"I have recently been battling with n+1 problem on the server - a Web API serving some composed data. Slow responses, thread starvation, inconsistent performance were some of the symptoms and caused me enough pain to make me completely re-design the serving layer of the API. In this post I cover the background to the problem and propose several patterns and solutions - some of which I successfully integrated in my API Layer to alleviate the problem."
"I18n is often a painful afterthought when serving content from a http-api. It can be taken for granted and tacked on using nasty query string values. But thankfully HTTP provides us with a solid gold opportunity. If you can look past the mire of content negotiation you can see the nuggets that lie inside."
"This article is a walkthrough of Papers' test-driven implementation of an OAuth server using Node. We decided to go for what's known as resource owner password flow and chose node-oauth2-server to build our server."
"The term "Microservice Architecture" has sprung up over the last few years to describe a particular way of designing software applications as suites of independently deployable services. While there is no precise definition of this architectural style, there are certain common characteristics around organization around business capability, automated deployment, intelligence in the endpoints, and decentralized control of languages and data."
"We have adopted the pattern of using Hypermedia Controls to represent relationships between resources (...) but what does it look like when you consume an API like this within a Backbone.js app?"
"This is a follow up to my previous API design post API Design Best Practices"
"In a previous post I discussed the approach we opted for at Linn when deciding how to evolve our HTTP APIs without breaking existing clients. In this post I describe how we implemented that approach using NancyFx (a web framework for .NET inspired by Sinatra)."
"With these mission-critical services being the lifeblood of your applications, keeping a close eye on them is increasingly important. If a backend service is down it’s likely that your app is down too. If you’re getting back unexpected data, user experience suffers. Just checking for uptime isn’t enough."
"At Linn we develop and maintain a variety of HTTP APIs to support the operations of the company. Over time the number of dependencies between these APIs has increased, and it became apparent that we needed a reliable way to introduce changes without breaking existing clients. In this post I describe how we used media type parameters to version our APIs."
"Every which way you turn there are different philosophical takes on “the right way” and lots of backwards and forwards on REST, what is RESTful, what is not and if it even matters. Let’s talk about API changes, the impact on versioning, why there are so many diverging ideas on how it should be done and ultimately, why none of the banter is as important as actually getting stuff done."
"Grape truly is a great gem—even so, it still provided us with a few minor issues at the outset that we needed to work through. And while these issues were not exceedingly troublesome, they became more significant as the project progressed."
"Recently, we were faced with the task of writing an API-first web application in order to support future mobile platform development. Here’s a summary of the project from the point of view of one of the developers."
"This tutorial will give you with a quick and easy way to set up a REST API Service using the OAuth2 protocol in node.js."
"An HTTP API testing framework, written in PHP using curl. Supports ssl, basic auth, passing custom request headers, redirection (10 levels), and most HTTP request methods. "
"Usually when a third-party API is used, you are required to stay within defined rate limit. This allows API providers to serve many users without much cost. It is easy to adhere to the rate limit, if you use a single server to make all the API calls. However, if API calls are made from multiple servers, adhering to the rate limit is a difficult problem. We'll talk about our approach to solving this problem."
"When building an app against a web API, do you pull in their SDK or just make raw HTTP calls? Here are a few reasons that I avoid SDKs when I can."
"Accidentally posting API keys, as well as passwords and other sensitive information, on public source control repositories is a huge problem. It potentially allows anybody who comes across your code to access data, send communications, or even make purchases on your behalf. And yet API keys exposed in public GitHub repos is a common occurrence."