REST API Notes for 2017-09-18
THE BEST OF RESTFEST
The 2017 stateside edition of RESTfest concluded this past week in Greenville, SC. One of the fantastic aspects of the event is emphasis on sharing work with the wider world. This year, like previous years, there was a host of worthwhile things to check out.
ERIK WILDE ON LINKSETS
CA's Erik Wilde presented several things at the conference. However, his proposal for linksets got my attention. Linksets are included in an official Network Working Group draft. As presented in his talk, they are meant to bust the link relations normally found in web page headers out into their own mime-type. This JSON-formatted file would provide for easier parsing (among other benefits).
Hypermedia is about the making the affordances explicit for a client. In this approach, I'd assume a client would ask, via content negotiation, for 'application/linkset+json' from the resource. Taking those options available and returning them without data is interesting. But is it useful?
Without doing an implementation, I'm inclined to say 'yes'. I'd also say that a dedicated media type for link relations isn't the reason hypermedia hasn't seen widespread adoption, either.
The restfuljson.org effort from Stephen Mizell and Mark W. Foster is another attempt to get links into payloads.
MIKE AMUNDSEN ON THE THREE TYPES OF MICROSERVICE COMPONENTS
At the same event Mike Amundsen presented 'Three Types of Microservice Components'. The slides come from Mike's experience co-authoring the O'Reilly book, Microservice Architecture (a free version of which is available for download).
Mike argues that all microservices aren't created equal. The purpose of identifying each of the types - stateless, persistence, and aggregation - is to better apply the proper 'stability patterns'.
Has your organization reached the level of microservice maturity where you're creating sub-classifications (and I'm not talking 'nanoservices')? If so, why and what are the defining features? I'm curious how common this is outside of all but the largest IT shops.
UPDATES
GRAPHQL LEGALEESE
Two weeks ago, I revisited GraphQL after an unfortunate team request. Dennis Walsh, a patent/IP attorney, wrote a surprising post alleging a legal cloud hanging over the data query language.
GraphQL was developed at Facebook. As the 'TL;DR' states at the top of the page, the GraphQL spec doesn't grant a patent license and, therefore, most GraphQL users infringe on Facebook's patents. I'm not a lawyer and there's a lot of detail that is open to interpretation. But, after watching Oracle's attempts to wring a payday over Google's APIs, my spider sense is tingling.
FURTHER EXAMINING EQUIFAX
Last week, I shared information that alluded to Equifax's breach being due to an unpatched REST component in the Apache Struts framework. Reports confirmed the problem was bug CVE-2017-5638, disclosed in March of this year. The hackers, subsequently, exploited the vulnerability in May. PATCH THOSE SYSTEMS (and don't use 'admin/admin' as a username, password combo).
WRAPPING UP
I am growing my team! Are you familiar with enterprise software systems, love working with developers, and looking for professional growth? Do you pine for a combination of internal evangelism, product development, and software architecture - something with visibility across the entire enterprise? Have you connected the dots between your microservices and event driven architectures (EDA)? If so, I want to hear from you.
I also spent time this weekend updating webapi.events with the latest, upcoming, meetup.com items. If you know of an API conference, meetup, or hackathon not listed, let me know. As a reminder, I'm speaking at API World 2017 on September 27th. Are you going? If so, I look forward to seeing you there.
Til next time,
Matthew