Net API Notes for 2022/04/01 - Issue 194 - Mostly Governance?

Good day, and happy April Fools! I thought rather than a prank, I'd put foolhardy email in your inbox! I'll claim that's the reason for this week's rather late edition. The timing has nothing to do with my newfound obsession for watching Elden Ring playthroughs or finishing the excellent Jade City book in the evenings. Not one bit.

Also, probably no meme this week. After that event at the Oscars, my Twitter, Reddit, and Discord feeds were flooded with hot takes and paramutations. While I chuckled at a few, the gross insensitivity and toxic masculinity underpinning the whole thing made me uneasy about co-opting it for a quick LOL. I don't know much about Jim Davis, the creator of Garfield, but I appreciated his statement on the matter:

Respect.

But I'm here, you're here, and anything else you're likely to read online today is of dubious credibility. Let's get into issue #194 of Net API Notes.

Net API Notes is a regular, hand-curated digest of impactful news and analysis for busy API practitioners. Are you reading this and not subscribed yet? Sign up today and be the first to get ad-free, actionable info delivered directly to your inbox.

NOTES

GETTING STARTED WITH WEBHOOKS

STRAT / DESIGN / DOC / DEV & TEST / DEPLOY / SECURITY / MONITOR / DISCOVERY

The first story this week comes from Keith Casey. Over on the ngrok blog, he's got a detailed webhook primer. He briefly describes what problems webhooks are adept at solving, what comprises a webhook, and essential security considerations companies should have when deploying them.

ASYNCAPI GOVERNANCE

STRAT / DESIGN / DOC / DEV & TEST / DEPLOY / SECURITY / MONITOR / DISCOVERY

Next up, rapid-fire style, is Jonas Lagoni's piece entitled "Getting Started With API Governance".

When any effort gets large enough - whether a group of people, open-source project, or a company software ecosystem - questions arise about how best to co-exist. I've always maintained that software governance is how to change a system **safely. In a representative democracy, that means having processes and procedures for passing and modifying laws as need dictates. In software governance, it often means explicitly defining who has decision-making authority and over what.

Jonas lists what some of those decisions might be for AsyncAPIs he is responsible for: how the API designs maintain consistency, how they're delivered, and how they are discovered.

It is a good list of initial concerns. However, in the future, I would expect Jonas will need to move beyond the initial set of requirements and begin incorporating mechanisms for how those rules get changed - is there a well-documented and understood process for community suggestions? How are the outcomes intended by the current regulations judged? When a proposal is made, who and how is the evaluation to accept it made? How are changes recorded and communicated?

Living governance is more than just having a set of rules; in the same way the law is merely an aftereffect of a functioning democratic process, standards or requirements are just artifacts of a healthy software governance process. In other words, governance is not what one did (make some laws), it is the processes and ongoing efforts that one does.

API LAYER AND THE PUBLIC APIS TIFF

STRAT / DESIGN / DOC / DEV & TEST / DEPLOY / SECURITY / MONITOR / DISCOVERY

The Public APIs Github Repo is an incredible community resource for discovering open and freely available APIs for use. Recently, several volunteer maintainers raised concerns that API Layer, the sole sponsor and owner of the repo, had revoked their access (reference 1, reference 2).

If I understand correctly, the timeline of events is:

• 2015 - Todd Motto created the Open Source List
• 2016 - Todd asks the community for help maintaining the list
• 2020 - Several community maintainers discovered that Todd no longer owned the repo and had transferred it to API Layer
• 2021 - The new owner added several new maintainers. However, all volunteers could not add additional project volunteers
• May 2021 - The Github project description was updated to add links to API Layer; also, on multiple occasions, API Layer attempted to add their commercial links to the top of the list, thus breaking the alphabetical build. Volunteers reverted the changes and wrote the owner to explain the problem but claim to have not received a response.
• March 11th, 2022 - API Layer removed a different project sponsor and added their logo and link to their company to the top of the page.
• March 12th, 2022 - After volunteers reverted the change, all volunteers had their maintainers' rights downgraded without notice.

It is unfortunate. One frequent response to the situation is "fork it!". And while the volunteers could take the info and set up the resource elsewhere, they'll leave behind one of the most starred projects on Github, right up there with React and Vue frameworks. They'll gain access to care and maintain the project as they want to, but - at least for the foreseeable future - the API Layer repo will algorithmically be treated as the "real" one.

Reality is that, regardless of being an "open source" community resource, API Layer owns the repo. I talked about governance in the previous note. Without a governance structure, the volunteers operated at the owners' benevolence. When that changed, they were stuck with recourse. The two groups didn't have a means to reconcile competing concerns, and now (seemingly), there are only painful outcomes ahead for all parties.

I'll continue to watch, and hopefully, I'll be able to share a positive development on this in the future.

MILESTONES

• RapidAPI raises an additional $150 million in funding at a $1 billion valuation.
• APIWiz raised $2 million to help enterprises develop and maintain their APIs.

WRAPPING UP

This week, I have a new piece up on the blog. Have these past two years left you stressed out? Has making architectural decisions seemed harder? I go into a bit of why that may be and the Day 2 operational problems that may result from just phoning something like API standards in.

The Ukraine/Russia conflict has now entered its second month. If you are looking for additional ways to help Ukraine, Ukrainetrustchain.org is highly recommended by people I trust.

I'll end with thanks to this newsletter's Patrons. They help keep this newsletter free of ads, paywalls, or information selling. Thank you!

Be careful online today, and till next time,

Matthew @libel_vox and matthewreinbold.com

While I work at Concentrix Catalyst, a blueprint in the beige executive boardroom, the opinions presented above are mine.