Net API Notes for 2022/04/13 - Issue 195

The April showers are threatening to turn into a late spring blizzard. Before the satellite internet goes out, here's some notes!

Net API Notes is a regular, hand-curated digest of impactful news and analysis for busy API practitioners. Are you reading this and not subscribed yet? Sign up today and be the first to get ad-free, actionable info delivered directly to your inbox.

NOTES

FIGHTING ENTROPY IN YOUR MICROSERVICES ARCHITECTURE

STRAT / DESIGN / DOC / DEV & TEST / DEPLOY / SECURITY / MONITOR / DISCOVERY

At the recently completed QCon London event, there were several fantastic talks. But "Fighting Entropy in Your Microservice Architecture", by FT's Anna Shipman stood out. In her slides, she outlines how her team identified a sprawling, incoherent microservice mess and tamed it with the following three steps:

1. Start Working Toward Order
2. Actively Remove Haunted Forests
3. Accept Entropy and Handle It

I particularly enjoyed the concept of "Haunted Forest", a new term for a familiar concept (at least to me). As described in this Increment Article by John Millikin, a software haunted forest:

"-impedes all nearby work, traps the unwary, discourages the inexperienced, and exhausts the veterans. Logs from files deleted last year, documentation for features that were never written, tests that fail at midnight. Bad code is haunted, and a sufficiently large thicket is a haunted forest.

"Any team would agree that preventing haunted forests is important, but there is less consensus about what to do when one is discovered. Healthy engineering organizations take vigorous action to detect, isolate, and replace code that's become haunted. Otherwise the forest grows stranger and spookier, and the cost of exorcising it can balloon beyond the business value of the entire project."

Great stuff, and I'd love to see more of how teams are continuing to manage complexity in their organizations.

EXAMPLES OF ENTERPRISE GRAPHQL USAGE

STRAT / DESIGN / DOC / DEV & TEST / DEPLOY / SECURITY / MONITOR / DISCOVERY

Over the last several years, my attitude has changed regarding GraphQL. I used to look down on it with disdain, considering it an uninformed hack for those unwilling to do "real API design". However, with time, I've seen specific use cases where GraphQL's approach made sense. However, me shouting "Use case dependent!" and then flitting off to my ivory tower when others are trying to make informed decisions is not helpful.

That's why I appreciate this article from Tyler Charboneau entitled "6 Examples of GraphQL in Production at Large Companies". Tyler explains those specific use cases and how GraphQL helps deliver business value at these enterprise organizations.

THE COMPLETE GUIDE TO OAUTH2

STRAT / DESIGN / DOC / DEV & TEST / DEPLOY / SECURITY / MONITOR / DISCOVERY

The last note this week is from Dan Moore. Writing on the Stack Overflow blog, he's got a ridiculously thorough guide to anything and everything OAuth2 related.

There's so much to like here, like the breakdown and links to specific OAuth RFC. However, the clear, concise description of different grant types is also incredibly well done. This is the kind of reference I can see myself returning to regularly and certainly should be considered for new API developer onboarding.

MILESTONES

• As pointed out by David Biesack, a marketing firm appears to have bought HTTPStatuses.com. They've, subsequently, taken a clean and valuable resource and given it the used-car-lot treatment. This comes after I covered the APILayer Github repo "takeover" in the last note. I don't know the original author, their situation, or how much money was exchanged. Ultimately, they're within their rights to sell; it probably felt good to get some reward after years of attention. However, it seems we need to create some mechanism to preserve commons for the community. I don't know, however, what that is or how it would work.
• Hookdeck, a company that helps developers manage webhooks, has received $2.4 million seed round.
• Peter Koch shared a picture of the difference between the first and second editions of Sam Newman's foundational Building Microservices. Sometimes the 2nd edition is a subtle tuning or correction of found mistakes. At 588 pages, this... this is something else.

WRAPPING UP

I recently updated NetAPI.events with several new opportunities to learn and network with the best. This spring, as many folks appear determined to put the pandemic behind them, I was given pause by this Twitter thread. The actions of the last several months have seemed like a giant "FU" to many high-risk individuals. If you are running a meetup, seminar series, or conference, please consider this excellent piece on how to run inclusive events. There's also the climate impact.

I understand the desire to get back to flights to new places, ordering room service, and meals out while talking big ideas with new friends. I had a severe case of FOMO while watching QCON London tweets fill my Twitter stream. The magic circle effect is real. However, because of the reasons linked to above, I'm committing to only those events and activities that have an online component. Like many others, I'll need to figure out other more ethical, sustainable ways of recreating that "magic".

To end, I'll say thanks to this newsletter's Patrons. They help keep this newsletter free of ads, paywalls, or information selling. Thank you!

Till next time,

Matthew @libel_vox and matthewreinbold.com

While I work at Concentrix Catalyst, an interagency hotshot crew deployed to enterprise architectural fires, the opinions presented above are mine.