The recording for episode #3 is now available on Crowdcast and YouTube. In this episode we cover issues like API description languages, security weaknesses in HTTP APIs and the illusive HTTP status code 410 Gone.
Some of the questions we attempted to answer this week include:
- What is your take on things like Swagger? Didn't we learn our lessons with WSDL?
- What are the biggest security flaws on HTTP API designs and implementations you are seeing quite often?
- Is there any advantage of returning HTTP status code 410 rather than 404?
- I have an API that needs to scale. I can add HTTP caches and load balancers. Will using a message bus on the server help?
- Those days looks like REST and JSON are strictly correlated, I would love to hear you demistify this and introduce content negotiation.
Links from the show include:
- Prefer header : http://tools.ietf.org/html/rfc7240
- 410 Gone : http://tools.ietf.org/html/rfc7231#section-6.5.9
- WADL: http://www.w3.org/Submission/wadl/
- Swagger: http://swagger.io/
- RAML: http://raml.org/
- API Blueprint: https://apiblueprint.org/
- Collection+JSON: http://amundsen.com/media-types/collection/
- HAL: http://stateless.co/hal_specification.html
Image Credits: http://s.si.edu/1H7onz9