When discussing modern API security, developers frequently conflate terms like bearer token and JSON Web Token (JWT). This semantic confusion around access tokens often masks a critical architectural distinction. A bearer token specifies the transmission mechanism, while a JWT defines a specific, structured data format. But due to the extensive adoption of JWTs, there is ...
#api standards
12 posts
21 May
19 May
API keys often give a false sense of security: it seems like they protect access to APIs. Yet, there are plenty of API key security risks. For one, they’re simply static strings that are often exposed, leaked, and end up helping attackers. As such, leaky API keys are at the heart of many of today’s ...
14 May
The age of AI is well upon us. According to research by Microsoft, 24.7% of the working age population in the Global North is using AI, paired with 14.1% of the Global South. As AI adoption increases, organizations are increasingly finding their minds focused on not just the potential upside of AI, but on the ...
13 May
In February 2026, Peter Steinberger, the creator of OpenClaw, told Lex Fridman that the best tool for agentic AI has been on their desktop for 50 years. According to him, the simple command line interface (CLI) is the ideal tool for working with today’s non-deterministic technologies. The modular architecture of AI, LLMs, and agents require ...
7 Apr
In 2020, software engineer Ivan Velichko published an article titled “API Developers Never REST,” detailing the rise of alternate design strategies that have emerged since Roy Fielding published his dissertation in 2000. Yes, the title is a jokey hook designed to snag eyeballs and attention, but like all good humor, there’s a kernel of truth ...
3 Mar
In years gone by, API specifications and developer portals were created for developers’ eyes only. It wasn’t unusual for them to include the occasional joke or pop culture reference, or omit context that any qualified API consumer would easily be able to infer. While the introduction of standards like OpenAPI has already systematized and sanitized ...
20 Jan
Model Context Protocol (MCP) had a banner year in 2025. Since MCP was first released in November 2024, the protocol has exploded with thousands of public MCP servers and millions of monthly SDK downloads. Everyone from Microsoft to Google has adopted MCP in their quest for agentic AI. However, right when MCP was celebrating its ...
1 Jan
In the last few months, multiple vendors across the agentic ecosystem have independently embraced a similar pattern referred to as code mode. Instead of thinking of Model Context Protocol (MCP) solely as a protocol for issuing JSON-RPC tool calls, the code mode pattern treats MCP schemas as a foundation for generating typed client libraries that ...
10 Dec 2025
Choosing the right architectural style isn’t just a technical detail — it’s critical to the success of your API and every application that relies on it. The architecture determines how easily developers can understand and integrate your API, profoundly impacting their experience. It dictates how clients and servers communicate, directly affecting application efficiency, performance, and ...
9 Dec 2025
The tech space is often overly concerned with the new and flashy — it seems like every day, there is a new product release, a new iteration, some big new thing that secures headlines and coverage. But the reality is that there is a whole world of old protocols that are not only alive — ...
26 Nov 2025
A cybersecurity system is only as secure as its weakest link. Consumers and developers likely had no reason to doubt the security of a fintech API used by most of the largest banks in the world, official financial institutions, and the majority of the most widely used financial software and services on the market. Unfortunately, ...
15 Oct 2025
Healthcare systems worldwide are navigating a complex landscape, challenged by rising patient expectations, soaring operational costs, shortages of medical staff, strict compliance requirements, and the need to manage vast amounts of sensitive data. In this environment, digital transformation is essential to stop accepting what’s broken and start building what works. A pivotal standard driving transformation ...