API community links

This page contains an archived list of links shared in the UK Government API and Data Exchange Community Slack by people in the cross-government API community. The list includes links to websites outside of the public sector such as software company websites and personal blogs.

To request to join the cross-government API and Data Exchange Community Slack, email us or contact us in the #apis channel of the cross-government Slack community.

You can also subscribe to this page’s RSS feed.

11 March 2022

• The Shape of Things to Come: GraphQL and the Web of APIs - The New Stack
• Privacy Gains Prominence as an API Security Concern - The New Stack
• Why the Built World Needs Standard APIs
• 6 Examples of GraphQL in Production at Large Companies | Nordic APIs |
• EDI vs API in B2B partner onboarding | How to use both methods

04 March 2022

• I have read the API Terms of service : the biggest lie of the programmable web
• Why do we need API design guidelines?
• 5 Places to Look for API Champions in Your Organization
• Documenting APIs: A guide for technical writers and engineers

18 February 2022

• Choosing between raw and processed data when designing an API
• The state of API security: global research comparison
• API Security Testing With Postman and OWASP Zap
• APIs as ladders
• Do You Design Beautiful APIs?
• Using a federated model for API discovery in government
• Patterns for Authorization in Microservices
• A Comparison of Cookies and Tokens for Secure Authentication

11 February 2022

• Trends in the API Industry
• API Governance fundamentals for building API Products that scale
• The Anatomy of a GraphQL Request
• Authorization Patterns in GraphQL
• Creating an API-First Culture and Company, Part 1 - The New Stack
• Request bodies in GET requests
• What should come first when designing an API?

07 February 2022

• Precision In Technical Discussions
• Contract Testing a Laravel API with OpenAPI | APIs You Won’t Hate
• Building a Reliable Cloud-Based Bank in Java

04 February 2022

• Net API Notes for 2022/02/03 - Issue 188
• Defining an API management strategy
• Ten hot API integration trends for 2022
• Taking a DevSecOps Approach to API Security
• API Reviews: Scaling up API Governance

31 January 2022

• What to consider when building an API sandbox
• Techniques to prevent adoption of your API - Chris Lukic
• API Practices If You Hate Your Customers

28 January 2022

• Eight of the Biggest Lies in APIs
• A few concerns to be aware of when adding try it feature to API documentation
• What If Your API Program Had a Fresh Start?
• More Simple = Less API Attack Vectors
• Introducing vAPI - an open source lab environment to learn about API security

14 January 2022

• Nobody cares about API design guidelines
• Lessons learned using contract testing in GOV.UK Pay
• The burden of an Open Source maintainer
• My first impressions of web3
• How bad models ruin an API
• A Pluggable Solution for API Observability on our PHP System
• API Lifecycles, Specifications, and Standards with Kin Lane

07 January 2022

• Stop it with the X- Already!
• RFC6648: Deprecating the ‘X-’ Prefix and Similar Constructs in Application Protocols
• Refactoring an entire API Ecosystem
• Announcing WunderHub: Share APIs like they were npm packages
• Securing Large API Ecosystems
• Frankenstein APIs Explained! - API Cyber Security Series
• How To Ensure Reliable Inter-Service Communication With Contracts
• Schema Design | GraphQL @ Yelp Schema Design Guidelines
• What’s an API?

17 December 2021

• How NHS Digital used API Management to support APIs at scale
• Use a (JSON) Schema for the Interface Portion of your RESTful API
• Handle API gateway and backend differences in API documentation with OpenAPI Specification
• Scaling productivity on microservices at Lyft (Part 2): Optimizing for fast local development
• How well do you know your APIs? Not well enough, says Cisco
• 7 Reasons Your API Security Strategy is Failing & how to fix it - Amazic World
• API security design best practices for enterprise and public cloud
• Getting Started with gRPC and .NET
• And what if I’m wrong? Overcoming fears and doubts while designing APIs

10 December 2021

• 10 Trends Shaping the API Industry in 2022
• API Documentation | Sample APIs Document, Docs & API Documentation Template
• 5 reasons why you should treat private APIs like public ones
• State of APIs | RapidAPI Developer Survey Results
• Million Mile Views via a NASA API (no coding required), Blog | APIMatic
• Bring a More Inclusive Developer Strategy to APIs
• Werner Vogel’s 6 Rules for Good API Design
• Scaling productivity on microservices at Lyft (Part 1)

03 December 2021

• The Heroku HTTP API Design Guide, revisited
• Changing a universal constant: How 280-character tweets break an API
• Civil Service Acronym Buster
• APIClarity - Open source for API traffic visibility in K8s clusters
• GraphQL is the New API Gateway
• GitHub - arainho/awesome-api-security: A collection of awesome API Security tools and resources.
• How to Perform an API Risk Assessment | Akana by Perforce
• Are APIs Your Weakest Security Link?
• Advent - Tyk API Gateway and API Management

26 November 2021

• Version Variants
• Developer Accessible APIs
• Use (End-to-End) Tracing or Correlation IDs
• Dogs of Dev
• A developer first approach: What does this mean for API security? - SD Times
• GitHub - inonshk/31-days-of-API-Security-Tips: This challenge is Inon Shkedy’s 31 days API Security Tips.
• New Research Shows Vulnerabilities in Banking, Cryptocurrency Exchange, and FinTech APIs Allow Unauthorized Transactions and PIN Code Changes of Customers
• The OpenAPI Community | API Evangelist

19 November 2021

• The 8 Disciplines of an Effective API Program
• How to Improve an API Ecosystem with Mapping | Postman Blog
• The Little Manual of API Design
• GitHub’s commitment to npm ecosystem security | The GitHub Blog
• OWASP Addresses API Security
• Council Post: It’s Time To Take The API Security Threat More Seriously
• Predicting the Next OWASP API Security Top 10

15 November 2021

• API sprawl: A threat you might want to address later, but you can’t ignore it
• API Security Issues Hinder Application Delivery
• Why Time to First Call is a Vital API Metric
• API Adoption: The Dangerous Delay
• Why Design First When Building APIs

12 November 2021

• Never update anything
• Why You Should Avoid using Client Secret Authentication for OAuth2 Client Credentials
• The Invisible JavaScript Backdoor

08 November 2021

• What’s the problem with required query parameters?
• Anatomy of a Great API Library
• Adopting the OpenAPI Schema to Generate Plaid SDKs
• Why the status quo is so hard to change in engineering teams

05 November 2021

• The Postman “State of the API” 2021
• Save API costs with data-centric security
• 9 online API testing tools
• Choosing between birthDate and dateOfBirth has important implications for your API

29 October 2021

• It’s Time for OAuth 2.1 • Aaron Parecki
• API Handyman | Anarchy in the resource path
• Contextual Content Discovery: You’ve forgotten about the API endpoints – Assetnote
• Taking charge of the API security lifecycle - Cyber Protection Magazine
• HTTP Status Codes, as Cats
• How to Use OpenAPI for Secure and Robust API Integration | Level Up Coding
• Analyzing Trends Across 200,000 OpenAPI Files | Nordic APIs
• OAuth 2.1
• Data Theorem Introduces Industry’s First API Attack Surface Calculator
• HTTP Status Codes, as Dogs
• HTTP Status Codes, as Ducks
• OAuth, “It’s complicated.”
• Why I Consistently Reach for Server-Driven Content Negotiation (For Versioning)
• The Phantom Token Approach

22 October 2021

• Building the Brex API. When we spoke to some of our power… | Building Brex
• New HTTP standards for caching on the modern web | HTTP Toolkit
• A ‘Vary’ unusual waterfall - Matt Hobbs
• Scaling an API programme through API coaching - Tyk API Gateway and API Management
• Critical flaws found in interoperability backbone: FHIR APIs vulnerable to abuse
• API Attacks, Breaches Piling Up
• Excuse my French API, or being an English as a second language API designer
• Reboot AI with human values

15 October 2021

• Is Your Organization Ready to Build APIs? Answer These 3 Questions First
• API Security Best Practices MegaGuide
• API Security Best Practices MegaGuide (PDF Download)
• GraphQL is not meant to be exposed over the internet
• APIs and Security: What’s a Security Officer to Do? - Security Boulevard
• Free BrewDog beer with a side order of shareholder PII? | Pen Test Partners

10 October 2021

• The Governance Lab
• Bloomberg - Are you a robot?

08 October 2021

• API Versioning Do’s and Don’ts. It’s never too soon to get started… | Bits and Pieces
• Drinking API Design-First Champagne
• A Second Conversation with Werner Vogels
• We Made an API Description, Now What?
• SmartBear Releases Results of 2021 State of Software Quality | API Survey
• Using GraphQL for your API - GOV.UK
• How AWS dumps the mental burden of inconsistent APIs on developers

25 September 2021

• Designing geospatial data portals

24 September 2021

• Building an API Platform That Will Support the Future
• Lessons learned from running GraphQL at scale | Dream11 Engineering
• DataConnect21
• GraphQL Microservices (GQLMS) as a Backend: A Netflix Case Study | Nordic APIs
• Improving Development and Security Collaboration With API Specification Frameworks - Security Boulevard
• Participatory data stewardship | Ada Lovelace Institute

17 September 2021

• Gathering My Thoughts on API Discovery
• API Tokens: A Tedious Survey · FlyFlyBlogFly
• Some Recent API Security Related Gaffes, And How They Might Have Been Avoided - Security Boulevard
• API Design-First Using the “Align-Define-Design-Refine” Process

10 September 2021

• API Handyman | An API design review is based on facts, not opinions
• People Will Love Your Consistent API Design
• API Specifications Calm Chaos of Digital Transformation (Part 2) | Nordic APIs
• Top OAuth API Vulnerabilities | Nordic APIs
• Making Design First and Code First Work for Everyone | Optic
• The complete GraphQL Security Guide: Fixing the 13 most common GraphQL Vulnerabilities to make your API production ready - WunderGraph
• AsyncAPI vs OpenAPI: Answers to Your Burning Questions About Two Leading API Specs | AsyncAPI Initiative for event-driven APIs

27 August 2021

• What We Learned from 200,000 OpenAPI Files | Postman Blog
• How to Hack APIs in 2021 by Hakluke and Farah Hawa | Detectify Labs
• One Way to Improve API Guidance
• Best Public API of 2021 | Nordic APIs
• What’s the Difference Between REST and RESTful? | Nordic APIs

20 August 2021

• API-First vs. API Design-First: A Comprehensive Guide
• Salesforce DevelopersMake API Version Retirements a No-Op | Salesforce Developers Blog
• Nerds Don’t Respond To Marketing; Try Technical Documentation Instead | Hacker Noon
• API Technology Trends in 2021 – The New Stack
• The Software Heterogeneity Problem, or Why We Didn’t Build on GraphQL — Akita Software
• GitHub’s Journey from Monolith to Microservices

13 August 2021

• Developing Best Practices for API Security - Security Boulevard
• How We Design Our APIs at Slack - Slack Engineering
• A Case Study in API Platform Growth - Tyk API Gateway and API Management
• mnot’s blog: How the Next Layer of the Internet is Going to be Standardised
• Top 5 digital transformation challenges that governance can help

06 August 2021

• Why You Should View Your APIs as Products
• Our API Mess is Coming - DevOps.com
• Hype Cycle for APIs and Business Ecosystems, 2021
• Apidays LIVE interface 2021 - 10 Keys for Turning APIs into a Job Promotion By Brenton House
• Apidays LIVE interface 2021 - API First mentality By Tanya Vlahovic

30 July 2021

• API Handyman | An API Gateway alone will not secure your API
• Spectral as part of your API platform and your API governance
• API.expert Report Finds Increasing Overall API Quality | Nordic APIs
• The Six Hats of the API Architect - Tyk API Gateway and API Management

23 July 2021

• A Funny Thing Happened On the Way to API Management - DevOps.com
• Rate Limiting GraphQL APIs by Calculating Query Complexity — Development (2021)
• Fran Méndez on AsyncAPI
• From technical stories to user stories: APIs and the evolution of the tech industry with Lorinda Brandon and Mike Amundsen

16 July 2021

• Seeing API Change
• API Handyman | Adopt and not assess OpenAPI linters and other thoughts reading Thoughtworks Technology Radar 24
• 8 Unexpected Challenges of Running an API-as-a-Product | Nordic APIs
• eBook Released: API-as-a-Product | Nordic APIs
• Open APIs are the sexiest thing to ever happen to government services
• Hands-On With Spectral: Using API Linting for Better API Design and API Governance
• Apidays LIVE interface 2021 - Human Centered API Governance By Arnaud Lauret

09 July 2021

• APIs of the Future : Are You Ready?
• Gently Down the Stream
• Center of Excellence (CoE) vs. Center of Enablement (C4E) | Nordic APIs
• What Makes a Great Developer Portal?
• The Light and Dark Side of the API Economy
• APIs, microservices succeed as long as the organization doesn’t get in the way | ZDNet

02 July 2021

• Understanding RPC, REST and GraphQL | APIs You Won’t Hate
• 10 API Economy Terms You Should Know | Nordic APIs
• Moving From High to Low Schema Entropy - Stephen Mizell
• Months later, we’re still making sense of the Supreme Court’s API copyright ruling – TechCrunchShare on Twitter

30 June 2021

• New LinkedIn Data Leak Leaves 700 Million Users Exposed - RestorePrivacy

25 June 2021

• The API Economy. The sudden emergence of the API economy… | Geek Culture

11 June 2021

• API Handyman | 6 reasons why generating OpenAPI from code when designing and documenting APIs sucks
• Podcast: What are APIs and how do you use them? - DWP Digital
• APIs: The Real ML Pipeline Everyone Should Be Talking About - insideBIGDATA
• A Guide to API-First Design | Nordic APIs
• Everything You Need to Know About API Versioning | Nordic APIs

28 May 2021

• What’s next for the Routable API?
• Report: how cybercriminals abuse API keys to steal millions
• Hands-on With Spectral: Using API Linting for Better API Design and Governance [Video] - DZone Integration
• The Architecture of Uber’s API gateway - Uber Engineering BlogUber Engineering
• D&D 5th Edition API

21 May 2021

• The State of API Integration Report 2021
• Expect the Unexpected: The Rise of Functional Attacks | Nordic APIs
• AsyncAPI 2.0: Enabling the Event-Driven World
• From API-First to Code Generation - A WebSocket Use Case | AsyncAPI Initiative for event-driven APIs
• eBay Adopts AsyncAPI for Asynchronous API Contracts

14 May 2021

• Is This the Right HTTP Response Code?
• DRAFT | API Management Guidance
• API Design and Governance Problems Are Not Always Technical
• GraphQL: What, Why and How with Dotnet Core | Null Exception
• 11 Tips for Creating an API Style Guide | Nordic APIs
• Tour de Peloton: Exposed user data | Pen Test Partners
• A bug in Peloton’s API may have exposed a whole lot of user data - The Verge

10 May 2021

• A Manifesto For HDI Research

07 May 2021

• Security Practices: The Key to Scaling Your API Strategy
• CSRF, CORS, and HTTP Security headers Demystified
• Experian API Exposed Credit Scores of Most Americans – Krebs on Security
• 11 Space APIs, Because Space is Neat | Nordic APIs
• API Security: Put the Sec in DevSecOps — Resurface

30 April 2021

• API Handyman | This is not the HTTP method you’re looking for, HTTP status code 404 vs 405 vs 501
• OAuth 2.0 authentication vulnerabilities | Web Security Academy
• How to Bring Design-First APIs to Your Organization
• Design APIs for Disobedience. Components & Platforms to Empower… | Stories of Platform Design

23 April 2021

• DRAFT | Using GraphQL for your API
• Discover the best APIs and SaaS products | API Tracker
• gRPC vs REST: Understanding gRPC, OpenAPI and REST and when to use them in API design | Google Cloud Blog
• Other ways to use AsyncAPI documents
• How Many APIs Are We Running in Production?
• The API Intersection podcast, hosted by Jason Harmon | Stoplight
• WebSocket, Shrek, and AsyncAPI - An Opinionated Intro | AsyncAPI Initiative for event-driven APIs

09 April 2021

• API Versioning: What Is It and Why Is It So Hard?
• The Modern Guide to OAuth - FusionAuth
• How we scaled the GitHub API with a sharded, replicated rate limiter in Redis | The GitHub Blog
• A Case Study in API Platform Growth - Tyk API Gateway and API Management

01 April 2021

• Announcing API Abuse Detection
• API-First Companies: The Next Generation | Nordic APIs
• A Practical Guide to API Design-First
• Tech spotlight: How we re-launched our API docs without actually writing API docs

26 March 2021

• Setting a Baseline API Lifecycle Definition
• The Future of GraphQL | Postman Blog
• Reaping the rewards of GraphQL: How to minimise pain points of implementation
• Introducing GraphQL in Large Organizations: Is API Governance Creating Monocultures?

19 March 2021

• Financial-grade API (FAPI), explained by an implementer
• Let’s talk about sex*
• Challenges the API Industry Faces in 2021 | Nordic APIs
• FAPI 1.0 Part 1 and Part 2 are now Final Specifications | OpenID
• The API Collective - A List of Free and Public APIs
• Last night the gender question was removed from the vaccine booking service hosted on NHS…
• Finding a Good Open Governance Model for AsyncAPI | AsyncAPI Initiative for event-driven APIs

12 March 2021

• JWTs and how to use them | Curity
• GitHub - roapi/roapi: Create full-fledged APIs for static datasets without writing a single line of code
• Which API management tool? | Pronovix
• APIs All the Way Down - Not Boring

05 March 2021

• API Stylebook
• Understanding AsyncAPIs with a Practical Example
• Top Expectations for API Products in 2021 | Nordic APIs
• The Design of an Event Store. The road beyond event sourcing | Towards Data Science

26 February 2021

• How to Set Up Your First Public Workspace in 5 Steps | Postman Blog
• Announcing the $100,000 Postman API Hack Winners | Postman Blog
• Building Systems With Static APIs | The Startup
• Beyond REST: Rapid Development With GraphQL Microservices | Netflix TechBlog
• Migrating from OpenAPI 3.0 to 3.1.0 - OpenAPI Initiative

19 February 2021

• OpenStreetMap is Having a Moment. The Billion Dollar Dataset Next Door
• 10 API security guidelines and best practices
• Best Practices for Modern API Testing
• REST vs. GraphQL: Making the Right Choice

12 February 2021

• Google Cloud State of APIs Report - Digital Transformation | Google Cloud Blog
• Generating Web API Tests From an OpenAPI Specification | Nordic APIs
• GraphQL APIs :Avoiding Security Pitfalls - APIscene
• Where It’s At, Geospatial Commission Charts API Route To Map Data Sharing

05 February 2021

• Making Sense of the Different Types of API Testing
• API News Roundup – January 2021
• ShieldSquare Captcha

22 January 2021

• 4 Ways Your API Specification Can Fall Short (And What to Do About It) | Nordic APIs
• Never Been Seen | Science Museum Group Collection
• How to GraphQL - The Fullstack Tutorial for GraphQL

18 January 2021

• 20 years of Drupal: Founder Dries Buytaert on API first, the end of breaking compatibility, and JavaScript bloat

15 January 2021

• Why AI Success is API Built
• The API Registry API | Google Open Source Blog
• 3 ways to try out your API design before you build - Tyk API Gateway and API Management