API Digest #71: You are Not Google

20 July 2017 |

Hello there! We are back with our traditional fortnight API Digest! Let’s start with introducing the topics which you are going to read this time:

  • API document generators can fall woefully short on meeting accessibility guidelines;
  • Why you should always use access tokens to secure an API;
  • Business drivers for microservices adoption: the big 3;
  • You are not Google;
  • The successes and (mostly) failures of a developer evangelist;
  • How serverless is shaping the future of software development;
  • Setting the rules for API automation.

Thanks to standardization, API specification files are increasingly being used in automated build systems, and can even be used to auto-generate documentation. However, there comes a cost to this automation: As Mark Boyd states, API document generators can fall woefully short on meeting accessibility guidelines.

There is much confusion on the Web about the differences between the OpenID Connect and OAuth 2.0 specifications, and their respective tokens. As a result, many developers publish insecure applications, compromising their users' security. In this article, Maria Paktiti clarifies what is what and explains why you should always use an access token to secure an API, and never an ID token.

K Hawkins describes three the biggest business drivers for microservice adoption, which are IT Modernization, Digital Transformation, and Growth & Expansion and their differences. The article covers their specific pain points, best practices to address the challenges, and of course, a few solutions are provided along the way.

Ozan Onay encourages all to remember when choosing a technology for their business, that you are not Google and it is not a good practice to copy big companies. It doesn’t mean that particular technologies used by Amazon or LinkedIn will suit you as well.

Ash Hathaway (@ash_hathaway) has launched The Evangelism Compendium, the successes and (mostly) failures of a developer evangelist email newsletter, which  Kin Lane considers to be a great idea, as his readers have long been requesting more honest stories from API practitioners regarding every stop along the API lifecycle from defining to deprecation. So, he encourages API providers to actively share their stories publicly on their blog, and even semi-privately via email newsletters.

Serverless architectures are often positioned as the next big thing in cloud computing, but what exactly is serverless, who is utilizing these tools and services, and how is this ecosystem maturing? Benjamin Ball introduces the interview with Mike Roberts, co-founder of Symphonia.io where the latter answers to all these questions regarding serverless architectures.

Twitter released some automation rules this spring, laying the ground rules when it comes to building bots using the Twitter API. Some of the rules overlap with their existing terms of service, but it provides an interesting evolution in how platform providers need to be providing some direction for API consumers in a bot-driven conversational landscape.

For more API news and insights, read API developer weekly #165 and #166 by Keith Casey and James Higginbotham.

See you in a fortnight! In the meanwhile, send us article suggestions and ideas. Either way, we are happy to hear from you. :)

P.S. In case you’d be interested in trying API2Cart, you can create an account and see how the API works on live stores.