Net API Notes for 2022/02/10 - Issue 189
We had a spot of warmer weather here in the great frozen north, and the family was able to get out onto the ice. Between that, my oldest's Nordic ski races, and the start to the Winter Olympics, we've had an exciting start to the month.
There were also some noteworthy API items published among all that!
Net API Notes is a regular, hand-curated digest of impactful news and analysis for busy API practitioners. Are you reading this and not subscribed yet? Sign up today and be the first to get ad-free, actionable info delivered directly to your inbox.
NOTES
WHAT CONSTITUTES MEANINGFUL API SLAS?
STRAT
/ DESIGN / DOC / DEV & TEST / DEPLOY
/ SECURITY / MONITOR
/ DISCOVERY
Deepa Goyal recently published a thorough article entitled "Driving Meaningful Customer Impact with API Governance". First, don't let the word "governance" in the title scare you off. Deepa does a fine job illustrating her version of the API product lifecycle as well as articulating meaningful SLAs at each step.
She then contrasts her approach to several highly regarded APIs in the industry, pointing out their stated metrics and why those are important.
One interesting thing of note is how Deepa combines the accessibility of an API (internal, partner, external, etc.) with API lifecycle stages (deployed, deprecated, archived, etc.). In the past, I've maintained that the lifecycle for an API is independent of the deployment environment. (There are always exceptions, of course). Seeing those two aspects combined is a unique approach that, I suppose, has certain advantages.
SHOULD GET SUPPORT A REQUEST BODY?
STRAT / DESIGN
/ DOC / DEV & TEST / DEPLOY / SECURITY / MONITOR / DISCOVERY
Preventing clients from submitting a body on a GET request has always been one of those "don't question, just do" pieces of design advice. But why? Frankly, I've never felt as though staring into that particular abyss was worth the time or energy. Thankfully, folks like Evert Pot are willing to not only follow that rabbit hole to the end, but they also publish a detailed account, to boot.
TL;DR - Don't do it. The rules-of-thumb and pieces of linting guidance you've been hearing your entire professional life aren't wrong. But if you'd like to know why, give Evert's article a look.
JWT ESSENTIALS
STRAT / DESIGN / DOC / DEV & TEST / DEPLOY / SECURITY
/
Have you thought about the tokens passed between your systems? Alex Savage has and has created a very approachable overview for folks wanting more information on what JWTs could do for them. It pairs very well with Curity.io's comprehensive JWT guidance, as well as Lorna Mitchell's guide to debugging the tokens themselves.
MILESTONES
- The OpenAPI Initiative launched an extensible data registry. Data types seem to be the first area of community interest.
WRAPPING UP
Need to meet with other API folks, either in person or online? NetAPI.events is a collection of upcoming events, presentations, and conferences. Don't see an event? Let me know what I'm missing, and I'd be glad to add it.
Finally, my gratitude goes out to the Patrons. Because of their steadfast generosity, this email newsletter is able to operate without info-selling, advertisements, or paywalls. Because of this dedicated few, everyone benefits. Thank you!
Till next time,
Matthew @libel_vox and matthewreinbold.com