|
|
|
|
API Developer Weekly
March 14, 2019 - Issue #253 |
|
|
This week, we have an article on processes, tools, and design techniques for APIs, another app data leak via an API, F5 acquiring nginx, and how API gateways may be going through an identity crisis. -- James
Hot Topics
How Smart API Design Promotes Sustainable App Development
With the tech industry evolving rapidly, reducing development time has become absolutely crucial. For established software companies and independent developers alike, success requires fleet-of-foot decision making. Luckily, API design best practices have come to the rescue. Putting these practices to work ensures greater security, efficiency, and scalability for your apps. by Tyler Charboneau [nordicapis.com]
Stop Wasting Connections, Use HTTP Keep-Alive
With the proliferation of third-party APIs and microservice architectures, modern web servers can make as many outgoing HTTP requests as the number of incoming HTTP requests they serve. A typical web application can interact with third-party APIs to handle payment processing, send email, track analytics, dispatch text messages, verify mailing addresses, or even deliver physical mail. by Marcus Gartner [lob.com]
Unsecured API Leads to 'Yelp for Conservatives' App Data Leak
French security researcher Robert Baptiste found the API of the 63Red Safe mobile application known as "Yelp for conservatives" wide open, with no authentication needed to access and view the data stored within the app's database. by Sergiu Gatlan [bleepingcomputer.com]
Fighting Fire with Fire: API Automation Risks
A look at API attack trends such as the current (and failing) architectural designs for addressing security of these API transactions. Akamai research shows that 83 percent of all traffic on the web today are API calls (JSON / XML). [threatpost.com]
API Gateways Are Going Through an Identity Crisis
API Gateways are going through a bit of an identity crisis these days. Are they centralized, shared resources that facilitate the exposure and governance of APIs to external entities? Are they cluster ingress sentries that tightly control what user traffic comes into the cluster or leaves it? [blog.christianposta.com]
Building RESTful APIs (Authentication & Error Handling)
Subscribe to Mobycast iTunes | Google Play | Soundcloud | Stitcher | Spotify Show Notes Jon Christensen and Chris Hickman of Kelsus and Rich Staats of Secret Stache continue their conversation on building RESTful APIs, specifically focusing on authentication and error handling. REST stands for Representational State of Transfer. by Mobycast [hackernoon.com]
Simple API Calls with Python
I am in the process of wrapping my head around the "concept" of API. For Day 1 of my API studying, I learned about venv, SQLite, Flask, and how to make basic API GET requests with a help of a Twitter friend. I am using a Mac with Terminal for this exercise. by Hiro Nishimura [dev.to]
Real-time Collaborative Drawing with GraphQL & AWS AppSync
To see the code for this & to launch this project, click here to go to the GitHub repo. I am putting together a couple of demos for my upcoming talks at React Day Norway & React India. For these talks I'm demoing interesting use cases of GraphQL & GraphQL subscriptions. by Nader Dabit [dev.to]
Net API Notes for 2019/03/07 - The 'Post-API' Era of Academic Research
Surprising to no one that reads this newsletter, we live in a world influenced by algorithms. Access to those algorithms, however, is changing. Knowledgeable professionals, in an open source world, could inspect the programmatic work and assess impact. But, as the Stephen O'Grady note from last week mentioned, Software-as-a-Service has obscured the source code behind a cloud. [tinyletter.com]
The Business of APIs
F5 acquires NGINX for $670M to move into open-source, multi-cloud services
Multi-cloud architecture is a huge trend in enterprise, and today F5 made a big move to bring its own business closer to it. The company, which provides cloud and security application services, announced that it has acquired NGINX, the commercial company behind the popular open-source web server, f... [techcrunch.com]
Google Cloud poaches Oracle executive Amit Zavery to lead Apigee team
Google Cloud this week poached longtime Oracle Corp. executive Amit Zavery, who will lead Google's cloud applications business, Reuters reports. Zavery is Google Cloud's highest-profile hire to date under CEO Thomas Kurian, a former Oracle president who appears to be assembling his former team at his new job. by Luke Stangel [bizjournals.com]
Neo4j Joins GraphQL Foundation as a Founding Member
Learn more about the GraphQL Foundation and Neo4j's involvement in supporting the evolution of creating a standard for building APIs. [neo4j.com]
The platform play: How to operate like a tech company
"The question is not how fast tech companies will become car companies, but how fast we will become a tech company." This is how the board member of a global car company recently articulated the central issue facing most incumbents today: how to operate and innovate like a tech company. [mckinsey.com]
(Un)Related Topics
The Five Stages of Becoming a Software Engineering Manager
There are generally two career paths for a software engineer: advanced technical positions or management. Some engineers make a conscious decision to move into management, while others stumble into that role. Either way, adapting to this new role can be a process because there is often little or no training and no requirements document to follow. by Laura Engstrand [engineering.pandora.com]
How did we get to service meshes?
If you've been to a conference over the last few years, you've probably come across microservices. A microservice architecture consists of many highly decoupled services that are independently deployable and organized around business capabilities. This isn't a new idea, SOA had similar ideas in the 90's but the technology around it was clunky (it seemed to involve an awful lot of XML - never a good start!). by Jeff Foster [medium.com]
Next-level Kubernetes native Java framework - Quarkus brings Java on a subatomic level!
At the age of Kubernetes, microservices, serverless, and cloud-native application development that can deliver higher levels of productivity and efficiency, than the standard monolithic applications build on Java, those rapidly evolving trends call to rethink how Java can be best utilized to address these new deployment environments and application architectures. [jaxenter.com]
Memory footprint of the JVM
The JVM can be a complex beast. Thankfully, much of that complexity is under the hood, and we as application developers and deployers often don't have to worry about it too much. With the rise of container-based deployment strategies, one area of complexity that needs some attention is the JVM's memory footprint. by Andy Wilkinson [spring.io]
Practical Approaches to Cloud Native Security
Security considerations for containers, Kubernetes and microservices. Presented at RSA 2019 [slideshare.net]
The 12 Most Critical Risks for Serverless Applications
By Sean Heide, CSA Research Analyst and Ory Segal, Israel Chapter Board Member When building the idea and thought process around implementing a serverless structure for your company, there are a few key risks one must take into account to ensure the architecture is gathering proper controls when speaking to security measures and how to adopt a program that can assist in maintaining the longevity of applications. [blog.cloudsecurityalliance.org]
Moving from NodeJS to Rust in 2019
For a more nuanced introduction and in-depth introduction to web programming in Rut, read part 1 of X in my series. If you followed me for the last few weeks or months on twitter, you saw that I take Rust pretty seriously lately. by Bastian Gruber [blog.usejournal.com]
Useful Resources
Tyk Whitepaper: Approaching your API Strategy
As well as writing for the James Higginbotham is an Executive API Consultant with experience in API strategy and software architecture. James guides enterprises through their digital transformation journey to deliver a great customer experience and provides training in API and microservice design. [content.tyk.io]
Upcoming Web API Events
A list of upcoming Web API Events, maintained by Matthew Reinbold
Book: Irresistible APIs by Kirsten L. Hunter
Irresistible APIs provides step-by-step guidance for designing APIs that reflect an application's core business value, delight the developers who use them, and will stand the test of time. In it, business product managers and developers learn how to treat an API as a first-class product.
Book: The Design of Everyday APIs by Arnaud Lauret
Web APIs are everywhere, giving developers an efficient way to interact with applications, services, and data. Well-designed APIs are a joy to use; poorly-designed APIs are cumbersome, confusing, and frustrating. The Design of Everyday APIs is a practical, example packed guide to crafting extraordinary web APIs. Author Arnaud Lauret demonstrates fantastic design principles and techniques you can apply to both public and private web APIs. [manning.com]
Book: A Practical Approach to API Design by Casey and Higginbotham
If you read the tech press, everyone knows they need an API but most aren't really sure what it is. They treat it as another checkbox like "Web 2.0" was a few years ago or a mobile app was most recently. In fact, there’s an entire “API-first” movement in development circles that most people don’t understand or even realize why. In this book, we'll start by discussing the what an API is, why you might need one, and follow up with the how to build one. [leanpub.com]
Want to share something?
|
|
|
|
|
|
|
