Surviving my first (recorded) live coding session Series - Part 1

Setting up everything to record myself coding and talking

By Arnaud Lauret, August 4, 2021

I did my first ever (recorded) live coding session at the Manning API conference. During 30 minutes I talked and coded … without any slides; that was totally new to me. While it started well, preparing and recording this session turned out to be quite complicated. At some moment, I was totally desperate and I thought I wasn’t going to make it. But I did it and learned a lot of stuff that deserves to be shared. In this first post, I’ll talk about how “it started well”: setting up OBS, mic, cam and VS Code to record myself speaking and coding.


An API gateway must be a dumb pipe

By Arnaud Lauret, July 28, 2021

An API gateway is a proxy that sits between API providers and their consumers. Its main role is to ensure that only authorized consumers consume some APIs. But API gateways usually come also with features such as request/response transformation and some of them even allow to code complex orchestration. Such transformation features can be very useful if used wisely. But they also can give terrible ideas with terrible consequences.


An API Gateway alone will not secure your API

By Arnaud Lauret, July 21, 2021

How many times people realized that an API was not so secured despite being exposed on an API gateway? Too many times. While being a must have to securely expose APIs, an API gateway will not do all the security work for you. Security in general, and API security in particular, is a matter for everyone. Let’s see what is the job of an API gateway and what you still have to do to actually securely expose APIs.


What's the problem with required query parameters?

By Arnaud Lauret, July 14, 2021

When reviewing API designs, I often encounter operations such as GET /resources?queryParameter=value where the query parameter is required. Consumers won’t be able to make that request without providing this parameter and a correct value; that’s usually a problem. Indeed, at best it will ruin developer experience and at worst it is a sign of design smell. Let’s see why.


API Designer Experience, the other DX

By Arnaud Lauret, July 7, 2021

Nobody expects the API inquisition! Literally. When creating public or private APIs, an organization must work hard on creating the best possible developer experience or DX. That requires to ensure that API designers “do their job well”: creating APIs that fulfill actual needs and are easy to understand and use. This is the aim of governance which may help creating the best APIs or may slowly killing the organization, depending on the designer experience, the other DX, it provides.


Automate all the things (like Cloudflare cache purge) with Github actions, Postman and APIs

By Arnaud Lauret, June 30, 2021

What if I tell you can run Postman collection inside Github Actions and so easily automate all the things as long as they provide APIs? Sounds interesting right? So let me show you how I migrated my Jekyll blog publication workflow to Github Actions and how I used Postman collection to clear my Cloudflare cache. Bonus: You may also learn a few things about DX and API design.

API Design Reviews Series - Part 1

3 good reasons to do API Design Reviews

By Arnaud Lauret, June 23, 2021

More often than not when people hear “let’s do an API design review”, they hear “let’s check that an API design conforms to API design guidelines”. That’s only partially true and reducing API design reviews to that is a terrible mistake. Actually, doing API design reviews only to do that may even not make any sense at all. Let’s see 3 really good reasons to do API design reviews.


Handling breaking ch-ch-changes

By Arnaud Lauret, June 16, 2021

In (Ch-ch-) Changes, David Bowie sang “Every time I thought I’d got it made, it seemed the taste was not so sweet”, that’s a good metaphor for API design. An API will irremediably evolve because it will lack some features or because of mistakes, and so sooner or later, you may have to introduce a “breaking change”. That’s usually when people start to run in circle, scream and shout “Oh! Please no! Please, not a breaking ch-ch-change”. But, what is it actually? How to handle it? And should you always be afraid of it?


Pink Fluffy Unicorn API? WTF? (or 3 reasons why choosing a not meaningful API name can be a problem)

By Arnaud Lauret, June 9, 2021

It is usually considered a terrible practice to name a property or a function with a meaningless name when writing code. But surprisingly, when it comes to choosing application or API name, some people tend to choose names in a more artistic way (says the “API Handyman” who can name some tool “OpenAPI Chainsaw”). So let’s see 3 reasons why choosing a not meaningful API name can be a problem.

Choosing HTTP status codes Series - Part 4

Empty list, HTTP status code 200 vs 204 vs 404

By Arnaud Lauret, June 2, 2021

When designing APIs, choosing HTTP status codes is not always that obvious and prone to errors, I hope this post series will help you to avoid common mistakes and choose an adapted one according to the context. This fourth post answers the following question: given that /users is a collection (a list) and no users are named Spock, what should return GET /users?name=spock? 200 OK, 204 No Content or 404 Not Found

By continuing to use this web site you agree with the API Handyman website privacy policy (effective date , June 28, 2020).