Posted on

API Reviews: Scaling Up API Governance

API reviews are part of the overall API lifecycle. They are used to check that an API’s design matches the API design guidelines. API reviews are also an important step in making sure that the API landscape evolves and grows in a coherent way.

Designing Useful and Usable APIs

API reviews are only one step in the overall lifecycle. Before they happen, and overall design process has to ensure that a useful API is being designed. This typically happens by aligning the API with a business capability map, which allows to clearly identification the business purpose and value of the API. Once that value-oriented alignment exists, the next goal is to now create a usable API for this value proposition.

Posted on

Practical API Security: The OWASP API Security Top Ten

API security is on everyone’s mind: After all, APIs always opens up network-accessible interfaces that previously may not have been exposed. Making sure that this is not creating new risks means that securing APIs is an essential aspect of API management.

API security has always also been a technical issue, but it starts much earlier than when just “securing an API.” It needs to be part of the general API mindset and of how an organization manages APIs throughout its lifecycle.

Posted on

What Is HTTP/3 and What Does It Mean for APIs?

The majority of APIs today are based on the Hypertext Transfer Protocol (HTTP). HTTP has been around for a very long time, in computer terms. It is the protocol underlying the Web and has changed surprisingly little since its inception in 1989. HTTP/1.1 was first standardized in 1997 and since then has been updated, but it was never replaced.

HTTP/2 was released in 2015 but did not change the way HTTP works for HTTP users. The update made the protocol more efficient by changing the way in which HTTP servers and clients communicate. However, HTTP/2 still had some shortcomings which were largely caused by the protocol using the Transmission Control Protocol (TCP) as its foundation.

Posted on

Creating a Digital Focus for Products With API First

“API First” is something that often is mentioned when it comes to API strategy and other aspects of how to move to a more API-centric way of thinking in organizations. Oftentimes, “API First” is mentioned in the context of digital transformation initiatives and as one of the principles that should be applied as part of this initiative.

But what is “API First”? In reality, many organizations are not developing things from scratch, and when interpreted as “always designing the API before starting the implementation work,” this means that the reality of existing capabilities and the idea of developing APIs first seem to conflict.

Posted on

Representing Problem Details in HTTP APIs: An Introduction to RFC 7807 [Video]

Almost all APIs have a way of how problems and errors can be reported, making it easier to understand for the API consumer that something went wrong, and what went wrong. How to do that depends on the API style, API technology, and the specific API design. In all these cases, this part of API design needs to be addressed as part of the overall design work.

For APIs using the Hypertext Transfer Protocol (HTTP), some minimal reporting can be done using HTTP’s status codes. HTTP status codes are interesting because they already provide a certain level of details, with ~60 different codes reporting a variety of conditions which are defined by HTTP itself and a few other specifications.

Posted on

Hands-on With Spectral: Using API Linting for Better API Design and Governance [Video]

Spectral is an open-source API linting tool that allows users to write rules which then can be used to check API descriptions. Typically, these would be in description languages such as OpenAPI, AsyncAPI, or Swagger. If you’re interested in an overview and an introduction, check out this interview with Spectral maintainer Phil Sturgeon where he walks us through the history of Spectral, what it does, and how it can be used.

7 Steps

In this article and presentation, we’re diving a bit deeper. Axway Catalyst, Chris Wood walks us through seven steps in which you can learn how to use Spectral for an increasingly powerful set of tasks. This means you can start making Spectral part of your API platform and your API governance with very little effort and can level up the way you’re using it over time.

Posted on

Hypermedia APIs: What Are They and What Can They Do for You? [Video]

Like anything in life, APIs come in different 'flavors.' In the case of APIs, these are called 'API Styles,' and there are five major styles in the API space. Many of today’s APIs use the resource style, and this can be easily verified by the popularity of OpenAPI, which is the most popular way of describing resource-oriented APIs.

But there is a relatively easy way to 'level up' from that style by using the hypermedia style. Hypermedia is the style of the Web: It centers around resources (just like the resource style) but also centers around interlinking these resources in ways that are meaningful for consumers.

Posted on

How to Make Five Billion Dollars With APIs: API Monetization at eBay [Video]

API Monetization is on everybody’s mind: How can I make money with APIs? How can I justify my investments in API-related activities?

But all too often, direct monetization (i.e., charging for API access) is what people think about when they think about monetization. In the vast majority of cases, however, this monetization model is not a good choice. Instead, think of APIs as something to improve the value that you’re generating with your business.

Posted on

GS1 Digital Link: An API for Every Thing

Everybody 'knows' GS1 because it's the organization that standardizes the EAN/UPC barcodes that we find on pretty much every product that we buy in supermarkets and elsewhere. These codes allow quick scanning at check-out where the product identity then is used to look up pricing information.

GS1 Digital Link moves the EAN/UPC barcode into the world of APIs: It turns the EAN/UPC identifiers into URLs which can be compressed, printed as QR codes so that they can be scanned with mobile phone cameras (they can also be scanned when presented via NFC), and then can be used to retrieve product information through an HTTP API.

Posted on

Hyrum’s Law: What It Means for API Design and Management

api design management hyrum

The Promise and Challenges of Loose Coupling

APIs should be built around the idea of loose coupling – that providers and consumers of services possess more independence and autonomy to evolve. The obvious advantage of this approach is that it requires less time-consuming coordination, and thus allows providers and consumers to evolve independently.

However, independent growth presents an increased risk of breaking changes. Will existing API consumers have to adapt to every development? Or can they continue using the API in an unaltered state? 

Posted on

API Linting With Spectral | What Is It and How Does It Work?

API linting is the process of making sure that APIs are not just technically correct (which is the realm of validation tooling), but that they also comply with a set of additional constraints that often are documented in the form of API guidelines. With the growing popularity of APIs, these guidelines become more common, APIs throughout organizations become more abundant, and it thus becomes more important to be able to scale the API practice in organizations. API linting can help with this because it allows you to check and enforce (some aspects of) API guidelines, making it easier for API teams to follow guidelines and making it easier for API platform teams to make sure that guidelines are being followed.

In this interview, Stoplight's Phil Sturgeon talks about Spectral. Spectral is an open-source general-purpose JSON/YAML linter, but it does come with built-in support for API-related formats such as OpenAPI, AsyncAPI, and JSON Schema. We discuss why Spectral is useful and what Spectral can do to help with managing APIs and API landscapes.