Articles
๐ 10 Tools For API Contract Testing
The article provides an overview of ten tools for API contract testing, including PactFlow, HyperTest, Spring Cloud Contract, Dredd, Karate, REST Assured, Microcks, Assertible, WireMock, and Postman. Each tool is briefly described with a list of pros and cons to help developers choose the most suitable tool for their specific needs.
๐ 6 Potential Risks of Using Third-Party APIs
The article discusses the potential risks of using third-party APIs, including blindly trusting data from services, hallucinations and LLM risks for third-party GenAI APIs, improper input validation on incoming data, outages or denial of service attacks, versioning or breaking changes on the client-side, and improper inventory management and shadow APIs. The author emphasizes the importance of thoroughly vetting third-party APIs before using them to mitigate these risks.
๐ Defend your graphql server against excessive resource consumption
The article discusses how the flexibility of GraphQL, which allows users to request exactly the resources and attributes they need, can be exploited by malicious users to pose significant risks to server stability. The author highlights the risks of unrestricted resource consumption, including over-fetching data and abusing pagination features. To mitigate these risks, the author suggests implementing controls that restrict the amount of data that can be requested, setting limits on the size and number of queries, implementing rate limiting, and using web application firewalls and API security tools.
๐ Just Negotiate the Interface. I Do Not Care About Your Backend, nor Should You Care About Mine
The article argues that when designing APIs, technologists should focus on the interface between a producer and consumers, rather than their backend systems. The author suggests that many API producers fail to consider the needs of their consumers, focusing instead on their own tools and programming languages. He emphasizes that APIs should provide only the digital resources and capabilities needed to accomplish what both API producers and consumers care about, without bringing unnecessary backend complexities into the equation.
๐ It Is Easy To Mix Up API Policy Scope and Talk Past Each Other
The article discusses the challenges in API conversations due to their virtual nature and the multiple perspectives and scopes involved. The author highlights how easy it is for people to talk past each other when discussing APIs, with one person focusing on one level and another on a different level. He suggests using JSON Schema to ground API conversations and ensure everyone is on the same page. The author also emphasizes the importance of understanding where someone is in their API journey and their role in producing and consuming APIs to ensure conversations are at the right scope and level.
๐ OpenAPI Was Successful Because...
The article discusses the success of OpenAPI, a machine-readable format for defining the surface area of HTTP APIs. The author attributes the success of OpenAPI to its origins in Swagger and its ability to align teams producing APIs with each other and with consumers. The transition of Swagger to OpenAPI in 2015, which allowed OpenAPI to be expressed as JSON or YAML, made APIs more tangible and accessible, leading to standardization across teams and industries. The author also highlights the role of leading public API providers and service and tooling providers in promoting OpenAPI. Despite challenges, the author predicts a resurgence of tooling that will continue to evolve the use of OpenAPI.
๐ RabbitMQ 4.0: Native AMQP 1.0
The article announces that RabbitMQ 4.0 now supports AMQP 1.0 as a core protocol, offering benefits such as modernization, support for more AMQP 1.0 features, improved performance and scalability, and greater interoperability with other AMQP 1.0 message brokers. The author provides a detailed history of AMQP and compares AMQP 0.9.1 and AMQP 1.0, highlighting the differences and the reasons for AMQP 0.9.1's popularity. The article also discusses the reasons for RabbitMQ 4.0's upgrade to AMQP 1.0 and introduces two new AMQP 1.0 client libraries developed specifically for RabbitMQ. The author concludes by discussing RabbitMQ 4.0's modernization journey and encouraging users to try and test AMQP 1.0 in RabbitMQ 4.0.
๐ RabbitMQ 4.0: New Quorum Queue Features
The article announces new features in RabbitMQ 4.0's quorum queues, including message priorities, consumer priorities combined with Single Active Consumer, a default delivery limit of 20, and faster recovery of long queues. The author explains how each feature works and provides visual representations to illustrate their functionality. The article also discusses the changes in AMQP 1.0 support in RabbitMQ 4.0, comparing it with previous versions and highlighting the benefits of the upgrade.
The article discusses the status of the Debezium UI project, explaining that while the UI for Debezium is important, developing a UI strictly tied to Kafka Connect is not the right direction. Therefore, the development of the current web UI project has been frozen. The team plans to create a new UI that supports multiple deployment models, starting with Debezium Server deployed on Kubernetes. The new UI will operate with data pipelines, allowing users to define the source, destination, and any data transformations. The author invites readers to try the early proof of concept and provide feedback on necessary features and visual impressions.
๐ Why You Should Hack Your Own APIs
The article discusses the importance of hacking one's own APIs to ensure their security. The author highlights that APIs are attractive to attackers as they enable them to bypass the need to engage with the UI of web or mobile apps. He provides examples of real-world breaches caused by problems with APIs and suggests that developers should approach security by trying to hack their own APIs. The author also presents a methodology for combating attacks, which includes automating testing, ensuring comprehensive testing of every endpoint, and integrating testing into the software development lifecycle.
Apache APISIX
๐ When (not) to write an Apache APISIX plugin
The article discusses alternatives to writing a plugin for Apache APISIX. These include using the vars and filter_func parameters, the serverless plugin, the script parameter, and the meta.filter parameter. The author suggests these alternatives can often provide simpler and more efficient solutions for specific needs.
Gravitee
๐ Elevate Your Event-native API Management Skills with Gravitee's Newest Certification!
Gravitee has launched the Gravitee Event-Native API Management Architect (gENAA) certification program, the final part of its Event-Native API Management certification series. The advanced certification is designed for professionals who want to master the most sophisticated aspects of Graviteeโs API management capabilities. The course covers advanced API security, complex API configuration, API monetization and management, and future-proofing skills. The certification is designed around practical, real-world use cases and offers a hands-on approach to learning.
Mulesoft
๐ MuleSoft: Client Apps vs Connected Apps
The article discusses the differences between Client Apps and Connected Apps in the context of MuleSoft's API management. Client Apps are applications that consume APIs managed by Anypoint Platform, while Connected Apps are applications registered within Anypoint Platform to interact with the platformโs APIs and services securely. The author highlights the key characteristics, use cases, and differences between the two types of apps. He also points out the commonalities between them, such as their design for secure access to APIs and resources, permissions control, audit logs, and subject to security policies. The article concludes by emphasizing the importance of understanding the distinct roles of Client Apps and Connected Apps for optimizing API and platform management strategies.
WSO2
๐ Introducing the New Visual Data Mapper for WSO2 Micro Integrator
The article introduces the new visual data mapper for WSO2 Micro Integrator, which simplifies data integration by providing a graphical interface for managing data flows. The data mapper leverages TypeScript to ensure the code serves as the diagram, guaranteeing type safety for mappings and identifying type incompatibilities and errors swiftly. The new tool also features a scalable UI design, support for reusable sub mappings, an expression editor within the mapping UI, array filtering based on conditions, predefined operators for common transformations, and the ability to use custom functions. The author provides a step-by-step guide on how to create mappings using the new data mapper.
Releases
๐ Microcks 1.10.0
The article announces the 1.10.0 release of Microcks, a CNCF open-source cloud-native tool for API Mocking and Testing. The new release introduces a visual data mapper, which simplifies data integration by providing a graphical interface for managing data flows. The new features of the release include stateful mocks support, a new lightweight API Examples specification format, enhancements in the Uber and Native distributions, and a refresh on installation dependencies.
Books
๐ Learning Azure API Management by Naman Sinha
The book provides a detailed exploration of the platform, covering everything from basic concepts to advanced features. It guides readers through the entire API lifecycle, including designing, developing, publishing, managing, and securing APIs. The book is filled with practical examples and hands-on exercises, making it suitable for developers and IT professionals aiming to build and manage reliable APIs using Azure. By the end of the book, readers will have the skills to build and manage robust APIs. The book is intended for Azure developers, DevOps engineers, backend engineers, and anyone interested in building, managing, and securing APIs on the Azure platform.
๐ Mastering Postman, Second Edition by Oliver James
The new edition focuses on the updated features of Postman 11, covering every stage of the API lifecycle, including design, documentation, implementation, automated testing, error handling, real-time monitoring, and more. The book also discusses Postman's new scripting features, improved integration options, real-time collaboration tools, performance testing features, and the latest Postman CLI. It aims to provide developers with modern methods and best practices for API development.