REST API Notes for 2017/08/28


A few issues ago I discussed Google's approach to API versioning. It was a practical approach to dealing with what any API developer confronts: change in production. Stripe recently published its own thoughts on the topic. Rather than the usual URL-verses-header debate, author Brandur Leach goes deeper into Stripe's approach which includes rolling and pinned versions. It may be overkill, for some, but I found contrast in approach informative.


I spend a fair amount of time considering internal API usage. Zapier's Wade Foster, however, has a great talk on how to create successful external integrations. Great integrations include notifying people, choosing quality over quantity, and providing adequate support. That sounds obvious. However, given how often companies continue to assume their work is done after the tech is in prod, it needs to continue to be said.


This month, for those that prefer to listen to the API news rather than skim, there were two great podcasts. The first was an InfoQ podcast with Sam Newman, Security Considerations and the State of Microservices. Microservices, in addition to extra organizational complexity, increase the surface area that malicious attackers may try and take advantage of. The appetite for risk will depend both on the industry a company works in, as well as the level of security sophistication by its teams.

The second is an interview between Stefan Tilkov and Michele Leroux Bustamante on Microservices. Topics include how microservices are different than SOA, orchestration, and platforms for microservices.


On August 17th, Stormpath, an Identity and User Management API, shut down its API. Founded in 2011, Stormpath had enjoyed a positive reputation for many reasons, not the least of which were the impressive conference presentations from its founder, Les Hazelwood. The 45 person team will be joining Okta.

In other news, eBay is joining the Open API Initiative. The online auction house joins an already impressive list of industry sponsors. The Open API Initiative is the Linux Foundation group responsible for advancing the specification previously known as Swagger. They released OAS 3.0 earlier this summer.


I'm still looking to grow my team. Are you familiar with enterprise software systems, love working with developers, and looking for professional growth? Some familiarity with message queuing or event driven architectures is a big plus (Kafka, RabbitMq, and/or Anazon Simple Queue Service [SQS]). For more information, check out the listing.

My fellow co-worker, Irakli Nadareishvili, is also hiring for an Application Security Engineer. If you enjoy big security challenges on an exciting greenfield opportunity, give this listing a look.

Finally, if you have an upcoming in-person API-related event that isn't captured on, let me know! I'd be glad to add it.

Until next time, Matthew (@libel_vox and

Subscribe to Net API Notes

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.