Net API Notes for 2021/06/23 - Issue 166
Net API Notes is a regular, hand-curated digest of impactful news and analysis for busy API practitioners. Are you reading this on the web and not subscribed yet? Sign up today and be the first to get ad-free, actionable info delivered weekly to your inbox.
This week, I'm trying something a bit different. The whole point of Net API Notes is that I spend hours every week identifying the most useful API-related pieces, so you don't have to. In that same spirit, I've included a label at the beginning of the piece that you can quickly scan and determine if it is relevant to you.
Let me know how it works for you and if you have any suggestions for making it better. Now, onto the notes!
NOTES
HOW THE NEXT LAYER OF THE INTERNET WILL BE STANDARDIZED
STRATEGY / DESIGN / DOCUMENTATION / DEVELOPMENT & TEST / DEPLOYMENT / SECURITY / MONITORING & OBSERVABILITY / DISCOVERY / CHANGE MANAGEMENT
Mark Nottingham has worked in the web standards space for some time. Therefore, when he warns that the next wave of standardization will be different from what came before, I sit up and notice.
Like many, Mark has grown concerned about the influence wielded by big tech companies like Facebook, Amazon, and Google. But the real catalyst for his writing is in regards to government intervention, which - in his words - threaten to ossify and fragment the protocols we rely on for interoperability.
"This bill requires designated platforms (likely candidates would be Google, Facebook and Amazon) to conform to interoperability standards set by new a new committee run by the FTC. If it passes, the APIs that define the next layer of the Internet will not be based upon broad community input, review, or participation.
" Instead, the FTC will hand-pick the participants at its pleasure, and will retain change control over the APIs. Even if the right mix of people gets onto the committee, its role is explicitly ‘advisory’. Documentation for those APIs is only supplied to ‘competing businesses or potential competing businesses.’ There’s no guarantee they’ll be public."
And a little bit later:
"that effectively makes the FTC a new Internet governance institution."
I think it is fair to be concerned whether the FTC has the expertise to craft, effectively, global policy free from unforeseen consequences. However, I also think the approach that got us here isn't free from criticism, either.
For example, without a law guaranteeing some form of access, academics were severely hobbled in their ability to study Facebook's role in spreading disinformation during a particularly precarious time. (Facebook has, years later, taken steps to correct this.)
The W3C or IETF have also done little in the face of increasingly invasive surveillance-based advertising. After 25-years, it was only recently that the browser makers moved to fill the vacuum (despite the troubling self-interest on display with schemes like Google's FLoC). As a result, we're to the point where 54 public interest groups and 20+ experts are calling for immediate government action on both sides of the Atlantic - something inconceivable only a few short years ago.
In my list of near-term API trends, I stated that tech would be called to account for its sins, whether real or imagined. If people perceive the existing regulatory mechanisms as being ineffectual, they will find other means, ossification and fragmentation be damned.
I'll be watching this story as it develops with great interest.
OUR COMING API MESS
STRATEGY / DESIGN / DOCUMENTATION / DEVELOPMENT & TEST / DEPLOYMENT / SECURITY / MONITORING & OBSERVABILITY / DISCOVERY / CHANGE MANAGEMENT
Hey, more good news! In his piece, "Our API Mess is Coming", author Don Macvittie shares his concern at a coming API reckoning. What prompted Don's concern was dependency maps that resemble "spaghetti code" even for medium-sized applications. Specifically, he is concerned about the lack of risk management applied to API portfolios.
"Far too many of us are not only failing to plan for API changes, but failing to even think about them."
"It means our API dependence will only grow, and the number of lines in our dependency graphs – each representing some amount of risk – will only grow."
How are you approaching monitoring and observability of your API landscape? Or, as the joke goes, did you replace your monolith with microservices so that every outage could be more like a murder mystery? Let me know. I'm sure others would be interested in hearing how companies are tackling this tricky challenge.
SPLITTING A DOMAIN ACROSS MULTIPLE BOUNDED CONTEXTS
STRATEGY / DESIGN / DOCUMENTATION / DEVELOPMENT & TEST / DEPLOYMENT / SECURITY / MONITORING & OBSERVABILITY / DISCOVERY / CHANGE MANAGEMENT
My final piece from this week is from Mathias Verraes and Rebecca Wirfs-Brock. Bounded contexts and domain-driven design remain these squishy yet potentially powerful concepts. However, in "Splitting a Domain Across Multiple Bounded Contexts", they provide a concrete, pragmatic example of how to approach these areas.
A critical point that I appreciated is how rarely anyone enters a greenfield design environment. Because of this, special care needs to be taken:
"In reality though, Bounded Contexts follow the contours of the evolution of the system"
The piece concludes with two very important heuristics when creating boundaries:
- Bounded Contexts shouldn’t serve the designer's sensibilities and need for perfection but enable business opportunities.
- The Rate of Change Heuristic: Consider organizing Bounded Contexts to manage related concepts that change at the same pace.
That's some fantastic advice to end the notes on.
MILESTONES
- RapidAPI has joined the OpenAPI Initiative
- Facebook awarded a $30,000 bounty for the discovery of a BOLA (Broken Object Level Authorization) API vulnerability in Instagram's GraphQL API.
WRAPPING UP
Got a live, in-person meetup or conference coming up? Believe it or not, those are beginning to happen again in some parts of the world. Check out NetAPI.events! If something is missing, let me know, and I'd be glad to add it.
Finally, thank you to my Patreons. Your help ensures that this newsletter is free of advertising, information selling, or paywalls. Because of your support, we all win!
Till next time, Matthew
@libel_vox and matthewreinbold.com
While I work at Postman, a wholesome place that recognizes and celebrates Juneteenth, the opinions presented above are mine.