Net API Notes for 2021/03/11 - Issue 155

Hello everyone! We are being treated to absolutely glorious spring weather in the Northern Virginia area after a truly miserable winter. However, before I run out for a walk, let's get to the latest batch of notes!



At the beginning of this month, Stefan Tilkov put on his grumpy pants and published DDD is Overrated. Given that finding useful boundaries is a chief concern for system architects, particularly those building microservices, DDD is familiar to many API folk; in other words, that's kind of a big deal. So why does Stefan think it is overrated?

"if all you’re doing is applying the by-the-book definition of existing DDD terms, and trying to shoe-horn any problem into this existing structure, yours is a very sad designer’s life."

That makes sense if a bit arch. Anytime you apply the wrong tool to a situation, the results will be subpar. Alberto Brandolini, the creator of the Event Storming method, challenged Stefan over Twitter on a few of his points. Alberto is quick to point out that domain-driven design is not nearly as prescriptive as it used to be (which was news to me).

Like is so often the case, the "hot take" is less valuable than the civil, principled disagreement that it generates.


Corey Butler recently proposed an intriguing idea: static APIs. As the name implies, a static API returns pre-generated assets: JSON, XML, etc. Because these assets are static, they then could be safely hosted by a content delivery network (or CDN).

Corey parallels the benefits of static APIs with the benefits of static websites. These include:

  • Reduced cloud computing costs
  • Simplified data architecture and management
  • Faster and more resilient scaling

But what about writes? Is an API useful if it is read-only? Having attended meetups in the Washington, DC area for several years, the answer is an emphatic yes. Standardized, machine-accessible data is heads-and-tails better than what so many public datasets have had in the past. Even now, in 2021, so many useful insights remain behind manual, one-off request processes.

That said, the underlying data will require changing. In his piece, Corey explains how this process works in his architecture. It reminds me of the CQRS architectural pattern (although Corey doesn't allude to that).


Non-fungible tokens (NFTs) have been all the rage in the tech press recently. (All those bitcoin millionaires have to have some outlet for their newly minted wealth, even if it a slightly less embarrassing version of cryptokitties 2.0.) But let's talk about tokens that are actually useful: JSON Web Tokens or JWTs.

Curity has created a fantastic JWT primer. JWTs are used as access tokens, ID tokens in OAuth, and OpenID Connect flows. However, there's no reason tokens have to be limited to those common occurrences. Anytime a JSON message needs to be exchanged between two parties in a compact, URL-safe way, a JWT might be a viable option.

Whether you're just starting out using JWTs or are an old hand, give the article a look.


"You have to be really consciously careful about API design. APIs are forever. Once you put the API out there, maybe you can version it, but you can't take it away from your customers once you've built it like this. Being conservative and minimalistic in your API design helps you build fundamental tools on which you may be able to add more functionality, or which partners can build layers on top of, or where you can start putting different building blocks together. That was the idea from the beginning: to be so minimalistic that we could allow our customers to drive what's going to happen next instead of us sitting in the back room thinking, 'This is what the world should look like.'"


A week ago, I sat down with the fine people from Toro Cloud to talk API Governance, digital transformation, and the cultural bits in-between. Having listened to the final result, I'm proud of how it turned out. You can listen to it online or search for the 'Coding over Cocktails' podcast in your catcher of choice.

Also, as a reminder, I'm looking to do another mailbag in a future edition of the notes, much like last year. If you have questions on the API industry, API design principles, or API governance, let me know.

Also, API events are still happening! You can find the list at

Finally, thank you for your attention and to the Patreons who enable this newsletter to remain ad-free! That means a lot to me. And, based on the subscription numbers, others too!

Till next time,

Matthew @libel_vox and

Subscribe to Net API Notes

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.