Category Archives: Opinion

Pivotal Tracker launches new API in public beta

2 Replies

Pivotal Tracker just announced the availability of their API V5 in public beta, starting August 16, 2013. The launch is justified because the application itself has run against the new API version for a long time now.

photo by John Fischer

The new API introduces several improvements, like the ability to get access to all project data, including epics. They also say that everything in and out of the API is now JSON encoded but the activity Web Hooks still POST information using XML.

Continue reading “Pivotal Tracker launches new API in public beta” »

Evernote introduces API Rate Limits

Leave a reply

Evernote recently announced that they will enforce API rate limits starting today (August 14, 2013). They don’t specify what the limits are but they say that a “reasonable use of the API should not cause an integration to hit the limit”.

photo by Justin Ennis

Although this enforcement will only affect non-production applications for now, you should evaluate your code even if you have a production API integration, since rate limiting will also affect these applications starting November 1, 2013.

Continue reading “Evernote introduces API Rate Limits” »

HTTP/2.0 Initial Draft Released

Leave a reply

The first implementable draft of HTTP/2.0 was released on July 8th by the HTTPbis working group of the IETF. The 2.0 version of HTTP is based on the SPDY protocol developed by Google — in fact, the initial draft was a copy of the SPDY specification as a base for diffs.

Photo by Jeffrey Beall

HTTP/2.0 is intended as an alternative to HTTP/1.1, rather than deprecating the old version. There is good reason for this: The new version feels similar to the old, but there are important differences designed to enable more efficient network communication.

Continue reading “HTTP/2.0 Initial Draft Released” »

How OAuth 2 trumps Basic authentication

6 Replies

So many negatives have been brought forth in the past on OAuth 2. Where there might be continuing points of contention, there is one area which seems to be clear: the “Resource Owner Password Credentials Grant” (OAuth 2 Spec, section 4.3) pattern as defined in the OAuth 2 spec is fundamentally superior to HTTP Basic authentication.

This formula describes gaining access to server resources directly. This approach might be utilized when you are securing your own resources; for instance, your mobile app that is accessing your own API.
Continue reading “How OAuth 2 trumps Basic authentication” »

The Accept Header: A Quick Primer

5 Replies

When developing an API, one of the first critical decisions every developer must face is that of Content Type. In this day and age most APIs return one or both of JSON or XML.

photo by Sean Svadilfari

Some APIs get away with one, and that’s fine, but to improve the UX of your API, you should allow the requestor to determine what data type is best for them. If you’ve read the post on API Content Negotiation, you’ll know the best way to approach content negotiation is to follow the standards.

Continue reading “The Accept Header: A Quick Primer” »