategy and software architecture. James guides enterprises through their digital transformation journey to deliver a great customer experience and provides training in API and microservice design. [content.tyk.io]


Book: A Practical Approach to API Design by Casey and Higginbotham
If you read the tech press, everyone knows they need an API but most aren't really sure what it is. They treat it as another checkbox like "Web 2.0" was a few years ago or a mobile app was most recently. In fact, there’s an entire “API-first” movement in development circles that most people don’t understand or even realize why. In this book, we'll start by discussing the what an API is, why you might need one, and follow up with the how to build one. [leanpub.com]

 
Want to share something?
As always, if you want to chat, share a link, or make a suggestion, feel free to drop us a quick note or tagging us on Twitter (@launchany and @caseysoftware) or by emailing us at: james@launchany.com
 
UPCOMING EVENTS
Follow on Twitter    Forward to Friend    Subscribe
Copyright © 2021 LaunchAny, All rights reserved.
unsubscribe from this list