REST API Notes for 2018-07-12

This week is light on links but heavy on thought. Let's get into it.



This past week, Alexandra Noonan published a blog post entitled, "Goodbye Microservices". It goes into a great amount of detail on the architecture of their message systems pre, during, and post microservice architecture.

The mention of a shared library (and thus the introduction of an inter-service dependency) struck me as odd. Another was the assumption that each new integration automatically warranted its own microservice. And I'm curious as to why the first step wasn't a two queue system, rather than fifty+; one where new messages go to a primary queue and retry events go to a second, dedicated process.

That said, I vigorously admit I'm on the outside and my impressions are based on scanning the post for a few minutes. It's clear there is a high degree of technical competence among the team. My conclusions lead me to believe that I don't have all the details, rather than the team being at fault.

At the beginning of this year, I discussed how I saw sentiment souring. Microservices are complex and this year is when many shops are pushing past theory. Just like having an open flour plan doesn't mean you're doing devops, "doing microservices" doesn't mean you instantly get sustainable software modularity.

I expect more of these 'tales from the trenches' to come.


Spotted by Google's Marsh Gardiner, Mastercard has an interesting blog post about why they prefer OAuth 1.0 to 2.0. Written by Paul Matthews, it provides an interesting counter-argument to a debate that most (probably) thought settled.

At the heart of it, OAuth's version number is an unfortunate label. With software, we're conditioned to assume '2.0' is better, an upgrade, over '1.0'. The truth is that they're actually mutually exclusive systems. To grossly oversimplify, OAuth 1.0 is securely hashed based and OAuth 2.0 an interplay of token exchanges to enable authorization among two or more parties.

Eran Hammer, a co-creator of the OAuth 1.0 standard, has spoken in great (and colorful) detail about his disappointment of OAuth 2.0 in the past (the video is circa 2012. That spite beget Hawk, which is interesting but, despite being frequently updated, I don't know how widely adopted it is. Some of the ideas behind both OAuth 1.0 and Hawk are present in the more recent TAuth.

But kudos to Mastercard for succinctly outlining their position. It is important for developers to hear these kinds of stories to make more informed positions.


This week I've got some industry quick takes nearly as hot as the July summer heat!


Looking to meet, in person, with like minds? Check out And if you have an upcoming Web API gathering somewhere on earth, let me know - I'd be glad to add it.

And if you're interested in kicking in for the caffeine that helps make these updates possible, check out my Patreon page.

Thanks for reading. Till next time, Matthew

@libel_vox and

Subscribe to Net API Notes

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.