Recent Posts

  • Back to my core

    I've spent a large part of the last two years playing the role of a technical marketeer.  Call it developer advocate, API Evangelist, or my favourite title, API Concierge, my role was to engage with developers and help them, in any way I could, to build better HTTP APIs.  I have really enjoyed the experience and had the opportunity to meet many great people.  However, the more you hear yourself talk about what people should do, the more you are reminded that you aren't actually doing the stuff you are talking about any more.  The time has come for me to stop just talking about building production systems and start doing it again. Continue reading...

  • Azure API Management Resources

    Although I know my HTTP and Web API pretty well, becoming an API Evangelist on the Azure API Management team means also needing to know the nitty gritty of the Azure API Management product too.  In my learning process I have discovered a wealth of useful information, but it is scattered around a little.  Some is on the Azure documentation site, some on Channel 9, some on YouTube and some awesome content from our Microsoft MVPs.  This post is my attempt to gather it together to make it a bit easier to find.  Continue reading...

  • A Fresh Coat Of REST Paint On A SOAP Stack

    In my experience, once a SOAP API gets into production and is working, nobody wants to touch it.  They can be very finicky beasts. Sometimes the most innocuous update can stop a client application in its  tracks.  Exposing a SOAP API to external customers just raises the risk level.  One approach I frequently see is putting an HTTP or REST API in front of the SOAP stack.  This adds a layer of indirection that allows some wiggle room into the exposed API.  This blog posts talks about some of the issues to consider when trying to build a resource oriented HTTP API as a façade to a SOAP API. Continue reading...

  • In The Mood For HTTP - Episode 3

    The recording for episode #3 is now available on Crowdcast and YouTube. In this episode we cover issues like API description languages, security weaknesses in HTTP APIs and the illusive HTTP status code 410 Gone. Continue reading...

  • In The Mood For HTTP - Open Q&A

    As a software developer today it is pretty difficult to avoid working with HTTP in some capacity.  There also seems to be a growing desire among developers to get a deeper understanding of the protocol.  Recently Glenn Block and I decided it might be interesting to do a online Q&A about HTTP and try and answer developer questions. Continue reading...

  • 302 - Found

    After an interesting summer of working on OSS projects, doing a keynote in Australia at DDDMelbourne, and getting ever closer to finishing that Pluralsight course, I now have a new role to sink my teeth into Continue reading...

  • Navigating DRY IETF Specs

    I've been reading IETF specifications for a number of years now and I find them fairly pleasant to read.  But I remember when I started there were a whole bunch of huh!? moments.  Since then I have learned many of the conventions and developed a few tricks that make the process easier.  I was just reminded of one of those huh!? moments and figured I would share my solution. Continue reading...

  • There Is Almost Nothing to See Here

    I just read Adam Ralph's post Blog == Weblog and I was inspired.  I started blogging 10 years ago because I wanted an outlet for my thoughts.  I didn't take it particularly seriously as you would see if you dig back to the early days.  [ed note: which would be easier if my blog host actually provided an index to those old posts.] However,  I enjoyed reading about the miscellaneous thoughts that went through the heads of people who I respected, and I enjoyed sharing my own. Continue reading...

  • Service Discovery : Redux

    Yesterday, I had a thought.  It didn't fit into a tweet so wrote a few paragraphs.  I was very pleased with myself, finally getting round to writing again after a few months off.  That was, until two different people who I respect highly, told me I was wrong.  That part sucked. Continue reading...

  • Service Discovery, The Easy Way

    Here's a thought that wouldn't fit into a tweet and will serve the purpose of breaking my blogging dry spell.  With all the attention that microservices is currently receiving I regularly hear people talking about service discovery.  When trying to co-ordinate multiple different services working together, it is critical to be able to dynamically configure which services will perform what services, for which consumers. Continue reading...

  • Dot Net Fringe

    The last few days I spent at the DotNetFringe conference in Portland.  Considering this was the first time this conference has been run it was executed spectacularly well. Continue reading...

  • Solving Dropbox's URL Problems

    A recent post on the Dropbox developer's blog post talked about the challenges of constructing URLs due to the challenges of encoding parameters.  They proposed the idea of using encoded JSON to embed parameters in URLs. I believe URI Templates offer a much easier and cleaner way to address this issue.  This blog posts shows how. Continue reading...

  • API Design Notes: Smart Paging

    If you spend any time reading about API design or working with APIs you will likely have come across the notion of paging response data.  Paging has been used in the HTML web for many years as a method to provide users with a fast response to their searches.  I normally spend my time advocating that  Web APIs should emulate the HTML web more, but in this case I believe there are better ways than slicing results into arbitrary pages of data. Continue reading...

  • Are You Or Your Customers Leaking Your API Keys?

    Several months ago I wrote a post called Where, oh where, does the API key go?  I encouraged API providers to allow consumers to put the API Key in the Authorization header to help avoid accidental disclosure of keys via things like web server logs.  I recently bumped into a way that anyone can harvest hundreds of API keys from many different web sites, including ones that charge significant amounts of money for access. Continue reading...

  • Share Your Code, Not Your API Keys

    Part of my role at Runscope involves me writing OSS libraries or sample projects to share with other developers.  I also regularly use 3rd party APIs in the process.  This requires the use of API keys and other private data that I'd rather not share.  Unfortunately it is all too easy to leave a key in a source code file and accidentally commit it to a public source control repository. Continue reading...

  • Don't Design A Query String You Will One Day Regret

    When writing the Web API book, we decided that there was no way we would ever finish if we tried to address every conceivable issue.  So we decided to setup a Google Group where readers of the book could ask for clarifications and ask related questions.  One question I received a while ago has been sitting on my to-do list for way too long.  The question from Reid Peryam is about query resources.  This is my answer. Continue reading...

  • Hypermedia, past, present and future

    Hypermedia is not a new concept, it has been around in various forms since the 1960s.  However, in the past seven years there has been a significant resurgence of interest in the concept.  This blog post contains my reflections on the past few years, where we currently are and where we might be headed in the use of hypermedia for building distributed applications. Continue reading...

comments powered by Disqus