Net API Notes for 2022/01/05 - Issue 185

Hey! You! You made it to this side of New Years! Did you have a restful, relaxing time to recuperate? Or, barring that, was your holiday time at least memorable? I know the ongoing pandemic has made long-term planning problematic, but do you have thoughts on how you might work on yourself this year?

I've been going through my various streams from 2021. The collection of sticky notes (below) is not some event storming exercise but an attempt to put the fragmented pieces that resonated with me last year into a coherent narrative. I'm not big on New Year's resolutions; instead, I'm keen on crafting systems. Through regular sense-making, the pieces seem to be coming together.

Keyword is seem. Time will tell. Until then, however, we've got some notes to review!

Net API Notes is a regular, hand-curated digest of impactful news and analysis for busy API practitioners. Are you reading this and not subscribed yet? Sign up today and be the first to get ad-free, actionable info delivered directly to your inbox.



Well, well, well. Look what the woodland ecologist dragged in! It's Phil "Crossing-the-North-Sea-Is-My-Jam" Sturgeon! When he's not building his non-profit, Protect Earth, Phil is dropping wisdom like how to create an OpenAPI description from API Traffic.

While consensus, long ago, agreed that API design-first had many advantages, the fact remains that many developers aren't in a position to do that. Whether they inherited a legacy system, were saddled with acquisition fru-fru, or are the last-hands-on deck due to the great resignation, there's a world of undocumented APIs that would benefit from being described uniformly.

Phil's piece advocates avoiding the manual work of creating something from scratch. One way to do that is to construct an OpenAPI description by monitoring existing traffic. Many tools do this. Phil highlights his success with Akita. I've heard others use Optic. Postman's Interceptor can also capture requests and responses to transform into OpenAPI descriptions.

The bottom line is that there are a ton of APIs that should be described - and we all have better things to do than create those from scratch. Be like Phil.


But what do you do with those API descriptions? How about ensuring contract reliability?

That's the question that Ashley Peacock asks in his piece that appears on Better Programming. There are few things more frustrating than building critical functionality on someone else's service only to have that service then break. In his article, Ashley covers several open source tools that take an OpenAPI definition and create a meaningful expectation monitor.


Michal Trojanowski is a product marketing engineer at Curity. He recently had a great post on the New Stack entitled "Securing Large API Ecosystems".

Security is, increasingly, a point of emphasis for many organizations. I appreciate how Michal goes beyond just "do security better" and provides a new, detailed perspective on the challenges that exist. In addition to that, he offers multiple solutions worth considering.

Great stuff.



Two quick shout outs:

Next, I wanted to mention that I had the good fortune to sit down (again) with David and Kevin on The Coding Over Cocktails podcast. We discussed API ecosystems, digital transformation, and everything in between. I love how this one turned out. I posted that, along with a number of other recordings, to a new "Appearances" tab on my personal blog. I know there are still some missing, and I hope to track those down at some point.

Speaking of podcasts, I started a "between the lines" notes recap show for Patreon backers. In that show, I go behind the scenes of the newsletter and provide additional research, opinion, and color for the news of the day. I readily admit, it is a work in progress. However, for my wife who has been encouraging me to talk to other people for years, it is already beneficial. ;)

Till next time,
@libel_vox and

While I work at Postman, a pair of dependable gloves during a day at the ice-rink, the opinions presented above are mine.

Subscribe to Net API Notes

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.