The week in API strategy, news, articles, and upcoming events.
James Higginbotham, Curator  A hand-curated weekly newsletter for API developers, sponsored by LaunchAny and CaseySoftware

Find this via Twitter? Subscribe now so you don't miss out
 
 

API Developer Weekly

Aug 4, 2022 - Issue #417
This week, we have an interview on the Cloudcast podcast titled, "The DevRel Dilemma". DevRel has been a hot topic of late and this episode dives deep into the topic. We also have a look at the experience economy and how API design could be a competitive advantage. Plus, a look at the new HTTP QUERY method and how/when to use "oneOf" in your OpenAPI Specification documents. 

Happy Reading!
-- James
 
Hot Topics
The DevRel Dilemma
For inquiries about sponsoring the podcast, please send us an email. Include details about the company requesting the sponsorship. The Cloudcast is the industry's leading, independent Cloud Computing podcast. Since 2011, co-hosts Aaron Delp & Brian Gracely have interviewed technology and business leaders that are shaping the future of computing. by Brian Gracely [thecloudcast.net]

The experience economy, the ecosystem mandate, and why API design may be the key to competitive advantage
How do you compete in a world where the experience is everything, and no organization stands alone? In the not-so-distant past, enterprise executives had the "luxury" of just worrying about producing and delivering a great product. In today's experience economy, it's not so simple. by Author: Charles.Araujo [cio.com]

Your Guide to the New HTTP QUERY Method
When querying complex systems, query strings can get quite lengthy at times. They may even be too large for some systems to process. Traditionally, some developers have gotten around this limitation by sending assets using POST. This can negatively impact performance, though, as the call may end up in the cache. by J Simpson [nordicapis.com]

How DevOps Teams Can Defend Against API Attacks
By: Pratik Roychowdhury on Remember when ransomware was the main security threat that DevOps teams needed to worry about? Those days are over. Ransomware attacks are certainly still happening , but API security breaches-which increased by a whopping in 2021-are now poised to become the top attack vector for threat actors, according to Gartner . by Pratik Roychowdhury, Gilad David Maayan, Don Macvittie, Aran Khanna, Bill Doerrfeld, Ganesh Datta, Claus Jepsen, Umair Khan, Mike Vizard [devops.com]

GraphQL Subscriptions with Server Sent Events - Episode #52
GraphQL Subscriptions lay the foundations to subscribe to data changes. Subscriptions are great for knowing what, and why data changed. If you're working with real-time data such as a chat application or notification then GraphQL Subscriptions will get you quite far. GraphQL Subscriptions are often used via WebSockets, but we'll leave that for another lesson. [graphql.wtf]

Why You Need "oneOf" in Your API Specifications
Working with APIs, I come across a lot of interesting feature requests. Among those, oneOf was something that a lot of the developers want, but scarce information is found on the topic. This blog will take you through my journey of how I acquainted myself with the role of "oneOf" in OpenAPI specifications. by Raaiha H Kabir [apimatic.io]

Docs as Code - An Approach to Improve the API Documentation Process
'Docs as code' refers to the practice of writing documentation using the same tools and processes that developers use to write code. This means that documentation is : Authored using text files such as Markdown or LaTeX Version controlled using Git Updated by creating pull requests Published using CI/CD workflows How can this approach lead to better documentation? by Sohaib Tariq [apimatic.io]

A Brief History of HTTP: How HTTP Evolved
HTTP has evolved since the Web was created in 1989. The first RFC document published by the Internet Engineering Task Force (IETF) was published in 1996. Fol... [youtube.com]

Rate Limit field names and combination · Issue #65 · ietf-wg-httpapi/ratelimit-headers
Interested in the future of rate limit header standardization? Look no further. by ietf-wg-httpapi [github.com]

Right Ways of Rate Limiting - The Auth API - API Key Management and Authz Control
Sometimes, too much of a good thing can be a bad thing. In 2020, the world quickly had to adapt to new restrictions. Seeing friends and family may be good, but too much of it could be dangerous. Going to work may be good, but being in the office could be hazardous. by aden.forshaw [theauthapi.com]

Linkset: Media Types and a Link Relation Type for Link Sets
This specification defines two formats and associated media types for representing sets of links as standalone documents. One format is based on JSON, and the other is aligned with the format for representing links in the HTTP "Link" header field. This specification also introduces a link relation type to support the discovery of sets of links. by Erik Wilde [rfc-editor.org]

Authenticating legacy apps with a reverse proxy
This blog was written by an independent guest blogger. When we think of "authentication" for our applications, most of us think of user registration, a login form, and resetting passwords. Our concerns begin and end there. [cybersecurity.att.com]
 
The Business of APIs
Avoiding the top 5 mistakes in a public API program
In a shift that seems to be accelerating for scaled enterprises, developer portals and public API programs are becoming more commonplace these days. In our day-to-day work with customers around the globe, public API programs, and developer portals are rapidly becoming the norm rather than the exception. While this shift in posture is becoming more frequent, we still see a few common pitfalls that not every organization understands. 
[blogs.mulesoft.com]

11 Essential Laws of Product Development
Creating a new product is extremely hard. There are dozens of barriers and pitfalls along the way. Success requires fanatical execution and a bit of luck. But while there are hundreds of ways a product can fail that are completely outside your control, the product is not one of them. [hackernoon.com]

Empathy for the API Developer
By: Colin Domoney on Security teams have always been perceived as an impediment to delivery by software teams who feel that security imposes arbitrary and unreasonable policies and use poorly-integrated tools that are beset with high false-positive rates. With the advent of DevOps, security has been seen as an increasing obstacle to rapid deployment cycles. by Colin Domoney, Gilad David Maayan, Don Macvittie, Aran Khanna, Bill Doerrfeld, Ganesh Datta, Claus Jepsen, Umair Khan, Mike Vizard [devops.com]

Software architecture could determine the winners as businesses digitize
Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here. Businesses worldwide are expected to spend well over $1 trillion this year on digital transformation, and more than twice that amount by 2025. by Steve Rodda, Stoplight [venturebeat.com]
 
(Un)Related
How to Create an API Using gRPC and Node.js
gRPC is a modern open-source RPC framework that can run in any environment. It is used by many large companies, including Google, to power some of their most popular services. gRPC is also an excellent fit for Node.js applications due to its high performance and small footprint. by Vyom Srivastava [nordicapis.com]

Build APIs in Laravel With the Restify Package
Laravel Restify is a package to make a powerful JSON:API-compatible Rest API with Laravel. After installing the package and following the setup guide, you can get started quickly using the repository CLI: The repository is the core of this package. by Paul Redmond [laravel-news.com]
Want to share something?
As always, if you want to chat, share a link, or make a suggestion, feel free to drop us a quick note or tagging us on Twitter (@launchany and @caseysoftware) or by emailing us at: james@launchany.com
 
UPCOMING EVENTS
Follow on Twitter    Forward to Friend    Subscribe
Copyright © 2022 LaunchAny, All rights reserved.
unsubscribe from this list