REST API Notes for 2018/09/11

Hello, hello, hullo! I hope you were able to take some time off in August! As for myself, some book project work had to take a backseat while I moved the family into our new house.

And now, in the blink of an eye, we're knee-deep in API conference season. As I write this, API World is happening, API Strat and RESTfest are coming up, and API City is around the corner. As always, for events like these (and more!) check out

Before I start covering those, however, let's highlight what happened last month.



Chelsea Troy published a worthwhile history of distributed system design, entitled "API Design, Part 1: Before there was REST. Chelsea's introduction had me fist-pumping:

"I want folks to inform their opinions with context on the history of API design. We seem to be in this weird continuous loop of folks pontificating based on whatever has come out in the last two years. And because those opinions are missing a lot of history, they also make a lot of assumptions that prove inaccurate. "

The piece is educational and entertaining in an approachable way. As the latest crop of conference buzzword bingo gets underway, having a firm grasp of the fundamentals goes a long way toward identifying what is new and novel, verses what is re-branded pap.


There have been numerous think pieces on GraphQL pros and cons. But many have been at a theoretical, abstract level. Matthew Weier O'Phinney, took a different tact. He's posted an impressive deep-dive on what it is actually like to use GitHub GraphQL API.

For those considering a GraphQL implementation, I think the post is enlightening. For those weighing whether to consume GraphQL or REST based versions of a provider's service, the piece may also save you some toil and trouble. Finally, I hope it inspires others to share their firsthand experiences and "light the way" for those that follow.


Speaking of lighting the way, Daniel Bryant has posted his recent presentation, "Introduction to Service Meshes. Looking at meshes in the abstract, particularly for microservices, it can be easy to loose site of the forest for the trees. What I like about Daniel's deck is how it provides a background of how we got here. That context is important to understand the benefits and justify investments. Without that understanding, new tech initiatives fall into cargo-culting.


Ericka Chickowski has a piece that discusses how APIs are an increasing attack vector for cybercriminals. She highlights a number of trends, all of which indicate the greater need for secure API practice.

If you're developing microservices and wondering where to start securing things, I'd recommend the free API Academy book, "Securing Microservice APIs". This also seems like a big enough topic to dedicate a specific "best of" link roundup in a future email.



Do you have an event that should be listed on Getting it include is as simple as shooting me an email:

Also, if you'd like to show your support for this, and other, community efforts, check out my Patreon page. A big THANK YOU to the folks who have supported me thus far. In August, I shared a prototype of a game-based teaching tool for folks in charge of burgeoning API ecosystems. As I get back into a groove, I hope to be sharing more there.

Till next time, Matthew

@libel_vox and

Subscribe to Net API Notes

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.