Recently Brian Mulloy (@landlessness) and Marsh Gardiner (@earth2marsh) hosted a webinar on API design and Pragmatic REST. We've included the video of the recording and the slides.
Thanks to everyone that attended yesterday's RESTful API Design Webinar (and thanks to our presenters @earth2marsh and @landlessness). We've included the video and slides!
We're starting to get some great questions from signups for next week's API design webinar: "Pragmatic REST - API Design Fu".
Here's one we'll comment on now and then talk about more next week.
Q: "For API Versioning. Doesn't seem very RESTful to version a resource. Can it be avoided by using implementation and specification versions described in the Sun API Cloud Documentation?"
A: Your question is an insightful one. Versioning is an open issue for REST API design in practice.
Clearly, an API will need to change it's behavior over time. As it changes application developers will need...
We've written on the topic of API threat detection before, and also outlined a top 10 API threats" to guard against, but race conditions are another area in which APIs are also vulnerable. A race condition is a bug where the output is dependent on a sequence of timing of other events. APIs are vulnerable to a type of race condition called TOCTTOU (pronounced "TOCK TOO"). During this crack in time, malicious users are using race conditions that have been exploited as security vulnerabilities in systems for almost 4 decades.
We've implemented a couple dozen OAuth implementations in the past months, and no two have been the same. We've seen Oauth 1.0a (2-legged,3-legged), Oauth 2.0 (username password, user-agent, web-server flow) with custom token types (bearer,mac, saml). Just to name a few. We wanted to write some posts that discuss factors we see that drive these variances and their implications. We also want to compare and contrast each of these variances along with our own lessons learned.
Thanks to everyone that attended yesterday's API Strategy Workshop Webinar (and thanks to our presenters @sramji and @landlessness). We've included the video and slides!
Ever need to explain why APIs are so powerful to someone at your company? Need an easier way to think about the different API strategy options?
Join us for a Webinar - “Mapping Out Your API Strategy” - this Wednesday, April 20 at 11 am PST / 2 pm EST.
It's free (of course) and you can sign up at this registration page.