Net API Notes for 2019/05/30

Tons of items to cover this week. No time for pastoral pontificating. Onto the Notes!




I've long been intrigued by Algorithmia's marketplace. The attempt to take the variety of common machine learning functionality (sentiment analysis, facial recognition, etc) and expose it via a standard API interface. Think like an IFTTT or Zapier but specifically for AI.

In his talk "Serverless Functions and Machine Learning: Putting the AI in APIs", Jon Peck starts by describing what is possible with the platform. However, he quickly transitions to the challenge that serverless represented to their business. On the surface, there was potentially huge cost savings. On the downside, however, serverless didn't fit the need for new models needing to be run.

Ultimately, Jon suggests training models elsewhere and then porting to Algorithmia in his Austin API Summit . This is a great case study for those weighing the cloud implementation details behind their APIs.


When you're on a development team, the totality of your technical worldview may be limited to only the API, framework, or language that you're currently working in. James Higginbotham, a frequent contributor to my team at Capital One, shares a higher level overview in his Austin talk "Microservices and the Serverless; The Shape of Things to Come.

To me, the most valuable takeaways are towards the end. There, James describes how mid-and-senior leadership need to prepare for tomorrow's API platform. If you have more than a handful of items, this talk is worth checking out.


An interesting concept that comes out of the WWW conference is the Web Authentication (WebAuthn) API. Written by the W3C and FIDO, with the participation of Google, Mozilla, Microsoft, Yubico, among others. It attempts to replace passwords (and the associated security problems) with public key cryptography.

"The public key is not secret, because it is effectively useless without the corresponding private key. The fact that the server receives no secret has far-reaching implications for the security of users and organizations. Databases are no longer as attractive to hackers, because the public keys aren’t useful to them."

I am keen to kick the tires on the API on my next hobby project. Has anybody used the API? Let me know what your experience has been.


Also at the WWW conference, Erik Wilde and Mike Amundsen shared their work around Web Concepts. At the time of this writing, the collection of header fields, warning codes, cache directives, and more for 33 'concepts' are listed.

This is a great source for folks looking for recommendations on how to do everyday things with HTTP like OAuth response types, caching, link relations, and more. Trying to keep up on every RFC is an exhausting amount of work. The Web Concepts site leverages the work done by others around common HTTP patterns.


May conferences weren't the only source of noteworthy API news. Phil Sturgeon continues to impress in ways that have nothing to do with his ongoing cross-European cycling trip.

The Richardson Maturity Model has long been a challenging piece of guidance. Leonard Richardson created RMM after analyzing hundreds of net APIs and assessing their hypermedia readiness. It became a handy model for short-cutting the path to comprehension, peaking with Martin Fowler's re-articulation (this 2010 piece is where we get the 'Swamp of POX' phrase).

Since then, Leonard has expressed regret at what the model has become. Others, like Nicole Forsgren, PhD, co-Author of Accelerate, have argued that any maturity model is fraught with problems:

"Maturity models are like this. They dictate what we do, step by step. Our teams rely on them. It’s good! Comfortable! But if we keep relying on them, we stop thinking, learning, growing. We stop learning how to diagnose our own problems. We rely on that crutch. We atrophy."

So is the Richardson Maturity Model bunk? A relic of a more innocent time when good Harry Potter films were still in theaters and verbs regarding Nazis were all past tense? Not so, says European vagabond and noted eclair destroyer, Phil Sturgeon. In his piece, "REST and hypermedia in 2019" Phil revisits the Richardson Maturity Model. What holds up, what needs clarification, and what is problematic? Finally, there's an infographic that is a certified update to the Fowler image that you've seen in many decks.



I continue to add events to Meeting with others, face to face, remains the best way to build community, discover new opportunities, and learn new ways of problem-solving. Do you know of a local get together that isn't mentioned? Shoot me an email; I'd be happy to add to it.

Finally, thank you to my Patreon sponsors for their ongoing support.

Till next time,

Matthew @libel_vox and

Subscribe to Net API Notes

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.