REST API Notes for 2015/09/22
Hello and welcome to another edition of RESTful API Notes. As expected, people are shaking off their summer frivolities and settling back into work. As a result, we get a fresh batch of tasty industry treats to share.
REST FEST RECAP
For the last several years, the humble town of Greenville, South Carolina has hosted REST Fest, one of the premier API conferences. All attendees are encouraged to give a brief presentation or aid in a hackathon.
Some of that material is making its way online. James Higginbotham posted his succinct deck on applying Systems Design to APIs.
FIRST HAND WITH THE AMAZON API GATEWAY
Shortly after its announcement, we speculated here which API producers might benefit from it the most. With time has come an incredibly thorough breakdown of what works and doesn't by Nick McHardy. The API support is there (with some caveats). The big takeaway was as suspected: the true power of the Amazon API Gateway is enabling developers to build entirely "server-less" applications - no EC2 or RDS necessary.
DEVELOPER EXPERIENCE
While producing an API via Amazon's Gateway might be easier than ever, developers still have to consume it. Two recent pieces demonstrate different ways of making that easier. In the first, Christopher Hoult discusses what makes for intuitive, easy-to-use API interface (a PDF deck). The next is by Ian Watson who shares a number of thoughts to consider when creating API documentation.
SECURING APIS
If you've been following the Kardashian news (who doesn't?) you probably heard about how their API security left much to be desired. Poorly executed, it exposed names and emails of over half a million subscribers. Kristopher Sandoval, writing on the Nordic APIs blog, identified the risks inherent with APIs and how to mitigate them. Getting security "right" is an ongoing challenge for any company. As exposure of critical business functionality through APIs increases, so too does the need for security rigor.
WRAPPING UP
Finally, props to API Changelog Partnering with 3Scale. API Changelog has been a great, external source of information for people interested in changes to public APIs. Now, by partnering with 3Scale, many of those interface change notifications can be automated. If a developer updates their 3Scale API documentation, those changes are carried over to API Changelog.
It's a fantastic bit of automation. As the API economy continues to grow, we'll need more of these kinds of integrations to facilitating comprehension at scale.
And speaking of facilitating comprehension, I did a bit of API event feed munging over the weekend. The result was a number of new items added to webapi.events. Check it out and if you have an event that is not listed let me know - I'd be glad to add it.
Until next time,
Matthew (@libel_vox)