Net API Notes for 2019/03/28
Spring has sprung! So, too, has the latest crop of great, API-related content. Onto the notes!
NOTES
THOUSANDS OF API KEYS LEAKED DAILY ON GITHUB
Hey, did you know that James Higginbotham also had an email newsletter? In the latest edition, he had a great piece from Danny Bradbury entitled "Thousands of API and cryptographic keys leaking on GitHub every day."
Yeee-ouch
If you are using a public repository, like Github, for your development work, please take a moment to ensure that you are handling sensitive information correctly. Similar to the downright depressing results of a survey of freelancers and their handling of passwords, it feels like we should be beyond this; that the handling of this kind of information should be embossed on the back of people's right hand before they're allowed to start typing away. Github could also be doing more to proactively warn (shame?) when they see these dangerous practices. However, until we can, collectively, show that we can successfully deal with the basics, we can't move onto more important things.
THE DIFFERENCE BETWEEN SOA AND MICROSERVICES
Matt McClarty, writing on the Q&A site Quora, had an excellent and nuanced description of the difference between SOA and Microservices (and, no, it isn't about size). There was a surprising amount of additional nuance to his response that I appreciated.
SOUP TO NUTS: API DESIGN, MOCK, TEST (AND MORE)
I've said before that I'm a sucker for a well-designed walkthrough. Moreover, despite the fact I try to highlight current work, this post by Laurent Broudoux from last year was impressive enough that I thought it warranted being brought back and praised.
Yes, there are many places that handwave through theory. However, this multi-part series even goes so far as to describe possible tools for each step in the lifecycle process. The amount of time put into creating a great resource stands out. Has it aged well? Well, a year later it had me pumping my fist, so there's that.
MILESTONES
- Kong, an API Gateway (among other things), has raised $43 million in a series C offering.
- API Management company Axway has acquired event-driven API champions StreamData.io.
- Stoplight.io has announced its latest open source project, Spectral. As it says on the tin, it is an open source, flexible JSON linter for OpenAPI v2 and v3.
- Twitter will begin auditing any apps that call recent tweets or mentions a user more than 100,000 a day through its APIs. This is only the latest in a line of policy updates and corrections that Twitter has made over the past year.
WRAPPING UP
Will you be in the metro DC area on Tuesday, April 2nd? If so, swing on by the DC API User Group that evening. There will be free food, drink, good conversation, and I'll be presenting 'How to Get Started with API Governance'. I hope to make the slides, with a write-up, available sometime in the future. However, the quickest way to get the content is to attend in person.
Speaking of in-person, check out the meticulously curated and 100% artisanal Webapi.events. It is a list of great experiences for you to go out and mingle with other fine people in this growing community.
As always, thanks to my Patreon sponsors. Their support of this newsletter, WebAPI.events, and more is much appreciated and keeps the caffeine flowing unimpeded during those late nights and early mornings.
Till next time, Matthew