CORS Explained Without Cargo Culting
A practical guide to CORS for builders: origins, preflights, credentials, common browser errors, and the server configs that actually fix them without opening your API to the world.
devsecurityweb
Posts tagged “api”
Tiny explainers grouped by topic. Spend less time Googling, more time building.
OpenAPI Done Right — contracts, not just docs
Practical patterns for rock‑solid APIs: spec styleguide, reusable components, Problem Details errors, auth & versioning, pagination, idempotency, testing, and CI gates. Includes a copy‑paste 3.1 template.
devapiopenapi
Rate Limiting Strategies — windows, buckets, and distributed guards
Fixed/sliding windows, token & leaky buckets, GCRA, and real-world implementations (Redis, NGINX, Envoy). Covers headers, bursts, backoff, multi‑DC, and tuning.
devapireliability
Google Ads API — the essentials (tiny playbook)
Developer token + OAuth, account hierarchy (manager vs customer), GAQL for reporting, safe mutations with validate_only/partial_failure, quotas, and offline conversions.
devapiads
API Versioning Strategies — pick one and stick to it
What counts as a breaking change, URL vs header versions, deprecation signals, and how to evolve APIs without breaking clients. With routing and policy snippets you can paste today.
devapidesign
A Practical Guide to API Error Handling
Status codes you should actually use, consistent error shapes (Problem Details, JSend), and production‑ready logging/observability—so clients get clear signals and you get actionable telemetry.
devapihttp
The OAuth2 Flow, Decoded — roles, tokens, and the PKCE dance
A simple, diagram-first walkthrough of OAuth 2’s Authorization Code + PKCE flow—who does what (client, resource owner, authorization server, resource server), how the redirects work, and where tokens live.
devsecurityoauth
What is an API Gateway? — and why you might need one
A simple explainer of API gateways—how they centralize auth, rate limiting, routing, and observability—and when to adopt one versus calling services directly.
devapigateway
REST vs GraphQL vs gRPC — which one should you ship?
A quick, practical guide to choosing between REST, GraphQL, and gRPC for new and existing services.
devapibackend