API Brief #10: API Perspectives, GraphQL vs REST API Design Best Practices, API penetration testing checklist

To begin, we have Kin Lane’s article on API Perspectives this week, which discusses: “I am endlessly fascinated in hearing the stories of the API space from across these perspectives.” Reaching and influencing across this spectrum takes a lot of work.

Continue with a read about GraphQL vs. REST API Design Best Practices For LongRunning Operations by Jens Nuese.

And to finish off this API brief, we have another interesting read about API penetration testing. There is no single checklist for performing API penetration testing, as the process will vary depending on the specific API and its security vulnerabilities. However, there are some common steps that should be included in any API penetration testing process.


API Perspectives

We have a detailed article by API Perspectives Kin Lane talks about – I enjoy a privileged perspective of the world of APIs. It has been one that I have carefully crafted over a decade in the space. There are many, many opinions and so much dogma baked into these vantage points. Reaching and influencing across this spectrum takes a lot of work. I am not saying these perspective are right or wrong, I am just saying that we need to consider the spectrum of perspectives that exist, and increasingly have conversations that are multi-perspective if we are going to move things forward at scale.

GraphQL vs REST API Design Best Practices

An interesting piece this week by GraphQL vs REST API Design Best Practices Jens Nuese from Wundergraph 🚀 blogged on – GraphQL can be used for long-running operations. A GraphQL Schema makes it easier to reason about such operations. The REST approach on the other hand is a lot easier to implement. WunderGraph makes using APIs as easy as possible, highly secure and performant.

API penetration testing checklist

A fascinating article this week by API Mike on API penetration testing. API penetration is the process of testing the security of an API by attempting to exploit vulnerabilities in it. You want to find any security flaws that could be used by hackers and fix them before they can be used. This is the goal of API penetration testing.

Complete HTTP response codes


A weekly dosage of API Security briefs to help you stay up-to-date.

Protect your API with the latest security news, updates, and events. Subscribe to our API newsletter

More briefs: