Contents tagged with HTTP

  • HTTP Pattern Index

    When building HTTP based applications we are limited to a small set of HTTP methods in order to achieve the goals of our application. Once our needs go beyond simple CRUD style manipulation of resource representations, we need to be a little more creative in the way we manipulate resources in order to achieve more complex goals. Continue reading...

  • Back to my core

    I've spent a large part of the last two years playing the role of a technical marketeer.  Call it developer advocate, API Evangelist, or my favourite title, API Concierge, my role was to engage with developers and help them, in any way I could, to build better HTTP APIs.  I have really enjoyed the experience and had the opportunity to meet many great people.  However, the more you hear yourself talk about what people should do, the more you are reminded that you aren't actually doing the stuff you are talking about any more.  The time has come for me to stop just talking about building production systems and start doing it again. Continue reading...

  • Azure API Management Resources

    Although I know my HTTP and Web API pretty well, becoming an API Evangelist on the Azure API Management team means also needing to know the nitty gritty of the Azure API Management product too.  In my learning process I have discovered a wealth of useful information, but it is scattered around a little.  Some is on the Azure documentation site, some on Channel 9, some on YouTube and some awesome content from our Microsoft MVPs.  This post is my attempt to gather it together to make it a bit easier to find.  Continue reading...

  • A Fresh Coat Of REST Paint On A SOAP Stack

    In my experience, once a SOAP API gets into production and is working, nobody wants to touch it.  They can be very finicky beasts. Sometimes the most innocuous update can stop a client application in its  tracks.  Exposing a SOAP API to external customers just raises the risk level.  One approach I frequently see is putting an HTTP or REST API in front of the SOAP stack.  This adds a layer of indirection that allows some wiggle room into the exposed API.  This blog posts talks about some of the issues to consider when trying to build a resource oriented HTTP API as a façade to a SOAP API. Continue reading...

  • In The Mood For HTTP - Episode 3

    The recording for episode #3 is now available on Crowdcast and YouTube. In this episode we cover issues like API description languages, security weaknesses in HTTP APIs and the illusive HTTP status code 410 Gone. Continue reading...

  • In The Mood For HTTP - Open Q&A

    As a software developer today it is pretty difficult to avoid working with HTTP in some capacity.  There also seems to be a growing desire among developers to get a deeper understanding of the protocol.  Recently Glenn Block and I decided it might be interesting to do a online Q&A about HTTP and try and answer developer questions. Continue reading...

  • Navigating DRY IETF Specs

    I've been reading IETF specifications for a number of years now and I find them fairly pleasant to read.  But I remember when I started there were a whole bunch of huh!? moments.  Since then I have learned many of the conventions and developed a few tricks that make the process easier.  I was just reminded of one of those huh!? moments and figured I would share my solution. Continue reading...

  • Service Discovery : Redux

    Yesterday, I had a thought.  It didn't fit into a tweet so wrote a few paragraphs.  I was very pleased with myself, finally getting round to writing again after a few months off.  That was, until two different people who I respect highly, told me I was wrong.  That part sucked. Continue reading...

  • Service Discovery, The Easy Way

    Here's a thought that wouldn't fit into a tweet and will serve the purpose of breaking my blogging dry spell.  With all the attention that microservices is currently receiving I regularly hear people talking about service discovery.  When trying to co-ordinate multiple different services working together, it is critical to be able to dynamically configure which services will perform what services, for which consumers. Continue reading...

  • Are You Or Your Customers Leaking Your API Keys?

    Several months ago I wrote a post called Where, oh where, does the API key go?  I encouraged API providers to allow consumers to put the API Key in the Authorization header to help avoid accidental disclosure of keys via things like web server logs.  I recently bumped into a way that anyone can harvest hundreds of API keys from many different web sites, including ones that charge significant amounts of money for access. Continue reading...

  • Share Your Code, Not Your API Keys

    Part of my role at Runscope involves me writing OSS libraries or sample projects to share with other developers.  I also regularly use 3rd party APIs in the process.  This requires the use of API keys and other private data that I'd rather not share.  Unfortunately it is all too easy to leave a key in a source code file and accidentally commit it to a public source control repository. Continue reading...

  • Don't Design A Query String You Will One Day Regret

    When writing the Web API book, we decided that there was no way we would ever finish if we tried to address every conceivable issue.  So we decided to setup a Google Group where readers of the book could ask for clarifications and ask related questions.  One question I received a while ago has been sitting on my to-do list for way too long.  The question from Reid Peryam is about query resources.  This is my answer. Continue reading...

  • Where, oh where, does the API key go?

    Yesterday on twitter I made a comment criticizing the practice of putting an API key in a query string parameter.  I was surprised by the amount of attention it got and there were a number of responses questioning the significance of my objection.  Rather than try and reply in 140 character chunks, I decided a blog post was in order. Continue reading...

  • Constructing URLs the easy way

    When building client applications that need to connect to a HTTP API, sooner or later you are going to get involved in constructing a URL based on a API Root and some parameters.  Often enough when looking at client libraries I see lots of ugly string concatenation and conditional logic to account for empty parameter values and trailing slashes.  And there there is the issue of encoding.  Several years ago a IETF specification (RFC 6570) was released that described a templating system for URLs and I created a library that implements the specification.  Here is how you can use it to make constructing even the most crazy URLs as easy as pie. Continue reading...

  • REST–The Chocolate Chip Cookie Analogy

    At a recent conference, I found myself once again in a conversation about the meaning of the term REST.  I’ve had this conversation so many times, that I tend to forget that not everyone has heard my take on the subject.  The conversation ended with a “you should blog that…”.  Continue reading...

  • Implementing Conditional Request Handling for your API

    In the previous post in this series on Conditional Requests I introduced the topic of validators, their purpose and how they can be constructed.  A large chunk of the work that needs to be done to support conditional requests is done by the origin server.  This blog post is about that role. Continue reading...

  • HTTP in depth

    Over the past few months I have written a number of posts relating to HTTP that have attempted to clarify some of the lesser understood areas of the HTTP specification and provide some practical guidance. Continue reading...

  • Using Etags and Last-modified headers to improve performance with HTTP conditional requests

    In the recent update of the HTTP specification, the details of conditional requests have been split out and given their whole own specification.  Most developers I talk to are familiar with the idea of 304 Not Modified response code, but whenever we start to dig deeper everyone, myself included, are missing pieces of the puzzle. This article is one of a series of blog posts that attempts to dig in to aspects of HTTP and provide practical guidance on their usage. Continue reading...

comments powered by Disqus