Net API Notes for 2020/06/11 - Issue 133

You're busy, I'm busy, and we're all distracted. To the notes!



The French government published the source code for its Stop Covid contact tracing app. Efforts like these will be crucial to responsibly managing outbreaks until a vaccine is found. However, as the API Handyman and author of The Design of Web APIs, Arnaud Lauret, points out, the API design leaves much to be desired.

The OpenAPI description is also available for perusal. Arnaud, correctly, points out a few design no-nos right off the bat (I took these screenshots from his tweet on the topic.

First off, returning a "200" (or "success") response code that still requires a client to introspect the response. The server may return a '200', but the contents of that response indicate a failure.

Nope, nope, nope.

Similarly, it appears the API expects all operations, including resource deletion, are pumped through an overloaded HTTP POST. Yes, you can make this work. However, this takes the natural affordances that a developer might expect from a more straightforward resource design and chucks it out the window. A consumer is entirely dependent on what documentation exists to learn the way the producer designed this particular snowflake.

HTTP status codes and methods aren't meant to be tunneled through. Good API design builds on top of this firm foundation. Unfortunately, a well-designed API is not what happened here.


API product management is not a straightforward proposition. As I detailed before, treating APIs as a product entails a host of unique angles to consider. Derric Gilling, writing on DZone, details '10 API Product Manager Interview Questions'. These questions help identify those product manager candidates that "get" the difference, and those that can only spell API.


Erik Wilde has continued to add to his body of API Strategy work. He recently released his slides entitled "A Structured Guide to API Strategy". The accompanying video is available to be watched on the Axway site.

Some concepts, like the Bezos' mandate, will be old hat to readers of this newsletter. However, the comparison of effective API design as directly impacting organizational transaction costs is notable.



The whistle has blown, the time is up, and the sweet 16 round ended with some incredible upsets! Microservices, the number 1 seed coming into the tournament as determined by the volume of social media hand-wringing, was defeated by the 17th seeded API Management. Webhooks denied GraphQL from advancing! Also, the 30th seeded IOT beat the 14th seeded GRPC.

The big bracket of API Impact rolls onto the Elite 8 round. What will this week have in store? What will folks, like you, determine to be the most impactful API tool, technique, or trend? And is the entire edifice in danger of being undermined by API Security sweeping in at the last minute? Vote now on Twitter.

Also, remains a place to find events, online and off, with your fellow API practitioners. If you know of an upcoming API-related community gathering that isn't listed, I want to know! I'd be glad to document it.

Lastly, thank you to the Patreons who support this newsletter.

Till next time,

Matthew @libel_vox and

Subscribe to Net API Notes

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.