OpenAPI Formats Registry, API Contract Testing with KarateDSL, Data Privacy Challenges
This is issue 2022.05 of the API Changelog, a weekly mix of API news, commentary, and opinion. In this issue, you’ll get to know the most relevant API-related information from the week of January 31, 2022. Subscribe now, so you never miss an issue of the API Changelog.
Funding and M&A
Bamboo, an investment platform, raised $15M in a Series A round. Tiger Global and Greycroft led the investment, with participation from Motley Fool Ventures, Saison Capital, and Chrysalis Capital, among others.
Ayoconnect, an open finance platform, raised $15M in a Series B round. Tiger Global led the investment, with participation from PayU, and Alto Partners, among others.
Fiat Republic, a banking and payments API, raised $3.5M in a Seed round. Speedinvest led the investment, with participation from SoftBank Vision Fund Emerge Program, and Seedcamp, among others.
Announcements
Google released the URL Inspection API. According to Search Engine Land, the API has 2,000 queries per day and 600 queries per minute limits.
Nodle, a decentralized IoT network, announced its partnership with OnFinality, a blockchain infrastructure service. According to CryptoNinjas, the OnFinality integration allows users “to query a set of RPC and Websocket endpoints for the Nodle chain,” and “spin up a node for the Nodle chain in just a few clicks.”
The OpenAPI Initiative announced the release of the Formats Registry draft. The registry allows developers to consult a total of 12 formats, from binary to uint8. According to Darrel Miller, an OpenAPI contributor, the goal of the Formats Registry is to provide information about registered formats and, if there is interest, they “should definitely consider adding machine-readable validation.”
Render, a zero DevOps platform, announced the release of a public API. VentureBeat reports that “Render claims anyone can build a fast, secure, and scalable website or API with just a line of code.”
Postman announced the release of integrated API monitoring. Shashank Awasthi, a product manager at Postman, wrote that this release lets you “connect to various analytics, incident management, and internal messaging tools.”
WunderGraph announced the release of WunderHub, the package manager for APIs, in a public beta. With WunderHub, “developers get a centralized repository to store and share APIs of any kind.” The solution is similar to Docker Hub or npm, but specifically for APIs.
Ideal, an investment analytics company, announced the release of a Crypto Analytics API. The new API provides cryptocurrency market data extracted from the Pyth network.
API-first
Gunasundaram wrote “Introduction To API design.” In this article, the author explains what an API is, what types of APIs exist, and what their advantages and disadvantages are. The author then proposes five principles of API Design: simplicity, data format, method structure, data model, and authentication.
Faizal Sheriff wrote “How to design Powerful APIs via Nolan’s The Prestige.” Faizal compares API Design to the movie The Prestige. The author splits the article into three sections that correspond to three stages of the movie — and API Design. According to Faizal, the prestige, or the last stage of API Design, is when you unlock the value of the API to customers.
Dominic C wrote “A Structured Approach to Designing Intent-Based APIs.” In this piece, Dominic argues that Intent APIs have the benefits of pulling business logic away from the consumer, and exposing fine-grained actions. Intent APIs are neither REST nor RPC in the way they expose resources. However, they share the constraints of REST.
Management
Tyler Hawkins wrote “CI for APIs With the Kong Insomnia CLI and GitHub Actions.” The article is a step-by-step guide into doing continuous integration using the Kong Insomnia CLI and GitHub Actions.
Jon Udell wrote “How SQL can unify access to APIs.” In this provocative essay, Jon asks if API plugins can be built on RDMS. He argues that SQL is “positioned to become the API unifier that we need more than ever.”
Jay Allen wrote “API Gateway REST vs. HTTP API: What Are The Differences?” In this piece, Jay compares two common approaches to implementing APIs using the AWS API Gateway. Jay summarizes his findings by mentioning that “the major difference between REST APIs and HTTP APIs are in performance and price. In short, HTTP APIs are the winner in both.”
Practice
Ivan Garcia Sainz-Aja wrote a series of articles on using KarateDSL to perform API contract testing. “From Manual to Contract Testing with KarateDSL and KarateIDE” is a dense material that guides you through topics such as contract testing, code generation, authentication, request and response validation, and mock servers.
Alex Shevchenko wrote “Stop writing the same code. Generate it.” In this article, Alex shares his view on code duplication and proposes a way to reduce the effort by generating code. The author shares his experience with Jinn, a code generator for PHP frameworks, and how it can, among other things, generate CRUD APIs.
Ted Spence wrote “Building SDKs in five languages.” In this piece, Ted exposes his experience in writing SDKs for TypeScript, DotNet Core, Java, Python, and Ruby.
Security
Jason Kent wrote “The Account Takeover Cat-and-Mouse Game.” Jason shares his view on ATO (Account Takeover) attacks and shares that attacks on login APIs increased by 62 percent between June and December 2021.
Sushim Mukul Dutta wrote “Privacy Engineering APIs — Challenges and Guardrails.” In this article, Sushim explores the challenges that you face when you have to handle privacy-related data. The author shares the story of Borneo’s Application Privacy Data Management. They have shifted the problem left by “designing the solution for the developer’s persona to understand the problem and prevent it from happening,” instead of focusing on the symptoms.
Security Boulevard published “Tips for API Security Testing” where they share their view on the subject and some tools that can help you.
CISA, the USA Cybersecurity & Infrastructure Security Agency, issued advisory ICSA-22–034–02 warning of critical vulnerabilities in Airspace Networks Mimosa. According to ZDNet, “There is no evidence that the vulnerabilities have been exploited in the wild.” However, the vendors recommend an upgrade of existing deployed solutions.