Low-Code Vendor Lock-In, Interfaces as a Universal Pattern, REST vs GraphQL Performance

This is issue 2022.04 of the API Changelog, a weekly mix of API news, commentary, and opinion. In this issue, you’ll get to know the most relevant API-related information from the week of January 24, 2022. Subscribe now, so you never miss an issue of the API Changelog.

Announcements

floLive, an IoT connectivity company, announced that Helix Wireless “will be using floNET, floLIVE’s global connectivity service, to provide consumer and IoT wireless solutions anywhere in the world.”

OpenAI announced the roll-out of new models that it considers less toxic. However, VentureBeat reports that the models are “limited to language for now, leaving the problem of toxicity in multimodal models unaddressed.” Text generation is prone to several types of toxicity, including misinformation, sexism, ageism, racism, and conspiracies.

Fintech

Finextra reported that Clearstream launched an API for Eurobonds. The API lets market participants obtain ISINs, make securities requests in real-time, and allocate associated common codes and identifiers of securities.

Lloyds Bank PayFrom Open Banking APIs are now being used by JCT600, a UK car retailer. The goal is to “remove friction from the checkout process, giving users an option that doesn’t require them to register, input card details, or share sensitive personal data.”

API-first

Sergey Konstantinov wrote “Interfaces as a Universal Pattern and The Serenity Notepad.” In this article, Sergey explores the challenge of extending an API without breaking consistency. The author claims that using interfaces, or abstractions, instead of specific implementations helps to understand how an API can evolve.

Rohit Motwani wrote “API-First Development with OpenAPI.” Rohit explains what API-first means, who is following it, and what its benefits are. The author then shares a step-by-step guide into how to adopt the API-first approach.

Management

Tech Times published “How API Integrations enhance the customer experience workflow.” The piece is a complete report on all the benefits of API integrations. According to the article, “APIs are the solution for connecting the dots between applications and information silos” and, for that reason, they improve the customer experience. Among the benefits, API integrations reduce the duplication of information, decrease the friction in business processes, increase interoperability between systems and data, and help businesses make better decisions.

Christoph Kappestein wrote “Thoughts about low/no code and vendor lock-in.” In this article, Christoph shares his view on the low-code/no-code space and how almost everyone is becoming a developer. Using a low-code/no-code solution can, however, create a strong lock-in that is hard to avoid. The author believes that vendor lock-in is the biggest challenge and argues that there could be a common way to define authored solutions that could increase the interoperability between vendors.

Peter Wayner wrote “14 API strategy gotchas to avoid.” The author reports that good APIs are difficult to create and maintain, and shares common issues to avoid in the process. According to Peter, the common things to avoid include feature bloating, lack of testing, choosing the wrong type of authorization scheme, and choosing the wrong pricing model for your API.

Practice

Bob Reselman wrote “Rest vs GraphQL: Performance and ease of use comparisons.” In this article, Bob compares two popular ways of exposing APIs: REST and GraphQL. The author argues that REST is less performant than GraphQL because “the caller has no control over the structure of the data returned from an API.” The piece compares both techniques in different areas such as performance, and verbosity.

Durgadas Kamath wrote “Document API using docgen.” Durgadas explains how you can document your API using a tool called Docgen that transforms a Postman Collection into HTML and Markdown documentation.

Security

Pieter Danhieux wrote “Three ways to lock down APIs.” In this article, Peter shares his advice on how to secure your APIs to avoid unauthorized access. According to the author, you should have tight identity controls, understand and limit the scope of access of API requests, and use a layered approach.

Val Dobrushkin wrote “Understanding APIs Role in Data Privacy.” Val argues that APIs have opened access to data that can be beyond the control of providers. Because APIs are often used by third parties, the way they handle private data is hard to manage.