Is Your API Secure?
API Security is one of those things that isn't a problem until it is. Also in this newsletter: an http client for Go, JSON streaming in OpenAPI3.2, API Days London, HTTP Golden Girls, and Node HTTP Servers on CloudFlare workers.
In case you missed it, BobDaHacker shared how they hacked Burger King and found serious flaws in their API. These flaws allowed them to create new store locations, orders, and access audio recordings from drive-thrus. The lack of security and good practices here was frightening. Unfortunately, the blog has been taken down, and even the Wayback Machine entry is gone. The last time I checked, this backup still worked. The hack revealed an absolute dystopian nightmare. If you're going to store a recording of every drive-through, you should at very least make sure it's secure π€ͺ.
-- Alexander
The fastest way to build production-ready MCP servers
Gram by Speakeasy: turn your API platform into an AI platform. Create tools from OpenAPI, curate into custom toolsets, and deploy hosted MCP servers
Get started todayThe API Roundup
API News, links, and tools from around the web
HTTP Golden Girls
There are numerous HTTP status codes, making it challenging to recall them all without reference. Instead of reading from a boring list, you can now enjoy a Golden Girls themed status code list. My favourite has to be the multi-status.
Terminal-Based OpenAPI Spec Viewer
If you're one of those developers who love doing everything in their terminal, then you'll love this terminal OpenAPI spec viewer. Works with OpenAPI 3.0 and 3.1, supporting both YAML and JSON formats. Definitely worth a look.
Surf - Advanced HTTP Client for Go
A new HTTP client library whose logo is a gopher wearing a Batman-style costume. If that is not a reason to rewrite your whole project with it, I don't know what is. Surg comes with HTTP/3 support, middleware setup, API automation and more.
Express OpenAPI Validator
A new version of the Express OpenAPI Validator was released last week. Drop in your OpenAIP spec and validate all requests and responses. Supports Express 4 and 5, NextJS, Koa and Fastify. Check out their release docs for all the updates.
Bringing Node.js HTTP servers to Cloudflare Workers
Cloudflare has been working diligently to bring the Node HTTP server to Cloudflare Workers. You can now run Express, Koa and other Node applications right on workers without cold starts. Cloudflare runs through the challenges of bringing over Node HTTP Server APIs and how to get your Node applications up and running.
APIs You Won't Hate
The latest from the team at API's You Won't Hate.
JSON Streaming in OpenAPI v3.2
JSON Streaming is coming to OpenAPI v3.2. Phil walks you through how streaming works in the OpenAPI spec. If you're unsure what JSON Streaming actually is, don't worry, Phil has got you covered with a handy intro.
Streaming Data with REST APIs
Want to know how actually to stream JSON? Now that the OpenAPI spec can describe JSON Streaming, Phil shows you how to do it, as well as giving details on why it is RESTful, along with design considerations.
From our Community
Articles written and shared in our free Slack community.
API Days London
The amazing Lorna Mitchell dropped a message in our Slack to remind us that API Days is taking place in London from September 22nd to 24th. If you're interested in socialising with people from our group outside the conference, please visit our Slack community for more information.
Support APIs You Won't Hate
When you become an member, you'll get access to members-only content while directly supporting our work. Your support helps us to keep making resources for the API community.
Become a member todaySpecial thanks to Jeremy Hynes on Unsplash for theπ¦ used in our cover image this week!
Thanks so much to our members: Kin L, Juxt, Alex R, Nolan S, Frank, James D, Rich, Ryan T, and Umair. Your support means the world to us!
βοΈ Until next time,
Alexander, Phil & Mike
