REST API Notes for 2018/10/16

Hello and welcome to this latest edition of REST API Notes! After back-to-back conference weeks (APIStrat and API City) I took a week to focus on work-work. Sure enough, during that time the community continued to publish all sorts of notable things (not to mention some major financial exchanges happening).

But before I get to those things, I wanted to compliment Tessa Mero on making the API City conference a reality. It was a welcome eye-opener for me. Attending the same events year after year, it can be easy to assume that certain things - like OAuth flows - are a known thing. Step just to the right or left of that well-worn path, however, and one discovers that there's a whole different community hungry for that information. It was a great reminder, for me, that the developer community is not homogeneous. Teachers and storytellers must challenge themselves to seek out these new opportunities when they present themselves.

OK. Onto the notes!



At API City, Phil Sturgeon presented the deck, "Design-First API Specification Workflow". He makes a strong case not only for API-first design (something that I can fully endorse). Phil goes further by presenting semantically meaningful descriptions. Highly recommended.


Michael Hibay also recently published a blog post on the Relationship Maturity Model. Going from impenetrable JSON blobs to the glory of Fielding's REST can be daunting for new API developers. A different approach is to break that journey into different levels, or degrees of maturity. This helps better articulate the various trade-offs at each level, and can be a bit more palatable for those that might be 'hypermedia skeptics'.


Speaking of Roy T. Fielding, Mike Amundsen recently had a great Tweet storm. He recaps the gist from the important chapters of Fielding's Thesis, mentions where GraphQl fits (and doesn't), and contrasts REST in the wider landscape of message exchange patterns. Fielding, himself, even pops in to clarify a point (always be sure to check the comments). While an unusual format, there's more hard thought here per word than anything published recently on hackernoon.


Let's get to the milestones, because these past couple weeks have had some doozies.

  • Sendgrid was acquired by Twilio for $2 billion. Those names should be familiar to API folks - both companies proved that API-as-a-product was a viable business strategy, were known for their API documentation, helped pioneer developer relations as a profession, etc. etc. etc. In retrospect, a communication company buying another communications company is a no-brainer. If I had to speculate, I suspect that this kicks off a mini-round of acquisitions now that the sector has signaled that it is game.
  • We also need to celebrate raising $3.25M. Stoplight is an online platform that "helps developers build, test, and improve their web APIs". This funding gives them runway to do just that. I'm excited to see what's next for them. [Full disclosure: Stoplight sponsored the reception dinners at the conferences I recently attended.]
  • Now for some not-so-fun news. Google discovered a data leak that, potentially, exposed private data on hundreds of thousand of users. As a result, they're shutting down Google+. Before you shrug out an audible "so what", the leak also means big changes to a GMail API used by 3rd party developers. If you have a GMail integration, double check any communication about interface changes.
  • GitLab's API had a vulnerability that exposed confidential information. "One issue was an insecure direct object reference that exposed confidential issues within all public projects, via the Events API. Vulnerable information includes confidential issues, private notes, and private merge requests." Again, if you've got an integration here, double check that you're current.


Are you looking for an API-themed event? has you covered. And have I missed an in-person get together? Updating is as simple as shooting me an email at

Also, a big thank you goes out to my Patreon sponsors. They cover the caffeine for the late nights and early mornings pulling this stuff together.

Till next time, Matthew

@libel_vox and

Subscribe to Net API Notes

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.