As a software developer today it is pretty difficult to avoid working with HTTP in some capacity. There also seems to be a growing desire among developers to get a deeper understanding of the protocol. Recently Glenn Block and I decided it might be interesting to do a online Q&A about HTTP and try and answer developer […]
I’ve been reading IETF specifications for a number of years now and I find them fairly pleasant to read. But I remember when I started there were a whole bunch of huh!? moments. Since then I have learned many of the conventions and developed a few tricks that make the process easier. I was just […]
Yesterday, I had a thought. It didn’t fit into a tweet so wrote a few paragraphs. I was very pleased with myself, finally getting round to writing again after a few months off. That was, until two different people who I respect highly, told me I was wrong. That part sucked. Who Can Do This For […]
Several months ago I wrote a post called Where, oh where, does the API key go? I encouraged API providers to allow consumers to put the API Key in the Authorization header to help avoid accidental disclosure of keys via things like web server logs. I recently bumped into a way that anyone can harvest hundreds […]
Yesterday on twitter I made a comment criticizing the practice of putting an API key in a query string parameter. I was surprised by the amount of attention it got and there were a number of responses questioning the significance of my objection. Rather than try and reply in 140 character chunks, I decided a blog post […]