Recent Posts

  • OpenAPI is not what I thought

    Sometimes I do my best thinking in the car and today was an excellent example of this.  I had a phone call today with a the digital agency Authentic who have been hired to help you stop saying Swagger, when you mean OpenApi. I’m only partially kidding. They asked me some hard questions about why I got involved in the OpenAPI Initiative, and experiences I have had with OpenAPI delivering value.  Apparently this started a chain reaction of noodling in my subconscious because while driving my daughter to ballet, it hit me.  I’ve been thinking about OpenAPI all wrong. Continue reading...

  • HTTP Pattern Index

    When building HTTP based applications we are limited to a small set of HTTP methods in order to achieve the goals of our application. Once our needs go beyond simple CRUD style manipulation of resource representations, we need to be a little more creative in the way we manipulate resources in order to achieve more complex goals. Continue reading...

  • Back to my core

    I've spent a large part of the last two years playing the role of a technical marketeer.  Call it developer advocate, API Evangelist, or my favourite title, API Concierge, my role was to engage with developers and help them, in any way I could, to build better HTTP APIs.  I have really enjoyed the experience and had the opportunity to meet many great people.  However, the more you hear yourself talk about what people should do, the more you are reminded that you aren't actually doing the stuff you are talking about any more.  The time has come for me to stop just talking about building production systems and start doing it again. Continue reading...

  • Azure API Management Resources

    Although I know my HTTP and Web API pretty well, becoming an API Evangelist on the Azure API Management team means also needing to know the nitty gritty of the Azure API Management product too.  In my learning process I have discovered a wealth of useful information, but it is scattered around a little.  Some is on the Azure documentation site, some on Channel 9, some on YouTube and some awesome content from our Microsoft MVPs.  This post is my attempt to gather it together to make it a bit easier to find.  Continue reading...

  • A Fresh Coat Of REST Paint On A SOAP Stack

    In my experience, once a SOAP API gets into production and is working, nobody wants to touch it.  They can be very finicky beasts. Sometimes the most innocuous update can stop a client application in its  tracks.  Exposing a SOAP API to external customers just raises the risk level.  One approach I frequently see is putting an HTTP or REST API in front of the SOAP stack.  This adds a layer of indirection that allows some wiggle room into the exposed API.  This blog posts talks about some of the issues to consider when trying to build a resource oriented HTTP API as a façade to a SOAP API. Continue reading...

  • In The Mood For HTTP - Episode 3

    The recording for episode #3 is now available on Crowdcast and YouTube. In this episode we cover issues like API description languages, security weaknesses in HTTP APIs and the illusive HTTP status code 410 Gone. Continue reading...

  • In The Mood For HTTP - Open Q&A

    As a software developer today it is pretty difficult to avoid working with HTTP in some capacity.  There also seems to be a growing desire among developers to get a deeper understanding of the protocol.  Recently Glenn Block and I decided it might be interesting to do a online Q&A about HTTP and try and answer developer questions. Continue reading...

  • 302 - Found

    After an interesting summer of working on OSS projects, doing a keynote in Australia at DDDMelbourne, and getting ever closer to finishing that Pluralsight course, I now have a new role to sink my teeth into Continue reading...

  • Navigating DRY IETF Specs

    I've been reading IETF specifications for a number of years now and I find them fairly pleasant to read.  But I remember when I started there were a whole bunch of huh!? moments.  Since then I have learned many of the conventions and developed a few tricks that make the process easier.  I was just reminded of one of those huh!? moments and figured I would share my solution. Continue reading...

  • There Is Almost Nothing to See Here

    I just read Adam Ralph's post Blog == Weblog and I was inspired.  I started blogging 10 years ago because I wanted an outlet for my thoughts.  I didn't take it particularly seriously as you would see if you dig back to the early days.  [ed note: which would be easier if my blog host actually provided an index to those old posts.] However,  I enjoyed reading about the miscellaneous thoughts that went through the heads of people who I respected, and I enjoyed sharing my own. Continue reading...

  • Service Discovery : Redux

    Yesterday, I had a thought.  It didn't fit into a tweet so wrote a few paragraphs.  I was very pleased with myself, finally getting round to writing again after a few months off.  That was, until two different people who I respect highly, told me I was wrong.  That part sucked. Continue reading...

  • Service Discovery, The Easy Way

    Here's a thought that wouldn't fit into a tweet and will serve the purpose of breaking my blogging dry spell.  With all the attention that microservices is currently receiving I regularly hear people talking about service discovery.  When trying to co-ordinate multiple different services working together, it is critical to be able to dynamically configure which services will perform what services, for which consumers. Continue reading...

  • Dot Net Fringe

    The last few days I spent at the DotNetFringe conference in Portland.  Considering this was the first time this conference has been run it was executed spectacularly well. Continue reading...

  • Solving Dropbox's URL Problems

    A recent post on the Dropbox developer's blog post talked about the challenges of constructing URLs due to the challenges of encoding parameters.  They proposed the idea of using encoded JSON to embed parameters in URLs. I believe URI Templates offer a much easier and cleaner way to address this issue.  This blog posts shows how. Continue reading...

  • API Design Notes: Smart Paging

    If you spend any time reading about API design or working with APIs you will likely have come across the notion of paging response data.  Paging has been used in the HTML web for many years as a method to provide users with a fast response to their searches.  I normally spend my time advocating that  Web APIs should emulate the HTML web more, but in this case I believe there are better ways than slicing results into arbitrary pages of data. Continue reading...

  • Are You Or Your Customers Leaking Your API Keys?

    Several months ago I wrote a post called Where, oh where, does the API key go?  I encouraged API providers to allow consumers to put the API Key in the Authorization header to help avoid accidental disclosure of keys via things like web server logs.  I recently bumped into a way that anyone can harvest hundreds of API keys from many different web sites, including ones that charge significant amounts of money for access. Continue reading...

  • Share Your Code, Not Your API Keys

    Part of my role at Runscope involves me writing OSS libraries or sample projects to share with other developers.  I also regularly use 3rd party APIs in the process.  This requires the use of API keys and other private data that I'd rather not share.  Unfortunately it is all too easy to leave a key in a source code file and accidentally commit it to a public source control repository. Continue reading...

comments powered by Disqus