API Digest #72: What to Do when a Massive Cyber Attack Brings Down APIs

Published 3 July 2017 | Updated 12 May 2020 |

We are back with the traditional fortnight API Digest, and in this issue you are going to see a wrap-up of the following articles:

  • What to do when a massive cyber attack brings down APIs;
  • Best practices for API error handling;
  • When designing APIs, good path matters;
  • 4 mantras for designing scalable APIs;
  • Using service virtualization (API mocking) to unblock teams;
  • Lessons learnt from integrating with 3rd-party API’s;
  • Why your API onboarding sucks and what you can do to improve it;
  • How I took an API side project to over 250 million daily requests with a $0 marketing budget.

If your product utilizes information collected from APIs provided by the breached affected companies and agencies, then your product may have also been affected by cyber attack — even if your own servers were not affected. In his article “What to do when a massive cyber attack brings down APIs”, Kevin Farnham outlines some principles for coping with API outages due to massive cyber attacks.

Kristopher Sandoval shares best practices for API error handling. He shows common error code classifications the average user will encounter, as well as some examples of these codes in action. Also, he talks a bit about what makes a “good” error code and what makes a “bad” error code, and how to ensure your error codes are up to snuff.

When you are crafting the structure of your APIs, especially those to be exposed externally to the public, every word matters, and the message needs to be concise and free of anything extraneous, ample time is required to engineer the message. Paul Dumas knows that when designing APIs, good path matters”.

And another article by Kristopher Sandoval where he shares 4 mantras for designing scalable APIs, and what it actually means. Plus, he explains why scalability is so incredibly important for designing robust APIs and microservices, and consider the implications of proper scalability on the web industry as a whole. Finally, Kristopher provides four mantras; four basic and repeatable concepts that will help any provider adopt scalability and reap its rewards.

There’s no denying that a well-written test suite breeds a better product. Not only does it provide a high level of confidence in your code, but it also covers your butt whenever you make any changes. In the article “Using service virtualization (API Mocking) to unblock teams”, Zachary Flower provides a few ways mocking can help you overcome the most common problems you face when delivering software.

Integrating multiple platforms is not an easy thing, even if two companies use the exact same CRM, people will store and structure their data in fundamentally different ways, have their own language and syntax to describe what data categories mean and want other tools to work in a way that is most familiar to them. Damon Swayn shares some his lessons learnt from integrating with 3rd-party API’s.

API onboarding is about how easily (or the opposite) new API consumers learn how your API works, what it can do and what problems it solves. Most of the API owners want to have a hockey stick growth rate in new API consumers out of which some end up paying for you. Jarkko Moilanen explains why your API onboarding sucks and gives some advices on what you can do to improve it”.

Finding someone to market an API is like finding a unicorn. They need the technical knowledge to understand the API in detail, the communication skills to explain it, and the salesmanship to say why it’s the best. No one seems to have a concrete system, either — developer evangelists are encouraged to “win the hearts” of the dev community. But IP Info founder has managed to take an API side project to over 250 million daily requests with a $0 marketing budget.

For more API news and insights, read API developer weekly #167 and #168 by Keith Casey and James Higginbotham.

See you in a fortnight! In the meanwhile, send us article suggestions and ideas. Either way, we are happy to hear from you. :)

P.S. In case you’d be interested in trying API2Cart, you can create an account and see how the API works on live stores.