Net API Notes for 2020/06/11 - Issue 133
You're busy, I'm busy, and we're all distracted. To the notes!
NOTES
THE FRENCH 'STOP COVID' APP AND LACKLUSTER API DESIGN
The French government published the source code for its Stop Covid contact tracing app. Efforts like these will be crucial to responsibly managing outbreaks until a vaccine is found. However, as the API Handyman and author of The Design of Web APIs, Arnaud Lauret, points out, the API design leaves much to be desired.
The OpenAPI description is also available for perusal. Arnaud, correctly, points out a few design no-nos right off the bat (I took these screenshots from his tweet on the topic.
First off, returning a "200" (or "success") response code that still requires a client to introspect the response. The server may return a '200', but the contents of that response indicate a failure.
Nope, nope, nope.
Similarly, it appears the API expects all operations, including resource deletion, are pumped through an overloaded HTTP POST. Yes, you can make this work. However, this takes the natural affordances that a developer might expect from a more straightforward resource design and chucks it out the window. A consumer is entirely dependent on what documentation exists to learn the way the producer designed this particular snowflake.
HTTP status codes and methods aren't meant to be tunneled through. Good API design builds on top of this firm foundation. Unfortunately, a well-designed API is not what happened here.
API PRODUCT MANAGER INTERVIEW QUESTIONS
API product management is not a straightforward proposition. As I detailed before, treating APIs as a product entails a host of unique angles to consider. Derric Gilling, writing on DZone, details '10 API Product Manager Interview Questions'. These questions help identify those product manager candidates that "get" the difference, and those that can only spell API.
API STRATEGY
Erik Wilde has continued to add to his body of API Strategy work. He recently released his slides entitled "A Structured Guide to API Strategy". The accompanying video is available to be watched on the Axway site.
Some concepts, like the Bezos' mandate, will be old hat to readers of this newsletter. However, the comparison of effective API design as directly impacting organizational transaction costs is notable.
MILESTONES
- Instagram just threw a legal wrench at embedding API users, foisting licensing responsibility to them. Said another way, embedding an image will require the API user to get an individual's permission each time before an Instagram photo can be, legally, presented. As the article states, "The announcement could come as an unwelcome surprise to users who believed that embedding images, rather than hosting them directly, provides insulation against copyright claims."
- The OpenAPI 3.1 Specification is available to review.
- Pronovix has launched the API Resilience podcast. You can find it on Spotify, or wherever your podcatchers happen to fetch content.
- Monzo, who made multiple social media waves over their microservice strategy (something I covered here and here), is laying off up to 120 employees. That is unfortunate, even in the best of times. It will be interesting, given the changes, if their past microservice architectural decisions play out as described by Grady Booch last November.
- It has been a big week for facial recognition tech. First, IBM announced it would no longer offer, develop, or research facial recognition technology. Quickly after, Amazon announces a one-year pause on police use of facial recognition tech. On Twitter, an interesting thread from Jeff Dean, SVP at Google AI, discusses why they decided not to offer a facial recognition API.
WRAPPING UP
The whistle has blown, the time is up, and the sweet 16 round ended with some incredible upsets! Microservices, the number 1 seed coming into the tournament as determined by the volume of social media hand-wringing, was defeated by the 17th seeded API Management. Webhooks denied GraphQL from advancing! Also, the 30th seeded IOT beat the 14th seeded GRPC.
The big bracket of API Impact rolls onto the Elite 8 round. What will this week have in store? What will folks, like you, determine to be the most impactful API tool, technique, or trend? And is the entire edifice in danger of being undermined by API Security sweeping in at the last minute? Vote now on Twitter.
Also, NetAPI.events remains a place to find events, online and off, with your fellow API practitioners. If you know of an upcoming API-related community gathering that isn't listed, I want to know! I'd be glad to document it.
Lastly, thank you to the Patreons who support this newsletter.
Till next time,
Matthew @libel_vox and matthewreinbold.com