Net API Notes for 2021/08/11 - Issue 171
Net API Notes is a regular, hand-curated digest of impactful news and analysis for busy API practitioners. Are you reading this on the web and not subscribed yet? Sign up today and be the first to get ad-free, actionable info delivered weekly to your inbox.
August is well underway. I know for many of us, myself included, the fall isn't as unencumbered as we might have hoped. Decisions about returning to school and travel continue to carry a fair amount of weight. I hope you and yours are staying safe. You're not alone, we'll get through this, and we're closer to the end now than the beginning.
Now, onto the notes!
NOTES
API-FIRST V API-DESIGN FIRST
STRAT
/ DESIGN
/ DOC / DEV & TEST / DEPLOY / SECURITY / MONITOR / DISCOVERY
Over on the Stopligt.io blog, Janet Wagner does the hard work of defining the differences between API-First and API-Design First. While much about these two concepts are intertwined, Janet makes a compelling case for not using the two terms interchangeably.
API-First is about making the interface a leading priority during feature development, not an afterthought or a bolt-on.
API-Design First is a rigorous process for creating APIs, one that captures the intent in a form that is both human and machine-readable.
In other words, API-First is a directive for what teams should build, whereas API-Design First is how they should build it.
These concepts are further fleshed out in the article. I highly recommend it.
MICROSERVICES INSIDE-OUT
STRAT / DESIGN / DOC / '''DEV & TEST''' / DEPLOY / SECURITY / MONITOR / DISCOVERY
Bilgin Ibryam, writing over on InfoQ, has a piece entitled "Microservices Inside Out". He goes into great detail about event-driven microservices and the necessity of "meta" APIs.
To my understanding, what Bilgin calls "meta" APIs is what we have referred to as experience APIs, orchestration layers, or "backend-for-frontend" in other contexts; that is, this is a stable interface layer that packages together any number of microservices to deliver an experience. The microservices remain ephemeral and malleable while customers leverage the certainty of the "meta" API.
Event-driven communication has become an increasingly popular way for these ephemeral microservices to communicate. So popular, in fact, that some have argued that they can ditch their traditional databases in favor of an immutable state log. Bilgin advises against this, however. More of Bilgin's perspective on this and other microservice issues in the original article.
GITHUB'S JOURNEY FROM MONOLITH TO MICROSERVICES
STRAT / DESIGN / DOC / '''DEV & TEST''' / DEPLOY / SECURITY / MONITOR / DISCOVERY
CASE STUDY ALERT! Everyone is familiar with Github. That is why seeing a detailed write-up from Ben Linders on Github's journey from a monolith to microservices is so welcome: nearly everyone reading the piece is familiar enough with the product to have context around the decision points mentioned.
Ben does a great job of fairly presenting the pros and cons of both architectural approaches. That, combined with an honest discussion of the forces at play, make these an excellence reference for companies struggling with their growth.
Further, once Github made the microservice decision, it was necessary to figure out how decomposition would work; no small feat. Ben walks through their process and what they had to look out for in the process.
Great stuff.
MILESTONES
- A recently hacked Tea Party database provides a lesson for API developers: don't embed administrative admin keys on each web page.
- While I'm mentioning security things, a report by SALT Security says API attack traffic is up 300%. Companies "jumping onto the API bandwagon" without "proper forethought to maintenance or security" is cited as the chief reason.
- Version 1.0 of the HAL explorer has been released.
WRAPPING UP
Have you taken a look at the ASC 2021 conference yet? Like many of the events listed on Net API Events, it is available online. Check it out. And if you see something that should be included, let me know.
I'll end with thanks to my Patreons. You are the reasons this newsletter is free of advertising, information selling, or paywalls. We all benefit from your gifts.
Till next time, Matthew
@libel_vox and matthewreinbold.com
While I work at Postman, which really would make a great sherbet flavor, the opinions presented above are mine.