"API keys are foundational elements for authentication, but relying solely on them is inherently a risky proposal.

Firstly, there’s the reality that API keys are not securely designed — they were never meant to be used as the sole form of authentication, and as such, they aren’t really built for the task. These keys can often be easily stolen, leaked, or, in some cases (especially if generated incrementally), outright guessed. An API key is suitable for tracking usage but is poor for security.

There is also the additional reality that keys in their default state lack some critical functionality. There’s not a lot of verification built-in for identity management, and what does exist offers very little in the way of granular access control.

Ultimately, solely relying on API keys is a mistake common with novice developers but frighteningly common even in advanced products.

Best Practices
Instead of relying heavily on API keys as a sole mechanism, combine those keys with additional approaches such as OAuth 2.0 or mTLS. Implement rigorous expiration and rotation policies to ensure that keys which are made public are only useful for a short amount of time. Consider more advanced approaches, such as IP whitelisting or device fingerprinting, to add another layer of security atop the API key process."

https://nordicapis.com/9-signs-youre-doing-api-security-wrong/

Hoe staat het ervoor met de API Design Rules van de Nederlandse overheid? Tim van der Lippe van @Logius schreef als beheerder van de standaard een blogpost met de nieuwste inzichten en ontwikkelingen.

Werk jij met API’s in het publieke domein? Blijf op de hoogte en lees de update hier https://developer.overheid.nl/blog/2025/04/02/update-api-design-rules

Spec-First or Code-First? Choosing Your OpenAPI Strategy with Quarkus vs. Spring https://myfear.substack.com/p/spec-first-or-code-first-choosing
#Java #Quarkus #APIDesign #OpenAPI

"The accompanying diagram is intended to help you quickly decide how to document an API, but particularly a REST API. The first split is just to make sure you are looking for the right kind of API.

Here is some more context to help you decide on an approach and get started."

https://gist.github.com/briandominick/3ffab6be460fbde799aa34e0a42a4299

Why Every Product Manager Must Master APIs??

https://buff.ly/42BY0VD

"I realized APIs are not just technical specs; they are full-fledged products, and designing them right is a strategic superpower."

The Information Architecture Philosophy Behind RESTful Web API Patterns and Practices Cookbook https://buff.ly/97cOvn8

I’m so excited that this book is back on track!

Build APIs You Wont Hate 2: This Time Its Serious

Roughly 80% of the internet is roughly built APIs, held together with enough duct-tape to choke all the hamsters powering it. Let's learn how to build them properly.

#apidesign
#apidevelopment

https://leanpub.com/build-apis-you-wont-hate-2

"Affordance Aversion" : The bias that makes devs resist declarative, dynamic API models (like ALPS) in favor of rigid schemas and static interfaces.

Loss Aversion + Endowment Effect = Overvaluing predictability, fearing flexibility.

Want resilient APIs? Rethink the trade-offs.

"Getting to this point isn’t unusual. Clients clearly think they’re making the call correctly, or else they would fix the endpoint themselves. Some misspellings are difficult to catch. The enum USER_RETREIVE may not be noticed from USER_RETRIEVE, especially if picking it from a list. Misspellings happen and they’re not always caught before making it to the contract. As an aside, that’s why it’s important writers routinely check development’s changes. This applies, too, to our testing calls in Postman, where manually entering endpoints and values are more pervasive.

The reason this isn’t caught is simple: We’re not expecting it.

For our testing, the call is made and we get results. We may even spot check some of them. But generally, results aren’t examined that closely. For instance, how often do you so carefully examine a returned list of 50 or 100 items? You check may check that the objects are complete but not that the list conforms to the search criteria.

The reason this happens is because of an intentional behavior on the server. This behavior is called Lenient Handling or Strict Handling."

https://robertdelwood.medium.com/understanding-query-parameter-handling-in-rest-calls-1821e0c3fa8c

Clean Code Principles And Patterns by Petri Silen is on sale on Leanpub! Its suggested price is $14.90; get it for $9.69 with this coupon: https://leanpub.com/sh/TDYcq1ip #Python #ComputerProgramming #ApiDesign #Refactoring #SoftwareArchitecture #SoftwareEngineering

Breaking News: "Other" enum values are the new black holes of API design! Witness as developers boldly add an "Other" option, only to find themselves tangled in a web of ambiguity! Experience the thrill of watching Microsoft Dev Blogs declare the obvious with a flair for repetition!
https://devblogs.microsoft.com/oldnewthing/20250217-00/?p=110873 #BreakingNews #APIdesign #OtherEnum #DeveloperChallenges #MicrosoftDevBlogs #HackerNews #ngated

Just wrote about API versioning strategies for your developer platform! From Semantic Versioning to different implementation approaches (URI, header-based, and query parameters), I break down the pros and cons of each method based on real-world experience.

#APIDesign #DeveloperExperience #SoftwareEngineering #API

Read more about crafting a robust API versioning strategy that works for both your team and third-party developers: https://tmaguire.net/blog/2025/02/25/api-versioning.html?utm_source=LinkedIn&utm_medium=social&utm_campaign=blog_promotion

Navigating Type Systems: Closed vs Open Universes in Software Development

In the realm of software development, understanding how to effectively model choices within type systems is crucial. This article delves into the nuances of closed and open universes, exploring their ...

https://news.lavx.hu/article/navigating-type-systems-closed-vs-open-universes-in-software-development

Clean Code Principles And Patterns by Petri Silen is on sale on Leanpub! Its suggested price is $14.90; get it for $9.69 with this coupon: https://leanpub.com/sh/ne5L2cn2 #Python #ComputerProgramming #ApiDesign #Refactoring #SoftwareArchitecture #SoftwareEngineering

GitHub's Support for OpenDAL: A Seamless Transition to the New Cache Service

In a collaborative effort, GitHub has reached out to OpenDAL to aid in the migration to its new GitHub Actions Cache Service. This partnership highlights the importance of API versioning and user iden...

https://news.lavx.hu/article/github-s-support-for-opendal-a-seamless-transition-to-the-new-cache-service

Design and Reality by Rebecca Wirfs-Brock and Mathias Verraes is on sale on Leanpub! Its suggested price is $24.50; get it for $12.25 with this coupon: https://leanpub.com/sh/54QZLXbj #BusinessAndManagement #SoftwareArchitecture #Software #SoftwareEngineering #ApiDesign

TIL about #Clang --extract-api!

Currently rewriting my C++ ←→ #JavaScript binding generator for #Anklang based on the #JSON output.
Should also be super useful for generating API #Documentation

https://www.youtube.com/watch?v=jXrNZ-4Gb-g (shy of 9 minutes)

https://llvm.org/devmtg/2022-11/slides/QuickTalk6-clang-extract-api.pdf

#Programming #DevTips
#APIDesign #TechTips

Now that PHP8.4 support new MyClass()->method() without parentheses does it still make sense to add or have empty named constructor like MyClass::new() or MyClass::make() or MyClass::create()

Design and Reality: Essays on Software Design https://leanpub.com/design-and-reality by Rebecca Wirfs-Brock and Mathias Verraes is the featured book on the Leanpub homepage! https://leanpub.com #BusinessAndManagement #SoftwareArchitecture #Software #SoftwareEngineering #ApiDesign #books #ebooks

Find it on Leanpub!

Clean Code Principles and Patterns, 2nd Edition by Petri Silen is on sale on Leanpub! Its suggested price is $14.90; get it for $8.94 with this coupon: https://leanpub.com/sh/V2y4Jx8k #ApiDesign #ComputerProgramming #Java #Javascript #Testing #SoftwareEngineering #Typescript