REST API Notes for 2018-02-27

Back in DC. While the political news leaves much to be desired, good API work abounds. Let's get to it!

KRISTOPHER SANDOVAL ON API SECURITY FOR BANKS

Kristopher Sandoval, writing on the Nordic APIs blog, has a thorough overview of High-Grade API Security for Banks. Since joining Capital One, I've been repeatedly (and pleasantly) surprised at the number of regulatory requirements that exist when it comes to people and their money; "Move fast and break things" doesn't work so well when it comes to what's in a bank account. This piece introduces a handful of the most well known items (US and Europe) and then dives into strategies for protecting that information. The animated GIF (HARD-G 4 LIFE, BOYZZZZ!) of Oauth flow is also a nice touch.

MICROSERVICE MASHUP

Patrick Lee Scott discussed Five Different Microservice Patterns. These patterns - Model, Denormalizer, Gateway, Ingestor, and Adapter - are straightforward and help provide a clue on where opportunities for breaking down a system may be.

While I'm on the subject of microservices, there's a fascinating piece by Michael Nygard on the "Coherence Penalty for Humans". While it starts out discussing multi-processor applications, it then compares and contrasts with microservice design. Bottom line: Michael lays out a theory as to why dev shops that implement microservices might not always reap the intended fruits from their labor.

MORE ON REACTIVE APIS

The concept of Reactive APIs (or Reactive Microservices) has been one of those 2nd-tier concepts kicking around my awareness. I mentioned it in a bit of detail last year. InfoQ recently published slides and video from a talk by Ben Hale and Paul Harris. It is entitled "Designing, Implementing, and Using Reactive APIs". What is most appreciated is a discussion of when (and, by extension, when not to) consider Reactive for a microservice pattern.

MILESTONES

• Troy Hunt, the well traveled (and well lauded) Australian security researcher, has launched Pwned Passwords v2. Troy has compiled passwords from hundreds of millions of past breaches and put it into one spot. The launch notes are worth checking out for the explanation on k-anonymity and how Troy uses it with the service's API. Speaking of API, the docs have been updatedand used in some neat services.
• I was pleased to see Stephen Mizell announce that RESTful JSON is now an officially registered IANA media type (application/vnd.restful+json). As Zdenek declared, RESTful JSON is "the easiest way to add hypermedia to your JSONs".
• Finally, my fellow API conspirator, James Higginbotham, was announced as keynote speaker of the upcoming REST Midwest Conference. His talk has the linkbait title of "Are REST APIs Still Relevant Today?". The rest of the schedule is available online.

WRAPPING UP

If you're looking for some in-person API events, consider looking at webapi.events. It is a list of conferences and meetups the world round. Not seeing something that you know about? Either respond to this note directly or send me an email at 'hello@matthewreinbold.com' and I'd be glad to add it.

Also, do you know of someone with API technical documentation experience? Capital One is hiring. Lots of opportunity bubbling behind the scenes.

Til next time,

Matthew

@libel_vox and https://matthewreinbold.com