recentpopularlog in


« earlier   
GraphQL at Twitter
First, they measure query complexity. They assign a "score" (some point value) to each field, and calculate the total cost of a query. The total cost is the complexity of a query, and is calculated before execution. They then limit queries to some maximum complexity, and reject queries that are too costly.

Twitter also uses query depth measurement, which simply calculates the height of a query. For example, they could reject queries that goes further than 10 fields deep.

They don't allow arbitrary queries. All queries must be uploaded and stored ahead of time and exchanged for a unique key:

POST /graphql/eyBuaWNlIHsgdHJ5IH0gfQ
These are called stored operations or persisted queries. This protects against attackers exploring the GraphQL API or running introspection queries against it to find out what data is available or looking for vulnerabilities.
graphql  Twitter  APIs 
2 days ago by earth2marsh
JSON-HAL and JSON-LD are pretty popular formats for desiging APIs. They both have their merits, but they aren’t compatible with each other. However, with some additions, we can turn JSON-HAL into valid JSON-LD, without changing any of the original keys.
3 days ago by AnthonyBaker
api - Hyphen, underscore, or camelCase as word delimiter in URIs? - Stack Overflow
"You should use hyphens in a crawlable web application URL. Why? Because the hyphen separates words (so that a search engine can index the individual words), and is not a word character. Underscore is a word character, meaning it should be considered part of a word.

Double-click this in Chrome: camelCase
Double-click this in Chrome: under_score
Double-click this in Chrome: hyphen-ated

See how Chrome (I hear Google makes a search engine too) only thinks one of those is two words?

camelCase and underscore also require the user to use the shift key, whereas hyphenated does not.

So if you should use hyphens in a crawlable web application, why would you bother doing something different in an intranet application? One less thing to remember."
casing  delimiters  apis  design  Style 
3 days ago by earth2marsh
Staying on Top of Changes in GraphQL | GitHub Developer Guide
"Staying on Top of Changes in GraphQL
May 3, 2018 xuorig
To provide a more seamless experience we prefer to continuously evolve our schemas rather than using API versioning. Continuous evolution allows us to iterate faster and provide our integrators with new schema members more often. We do our best to avoid breaking changes, but sometimes it's necessary to offer an unversioned API.

We strive to provide the most stable APIs to our integrators and to provide transparency about new developments. This is why we recently shipped the brand new Breaking Changes page, which announces future breaking changes to our GraphQL schema.

Internally, our engineers mark certain schema members as deprecated using a Ruby API on top of the graphql-ruby gem. Using the changes metadata provided by our engineers, we automatically compute removal dates and generate this breaking changes page, meaning you'll always get up to date information."
github  graphql  versioning  schemas  apis  omgwtf 
5 days ago by earth2marsh
Breaking Changes | GitHub Developer Guide
"Breaking changes are any changes that might require action from our integrators. We divide these changes into two categories:

Breaking: Changes that will break existing queries to the GraphQL API. For example, removing a field would be a breaking change.
Dangerous: Changes that won't break existing queries but could affect the runtime behavior of clients. Adding an enum value is an example of a dangerous change.
We strive to provide stable APIs for our integrators. When a new feature is still evolving, we release it behind a schema preview.

We'll announce upcoming breaking changes at least three months before making changes to the GraphQL schema, to give integrators time to make the necessary adjustments. Changes go into effect on the first day of a quarter (January 1st, April 1st, July 1st, or October 1st). For example, if we announce a change on January 15th, it will be made on July 1st."
github  changes  apis  breaking  versioning  graphql  omgwtf 
5 days ago by earth2marsh
GraphQL Best Practices | GraphQL
While there's nothing that prevents a GraphQL service from being versioned just like any other REST API, GraphQL takes a strong opinion on avoiding versioning by providing the tools for the continuous evolution of a GraphQL schema.

Why do most APIs version? When there's limited control over the data that's returned from an API endpoint, any change can be considered a breaking change, and breaking changes require a new version. If adding new features to an API requires a new version, then a tradeoff emerges between releasing often and having many incremental versions versus the understandability and maintainability of the API.

In contrast, GraphQL only returns the data that's explicitly requested, so new capabilities can be added via new types and new fields on those types without creating a breaking change. This has lead to a common practice of always avoiding breaking changes and serving a versionless API."
versioning  apis  graphql  schemas 
5 days ago by earth2marsh
Getting Specific About APIs - Phil Sturgeon
API City 2018"
Nice overview from Phil about WeWork's process
apis  presentation  workflow  openapi  schemas  tools 
6 days ago by earth2marsh
Frisby.js Overview · Frisby
"Frisby makes REST API testing easy, fast, and fun. Frisby.js comes loaded with many built-in tools for the most common things you need to test for to ensure your REST API is working as it should, and returning the correct properties, values, and types.
When you need something custom, Frisby.js also provides an easy way to customize and extend assertions to make your job easier, with less repetitive and tedious code.
apis  testing 
6 days ago by earth2marsh
Sandbox - Quickly create REST API and SOAP mock web services
"Accelerate application development
Quick and easy mock RESTful API and SOAP webservices. Generate from API definitions,
instant deploy, collaborative build, and debugging tools for integration.
apis  design  mocking  testing 
6 days ago by earth2marsh Beta
"RestPoint is a powerful prototyping technology to build and deploy REST API's with backend DB's, in the cloud, using a web browser, in minutes.

Use RestPoint to experiment and test drive API's, plug in real data, share API's with others to get feedback, all before final sign off to production."
mocking  apis  design  tools  SaaS  service  visual 
6 days ago by earth2marsh
Rapido API designer
"Rapido is an API Academy tool that lets your rapidly sketch an API design."
apis  design  tools  visual  editor 
6 days ago by earth2marsh
Node-based API mocking that can run in proxies
apis  mocking  tools 
6 days ago by earth2marsh
stoplightio/prism: Turn any OAS (Swagger 2) file into an API server with mocking, transformations, validations, and more.
"The perfect OAS (Swagger 2) companion. Turn any OAS file into an API server with dynamic mocking, transformations, validations, and more."
apis  openapi  mocking  tools 
6 days ago by earth2marsh
danielgtaylor/apisprout: Lightweight, blazing fast, cross-platform OpenAPI 3 mock server with validation
"A simple, quick, cross-platform API mock server that returns examples specified in an API description document. Features include:

OpenAPI 3.x support
Load from a URL or local file
Accept header content negotiation
Example: Accept: application/*
Prefer header to select response to test specific cases
Example: Prefer: status=409
Server name validation (enabled with --validate-server)
Request parameter & body validation (enabled with --validate-request)
Configuration via:
Files (/etc/apisprout/config.json|yaml)
Environment (prefixed with SPROUT_, e.g. SPROUT_VALIDATE_SERVER)
Commandline flags"
apis  mocking  tools  openapi 
6 days ago by earth2marsh
Getting Specific About APIs
Client-side validation
Server-side validation
Client-library Generation (SDKs)
UI Generation
Server/Application generation
Mock servers
Contract testing"
From Phil Sturgeon
apis  design  contracts  openapi  docs  benetits  cicd  presentation 
6 days ago by earth2marsh
Mike Amundsen tweetstorm
recaps the gist from the important chapters of Fielding's Thesis, mentions where GraphQl fits (and doesn't), and contrasts REST in the wider landscape of message exchange patterns. Fielding, himself, even pops in to clarify a point
apis  design  rest  graphql 
6 days ago by earth2marsh
HTTP Caching - Client and Network Caching with RFC 7234 - YouTube
Learn how to skip making requests that you may not need to make, so you can avoid wasting time and energy processing uneccessary requests.
@philsturgeon  apis  presentation 
6 days ago by AnthonyBaker

Copy this bookmark:

to read