Sign in Subscribe
By Matthew Reinbold in Newsletter

Net API Notes for 2022/03/17 - Issue 193

In this edition of the Net API Notes, I've got a tutorial for discovering and using "shadow APIs", a fantastic real-world example of why API idempotency is essential, and a puzzle regarding why bank APIs aren't leading to digital transformation. If that sounds like your type of a good time, continue reading below.

Net API Notes is a regular, hand-curated digest of impactful news and analysis for busy API practitioners. Are you reading this and not subscribed yet? Sign up today and be the first to get ad-free, actionable info delivered directly to your inbox.

NOTES

HOW TO USE UNDOCUMENTED APIS

STRAT / DESIGN / DOC / DEV & TEST / DEPLOY / SECURITY / MONITOR / DISCOVERY

Just because an API is undocumented does not mean it won't be used. In her latest article, Julia Evans shows how this works, step by step.

The point here is that while many companies may have "official" API programs, the APIs serving their single-page web applications may have fewer hoops, more features, or are updated on a more regular basis. Given these factors, there can be some compelling reasons to crack open the browser inspector, copy some cookies, and build something that previously wasn't possible.

In the end, Julia is right to touch upon the ethical considerations of this approach; you certainly wouldn't want to build a business on this kind of spelunking. As a fun way to learn how your favorite APIs work, however, this is a great approach.

UBER EATS, PAYTM, AND CHANGING API IDEMPOTENCY

STRAT / DESIGN / DOC / DEV & TEST / DEPLOY / SECURITY / MONITOR / DISCOVERY

This next piece isn't a piece at all but a highly educational Twitter thread from Gergely Orosz. Several years ago, UberEats India had a problem with a payment processor, Paytm, that allowed folks to order food for free - even if there was no money in their account!

The problem was a subtle change in how the Paytm API worked; an endpoint used went from idempotent to non-idempotent. The change was subtle but it was initially difficult to spot - like so many breaking changes.

Give the thread a look. And big thanks to Gergely Orosz (writer of the Pragmatic Engineer newsletter) for sharing.

(comic by Agent-X)

APIS ARE TRANSFORMING BANKING, BUT NOT BANKS THEMSELVES

strat / DESIGN / DOC / DEV & TEST / DEPLOY / SECURITY / MONITOR / DISCOVERY

The final piece this week comes from Ron Shevlin writing on Forbes.com. His piece, "APIS Are Transforming Banking - But Not The Banks Themselves" describes API's impact on the financial sector. Ron covers several points from a new report from his firm, Cornerstone Advisors. Chief among them: while APIs are increasingly used to perform the internal work within financial firms, they are not leading to a bounty of new customer-facing products and services as folks might have hoped.

One of the pieces shelved earlier this year when I switched jobs, was a comprehensive assessment at the state of "Open Banking". I might get back to it at some point. But my initial conclusion is much along the lines of what Ron writes about here; yes, APIs abound, but the digital transformation long cited as a certainty in their wake has yet to manifest.

MILESTONES

  • Cloudflare has announced the availability of its own API Gateway. The Discovery aspect alone, which promises to identify and report shadow APIs within an organization, is intriguing.
  • There's a new whitepaper out entitled "Web APIs Structures and Data Models Analysis". By analyzing OpenAPI files, the paper attempts to determine (1) how big and diverse are real-world web APIs both in terms of their operations and data, and (2) how different API structures use and reuse schema definitions.
  • On more sobering news, API hero Joshua Bloch announced he has cancer. Fingers crossed, his surgery does the trick. To turn the diagnosis into something positive, Joshua used the occasion as a teachable moment for others to begin getting regular checkups. I wish Joshua the best and speediest recoveries.

WRAPPING UP


Thank you, finally, to this newsletter's Patrons. They help keep this newsletter free of ads, paywalls, or information selling. Thanks to their ongoing support, the rest of the community benefits. These Patrons rock!

Till next time,

Matthew @libel_vox and matthewreinbold.com

While I work at Concentrix Catalyst, the welcome sunshine after a chilly winter, the opinions presented above are mine.

Subscribe to Net API Notes

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe