In The Mood For HTTP - Open Q&A
As a software developer today it is pretty difficult to avoid working with HTTP in some capacity. There also seems to be a growing desire among developers to get a deeper understanding of the protocol. Recently Glenn Block and I decided it might be interesting to do a online Q&A about HTTP and try and answer developer questions.
Caching is hard, draw me a picture–Updated
This is my attempt to make the HTTPbis caching rules more accessible and hopefully shine a light on how powerful HTTP caching can be.
302 - Found
After an interesting summer of working on OSS projects, doing a keynote in Australia at DDDMelbourne, and getting ever closer to finishing that Pluralsight course, I now have a new role to sink my teeth into
Solving Dropbox's URL Problems
A recent post on the Dropbox developer's blog post talked about the challenges of constructing URLs due to the challenges of encoding parameters. They proposed the idea of using encoded JSON to embed parameters in URLs. I believe URI Templates offer a much easier and cleaner way to address this issue. This blog posts shows how.
API Design Notes: Smart Paging
If you spend any time reading about API design or working with APIs you will likely have come across the notion of paging response data. Paging has been used in the HTML web for many years as a method to provide users with a fast response to their searches. I normally spend my time advocating that Web APIs should emulate the HTML web more, but in this case I believe there are better ways than slicing results into arbitrary pages of data.
Are You Or Your Customers Leaking Your API Keys?
Several months ago I wrote a post called Where, oh where, does the API key go? I encouraged API providers to allow consumers to put the API Key in the Authorization header to help avoid accidental disclosure of keys via things like web server logs. I recently bumped into a way that anyone can harvest hundreds of API keys from many different web sites, including ones that charge significant amounts of money for access.
Share Your Code, Not Your API Keys
Part of my role at Runscope involves me writing OSS libraries or sample projects to share with other developers. I also regularly use 3rd party APIs in the process. This requires the use of API keys and other private data that I'd rather not share. Unfortunately it is all too easy to leave a key in a source code file and accidentally commit it to a public source control repository.
Don't Design A Query String You Will One Day Regret
When writing the Web API book, we decided that there was no way we would ever finish if we tried to address every conceivable issue. So we decided to setup a Google Group where readers of the book could ask for clarifications and ask related questions. One question I received a while ago has been sitting on my to-do list for way too long. The question from Reid Peryam is about query resources. This is my answer.
Hypermedia, past, present and future
Hypermedia is not a new concept, it has been around in various forms since the 1960s. However, in the past seven years there has been a significant resurgence of interest in the concept. This blog post contains my reflections on the past few years, where we currently are and where we might be headed in the use of hypermedia for building distributed applications.
Constructing URLs the easy way
When building client applications that need to connect to a HTTP API, sooner or later you are going to get involved in constructing a URL based on a API Root and some parameters. Often enough when looking at client libraries I see lots of ugly string concatenation and conditional logic to account for empty parameter values and trailing slashes. And there there is the issue of encoding. Several years ago a IETF specification (RFC 6570) was released that described a templating system for URLs and I created a library that implements the specification. Here is how you can use it to make constructing even the most crazy URLs as easy as pie.