Tag Archives: API

It’s that time of year… when people think about exchanging JWT for opaque tokens

Yes, it’s that time of year when people think about RFC7523, which describes how to exchange JWT for opaque OAuth tokens. Right? If you’re like me, the waves of acronyms, jargon, and IETF RFCs (see what I did there?) seem to never end. OAuth, JWT, RFC 7523, JTI, … Continue reading »


Developer , , , ,

Bryan Kirshner on Passing the Digital Strategy Laugh Test

Bryan Kirschner of Apigee on what it takes for a CEO to pass the laugh test when it comes to digital strategy. He proposes a handful of metrics that CEOs should be managing; and says that observers should judge CEOs on their progress on these metrics. Makes a … Continue reading »


Strategy ,

restclient.el – sending API Requests directly from within Emacs

Hey, something new! (to me!) the restclient.el library, for emacs. I tried it. I like it. I recommend it. What does it do? Allows you to send REST requests (really just http requests) right from emacs, interactively. And then pretty-prints the results if possible (if XML or JSON … Continue reading »


Developer , ,

Webinar on OpenID Connect and JWT in Apigee Edge, featuring yours truly

Here’s the replay of the Webinar, on OpenID Connect and JWT that I did with Vinit Mehta a week ago or so. It’s about 45 minutes long. If you have questions, you can post them to The Apigee Community


Developer , ,

Pre-request script for Postman, to calculate HttpSignature

If you do REST, you probably have a favorite REST client testing tool. Mine is Postman, a Google Chrome app. Postman has a nifty feature called Pre-request scripts, which allows you to write some Javascript code that performs a calculation and then reads and writes the “environment” object … Continue reading »


Developer , , ,

Online calculator for SHA and HMAC-SHA

Here’s a thing I built. It’s just a webpage that calculates SHA-(1,224,256,384,512) and HMAC with the same algorithms. I was using this to help with building a system that relies on HttpSignature. Developers need some help in constructing and validating their HMACs and SHAs.


Developer , ,

The spec formerly known as Swagger is now OpenAPI

Swagger has been renamed! Three weeks ago. I didn’t realize this, and (forgive me) I’ve been continuing to use the term “swagger” when I really should have been using “OpenAPI”, in the time since. Helpfully, Marsh, an esteemed colleague of mine, has produced a slackbot to remind me … Continue reading »


Quickies , , , ,

RESTful is hardly harmful.

A provocative essay came up on Hacker News today, entitled RESTful considered harmful. The summary of the essay: JSON is bloated in comparison to protobufs and similar binary protocols There are no interface contracts or data schema HATEOAS doesn’t work No direct support for batching, paging, sorting, etc … Continue reading »


Architecture , , ,

Chrysler is Internet-enabling your car as a way to accelerate death

From the holy-shit-how-did-they-not-test-this department, Fox News tells us that it is possible for hackers to seize control of a moving Chrysler automobile, fiddle with the radio, turning on the windshield wipers, or more ominously, controlling the transmission and the brakes. Considering the source (Fox Newsertainment), I am unsure … Continue reading »


Quickies , , ,

Naïve Data analysis leads to incorrect conclusions – WWII Bomber Plane edition

Here’s a good story showing us how focusing on the data we have in front of us may lead us to incorrect conclusions. The summary is this: In World War II, Allied bomber command undertook an analysis effort to determine how to optimally reinforce bomber planes to protect … Continue reading »


Developer , , ,