Recent Posts

  • Dot Net Fringe

    The last few days I spent at the DotNetFringe conference in Portland.  Considering this was the first time this conference has been run it was executed spectacularly well. Continue reading...

  • Solving Dropbox's URL Problems

    A recent post on the Dropbox developer's blog post talked about the challenges of constructing URLs due to the challenges of encoding parameters.  They proposed the idea of using encoded JSON to embed parameters in URLs. I believe URI Templates offer a much easier and cleaner way to address this issue.  This blog posts shows how. Continue reading...

  • API Design Notes: Smart Paging

    If you spend any time reading about API design or working with APIs you will likely have come across the notion of paging response data.  Paging has been used in the HTML web for many years as a method to provide users with a fast response to their searches.  I normally spend my time advocating that  Web APIs should emulate the HTML web more, but in this case I believe there are better ways than slicing results into arbitrary pages of data. Continue reading...

  • Are You Or Your Customers Leaking Your API Keys?

    Several months ago I wrote a post called Where, oh where, does the API key go?  I encouraged API providers to allow consumers to put the API Key in the Authorization header to help avoid accidental disclosure of keys via things like web server logs.  I recently bumped into a way that anyone can harvest hundreds of API keys from many different web sites, including ones that charge significant amounts of money for access. Continue reading...

  • Share Your Code, Not Your API Keys

    Part of my role at Runscope involves me writing OSS libraries or sample projects to share with other developers.  I also regularly use 3rd party APIs in the process.  This requires the use of API keys and other private data that I'd rather not share.  Unfortunately it is all too easy to leave a key in a source code file and accidentally commit it to a public source control repository. Continue reading...

  • Don't Design A Query String You Will One Day Regret

    When writing the Web API book, we decided that there was no way we would ever finish if we tried to address every conceivable issue.  So we decided to setup a Google Group where readers of the book could ask for clarifications and ask related questions.  One question I received a while ago has been sitting on my to-do list for way too long.  The question from Reid Peryam is about query resources.  This is my answer. Continue reading...

  • Hypermedia, past, present and future

    Hypermedia is not a new concept, it has been around in various forms since the 1960s.  However, in the past seven years there has been a significant resurgence of interest in the concept.  This blog post contains my reflections on the past few years, where we currently are and where we might be headed in the use of hypermedia for building distributed applications. Continue reading...

  • Where, oh where, does the API key go?

    Yesterday on twitter I made a comment criticizing the practice of putting an API key in a query string parameter.  I was surprised by the amount of attention it got and there were a number of responses questioning the significance of my objection.  Rather than try and reply in 140 character chunks, I decided a blog post was in order. Continue reading...

  • Constructing URLs the easy way

    When building client applications that need to connect to a HTTP API, sooner or later you are going to get involved in constructing a URL based on a API Root and some parameters.  Often enough when looking at client libraries I see lots of ugly string concatenation and conditional logic to account for empty parameter values and trailing slashes.  And there there is the issue of encoding.  Several years ago a IETF specification (RFC 6570) was released that described a templating system for URLs and I created a library that implements the specification.  Here is how you can use it to make constructing even the most crazy URLs as easy as pie. Continue reading...

  • Runscope: Notifications from the Traffic Inspector

    Runscope provides a way to log HTTP traffic that passes between client and server and it also can also continuously monitor Web API’s to ensure they are functioning correctly.  When something goes wrong with the Web API you can be notified immediately.  However, out of the box, there isn’t a way to be notified if there a failure appears in the traffic log.  However, it can be done,  it just requires a little creativity.  This blog post shows how.  Continue reading...

  • The Web API business layer anti-pattern

    What follows is a description of an architectural pattern that I see many developers discussing that I believe is an anti-pattern.  My belief is based on architectural theory and I have no empirical evidence to back it up, so feel free to come to your own conclusions. Continue reading...

  • REST–The Chocolate Chip Cookie Analogy

    At a recent conference, I found myself once again in a conversation about the meaning of the term REST.  I’ve had this conversation so many times, that I tend to forget that not everyone has heard my take on the subject.  The conversation ended with a “you should blog that…”.  Continue reading...

  • Xamarin Evolve

    This past week I spent in Atlanta, Georgia, attending Xamarin Evolve and Atlanta Code Camp.  This was the second annual Evolve conference and attendance went from 600 the first year to 1200 this year.  This year’s event was an impressive affair. Continue reading...

  • RESTFest 2014

    Last week was RESTfest week.  RESTfest is an unusual little conference that happens in Greenville, South Carolina every September.  This is the fifth year it has run and this is my fourth time attending, and I learn a ton every time. Continue reading...

  • Vermont Code Camp

    This past weekend I had the opportunity to attend and speak at Vermont Code Camp.  Apart from being hosted at the beautiful University of Vermont, it was an event packed with excellent speakers. Continue reading...

  • Implementing Conditional Request Handling for your API

    In the previous post in this series on Conditional Requests I introduced the topic of validators, their purpose and how they can be constructed.  A large chunk of the work that needs to be done to support conditional requests is done by the origin server.  This blog post is about that role. Continue reading...

comments powered by Disqus