HTTP Traffic vs OpenAPI

Akita will shut down in March after being acquired by Postman last year and moving to Postman Insights. Optic, another HTTP traffic monitoring tool, was recently acquired by Atlassian.

These tools provide many features, from building API docs based on traffic to setting standards, detecting changes, etc. Generating docs is the feature I am most interested in. It is a fantastic tool for APIs released without documentation, but will this tool negatively impact the design-driven process?

It's an interesting space to watch as these tools grow and more startups keep getting acquired.

-- Alexander

The API Round-Up

API News, links, and tools from around the web

Exploiting McDonald's APIs to Hijack Deliveries and Order Food for a Penny

Ever wanted to order a mountain of McDonald's hash browns for a penny? Vulnerabilities in McDonald's India's McDelivery system allowed for just that. Don't worry; the reporter earned a $240 voucher for reporting the cracks in the API layer.

Generating an API client to call any OpenAPI-described API

Kiota is a generator from Microsoft that allows you to create an API client for any OpenAPI document in the command line. It supports many languages, including C#, CLI, Go, Java, PHP, Python, Ruby, and TypeScript.

Express.js: Triumphs of 2024 and an Ambitious 2025

Everything old is new again. Partially driven, I think, by a fresh injection of energy into the Node ecosystem and more modern frameworks like Hono, Express is working hard at improving itself. A reflection on what the changes in 2024 mean for this extremely popular web framework and where it plans to go.

Flexible and Open Source API Mocking

WireMock is a flexible API mocking tool designed for testing and development. It enables developers to simulate HTTP-based APIs, create stubs, and capture requests, making testing integrations and building reliable applications easier.

Bun 1.2: A Big Step Forward for the Fast JS/TS Runtime

Alex, why are you mentioning a JS runtime in an API newsletter? We don't care about JavaScript. The new Bun release comes with some interesting improvements for building server-side applications, including implementing the S3 API. Its upload is much faster than Node's, so building APIs that deal with files just got faster.

Streamline Your Workflow with Swift OpenAPI Generator

Swift OpenAPI Generator took centre stage at Swift Connection, showcasing how it eliminates tedious networking code through automated, type-safe implementations. Swift and OpenAPI write network code so you can focus on business logic and great UX.

Speakeasy: Build APIs Your Users Love

Your API deserves a great developer experience. Get one by using Speakeasy to generate idiomatic, type-safe SDKs from OpenAPI

Start Generating

APIs You Won't Hate

The latest from the team at API's You Won't Hate.

🎙️ Rails APIs & Clickfunnels, with Rich Stone

In the latest episode of the podcast, Phil & Mike sit down with community member Rich Steinmetz to talk about Clickfunnels, its API surfaces, and what it's like to build a developer product with Ruby on Rails and BulletTrain.

API Design Basics: Security

Phil walks us through some key principles for securing APIs, covering key topics such as secrets in URLs, validation, designing with the least privilege, and more. Phil also helps you get on top of this early by recommending rulesets for validating your OpenAPI.

From our Community

Articles written and shared in our free Slack community.

API Design on Reddit

Phil shared another API community in our Slack group this week, which focuses on API Design. It's another place to share your own content and get inspiration from others on all things API.

Thanks so much to our members: Kin L, Juxt, Alex R, Nolan S, Frank, James D, Bill D, Rich, and Umair. Your support means the world to us!

Until next time,
Alexander, Phil & Mike