"In a previous post I discussed the approach we opted for at Linn when deciding how to evolve our HTTP APIs without breaking existing clients. In this post I describe how we implemented that approach using NancyFx (a web framework for .NET inspired by Sinatra)."
"With these mission-critical services being the lifeblood of your applications, keeping a close eye on them is increasingly important. If a backend service is down it’s likely that your app is down too. If you’re getting back unexpected data, user experience suffers. Just checking for uptime isn’t enough."
"At Linn we develop and maintain a variety of HTTP APIs to support the operations of the company. Over time the number of dependencies between these APIs has increased, and it became apparent that we needed a reliable way to introduce changes without breaking existing clients. In this post I describe how we used media type parameters to version our APIs."
"Every which way you turn there are different philosophical takes on “the right way” and lots of backwards and forwards on REST, what is RESTful, what is not and if it even matters. Let’s talk about API changes, the impact on versioning, why there are so many diverging ideas on how it should be done and ultimately, why none of the banter is as important as actually getting stuff done."
"Grape truly is a great gem—even so, it still provided us with a few minor issues at the outset that we needed to work through. And while these issues were not exceedingly troublesome, they became more significant as the project progressed."
"Recently, we were faced with the task of writing an API-first web application in order to support future mobile platform development. Here’s a summary of the project from the point of view of one of the developers."
"This tutorial will give you with a quick and easy way to set up a REST API Service using the OAuth2 protocol in node.js."
"An HTTP API testing framework, written in PHP using curl. Supports ssl, basic auth, passing custom request headers, redirection (10 levels), and most HTTP request methods. "
"Usually when a third-party API is used, you are required to stay within defined rate limit. This allows API providers to serve many users without much cost. It is easy to adhere to the rate limit, if you use a single server to make all the API calls. However, if API calls are made from multiple servers, adhering to the rate limit is a difficult problem. We'll talk about our approach to solving this problem."
"When building an app against a web API, do you pull in their SDK or just make raw HTTP calls? Here are a few reasons that I avoid SDKs when I can."
"Accidentally posting API keys, as well as passwords and other sensitive information, on public source control repositories is a huge problem. It potentially allows anybody who comes across your code to access data, send communications, or even make purchases on your behalf. And yet API keys exposed in public GitHub repos is a common occurrence."
"I had been playing around with some API tools such as Apiary, and Fdoc on my side projects. At work, various discussions about the future of our APIs has recently become a focus. (...) The discussions lead to some features we wanted to support, which caused me to start to take a much closer look at some of the API tools available. I decided to try to take notes as I dug in to research a variety of options."
"Learn how to handle token-based API access with AngularJS in an elegant, Don’t Repeat Yourself manner by globally transforming requests and handling failure and token re-issue using response interceptors."
"HTTP/2 is getting close to being real, with lots of discussions and more implementations popping up every week. What does a new version of the Web’s protocol mean for you?"
"Hopefully this explains some of the benefits behind building applications and APIs with HTML as the media type and decoupling the UI from the representational HTML. Once set up, it provides a much more simplified way for building complex SPAs that rely on the hypermedia to drive the application state rather than building that functionality into the client."
"Either way, the HTTP callback pattern provides attackers an avenue to access this service from within your internal network, bypassing these kinds of expected security measures."
To woo the best developers helping an asset provider to achieve the objectives, APX is key.