REST API Notes for 2016/05/09
This week I'm flying to San Francisco to lead API training. I had just made it through Dulles airport security and was idly flipping through Twitter when it became obvious that dashing out another batch of RESTful API notes was mandatory. Just because I'm traveling doesn't mean new releases take a holiday.
DEBATING OAUTH 2.0?
Perhaps the most intriguing event of the last week was the release of TAuth, an alternative to Oauth 2.0 for securing RESTful APIs. Writing on the Teller.io blog, Steve Graham doesn't posit an alternative; he declares Oauth 2.0 "bad for banking APIs".
If this was just a rouge developer complaining about the complexity of Oauth's various "flows" I'd probably dismiss it. However, during last year's APIDays-London, I was lucky enough to watch Steve cut like a knife through multiple bank's security butter. If anyone understands the vulnerabilities in Oauth, it would be Steve.
Is TAuth inevitable? Given Oauth's successful implementation throughout companies large and small I'm not sure. But after a phase of seeming stagnation, I'm excited to see these debates firing up again.
DESIGNING INTUITIVE APIS
Hearing Les Hazlewood speak is a special treat. If you can't catch Les in person, he has a new YouTube recording available on Best Practices for REST+JSON API Developers. Even if you are an experience RESTful API ninja, guaranteed there is something here worth refreshing yourself on.
DOCUMENTING RESTFUL APIS
If you've been reading this newsletter for any amount of time, you're familiar with one of the common API specifications like Swagger/OpenAPI, RAML, or API Blueprint. But while those formats describe an API, they fall short of being complete documentation. Jenn Strater recently presented her talk "Test-Driven Approaches to Documenting RESTful APIs". In it she identifies where annotation-based documentation schemes fail.
This dovetails with Guillaume LaForge's piece, How Far Should API Definition Languages Go?
DEPLOYING MICROSERVICES
In his piece, "Real World Microservices: When Services Stop Playing Well and Start Getting Real", Oliver Gould shares his experience working with microservices at Twitter. As he points out, the flexibility for creating new products is countered by the increased management for a distributed system.
"It’s my experience that they are considerably more difficult to operate than their monolithic counterparts."
Oliver's solution demonstrates the benefit of introducing Linkerd to a microservice system. While not for everyone, Linkerd potentially is a powerful solution for service discovery at scale.
WRAPPING UP
It is almost time to fly away to my training. But if you're looking for an API related event in your area, check out http://webapi.events for meetups, workshops, hackathons, and conferences. And if you see something missing, shoot me a note - I'd be glad to add it.
Till next time,
Matthew (@libel_vox)