This is issue 2022.12 of the API Changelog, a weekly mix of API news, commentary, and opinion. In this issue, you’ll get to know the most relevant API-related information from the week of March 21, 2022. Subscribe now, so you never miss an issue of the API Changelog.
Funding and M&A
Postman announced its plans to open an API Lab at the Birla Institute of Technology and Science, Pilani. The opening, set to happen in December 2022, will provide a space for students to build new API-related skills.
Twilio announced the release of Flex Conversations. The new feature is available on Twilio Flex, a programmable cloud contact center. Flex Conversations is an API that combines all chat channels under a single interface.
Vikas Vijendra wrote “Why selecting the right API architecture is critical in a microservices world.” In this article, Vikas compares the REST, gRPC, and GraphQL API architectures. According to the author, choosing a single architecture is often not easy, so it might be “beneficial to implement APIs with one approach and then use translation to expose in multiple formats.”
Brad Drysdale wrote “How APIOps is reshaping the entire API lifecycle.” This piece starts by defending that “to deliver the agility needed for rapid innovation, APIs must be built for consumption and reuse.” According to the author, APIOps is the solution to improve the quality of APIs, fostering their reuse.
Cheth Rowe wrote “Semantically Inflect Your API Routes.” The author begins the article by exploring how ambiguity in API definition increases technical debt. A good example is a choice of using plural or singular nouns to represent resources. According to the author, you should use a combination of both plural and singular.
Neeraj Kushwaha wrote “A Guide to Designing RESTful APIs.” This article is a comprehensive list of rules for URI Format, URI Authority Design, Resource Modeling, URI Path Design, URI Query Design, Request Methods, Response Status Codes, and HTTP Headers.
Ted Spence wrote “Don’t give your API bad error messages.” In this piece, Ted shares a story about an API that had a misleading error message. The author then explores different ways in which you can improve the error messages of your API. According to Ted, in numerous instances, “your error messages are the only tutorial your customers will ever get.”
Vedran Cindric wrote “11 Best Practices for Writing API Documentation.” Vedran starts by explaining what API documentation is and what types of documentation exist. The author then shares his list of 11 best practices that include offering tutorials, using clear language, and writing developer guides.
Prince Igwenagha wrote “A Guide to OAuth2.0 Authorization with Django Rest Framework.” In this article, Prince explains what the different types of API authorization are going deep into OAuth. The author then shares the steps needed to have OAuth working.
Moisei Shkil wrote “GraphQL, what, why, and when?” This piece is an overview of what GraphQL is and what its features are. The author also shares his opinion about why you should use GraphQL. According to Moisei, “not all the scenarios are a good fit for GraphQL.” Cases when you should use it include limited bandwidth, complex data systems, and APIs with many breaking changes.
Marin Tudor wrote “Setting up a NodeJS API with TypeScript.” In this article, Marin shares a step-by-step guide to building an API using TypeScript. This is the second part of a series, focused on testing, security, and containerization.
Lebin Cheng wrote “A Search for API Security in the Operator’s Tool Box.” This article focuses on the concept of API Security seen from a user’s perspective. The author explains the concept of Web Application and API Protection (WAAP) and what its role is in protecting APIs. According to the author, “modern API-driven applications make it necessary to introduce a new API security solution to complement the existing WAF+API Gateway to implement a complete WAAP.”
Bruce Lynch wrote “API Gateway or not, You Need API Security.” This piece explains what access management security API gateways provide and what else you need to defend your APIs against attackers. The author shares that “managing and securing APIs from a single platform is critical to gaining essential security insights.”