Recent searches

No recent searches

Search options

Only available when logged in.
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Administered by:

Server stats:

201
active users

eupolicy.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.3

#apidesign

1 post1 participant0 posts today
Miguel Afonso Caetano

"In our piece exploring whether the AI revolution is leaving APIs behind, we wrote about some of the factors limiting the extent to which AI tools like chatbots can interface with APIs.

Some of these include:

- Limited or no access to APIs for developers
- APIs are sometimes overcomplicated, bloated, or difficult to call
- Legacy APIs (WS/RPC) lack thorough or up-to-date documentation
- APIs sometimes only cover a fraction of the functions available via the UI

It’s worth noting that many of these points impact human API consumers just as much as they do agentic ones. If you’ve ever been in the position of trying to use an API and it falling short of your expectations, you’ll know just how frustrating it can be.

While it’s possible that some of those users will get in touch to ask you to add certain endpoints or clarify things, plenty more won’t. Some developers are more likely to take the view that it’s easier to ask for forgiveness later than permission now, and find some other way to extract the data they’re looking for. In many cases, web scraping offers just such a solution.

Web scraping APIs are a natural evolution of manual scraping techniques, such as using Python to scrape websites. Used for everything from scraping search engine results, like SERP APIs, to product prices and sentiment analysis, there are various services out there that make web scraping very straightforward. And they’re big business."

nordicapis.com/are-web-scrapin

Nordic APIs · Are Web Scraping Tools Overtaking Official APIs? | Nordic APIs |With web scraping tools and bots back in style, how do you win back users to your official API? It'll take more usable and effective APIs.
#APIs#WebScraping#SoftwareDevelopment
Miguel Afonso Caetano

"Traditional approaches to rate limiting APIs won’t work effectively for AI agent consumers, so some API providers have shifted to adaptive rate limiting (ARL). For example, DeepSeek employs a more dynamic and adaptive approach to rate limiting its API compared to other LLM API providers currently.

The concept of adaptive rate limiting isn’t new, but it’s evolving to address new API usage scenarios that include AI agents. Modern ARL involves a set of principles, tools, and techniques that allow systems to adjust rate limits dynamically based on context and real-time insights. It includes a combination of approaches:"

nordicapis.com/how-ai-agents-a

Nordic APIs · How AI Agents Are Changing API Rate Limit Approaches | Nordic APIs |AI agents are changing API usage patterns — here's how adaptive rate limiting helps handle their unpredictable, high-volume traffic.
#AI#AIBots#ARL
developer.overheid.nl

🏗️ Als jullie een API bouwen, beginnen jullie dan met het definiëren van een openapi.yaml (Open API Spec, kortweg OAS) of start je direct met programmeren?

Dat laatste is natuurlijk aantrekkelijk, maar niet altijd slim. Hoe je OAS-first werkt vind je in ons artikel van collega @dvh:

developer.overheid.nl/kennisba

developer.overheid.nlBouw een API | developer.overheid.nlHier leggen we uit welke stappen je kunt doorlopen om snel en efficiënt een nieuwe REST API te ontwikkelen. We gaan hierbij uit van een design first aanpak, dus we starten met het API design.
#apidesign#oas#openapispec
Miguel Afonso Caetano

"API keys are foundational elements for authentication, but relying solely on them is inherently a risky proposal.

Firstly, there’s the reality that API keys are not securely designed — they were never meant to be used as the sole form of authentication, and as such, they aren’t really built for the task. These keys can often be easily stolen, leaked, or, in some cases (especially if generated incrementally), outright guessed. An API key is suitable for tracking usage but is poor for security.

There is also the additional reality that keys in their default state lack some critical functionality. There’s not a lot of verification built-in for identity management, and what does exist offers very little in the way of granular access control.

Ultimately, solely relying on API keys is a mistake common with novice developers but frighteningly common even in advanced products.

Best Practices
Instead of relying heavily on API keys as a sole mechanism, combine those keys with additional approaches such as OAuth 2.0 or mTLS. Implement rigorous expiration and rotation policies to ensure that keys which are made public are only useful for a short amount of time. Consider more advanced approaches, such as IP whitelisting or device fingerprinting, to add another layer of security atop the API key process."

nordicapis.com/9-signs-youre-d

Nordic APIs · 9 Signs You're Doing API Security Wrong | Nordic APIs |API security anti-patterns are common. From overreliance on API keys to a lack of rate limiting to no encryption, we explore the top ones.
#API#APIs#APISecurity
Miguel Afonso Caetano

"The accompanying diagram is intended to help you quickly decide how to document an API, but particularly a REST API. The first split is just to make sure you are looking for the right kind of API.

Here is some more context to help you decide on an approach and get started."

gist.github.com/briandominick/

GistAPI Documentation Decision MatrixAPI Documentation Decision Matrix. GitHub Gist: instantly share code, notes, and snippets.
#API#APIs#APIDesign
Miguel Afonso Caetano

"Getting to this point isn’t unusual. Clients clearly think they’re making the call correctly, or else they would fix the endpoint themselves. Some misspellings are difficult to catch. The enum USER_RETREIVE may not be noticed from USER_RETRIEVE, especially if picking it from a list. Misspellings happen and they’re not always caught before making it to the contract. As an aside, that’s why it’s important writers routinely check development’s changes. This applies, too, to our testing calls in Postman, where manually entering endpoints and values are more pervasive.

The reason this isn’t caught is simple: We’re not expecting it.

For our testing, the call is made and we get results. We may even spot check some of them. But generally, results aren’t examined that closely. For instance, how often do you so carefully examine a returned list of 50 or 100 items? You check may check that the objects are complete but not that the list conforms to the search criteria.

The reason this happens is because of an intentional behavior on the server. This behavior is called Lenient Handling or Strict Handling."

robertdelwood.medium.com/under

Medium · Understanding Query Parameter Handling in REST CallsBy Robert Delwood
#APIs#RESTAPIs#Rest
TrendingLive feeds
About