Hacking SaaS #6 - Leveling up our APIs
APIs are core to the SaaS ecosystem, let's learn how to make them extensible, fast and secure.
Last week, the OpenAPI Specification conference took place. They still didn’t upload all the talks to YouTube, but there are slides for some of the talks. “Don’t Break My API” is particularly interesting (pdf). When a SaaS business depends on public APIs, compatibility is as important as SLAs and the talk introduced me to the new concept of API Pacts as a way to maintain compatibility. You can read more about it on the pragmatist blog.
While exploring the topic, I also ran into a video on API lifecycle and extensibility. Watch it for the world’s greatest introduction, and stay for good API advice.
If you need to break compatibility, there are two standard solutions and a less standard solution and they have some tradeoffs. If you are curious, Stripe went with the custom header approach.
With public APIs, security becomes a serious concern. The list of top 10 API security mistakes may help you avoid a few.
Next week we have an API Security expert as a guest on the SaaS developer channel. If you have questions about API security, leave a comment or ask on our Slack.
Last week on the SaaS YouTube we discussed options for introducing access control to our SaaS products. We from the basic and familiar role-based access to special cases such as geography-based access, and how to introduce consistent access policies in a micro services architecture (spoiler: as close to the DB as possible).
For fun and inspiration - a website that curates screenshots from SaaS products.
If you have not seen it yet, AWS has a Building SaaS on AWS playlist with a lot of good advice for those building their SaaS on AWS.
Some nice resources here, thank you