REST API Notes for 2018-02-27

Back in DC. While the political news leaves much to be desired, good API work abounds. Let's get to it!


Kristopher Sandoval, writing on the Nordic APIs blog, has a thorough overview of High-Grade API Security for Banks. Since joining Capital One, I've been repeatedly (and pleasantly) surprised at the number of regulatory requirements that exist when it comes to people and their money; "Move fast and break things" doesn't work so well when it comes to what's in a bank account. This piece introduces a handful of the most well known items (US and Europe) and then dives into strategies for protecting that information. The animated GIF (HARD-G 4 LIFE, BOYZZZZ!) of Oauth flow is also a nice touch.


Patrick Lee Scott discussed Five Different Microservice Patterns. These patterns - Model, Denormalizer, Gateway, Ingestor, and Adapter - are straightforward and help provide a clue on where opportunities for breaking down a system may be.

While I'm on the subject of microservices, there's a fascinating piece by Michael Nygard on the "Coherence Penalty for Humans". While it starts out discussing multi-processor applications, it then compares and contrasts with microservice design. Bottom line: Michael lays out a theory as to why dev shops that implement microservices might not always reap the intended fruits from their labor.


The concept of Reactive APIs (or Reactive Microservices) has been one of those 2nd-tier concepts kicking around my awareness. I mentioned it in a bit of detail last year. InfoQ recently published slides and video from a talk by Ben Hale and Paul Harris. It is entitled "Designing, Implementing, and Using Reactive APIs". What is most appreciated is a discussion of when (and, by extension, when not to) consider Reactive for a microservice pattern.



If you're looking for some in-person API events, consider looking at It is a list of conferences and meetups the world round. Not seeing something that you know about? Either respond to this note directly or send me an email at '' and I'd be glad to add it.

Also, do you know of someone with API technical documentation experience? Capital One is hiring. Lots of opportunity bubbling behind the scenes.

Til next time,


@libel_vox and

Subscribe to Net API Notes

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.