An authorization and authentication client library for Python web applications.
Posted
CommentsPost a comment
Prepare for change and let everyone know how you will handle change. The key to handling changes in your API is to not surprise your users. If developers knows what is coming and have time to prepare for these changes you will have a much happier user base.
"Without directly exposing our persistence mechanism to our clients (i.e., what if we switched to SQL Server? Redis as a write-through cache to MondoDB? and so on), we have a number of options of dealing with eventual consistency in our REST APIs."
"Messages on the Web carry three levels of information: Structure Semantics, Protocol Semantics, and Application Semantics. No matter the implementation style, all three of these are needed for any successful communication between client and server. This threesome (S-P-A) forms the essentials of communication over distributed networks."
"How do you secure your API? At Stormpath we spent 18 months researching best practices, implementing them in the Stormpath API, and figuring out what works. Here’s our playbook on how to secure a REST API."
One of he goals of the ASP.NET WebAPI is to make REST style API controllers more testable than more traditional WCF services where in the past. For the most part that is true but there are cases where an ApiController depends on the actual incoming request and its data and things can become a bit more difficult.
If you write code against the GitHub API you have to mock it somehow. Otherwise it can be tricky to test it. Here is how I did it. I found this great GEM FakeWeb. With this GEM you can fake Web Requests.
"Clients shouldn’t have to pick through 30 slightly different formats and implement parsers specific to each one; it’s a waste of energy. People creating APIs shouldn’t have to guess what a good format looks like, only running into problems down the road. And they certainly shouldn’t have to register new media types for “Fault” formats of every API they create.
So, a while back I decided to come up with a generic format for indicating the details of a problem encountered in using an HTTP-based API."
This post introduces Sockii, a Node.js daemon which aggregates multiple WebSocket connections and proxies them to a single socket to the user’s browser.
Content Negotiation, if used properly, can dramatically improve the UX of your API. You’ll get much closer to the way clients expect to consume your data making their lives easier and, in the end, making your final customers happier.
One of the things that we've enabled in our new Restful APIs are HATEOAS (Hypermedia as the Engine of Application State) links. (...) All our API responses include the hyper media links that provide pointers to the next possible state or step.
Retrofit turns your REST API into a Java interface.
We need to start treating our APIs as features because, in many ways, they are. We rely on them to power our applications, extend our business, engage our partners, and drive customer adoption. Here are some approaches to make sure that the APIs that are most important to you are reliable.
I was quite pleased when RFC 6906 was finalized. It's a really useful pattern that people are using to enhance documentation of their APIs.
Today I'm happy to release a brand new API Digest. Previously the digest was email-only. Starting today all links will be available via apidigest.com and @APIDigest on Twitter and App.net. You can also subscribe to the RSS feed if you can find something to consume it in.
If you still prefer email, don't worry, every week the best few links will continue to be delivered to newsletter subscribers. The site and social accounts will feature the most content, but the email newsletter will be a selection of the best items from the firehouse feed.
I've also added a new 'Events' section to keep track of the increasing number of API-centric conferences and events out there. You can follow this list via its own RSS feed.
Lastly I want to thank Preact and Box Platform for their sponsorships that have helped get API Digest off the ground. If you're interesting in sponsoring the site and/or email newsletter, please get in touch.
Thanks to everyone who has subscribed. Looking forward to more great API links!
John
P.S. Have a link or event you'd like to include in the digest? Send it here!
“OkHttp is an HTTP client that’s efficient by default. SPDY support allows all requests to the same host to share a socket. Connection pooling reduces request latency (if SPDY isn’t available). Transparent GZIP shrinks download sizes. Response caching avoids the network completely for repeat requests.”
“Although RFC 2616 officially defines HTTP, HTTP is also defined by how popular browsers and web servers behave. The RFC is over a decade old, so these behaviours are often discovered through spelunking source code, or nightmare debugging sessions. A robust implementation needs to handle the obscure edge cases of the standard, and the mind boggling way in which others have implemented HTTP.”
“Building a distributed system requires a methodical approach to requirements.” (ed: this is a must read)
“One of the important aspects of REST (or at least HTTP) is the concept that some operations (verbs) are idempotent. (…) Over the years there has been a lot said about REST and its perceived benefits over other approaches, with idempotency just one aspect that is often assumed to be understood yet typically not investigated fully.”
Zapier connects with a lot of services you rely on via APIs, almost ~200 at last count. Every month we’re doing hundreds of millions of API requests on your behalf to those APIs, so it’s important we can let you know when there is downtime. That means we have to employ some pretty hardcore monitoring for each and every API. Before today, that monitoring was only available internally at Zapier. Not anymore: all that data is now available on our API Status Board.