API Rant: You Call THAT Authentication?

This is a slight departure from my usual rants, but only because authentication has occupied too much of my damn time this week. Many years ago, we wrote a White Paper on OAuth with the team at OAuth.io who includes the amazing crew behind the APIdays events. It was called "The Standard That Isn’t." We almost called it the 57 Flavors of Authentication, but we thought we might get sued. Still better than 50 Shades of Authenticattion. Our position was that there were LOTS of REALLY ANNOYING problems with OAuth that made handling API authentication painful. You’d have thought that [...]

By |2020-11-16T09:33:53-08:00November 16th, 2020|Rants|0 Comments

API Rants – Trust but verify

There is an idiom in English, “you don’t let the foxes guard the hen house.” I’m not sure how well it translates, but the meaning is simple – don't have people or things who can’t necessarily be trusted to do things requiring trust. This was essentially the sub-theme of my first API Rant where I opined that the monitoring industry was becoming quite self-serving. But it’s a topic to explore in more detail because it’s come back and annoyed me again during a conversation with one of the API industries top vendors. Me: (Explaining what we do and why people use [...]

By |2020-09-18T08:36:33-07:00September 15th, 2020|Rants|0 Comments

API Rant: Begging the question…

API Rant... For this week's API rant, a little story from history. When I was a kid, back when telephones were a thing in the hallway, my friends would phone up and say, “is David there?” My father, who, as the man who controlled the phone would sometimes reply, “yes.” And put the phone down.As he would explain to anybody who cared, the correct question is, “may I speak to David.”What does this have to do with APIs you may ask? Well, let me tell you.A discussion this week with @kin lane revealed an interesting conversational and business problem lurking [...]

By |2020-09-02T11:37:14-07:00September 2nd, 2020|Rants|0 Comments

API Rant: TTFB – This is not the metric you are looking for

TTFB – This Isn’t The Metric You’re Looking ForTTFB (Time to First Byte) is a metric used by Open Banking UK, and was originally defined by the Open Banking Implementation Entity. The trouble is, it’s also something of an example of Goodhart’s Law which is hugely problematic for monitoring.Essentially Goodhart states: Any observed statistical regularity will tend to collapse once pressure is placed upon it for control purposes. Goodhart's Law - Wikipedia So, harkening back to my previous comments about how self-serving the monitoring industry is, if you define a metric, then you’re defining something somebody can game if you don’t pay [...]

By |2020-08-20T17:01:59-07:00August 20th, 2020|Rants|0 Comments

API Rant: Test In Prod or Give Up

API Rants: Test in Prod or give up.  This is a public service rant.  For the love of Mike/whatever being is responsible for your monitoring, please monitor your APIs in their production environment!  I had a little rant recently about how I thought the monitoring industry had become somewhat self-serving— now I’m going to shift to something that isn’t the fault of the monitoring industry but is a HUGE problem in the Open Finance sector.  Monitoring Production Systems  You release a software service. Own it. Period. We can go home now.  What’s that?   Group risk and security won’t let you monitor a real account?   Then give up, you’ve failed before you’ve even [...]

By |2020-08-05T09:06:51-07:00August 3rd, 2020|Rants|0 Comments

API Rants: We Need To Talk…

Hi Monitoring Industry. We need to talk.... It’s not me- it's you. I first wrote a riff on this a couple of years ago, but chickened out of posting it. “Too controversial”, I thought. “I'm sure people get it”, I thought. My apologies. I should have screamed it from the rooftops. Here we are in 2020. APIs have become more and more important, —especially in Financial Services. And I’m more convinced than ever that, not only aren’t people getting it, but the entire industry is enabling people to do it wrong. I was looking back at old articles on LinkedIn I’ve written. This one - “Face it, you don’t want to know when things don’t work” - from April 2018 is as true today as it was [...]

By |2020-07-21T13:28:21-07:00July 21st, 2020|Rants|0 Comments