The question of whether OAuth is an effective mechanism for securing back-end resources comes up from time to time. Recently, an API developer asked whether OAuth is the right solution to secure an API that he plans to make available for mobile app development. All great questions to ask as you consider opening up your API. My take is as follows: If you are working on an API that will be used by third party developers, then there is no magic bullet that will prevent developers from using your API in bad ways. However I think that OAuth 2.0 helps you reduce the risk.
The app revolution has turned consumer expectations upside down in all areas of our lives, including in the cars we drive. Our connected cars are already filled with computing power and experiences influenced by consumer electronics. Forward-looking car makers have the pedal to the metal on further innovation. The video and slides for our recent webcast about the programmable car of the future are here.
Previously, we explored how to represent actions and metadata in response messages, specifically state transitions that come from a particular resource. Now, we'd like to discuss hypermedia APIs, one of the keys to offering resource representations rich with information and controls, such that information becomes the conduit by which the user obtains choices and selects actions.
I've been hearing about the virtues of NoSQL for a number of years, but only lately did I really have a good opportunity to dig in and see what all the fuss is about. As with many folks, my background with storage technologies has been 99% standard SQL in common relational databases. The big hurdle for me is how do I go about 'thinking' properly in this brave new world of NoSQL. To dig deeper I used a simple music database as an example.
In our previous discussions about API design, we outlined an API design strategy, discussed security measures, and the various elements that go into response messages, including search results and links. Now, let’s explore how we can represent actions and metadata in a response message.
Last time we talked about resource response messages. Here, we’ll turn our API design focus towards understanding how to represent search results and links in response messages. To begin, Facebook’s API documentation states that, “Selecting results is not the same as searching.” This is exemplified when we create a language string and query box to search across resource types, whereas when we limit a selection to a specific collection (like photos), you give up the idea of saying give me everything about