Meeting with asshole partner company CEO at restaurant.

Me: "I'm a bit worried about the bugs in your API. There are some ways to retrieve privacy sensitive info from public endpoints"

CEO: "Well, we're a rapidly growing startup!"

Me: "Uh... so?"

CEO: "So... Move Fast and Break Things! Priority is to improve our API further, and we'll fix bugs as they show up"

Me: "Maybe you should stop trying to emulate Zuckerberg in your management style. You know that even Facebook themselves admitted that their slogan was a retarded mistake"

Waiter shows up at table. CEO orders some overly expensive fish salad.

CEO: "Well, they have done something right... they're worth billions"

Waiter asks me: "And you sir, have you made your choice?"

Me: "Do you serve popcorn?"

CEO: "Popcorn for lunch?"

Me: "No, for your congressional hearing"

So, you start with a PHP website.

Nah, no hating on PHP here, this is not about language design or performance or strict type systems...

This is about architecture.

No backend web framework, just "plain PHP".

Well, I can deal with that. As long as there is some consistency, I wouldn't even mind maintaining a PHP4 site with Y2K-era HTML4 and zero Javascript.

That sounds like fucking paradise to me right now. 😍

But no, of course it was updated to PHP7, using Laravel, and a main.js file was created. GREAT.... right? Yes. Sure. Totally cool. Gotta stay with the times. But there's still remnants of that ancient framework-less website underneath. So we enter an era of Laravel + Blade templates, with a little sprinkle of raw imported PHP files here and there.

Fine. Ancient PHP + Laravel + Blade + main.js + bootstrap.css. Whatever. I can still handle this. 🤨

But then the Frontend hipsters swoosh back their shawls, sip from their caramel lattes, and start whining: "We want React! We want SPA! No more BootstrapCSS, we're going to launch our own suite of SASS styles! IT'S BETTER".

OK, so we create REST endpoints, and the little monkeys who spend their time animating spinners to cover up all the XHR fuckups are satisfied. But they only care about the top most visited pages, so we ALSO need to keep our Blade templated HTML. We now have about 200 SPA/REST routes, and about 350 classic PHP/Blade pages.

So we enter the Era of Ancient PHP + Laravel + Blade + main.js + bootstrap.css + hipster.sass + REST + React + SPA 😑

Now the Backend grizzlies wake from their hibernation, growling: We have nearly 25 million lines of PHP! Monoliths are evil! Did you know Netflix uses microservices? If we break everything into tiny chunks of code, all our problems will be solved! Let's use DDD! Let's use messaging pipelines! Let's use caching! Let's use big data! Let's use search indexes!... Good right? Sure. Whatever.

OK, so we enter the Era of Ancient PHP + Laravel + Blade + main.js + bootstrap.css + hipster.sass + REST + React + SPA + Redis + RabbitMQ + Cassandra + Elastic 😫

Our monolith starts pooping out little microservices. Some polished pieces turn into pretty little gems... but the obese monolith keeps swelling as well, while simultaneously pooping out more and more little ugly turds at an ever faster rate.

Management rushes in: "Forget about frontend and microservices! We need a desktop app! We need mobile apps! I read in a magazine that the era of the web is over!"

OK, so we enter the Era of Ancient PHP + Laravel + Blade + main.js + bootstrap.css + hipster.sass + REST + GraphQL + React + SPA + Redis + RabbitMQ + Google pub/sub + Neo4J + Cassandra + Elastic + UWP + Android + iOS 😠

"Do you have a monolith or microservices" -- "Yes"

"Which database do you use" -- "Yes"

"Which API standard do you follow" -- "Yes"

"Do you use a CI/building service?" -- "Yes, 3"

"Which Laravel version do you use?" -- "Nine" -- "What, Laravel 9, that isn't even out yet?" -- "No, nine different versions, depends on the services"

"Besides PHP, do you use any Python, Ruby, NodeJS, C#, Golang, or Java?" -- "Not OR, AND. So that's a yes. And bash. Oh and Perl. Oh... and a bit of LUA I think?"

2% of pages are still served by raw, framework-less PHP.

I always like to approach a new coding project by concentrating on the data model first. I've seen a lot of projects built on extremely convoluted database structures and it really hurts because it makes it hard to add new features to the project.

So I look at the requirements of the new project and try to come up with a basic data model. Then I like to think about what logical future additions to the project could be. And using those, I try to see if the data model is flexible enough to be able to handle those additions fairly easily or if complex migrations or hacks would be needed to account for new use cases and features.

I think once you have a solid data structure and database technology, planning out an API or rest of the software is pretty straight forward. I like to create reusable pieces of middleware early on in the project which makes it easy to apply consistent functionality with ease to different API endpoints.

What the fuck!? Did you just fucking say you don't want to discuss API endpoints with me because I'm just a frontend developer? Get the fuck down from your imaginary backend throne and talk to me like the software engineer that I am. That's right, I'm a software engineer too, you fucking asshole. Just because you do backend and I do frontend doesn't mean you can talk down to me. And I swear that the next time you say you made all the work and I just have to "style it" I'll just leave. You can "style it" yourself.

We used to do this more often - but to kind of bring it back - what is everyone working on this weekend?

I’m working on some new API endpoints for the awesome new devRant web version that @trogus made that we’re releasing soon.

Share your weekend project!

Guys i guess i did it.. more than a year ago i started developing an API.. every admin of it could create new endpoints through the webui.. for rach endpoint you can create an own auth system.. a local company just fucking bought my shit.. a fucking simple API for 12k€.. im kinda proud now because i am only 18

tl;dr: spent 12 hours creating an api for a job interview challenge. Got rejected after 4 weeks with no real feedback, and all I can do is rant!

So I was in the interview process with a company that was a great fit for my background.

Got through a couple of phone screens, and was given a coding challenge consisting of writing a web API with a couple of endpoints and a filter function.

I'm like, ok no problem, I happen to have created apis for some mobile apps in the past, and I pick Django rest framework to get the job done.

Implemented it on a Sunday, wrote a medium size Readme.md and some unit tests and submit. Took almost four weeks and a partial resubmission to get a rejection with no specific feedback.

Now I'm shamelessly butthurt and I have nothing else to do but rant! Worse part is I looked back at the code and in my opinion is solid AF, so I put it on my public GitHub cause fuck it!

I applied for a backend job. Somehow i ended up doing frontend. Ok whatever the pay is alright and i dont mind doing js. But then i see the backend team doing absolute horseshit, stacking up overhead and not even fucking documenting the endpoints, i get mad.
And now our sysadmin left so there is no fucking server and i cant run locally because of 9trillion config files (remember the overhead part?) and the pm is nagging me to get the site done WHEN THERE IS NO FUCKING SERVER. WHAT DO YOU WANT FROM ME, SET IT ALL UP AGAIN? THATS NOT MY FUCKING JOB YOU IMBECILE FUCKFACE.

A colleague and I spent a month building a Shopify app that allows merchants to give customers store credit.

Since Shopify's API is so limited, we were forced to augment it's functionality with a Chrome extension.

Now before you go throwing full wine bottles at your screen because of how wrong and disgusting that is, note that Shopify's official documentation recommends 5 different extensions to augment functionality in their admin panel, so as gross as it is, it seems to be the Shopify way...

Today we got a reply from their review team. They won't accept the app because it requires a Chrome extension to work properly and that is a security risk.

Are you fucking kidding me? So I guess Shopify is exempt from their own security standards. Good to know.

Not to mention the plethora of published apps that require a staff account's username and password to be provided in plain text upon setup so it can spoof a login and subsequent requests to undocumented endpoints.

Fuck you and your "security standard" Shopify!

Long story short, I'm unofficially the hacker at our office... Story time!

So I was hired three months ago to work for my current company, and after the three weeks of training I got assigned a project with an architect (who only works on the project very occasionally). I was tasked with revamping and implementing new features for an existing API, some of the code dated back to 2013. (important, keep this in mind)

So at one point I was testing the existing endpoints, because part of the project was automating tests using postman, and I saw something sketchy. So very sketchy. The method I was looking at took a POJO as an argument, extracted the ID of the user from it, looked the user up, and then updated the info of the looked up user with the POJO. So I tried sending a JSON with the info of my user, but the ID of another user. And voila, I overwrote his data.

Once I reported this (which took a while to be taken seriously because I was so new) I found out that this might be useful for sysadmins to have, so it wasn't completely horrible. However, the endpoint required no Auth to use. An anonymous curl request could overwrite any users data.

As this mess unfolded and we notified the higher ups, another architect jumped in to fix the mess and we found that you could also fetch the data of any user by knowing his ID, and overwrite his credit/debit cards. And well, the ID of the users were alphanumerical strings, which I thought would make it harder to abuse, but then realized all the IDs were sequentially generated... Again, these endpoints required no authentication.

So anyways. Panic ensued, systems people at HQ had to work that weekend, two hot fixes had to be delivered, and now they think I'm a hacker... I did go on to discover some other vulnerabilities, but nothing major.

It still amsues me they think I'm a hacker 😂😂 when I know about as much about hacking as the next guy at the office, but anyways, makes for a good story and I laugh every time I hear them call me a hacker. The whole thing was pretty amusing, they supposedly have security audits and QA, but for five years, these massive security holes went undetected... And our client is a massive company in my country... So, let's hope no one found it before I did.

Once I had to do a 'hands on' pair programming session for a position I applied for... Together with the lead dev we would switch coding every 15 minutes It was somewhat of a horror story...

The assignment was to implement an password reset flow, connecting it to the api and then handling the entire password reset flow, in Angular becahs ye know has to be Angular...

After drafting the ui and setting up the click events, I wanted to hookup the api calls, but then it was time to switch around...

The fucktard dev first started to adjust my classmappings to be more in line with his preference, without touching the css classnames... Ok... Micro managing ... Check...

So after breaking the styles, he wrote the fetches to the api endpoints and that was his 15 minutes of shame...

I continued only to find out the endpoints we were using had errors in them and would not return anything workable...

The dev said he'd tested the endpoint before and it worked, but clearly it didn't...

After about an hour of going back and forth trying to get this to work he got a call from a client because server was down (surprise), he excused himself and had to prioritize on this, running out and leaving me there for the remaining morning ...

I just sat there waiting for the HR checkout talk, only to lean towards rejecting the position...

Fucking waste of time, and in the end the feedback was they doubted MY TECHNICAL SKILLS ... And wouldn't make me an offer 😂👍 nice story bro...

K THX BAI!

Turns out our backend is doing calls to frontend endpoints ... great!

Yesterday I received the API documentation from an external company. Over half of the endpoints are either wrong or send invalid data and even the given test requests are fucking failing.
It's a nightmare. We have to finish a website until friday and that company did nothing for 2 months and now we have 2 days left.
The sheer incompetence is too damn high.
My boss said it would have been much better if we had implemented the API on our own. Damn right.

Auth Endpoint:

user name and password correct:
- response 200: with session key and profile info
user name and password incorrect:
- response 200: blank

smh

Guessing endpoints. My favorite game.

Perfect job is when sandbox and production api endpoints works the same.

Fuck all api endpoints where their sandbox works differently than the production.

Fuck all those error messages that appear only in production, despite faithfully following the documentations.

Fuck the gateways where their sandbox is more stable than the production.

Fuck the endpoints whose api parameters differ in what they accept between sandbox and production.

Fuck those manuals that does not document these diferrences.

Fuck those developers and support team who don't know how to support integrators. They don't even know how their apis work!

"There is a problem in your selection of --ifconfig endpoints [local=10.8.0.40, remote=255.255.255.252]. The local and remote VPN endpoints must exist within the same 255.255.255.252 subnet. This is a limitation of --dev tun when used with the TAP-WIN32 driver."

WORKS PERFECTLY FINE ON MY ANDROID, AND ALL OF MY LINUX MACHINES!! Yet WanBLowS apparently needs special treatment again. AND WHAT FOR, HUH?!!! Motherfucking piece of fucking trash!!!

We got DDoS attacked by some spam bot crawler thing.

Higher ups called a meeting so that one of our seniors could present ways to mitigate these attacks.

- If a custom, "obscure" header is missing (from api endpoints), send back a basic HTTP challenge. Deny all credentials.

- Some basic implementation of rate limiting on the web server

We can't implement DDoS protection at the network level because "we don't even have the new load balancer yet and we've been waiting on that for what... Two years now?" (See: spineless managers don't make the lazy network guys do anything)

So now we implement security through obscurity and DDoS protection... Using the very same machines that are supposed to be protected from DDoS attacks.

So we ordered a piece of software from external software house becouse I was low on time and we needed it asap.

So. Long story short, their software was bugged as hell, they deny all the bugs and they have their BDD that they done and anything we say about it like "feature XYZ is broken on firefox" they will deny it "becouse it wasn't on BDD" or "let's get on call" (in which +- 6-7 people participate from their side and we of course have to pay them for this...)

So they fixed like 20% of bugs (mostly trivials/minors) Application is fairly small scope. You have integration with like 3 endpoints on arbitary API, user registration/login, few things to do in database (mainly math running from cron).

They done it in ASP so I don't know the language and enviroment so can't just fix it myself.

2 days ago (monday) they annoyed me to point where I just started to break things. For starters I found that every numeric input is vunrable to integer overflow (which is blocker). I figured most of fields are purefect opportunity to XSS (but I didn't bother to do JS... anything but not JS...). I figured I can embed into my name/surname/phone (none validated) anything in HTML...

So for now we have around 25 bugs, around 15 of them are blockers.

They figured it's somehow our fault that it's bugged and decided to do demo with us to show off how perfectly it works. I'm happy to break their demos. I figured I will register bunch users that have name - image with fixed/absolute position top:0;left:0 width/height 100% - this will effectively brick admin panel

Also I figured I can do some addotional sounds in background becouse why not. And I just dont know what to put in. It links to my server for now so I can freely change content of bricked admin panel.

I have curl's ready to execute in case they reset database.

I can put in GIFs or heck, even videos, dosen't really matter. Framework escapes some things for them so at least that. But audio/image/video works.

Now I have 2 questions:
- what image + audio combo will work the best (of course we need to keep it civil). Im thinking finding some meme with bugs or maybe nuclear logo image with some siren sound
- am I evil person?

Edit:

I havent stated this clearly:

"There is no BDD that describes that if user inserts malicious input server should deny it" - that's almost literally what we get from them....

Fuck (some of) you backend developers who think regurgitating JSON makes for a good API.

"It's all in JSON. iOS can read JSON, right?"
A well-trained simian can read JSON, still doesn't mean it can do something with it. Your shitty API could be spitting out fucking ancient Egyptian for all I care, just make it be the same ancient Egyptian everywhere!

Don't create one endpoint that spits out the URL for the next endpoint (completely different domain, completely different path structure). Are you fucking kidding me?

As if that wasn't enough, endpoints receive data structured in one way, but return results in another!! "It's all JSON", but it's still dong.

How do I abstract that, you piece of shit? Now I have to write ever so slightly different code in multiple places instead of writing it only once.

How the fuck do I even model that in a database?

Have a crash course on implementing APIs on the client side and only come back when you're done.

Morons.

This feature I'm building requires crossing over to a second application for some actions (fair, this reduces repetition), but the method used for it is kind of ridiculous.

To keep with the existing patterns, I followed suit, and added two PATCH and a DELETE routes, wrappers, and calls. (Typical CRUD + de/reactivate).

But. This freaking halfassed HTTP model doesn't support anything but POST and PUT! wtf. (Also, the various IDs, naming schemes, and required json data/formats differ across view, controller, and endpoints. but whatever?)

Two and a half hours later, and the feature is done and works wonderfully. Four times the functionality of the previous incarnation, and the code is only about 25% longer! haha.

Ahh, I'm complimenting myself again. (but somebody has to, right? 😅)

but really, when i want to get something done i'm actually surprised at how quickly it all comes together. Even when I need to patch API Guy's madness.

(and this time I actually found someone else's code in the mess! It was actually worse!)

I suppose taking a day off yesterday did me some good.

Freelance project I was working on was deployed. Without my knowledge. At 11pm. Their in-house "tech guy" thought that the preview build i gave them was good enough for deployment. Massive bug, broke their api endpoints.
Got a call at 2 in the morning,asking for a fix. I told them how it was their fault and the App they deployed had TESTING written right on the main screen.
They promised additional payment to get me to fix it asap.
Went through the commit history (thank goodness their tech guy knew git, fuck him for committing on production though) and the crash reports.
Removed three lines. All became right with the world again. 😎

Starting my new bot experience together with Discord.
Discord is kinda easier than LINE. You had to create facebook accounts or fake lots of telephone numbers to be able to verify your bot account. They also kept changing the endpoints to avoid people using their bots.
Discord is the opposite. Discord loves bots. And that's why I start feeling love towards Discord.

I love my relationship with the front end team:

—Hey, you have a minute? I need help with some of the endpoints you've created.
—Sure, what's up?
—Nevermind I figure it out.

Solving problems without effort. That's what I call efficiency.

The company I am currently working for is partnering with another startup. Nothing special about that. We should integrate their API into our system. I wasn't involved in the process when it came to checking there API and if it would work with our Systems. The Person who did that already left the company so I was left behind with some internal documentation. In that Documentation is already written that API is basically trash....

After I started integrating the API I found more and more flaws in the design. They are not sending any responses that would help, when a param is missing or the authentication isn't correct, only 500's . I got some documentation from the partner company so i thought it will be fine as long as the Documentation would be accurate. Turns out the documentation isn't even close to be up to date. Wrong content types wrong endpoints, wrong naming. Basically we could not work with that. We shortly contacted the partner Company. After a few WEEKS we got a response that they updated the Documentation what was right but still not everything was correct. At this point I lost my mind. I researched a little bit about them, the company is founded from 2 young people who basically came strait out of the University and doest have any experience or idea how to build an API. I investigated a little bit there websites.

They have an Admin panel on the base domain from their API but it is only accessible via HTTP. Like WTF , They use HTTP for an Admin Panel this must be a joke right?

They use Cloudflare without a HTTP to HTTPS redirection ???

I really had not that much time to research in there website but if I find these things in 5 minutes I don't want to know what I can find in like an hour.

At the end we will still use them as partners because surprise surprise our company already sold the product that uses their API.

I know that I will be the person who has to help fixing this shit when it breaks and it will break 1000% JUST FUCK THIS SHIT. FUCK THE PARTNER COMPANY. FUCK THERE API.

We're digital plumbers.

90% of this job is figuring out what thing to connect to what thing and then figuring out how to connect them.

Writing the code that goes in-between both ends of the pipe is easy if not trivial 90% of the time.

Meaningful change in this industry is centered around endpoints: contracts, deployments, etc. Nobody needs yet another way to organize and import their leftpad().

Not using transactions in endpoints that updated multiple tables. 🙈

Spent a lot of time designing a proper HTTP (dare I even say RESTful) API for our - what is until now a closed system, using a little-known/badly-supported message-over-websocket protocol to do RPC-style communications - supposedly enterprise-grade product.

I make the API spec go through several rounds of review with the rest of the dev team and customers/partners alike. After a few iterations, everybody agrees that the spec will meet the necessary requirements.

I start implementing according to spec. Because this is the first time we're actually building proper HTTP handling into the product, but we of course have to make it work at least somewhat with the RPC-style codebase, it's mostly foundational work. But still, I manage to get some initial endpoints fully implemented and working as per the spec we agreed. The first PR is created, reviews are positive, the direction is clear and what's there already works.

At this point in time, I leave on my honeymoon for two weeks. Naturally, I assume that the remaining endpoints will be completed following the outlines/example of the endpoints which I built. When I come back, the team mentions that the implementation is completed and I believe all is well.

The feature is deployed selectively to some alpha customers to start validation testing before the big rollout. It's been like that for a good month, until a few days ago when I get a question related to a PoC integration which they can't seem to get to work.

I start investigating and notice that the API hasn't been implemented according to the previously agreed upon spec at all. Not only did the team manage to implement the missing functionality in strange and some even broken ways, they also managed to refactor my previously working endpoints into being non-compliant.

Now, I'm a flexible guy. It's not because something isn't done exactly as I've imagined it that it's automatically bad. However, I know from experience that designing a good/clear/future-proof API is a tricky exercise. I've put a lot of time and effort into deliberate design decisions that made up the spec that we all reviewed repeatedly and agreed upon. The current implementation might also be fine, but I now have to go over each endpoint again and reason about whether the implementation still fulfills the requirements (both soft and hard) that we set out to meet.

I'm met with resistance, pushback and disbelief from product management and dev co-workers alike when I raise the concern that the API might actually not be production-ready (while I'm frantically rewriting my integration tests and figuring out how the actual implementation works in comparison to what was spec'ed).

Oh, and did I mention that product management wants to release this by end-of-week?!

I feel like Coronavirus related API endpoints should only be made available using SOAP

Wanna hear a story? The consultancy firm I work for has been hired to work on a WPF project for a big Fashion Industry giant.

We are talking of their most important project yet, the ones the "buyers" use to order them their products globally, for each of the retail stores this Fashion giant has around the world. Do you want to know what I found? Wel, come my sweet summer child.

DB: not even a single foreign key. Impossibile to understand without any priopr working experience on the application. Six "quantity" tables to keep aligned with values that will dictate the quantities to be sent to production (we are talking SKUs here: shoes, bags..)

BE: autogenerated controllers using T4 templates. Inputs directly serialized in headers. Async logging (i.e. await Logger.Error(ex)). Entities returned as response to the front end, no DTOs whatsoever.

WPF: riddled with code behind and third party components (dev express) and Business Logic that should belong to the Business Layer. No real api client, just a highly customized "Rest Helper". No error reporting or dealing with exceptions. Multiple endpoints call to get data that would be combined into one single model which happens to be the one needed by the UI. No save function: a timer checks the components for changes and autosaves them every x seconds. Saving for the most critical part occurring when switching cells or rows, often resulting in race conditions at DB level.

What do you think of this piece of shit?

I wrote a random string/int/other stuff API somewhere this year which I still regularly use because I'm a lazy fuck.

Never posted anything about it on here and the documentation isn't entirely complete (and not all the endpoints are extensively bug-tested yet) but if someone is interested I'll see if I can patch some stuff and put it on here as I find it useful!

My god the wall looks really punchable right now. Let me tell you why.

So I’m working on a data mining project, and I’m trying to get data from google trends. Unfortunately, there have been a lot of roadblocks for what should have been an easy task.

First it won’t give a raw search volume, only relative “interest”.
Fortunately it lets me compare search terms, which would work for my needs however it will only let me compare a few at a time. I need to compare 300.

So my solution is simple: compare all the terms relative to one term. Simple enough, but it would be time consuming so I figured I’d write a program to get the data.

But then I learned that they don’t have an official api. There’s a node module for this very thing based on a python module that reverse engineers the api endpoints. I thought as long as it works I’d use it.

It does work... But then I discovered that google heavily rate limits the endpoints.

So... I figured I’d build a system to route the requests through different tor nodes to get around the rate limit. Good solution right? Well like a slap to the face, after spending way to much time getting requests through tor working, I discovered that THEY FUCKING BLOCKED TOR IPS.

So I gave up, and resigned to wait 5 hours for my program to get the data... 1 comparison at a time... 60s interval between requests. They, of course, don’t tell you the rate limit threshold, so this is more or less a guess (I verified that 30s interval was too short and another person using the module suggested 60s).

Remember when I said the discovery that the blocked tor came like a slap to the face? This came as a sledge hammer to the face: for some reason my program didn’t dump the data at the end. I waited 5 fucking hours to get nothing.

I am so mad right now. I am so fucking mad.

The company considers the project manager I work with to be the best. After working with him, I consider him to be everything that is wrong with project management.

This PM injects himself into everything and has a way of completely over-complicating the smallest of things. I will give an example:

We needed to receive around 1000 rows of data from our vendor, process each row, and host an endpoint with the data in json. This was a pretty simple task until the PM got involved and over complicated the shit out of it. He asks me what file format I need to receive the data. I say it doesnt really matter, if the vendor has the data in Excel, I can use that. After an hour long conversation about his concerns using Excel he decides CSV is better. I tell him not a problem for me, CSV works just as good. The PM then has multiple conversations with the Vendor about the specific format he wants it in. Everything seems good. The he calls me and asks how am I going to host the JSON endpoints. I tell him because its static data, I was probably going to simply convert each record into its own file and use `nginx`. He is concerned about how I would process each record into its own file. I then suggest I could use a database that stores the data and have an API endpoint that will retrieve and convert into JSON. He is concerned about the complexities of adding a database and unnecessary overhead of re-processing records every time someone hits the endpoint. No decision is made and two hours are wasted. Next day he tells me he figured out a solution, we should process each record into its own JSON file and host with `nginx`. Literally the first thing I said. I tell him great, I will do that.

Fast forward a few days and its time to receive the payload of 1000 records from the Vendor. I receive the file open it up. While they sent it in CSV format the headers and column order are different. I quietly without telling the PM, adjust my code to fit what I received, ran my unit test to make sure it processed correctly, and outputted each record into its own json file. Job is now done and the project manager gets credit for getting everything to work on the first try.

This is absolutely ridiculous, the PM has an absurd 120 hours to this task! Because of all the meetings, constant interruptions, and changing of his mind, I have 35 hours to this task. In reality the actual time I spent writing code was probably 2-3 hours and all the rest was dealing with this PM's meetings and questions and indecisiveness. From a higher level, he appears to be a great PM because of all the hours he logs but in reality he takes the easiest of tasks and turns them into a nightmare. This project could have easily been worked out between me and vendor in a 30 min conversation but this PM makes it his business to insert himself into everything. And then he has the nerve to complain that he is so overwhelmed with all the stuff going on. It drives me crazy because this inefficacy and unwanted help makes everything he touches turn into a logistical nightmare but yet he is viewed as one of the companies top Project Managers.

Today I told 3 devs that they either get their shit together or they can pack their things and look for a job.

I can get easily pissed, but it's rather rare for me to get to that point easily.

Now my dear friends, can you guess what they did?

I give you a hint...

They made a test suite validating a network library.

So we have roughly 200 plus lovely splitted tests, neatly put in a directory structure - lovely organization.

(I might have written in the ticket that as a requirement... Cause I know my lil hellspawns)

But as I started looking at some tests, there was always something missing...

Network library...

So we needed to create an endpoint... And handle of course the tests communication with the endpoint *somewhere*.

I'd guess you know already what these mofos did...

Yeah. We have one class.... That handles all tests endpoints... Via different methods... Plus additional methods like utility functions....

The ticket was easy they said.

Me chewing their heads off was easy too.

Jesus Christ, I really doubt sometimes that some devs are able to go to a toilet.

Maybe thats the reason some wear baggy pants - easier to hide the pampers.

*rolls eyes*

18 commits later, the unofficial documentation has been ported over to GitBook.

The documentation now lives in a private repo on GitHub which is hooked up to a CI tool to build the book when a commit is pushed.

This will make maintaining the documentation much easier and also allow for collaboration which was previously not possible.

Because this documentation contains some endpoints some of you might not even know about, access is provided on a invite-only basis which is controlled by @dfox.

For new requests, contact @dfox with your name and what you are planning to build.

If you have already created something with the API email me at support@nblackburn.uk with your name and a link and I will send you a invite.

Don't you love it when out of a sudden tests fail because backend guys decided to change JSON response of one of the endpoints used.

aaaaaaah! can't this day just end ASAP!

Employer: Hey, we are moving an API update live tomorrow morning that could affect our apps. Can you regression test the apps to make sure they all work?

Me: The API team is pushing code overtop of live endpoints that can break them?

Employer: Yes, we need the updates to work with a new product we are developing.

Me: And nobody thought about versioning these endpoints so we guarantee uptime on all existing services using them now?

Employer: We looked at that but it cost extra and required us to use the cloud solution so we don’t use versioning.

Me: Okkk… I also take it that the API’s don’t have integration tests written?

Employer: What are integration tests? Are unit tests the same thing?

Me: No, so when do I need to regression test all 7 production apps?

Employer: The API’s are moving to production at 4am and we need it signed off by 7am.

Me: I only have 3 hours to regression test 7 production apps at 4am? Each app, if I just skim over them, would take me 2 hours each. I will do my best but that’s a very short time to ensure complete functionality.

Employer: Don’t you have unit tests?

How do you deal with massively poorly-performing and unknowledgeable teams?

For background, I've been in my current position for ~7 months now.

A new manager joined recently and he's just floored at the reality of the team.

I mean, a large portion of my interview (and his) was the existing manager explicitly warning about how much of a dumpster fire everything is.

But still, nothing prepares you for it.

We're talking things like:
- Sequential integer user ids that are passable as query string args to anonymous endpoints, thus enabling you to view the data read by that view *for any* user.
- God-like lookup tables that all manner of pieces of data are shoved into as a catch-all
- A continued focus on unnecessary stored procedures despite us being a Linq shop
- Complete lack of awareness of SOLID principles
- Actual FUD around the simplest of things like interfaces, inversion of control, dependency injection (and the list goes on).

I've been elevated into this sort of quasi-senior position (in all but title - and salary), and I find myself having to navigate a daily struggle of trying to not have an absolute shit fit every time I have to dive into the depths of some of the code.

Compounded onto that is the knowledge that most of the team are on comparable salaries (within a couple thousand) of mine, purely owing to length of service.

We're talking salaries for mid-senior level devs, for people that at market rates would command no more (if even close) than a junior rate.

The problem is that I'm aware of how bad things are, but then somehow I'm constantly surprised and confronted with ever more insane levels of shitfuckery, and... I'm getting tired.

It's been 7 months, I love the job, I'm working in the charity sector and I love the fact that the things I'm working on are directly improving people's lives, rather than lining some fintech fatcat's pockets.

I guess this was more a rant than a question, and also long time no see...

So my question is this:

- How do you deal with this?
- How do you go on without just dying inside every single day?

Holy crap, I can't take it anymore.
I know that user acceptance testing is supposed to be done by the end user but it's as if they entirely skipped UNIT TESTING and QUALITY ENGINEERING.
Does their API work? Yes. It does.
Are their endpoints working? Sort of... why are query parameters required again?
Is it good overall? No, there are CORNER CASES ALL OVER THE PLACE (are they even still corner cases at this point?). It feels like it was made by amateurs!
Why am I doing quality testing on their services??? holy crap, they should pay ME for doing this

That moment when returning correct HTTP status codes from an API become a feature request 😒

For the meantime I will need to deal with endpoints returning status 200 for everything, and status 500 when the service crash. 🤦🏼‍♂️

Common misconception is that low efficiency technologies (react native, in this case) are completely useless. That is not true at all. Im building a smart home, and yes i want a mobile app, but 90% is just requests to endpoints, so its way simpler to just copy paste some buttons inside a js file than do it properly with native. Would i use it in prod? Fuck no. Would i hack together a bunch of buttons? Fuck yes.

A (work-)project i spent a year on will finally be released soon. That's the perfect opportunity to vent out all the rage i built up during dealing with what is the javascript version of a zodiac letter.

Everything went wrong with the beginning. 3 people were assigned to rewrite an old flash-application. Me, A and B. B suggested a javascript framework, even though me and A never worked with more than jquery. In the end we chose react/redux with rest on the server, a classic.

After some time i got the hang of time, around that time B left and a new guy, C, was hired soon after that. He didn't know about react/redux either. The perfect start off to a burning pile of smelly code.

Today this burning pile turned into a wasteland of code quality, a house of cards with a storm approaching, a rocket with leaks ready to launch, you get the idea.

We got 2 dozen files with 200-500 loc, each in the same directory and each with the same 2 word prefix which makes finding the right one a nightmare on its on. We have an i18n-library used only for ~10 textfields, copy-pasted code you never know if it's used or not, fetch-calls with no error-handling, and many other code smells that turn this fire into a garbage fire. An eternal fire. 3 months ago i reduced the linter-warnings on this project to 1, now i can't keep count anymore.

We use the reactabular-module which gives us headaches because IT DOESN'T DO WHAT IT'S SUPPOSED TO DO AND WE CANT USE IT WELL EITHER. All because the client cant be bothered to have the table header scroll along with the body. We have methods which do two things because passing another callback somehow crashed in the browser. And the only thing about indentation is that it exists. Copy pasting from websites, other files and indentation wars give the files the unique look that make you wonder if some of the devs hides his whitespace code in the files.

All of this is the result of missing time, results over quality and the worst approach of all, used by A: if A wants an ui-component similar to an existing one, he copies the original and edits he copy until it does what he wants. A knows about classes, modules, components, etc. Still, he can't bring himself to spend his time on creating superclasses... his approach gives results much faster

Things got worse when A tried redux, luckily A prefers the components local state. WHICH IS ANOTHER PROBLEM. He doesn't understand redux and loads all of the data directly from the server and puts it into the local state. The point of redux is that you don't have to do this. But there are only 1 or 2 examples of how this practice hurt us yet, so i'm gonna have to let this slide. IF HE AT LEAST WOULD UPDATE THE DATA PROPERLY. Changes are just sent to the server and then all of the data is re-fetched. I programmed the rest-endpoints to return the updated objects for a very reason. But no, fuck me.

I've heard A decided (A is the teamleader) to use less redux on the next project and use a dedicated rest-endpoints for every little comoutation you COULD DO WITH REDUX INSTEAD. My will is broken and just don't want to work with this anymore.

There are still various subpages that cant f5 because the components cant handle an empty redux state in the beginning, but to be honest i don't care anymore. Lets hope the client will never find out, along with the "on error nothing happens"-bugs. The product should've been shipped last week, but thanks to mandatory bugfixes the release was postponed to next week. Then the next project starts...

Please give me some tips to keep up code quality over time, i cant take this once more.
I'm also aware that i could've done more, talking A and C about code style, prettifying the code, etc. Etc. But i was busy putting out my out fires, i couldn't kill much of the other fires which in the end became a burning building (a perfect metaphor for this software)

Rant/story

Ok, I've always respected my PM and took everything on me, but since a while I start getting bored at work and realised many wrong things with the company and management in general.

So, brief contextual situation for you guys, I used to be very shy, unconfident and submissive. That was 2 years ago. Now am much more confident and got my own techniques in managing my constant "in the moon"-mind and relational discussions with colleagues. No more stuttering and am now answering on the spot and focussed on the discussion.

So I was having a nice day extinguishing fires on our website, this evening my PM stressly-rushed into my office (which I share with 2 other colleagues), and pressured me into giving a phone call to some developer for a situation clarification: a Json endpoints seems to truncate text after some characters.

Just came back from the loo (not sorry for the details), had my thoughts about something else, as usual, and I was just like "chill, let me get my mind together and prepare myself to be on point for this phone call". Told her I need a few seconds and she was like "now now now" knowing me I'm a bit laid-back.

Grabbed the phone, saw she was laughing (always laughs whatever I do, I must be very funny) and went talking about me to my colleague (not backstabbing but like "I don't get why he needs to get prepped for a phone call"). I managed the phone call like a boss - like usual since I got more confident -, my pm left, I finished the call, went to her to tell her my conclusions on our issue, asked me if I checked the contract with our CMS company.

Told her nope, the Json is compatible with our DB-manager's API.

She coldly answered "right, will do it myself then", I was like ok, I know you won't do it, I'll get it done.

In 15 minutes I found the contract, notified her, analyzed it, and wrote a technical email to support.

Seriously, stop taking me for some retarded person and let me breathe

Huh.

Starting to feel like shit about my new job. Every task my boss gives me I return with a "sorry it can't be done" for one reason or another. At first it was because user interface testing is a nightmare, then it was because the API postman tests he wanted is for endpoints we haven't exposed so it can't be done and the automated login on postman and retrieval of cookie information can't be done through postman because it requires rendering the site in a browser. I feel worthless to the company but I also feel he keeps making up tasks for me without checking if they're actually useful to us or even possible first, rather than let me touch any of the real code.. I don't know if I should just quit tbh.

Api with no documentation and obscure endpoints

So, I had to listen very badly in a scrum about my poor code quality. Just because I haven't used the latest version of the library in my gradle build file, I haven't used DTO in the response of few endpoints in the controller class instead I used entity,... Etc was the mistake.

I admit that I have a long way to improve myself and there is a lot to learn, but there should be a proper way to escalate the situation rather than publicly pointing out mistakes rudely.

He is a senior with 10+ years of experience who badly told me in the scrum and not only that whenever there is a change needed in my PR he takes the screenshot and puts it in our dev team group and shows the mistakes and gives the suggestions instead of writing comments on the github PR.

Not only that, if I inform in the daily updates that I took 2 hours for this and that task, he says it should be done in 20 to 30 minutes.

Upper management has given him a lot of respect because he is knowledgeable and knows the stuff but it doesn't mean he is entitled to behave like this and demoralise other juniors.

The matter is cool now but this incident happened to me a few months back and those days were really toxic for me at work.

Locating undocumented API endpoints be like …

Good morning to everyone, except that one Twitter dev who one day woke up and was like "YOU KNOW WHAT, MY APPLICATION WILL FEATURE BOTH OAUTH1 AND OAUTH2 ENDPOINTS, BUT SOME FEATURES WILL BE EXCLUSIVE TO EITHER OF THE TWO -NOT NECESSARILY THE MOST RECENT, JUST A RANDOM ONE-, AND ALSO THE OFFICIAL TWITTER LIBRARY WON'T COVER ALL THE ENDPOINTS SO PEOPLE WILL HAVE TO RESORT TO RAW HTTP REQUESTS INSTEAD OF USING MY SDK AND ALSO I'MMA MAKE DEVELOPERS FILL 2 VERY DETAILED FORMS, REQUIRING PERSONAL DATA AND ACTUAL REAL PHONE CALLS, JUST TO START DEVELOPMENT WITH 7 DIFFERENT AUTHENTICATION TOKENS, BECAUSE SOME REQUESTS WILL REQUIRE A DIFFERENT AUTHENTICATION METHOD THAN THE OTHER REQUESTS DESPITE ALL OF THEM PERTAINING TO THE SAME FUCKING ENTITY"

Yes its completely necessary to have a spring server with a mysql database with docker containers all over your ass for 3 fucking endpoints and a (url, varchar, varchar) schema. Fuck you. How the fuck do i run all this shit and how do you expect me to create a frontend for something that has no documented endpoints?? Fuck you.

In other news, im now a senior.

So how do people figure out API endpoints without documentation?

Build my own LAMP stack API with REST and GraphQl endpoints

I really hate sales people. My stakeholder wants to buy an address verification service but is hesitant to purchase now because the dev time needed would be substantial. Now the sales rep has planted seeds of doubt in my SH and SH thinks I grossly overestimated the labor I quoted.

Sales rep is all “major corporations have installed this in a weekend.” 🤬🤬🤬 Major corporations also have more than one developer and probably aren’t dealing with a website that has a dozen address forms that all work differently. Oh, and I DON’T WORK WEEKENDS MOFO.

My SH originally requested a labor estimate for installing the AVS on all address forms and that’s what I delivered. My audit revealed a dozen different forms. I’m working with a legacy code base that’s been bandaged together and maintained by an outside dev agency. The only thing the forms have in common is reusable address fields. They all work differently when it comes to validating and submitting data to the server and they all submit to different api endpoints. At least a quarter of those forms are broken and would need to be fixed (these are mostly admin-facing). I also had to provide an estimate on frontend implementation when I have no idea what they want the FE to look like.

My estimate was 5-8 weeks for implementation AND testing. I wrote up my findings and clearly explained the labor required, why it was needed, and the time needed. All was fine until the sales rep tried to get into SH’s head.

My SH is now asking for a new estimate and hoping for 1-2 weeks of labor, which is what will SH to buy the AVS. Then go to the outside dev agency you used to work with and ask for a second opinion. I’m sure they’d also tell you at least month if not more for testing, implementation, and deployment because you have a DOZEN FORMS you want to add this to. 1-2 weeks is only possible for a single form.

My manager doesn’t work in the same coding language I do, but he read my documentation and supports my original estimate.

I honestly want to ask my SH if this sales rep is giving a very good price for the AVS. If not, are there other companies in the mix? Because right now you have a sales rep that’s taking you for a ride and trying to pressure you all so he can get another notch in his belt for getting another “major corporation” as his account. I don’t think it’s a good idea to be locked in with a grimy sales rep.

Being lazy taught me more about (code) automation that years of study ever did.

“Ugh! Updating translations is boring, why do I have to do this manually?”

“Damn I really hate having to remember endpoints”

“Oh, come on! Its the third time I initialise this the same way!”

I’d love to say this is a motivational speech or something but no, im just lazy lol

Two of em.
The first one was making a project following mvc patterns for my last job in which the structure was so easy to follow that my buddy has been able to move allong with it and do more projects out of it. He had a hard time with web development and the boss would have him do it and learn on the job.
To this day that application remains as a "framework" of sorts.
It was made in an unholy comb of js for the front end and classic asp for the backend with restful endpoints and all that shit. I was drunk when I coded most of it.

The other one was during my time in the u.s army. I was a mechanic, a really shitty one mind you. But i knew how to read manuals. All and every task was accomplished to the point in which they had me basically rebuild a vehicle that was beyond salvation. Got it done in 2 months and command was so impressed they set me up as the brigade commander's personal driver and mechanic. I was also drunk for the most part, but then again so where the rest of my brothers.

It's Friday and you're tired. You're working beyond 8 hrs already. Sure it's paid OT but you want to go home. Just finishing the last 10 API endpoints. But you execute the wrong script the overwrite the directory of the last 10 API endpoints instead of the swagger doc generator script. GRRRrrr.... NO!!!!! T_T

when your teammate finds the existing endpoint that returns what you need after you frankenstein some dumbass shit from other existing endpoints that you managed to find

fuck me

Working on an Android app for a client who has a dev team that is developing a web app in with ember js / rails. These folks are "in charge" of the endpoints our app needs to function. Now as a native developer, I'm not a hater of a web apps way of doing things but with this particular app their dev teams seems to think that all programming languages can parse json as dynamically as javascript...

Exhibit A:

- Sample Endpoint Documentation
* GetImportantInfo
* Params: $id // id of info to get details of
* Endpoint: get-info/$id
* Method: GET
* Entity Return {SampleInfoModel}

- Example API calls in desktop REST client
* get-info/1
- response
{
"a" : 0,
"b" : false,
"c" : null
}
* get-info/2
- response
{
"a" : [null, "random date stamp"],
"b" : 3.14,
"c" : {
"z" : false,
"y" : 0.5
}
}
* get-info/3
- response
{
"a" : "false" // yes as a string
"b" : "yellow"
"c" : 1.75
}

Look, I get that js and ruby have dynamic types and a string can become a float can become a Boolean can become a cat can become an anvil. But that mess is very difficult to parse and make sense of in a stack that relies on static types.

After writing a million switch statements with cases like "is Float" or "is String" from kotlin's Any type // alias for java.Object, I throw my hands in the air and tell my boss we need to get on the phone with these folks. He agrees and we schedules a day that their main developer can come to our shop to "show us the ropes".

So the day comes and this guy shows up with his mac book pro and skinny jeans. We begin showing him the different data types coming back and explain how its bad for performance and can lead to bugs in the future if the model structure changes between different call params. He matter of factually has an epiphany and exclaims "OHHHHHH! I got you covered dawg!" and begins click clacking on his laptop to make sense of it all. We decide not to disturb him any more so he can keep working.

3 hours goes by...

He burst out of our conference room shouting "I am the greatest coder in the world! There's no problem I can't solve! Test it now!"

Weary, we begin testing the endpoints in our REST clients....

His magic fix, every single response is a quoted string of json:

example:
- old response
{
"foo" : "bar"
}
- new "improved" response
"{ \"foo\" : \"bar\" }"

smh....

fuck sockets, all my niggas query rest endpoints with setintervals

I forgot to enable health check on one of the endpoints.

FML

Heya. Now I feel like a fool for asking and it has been bothering me for a while.

I want to get into native application development, but I simply cannot wrap my head around how to connect a backend to the frontend.

I have been doing web development, I understand the concept of endpoints and I am able to do http requests for web apis etc. But when it comes to creating it in some native application, I have no clue what to do.

Does anyone have a good post or video that describes these connections, as for some reason I cannot seem to find any.

Hope it's understandable,
Cheers

Abstract ReST endpoints with nested resources

I'm developing a web app, which is purely based on some commercial .NET driven API. The documentation is a 12 page MS Word file with incorrect parameters and non-existing endpoints. I think there's also a cronjob which purposely crashes their server every 15minutes. I just love getting client emails saying I need to fix my app and get my shit together.

How come devRant doesn't have an easy way to find out how their API works? I'm reading off of wrappers to figure out what responses may contain and what the endpoints even are arghh

hmmmmmm let me see.

Web based? lets do web based.

Do something simple like a basic crud app on web api format:
Do it with full authorization and authentication.
Start hard. Do it with pure golang using NOTHING but the std libraries.
Now, do it in a magic mvc framework like Rails or Laravel
Now do it on dotnet core
Now do it in django rest.

Watch the differences in all of them, sell your soul to something and now do it in Clojure. If you do it on a Scheme dialect or on Common Lisp my CMS admin will suck your whatever you have. Dude seems to be pretty good at it, we are trying to keep him from pulling tricks on the street but he insists.

Then add a React client with Typescript to get them basic ass endpoints to display nicely.

It should give you a fuckload of perspective amongst the different tools and way we do things and might make you appreciate the differences in paradigms required(pro points for doing modular in c# dotnetcore using different classlibs for the major points of the application using some crazy pattern like the mediator pattern)

I would hire a mfker that throws all this shit at me on a portfolio on the spot.

Trying to use a coworker's new API endpoint and I keep getting an "OAuth2 Bearer Token missing" error, despite triple-checking that I set the Authorization header correctly... finally dig into the source code and I find out that all their endpoints require that the bearer token be put into the request body. The fuck?

Worst argument/fight was on a game I was working on.

One of the other devs was waiting for me to write some server Code before calling the endpoints on the client.

After writing the server Code I added the client side Code and committed it to our repo.

They had a massive go at me for doing work for them and threatened to remove my Code and replace it with their own code.

I've noticed that lately I've not been putting a lot of effort in making my code clean, and in learning new stuff, too. If it works, that's enough for me. I just made some endpoints in node and it's the biggest callback hell you'll ever see, but I don't fucking care, tbh. Is it time for me to change my work field? Have you ever felt this way?

Trying to use authenticate a JWT token from an Azure service, which apparently needs to use Azure AD Identity services (Microsoft Entra ID, Azure AD B2C, pick your poison). I sent a request to our Azure admin. Two days later, I follow up, "Sorry, I forgot...here you go..."
Sends me a (small) screenshot of the some of the properties+GUIDs I need, hoping I don't mess up, still missing a few values.
Me: "I need the instance url, domain, and client secret."
<hour later>
T: "Sorry, I don't understand what those are."
Me: "The login URL. I assume it's the default, but I can't see what you see. Any shot you can give me at least read permissions so I can see the various properties without having to bother you?"
T: "I don't see any URLs, I'll send you the config json, the values you need should be in there."
<10 minutes later, I get a json file, nothing I needed>
<find screenshots of what I'm looking for, send em to T>
Me: "The Endpoints, what URLs do you see when you click Endpoints?"
<20 minutes later, sends me the list of endpoints, exactly what I'm looking for, but still not authenticating the JWT>
Me: "Still not working. Not getting an error, just that the authentication is failing. Don't know if it's the JWT, am I missing a slash, or what. Any way I can get at least read permissions so I don't have to keep bugging you to see certain values?"
T: "What do you need, exactly?"
Me: "I don't know. I don't know if I'm using the right secret key, I can't verify if I'm using the right client id. I feel like I'm guessing trying to make this work."
T: "What exactly are you trying to get working?"
<explain, again, what I'm trying to do>
T: "That's probably not going to work. We don't allow AD authentication from the outside world."
Me: "Yes we do. Microsoft Teams, Outlook, the remote access services. I can log into those services from home using my AD credentials."
T: "Oh yea, I guess we do. I meant what you are trying to do. Azure doesn't allow outside services to authenticate using a JWT. Sorry."

FRACK FRACK FRACK!!

Whew! Putting the flamethrower away.

Thanks devrant for letting me rant.

Just started Online Banking at my bank. Checked how much money I have and what I can do on the website.

Afterwards I opened the dev tools and see that there is a js warning. So I open the console and the fucking first thing I see is: Loglevel set to INFO. WHAT THE FUCK?!?

Other things I found out:
API Endpoints are logged here. Two deprecation warnings for a function used. A warning about a deprecated service used.

The log level is now set to WARN. Several more deprecation warnings for the framework from before.

The fuck is this?

at one point in time, i had to work with a really junior backend team, they used javascript and neo4j as the database for an in-house developed community forum because "graph databases made sense" in the eyes of their tech lead

turns out that the team struggled quite a bit with it, and had some "unexpected complexity" problems when i asked them to add filters and sorting on the post endpoints

in the end, the "solution" they gave me was an endpoint that spewed ALL the posts so i could sort it in the front end

had they kept the same relational database they were using for the rest of the whole project, i'm quite sure it wouldn't take much to implement that (and their architecture was really performatic)

as a side project i rebuilt the whole forum in a weekend, but using postgresql as database, and it worked nicely, i even added some unit tests just for fun

gave myself a really big slap in the face after that, though

Twilio's API docs suck.

Why can't they just provide a simple API reference will all the endpoints and parameters instead of some hand-holding tutorial with a helper library.

So Im taking over an project from an colleague. And it involves a lot of things from an external API. I cool with that, I enjoy working with APIs in general.

Let me explain it a bit more. I enjoy consuming APIs with frontend frameworks like reactjs and angularjs.

But my colleague had allready started some with consuming one of the endpoints.

He did it with ajax....for god sake. Are you serious?!?!?!!

Ajax calls??? Why ????

So I pointed out that we could use vuejs, we don't have to compile anything like with react or angular.

Things that we need to do are not that interesting nor big. Mostly getting items and maybe filter these items.

But he insisted on using Ajax because there wasn't that must time to use fancy frontend frameworks.

Oh boyyy, I just had to work with Asterisk again. And holy shit it is still the clusterfuck it was many years ago.
We got:
- Inconsequent documentation that is mixed through all versions.
- The config sprinkled over what feels like 20 gazillion files.
- AEL being a half assed attempt at a "pRoGRamMinG LanGuAgE"
- The fuck you mean with extensions, endpoints and AOR's?
- Inconsistent config parameter naming. Some are snake case, some camel case some are just everything smushed into a single word.
- queue_log determines wheter to write a log to a file. queue_log_to_file Says to do so independent of you having a realtime backend. Whatever the fuck that is.
- Log compression is done by executing a gzip command after a rotation??!!?!!

So with the current project that I am working on, I'm in charge with creating various base classes, libraries, and helpers. The problem is that the other developers on the team just want to dive straight into developing the API endpoints without designing what the request and response formats should be, let alone decide what the URL structure should be!

So in the middle of their development work, they keep telling me how this and that don't work, or they can't figure out why Laravel is throwing this particular error. It's starting to piss me off that I'm having to do an architect's job whilst also teaching these guys how to use Laravel because they don't bother reading the documentation.

The worst part is that once they've completed their implementation, I'll have to end up fixing it because it's either missing a bunch of business rules, or it doesn't account for any error handling.

I've been using dotnet and aspnetcore for years. I've heard people complain about MVC but I never really saw the problem. The controllers are easy to set up for basic endpoints, I have my domain models and DTOs, and our views I guess is our standalone webpage just consuming jsons.

Only now I'm having to work with an *actual* aspnet MVC stack - server-rendered cshtml and all - and it's dawning on me like a truck what people were actually referring to.

Out of all the issues I've had so far, they have all been due to black box enigmatic voodoo because don't worry about it, the framework takes care of it - it should just work. But what if it doesn't? I have no idea because the trail ends at the bit that should just work.

I should know better than to criticize an entire framework and paradigm made by devs with vastly superior experience and expertise than me, and my issues are absolutely due to being new and unfamiliar with this, but imagine coming up with an architecture to obsessively separate the MVC concerns, then you make cshtml.

!rant

So, when I was young, I wanted to be a freelancing nomad. You know, live the live, work remote and travel.

But I didn't have the bones to pursue that. After 10 years of struggling as a normal "programmer", I did a little of everything. I did normal boring "erp maintenance" in C#, Oracle and some legacy stuff called Visual WEB GUI , which was fun, but required a full 9,5 hours work day, 8:00 am to 6:30pm, and the bosses where squares, and I was young and wanted to try something out of the corporate world.

Then I did some work for a newly funded consulting company that used python, Django, and postgresql, but the bosses promised a lot and delivered none, (I was supposed to work backend and have frontend support, which I did not have, and that hurt my productivity and bosses instead of looking at what they promised but did not deliver, they just discounted my salary 3 months in a row, so Bye bye MFs!!

Then I did some remote work for some guys, that, I managed to sustain for a whole year, the pay was good, the stack was simple, just node.js and pug templates, that gig was good, but communication with the bosses was hard, and eventually things started to get hard for them and me, and we had to say farewell to each other, I miss those guys. This is the only time I remember having fun working, I could work whenever I wanted, I only had to reach the weekly goals, and then my time was mine, I could work from home in the odd hours, or rent a chair in a co working space if I wanted to socialize.

Then fate got me one big gig with a multinational company, and I could hire some people, but I delegated too much and was asking too little of myself, and that project eventually died because I did not know how to negotiate.

So, I quit the whole entrepreneur idea, and got a public job at my University, I was a public employee with all the perks, but none of the fun, I just had to clock-in, work, and clock-out. That experience led me to discover a lot of myself, I worked as a public employee for a year and a half, and in that time, I discovered more about myself than what I learnt in 27 years of previous life experience.

Then, I grew bored of that life, and wanted some action, and I found more than enough fun in a VC funded startup ran by young narcissists that did not have a clue of what they were doing, I helped them organize themselves into "closing stuff", you know, finish the things you say you have finished. Just to give you an idea of what it was like before I got there, the were working for 3 months already on this project, they had on paper 50% of the system done and working, when I tried to use the app, I couldn't even sign-up without hacking some database commands, (this was supposedly done). So I spent a month there teaching these guys how to finish stuff, they got, Sign Up, (their sign up was a mess, it is one of those KYC rich things, that financial apps have), Login, and some core functionality working in a month, while in the previous 4 months they only did parallel work, writing endpoints that were not tried, and an app that did not communicate with the backend. But the bosses weren't happy with me, because I told them time and time again that we were not going to reach the goal they needed to reach to keep receiving funds from the investors, and I had to quit before it became a mayhem of toxic employer/employee relationship.

So now I decided to re-engage with life, I have funds to survive about a month and half, I have a good line of credit in case I need some more funds, and the time of the world.

So wish me luck!!! And I'll be posting often, because I would like opinions, hear from people with similar life experiences and share anecdotes.

Next post, it's going to be about how I discovered taskwarrior, and how implemented my first weekend following some of the aspects of GTD to do all my housekeeping chores, because, I think that organizing myself will be key to survive as a freelancer nomad.

Should I reproach my teacher for not being able to teach REST properly? Everyone in my course think REST endpoints must be UpperCase. Also, he keeps saying to use Git but in the end he's currently using PDFs to send sample code.

Until about two weeks ago I thought serverless functions looked like this:

api.example.com/Cart.addToCart('product-1234', 1)

Turns out they're just normal API endpoints

-> Had to remap all api endpoints on the backend...
-> The system architect raised a critical bug, saying he can't delete reports from the GUI even though the back-end is returning HTTP 200 (for now, say we also save some sort of reports in our DB)...
-> While remapping, I had returned get in the delete call xD
-> He thanked me for not doing the other way round, delete function in get call xD

Him: "I'm updating a site and I'm trying to find the REST endpoints you put out to replace the SOAP services"

Me: "Send me a list of endpoints it's using and I'll tell you what the new ones are"

Him: "Here's a list of the endpoints. The ones I've found are in bold"

Me: "Here's the new list."

Him: "Why did you only fill out the ones I'm not using?"

So, FML, he sent me a list of everything in the WSDL and bolded the ones he "found" in his code. And I'm the asshole for getting frustrated that he wasted 30 minutes of my time.

You know what sucks?

APIs with the latest data, but without the latest endpoints.

What the fuck? You did the data, why not the endpoint??

For a new microservice we were designing, I recently had a design discussion with a team member on creating REST endpoints for a new entity. This discussion went on for almost 3 hours, most of the time was spent on why to have two endpoints for getting this resource, one is a POST using a graphQL-like query and another one is a GET using unique ID. I said, the client-side use case is different, one is a dashboard where search results need to be shown based on multiple fields and the unique ID won't be available there because it is a system generated value, second one will be used when the unique ID is present in the client as a result of previous search result. Their responses will be similar, first returns a list of entities, second returns a single entity of the same structure.

Then came the next argument: if both APIs are returning same response, why do we need two different requests ?

It was like saying, because 5+6=11, any sum of two numbers resulting in 11 should always use 5 & 6.

Are people so frustrated of working remotely all the time that they come with such weird arguments ?

I fucking hate people who uses complex words to describe something simple.

Describing a frame work

Show-off : "..you can define what objects/tables to expose, what values in that object you want to expose...if you are using some orm, then because you have models defined. Once you update your model, your endpoints get the new model..."
Simpleton : "something like parse..."

Wtf is 'fixedUUID'?

Show-off: "..hardcoded UUID is fixed (constant) value, with format of UUID, hardcoded UUID will be unique value between backend and frontend,
you will need to store it as constant value in your codebase ( we may encrypt/ decrypt it for security reasons)..."
Simpleton : "a secret password only u & I know"

--why whyyyyyyyyyy

I am working on a freelance project for a software dev startup. The api service endpoints given to me is so full errors that you can boldly say it's zero percent tested and you'll be correct. The project was meant to last for a week but now it's going to a month due to the errors I have encountered while working with the given API service, so more like a back and forth wait for an update kind of thing. I am close to done building the client but yes they cannot test my last update because someone updated the login endpoint which now returns 500 internal server error. I really want to vent out my frustration to this company without loosing them to the project but honestly i don't know how to do it.

Edit: Just for a side note, about the relationship this client is my former company.

I have a disagreement with my product owner (PO). Our team develops APIs in Mulesoft. We've got a release coming up and PO wants to release one of the APIs that has *some* working endpoints, but other endpoints in that same API have some open bugs.

Given that it's *unlikely* that those broken endpoints will be used, does it seem like good practice to release the API with known bugs in it to hit the deadline?

Understand that we're not just releasing the working endpoints. We're releasing all of it, bugs and all. PO's logic is that those broken endpoints won't be used therefore it's fine to send known bugs into production.

I just need some advice in dealing with this

Okay, so I'm developing a system for a global rent-a-car broker. Basically website + a bunch of third party APIs + analytics, it's been running in production for over 4 years now.

Anyway, we had to connect our system to an external rental insurance API, nothing too complicated, got it to production in a month and it seemed to work okay, except the insurance provider claimed they're not getting any analytics data, which was weird, because there were no errors with API calls, and customers had no problem with the insurance.

After going back and forth for a month, we finally figured what's going on: after each API request, the insurance provider expected us to send the exact same data to their analytics API, because for whatever dumb reason they were unable to internally log requests in their analytics database.

tl;dr: we're doing 2 API calls with the exact same data to different endpoints, because a large rent-a-car insurance provider can't log their own analytics data.

XML and JSON endpoints while forcing Content-Type Text/Plain instead of allowing Web API to handle the serialisation. The f were these devs thinking.

The world must truly hate me.

I refactored my code a lot in order to easily integrate different APIs endpoints but then I can't use the one I specifically did this for, because of TLS errors.
My browsers all agree that it's fine, but curl and the 2 http libraries I tested can't fetxh any data.

END ME!

I'm so confused by our architecture and development process in general

We planned what features are to be implemented (e.g. what endpoints should do what), but there are parts of tasks which depend on others, and I'm not sure what classes to build or when to start a task given that related ones are being done by other developers, I have absolutely no idea what I'm doing

I could maybe do all of this alone my way if it was just me, but when I ask in planning about how we should go about implementing shit together, I just get backlash from this senior developer telling me we shouldn't waste time discussing implementation details in planning

Like, what the fuck do you want me to fucking do, just implement all the dependencies of what I'm doing from zero, without reusing any of the code other devs are doing that touches on the same parts?

Fucking hell, man, this is the third sprint where I'm confused like this

Maybe I'm just too dumb to be a developer after all lol

I'm rewriting the wrapper I've been using for a couple years to connect to Lord of the Rings Online, a windows app that runs great in wine/dxvk, but has a pretty labyrinthine set of configs to pull down from various endpoints to craft the actual connection command. The replacement I'm writing uses proper XML parsing rather than the existing spaghetti-farm of sed/grep/awk/etc. I'm enjoying it quite a bit.

We had made an api which had endpoints for each different domain model, so /user, /company, the usual. Beyond being restful they all had basic filtering and pagination.

We also had an endpoint to return an entity from any set based on guid for when you needed to attach the related entity to notifications and logging and such.

We received a bug report on how you couldn't use filtering or pagination on this endpoint, and after weeks of asking what they need it for we just had to implement it.

You can imagine how non-trivial it is to "just" filter across different datasets, but we eventually got it working so now you can get a user via /user/123 or /entity?type=user&id=123. They only use it for one type and id at the time.

I had a pretty good year! I've gone from being a totally unknown passionate web dev to a respected full stack dev. This will be a bit lengthy rant...
Best:
- Got my first full time employment dev role at a company after being self-taught for 8+ years at the start of the year. Finally got someone to take the risk of hiring someone who's "untested" and only done small and odd jobs professionally. This kickstarted my career, super grateful for that!
- Started my own programming consulting company.
- Gained enough confidence to apply to other jobs, snatched a few consulting jobs, nailed the interviews even though I never practiced any leet code.
- Currently work as a 99% remote dev (only meet up in person during the initialization of some projects.) I never thought working remotely could actually work this well. I am able to stay productive and actually focus on the work instead of living up to the 9-5 standard. If I want to go for a walk to think I can do that, I can be as social and asocial as I want. I like to sleep in and work during the night with a cup of tea in the dark and it's not an issue! I really like the freedom and I feel like I've never been more productive.
- Ended up with very happy customers and now got a steady amount of jobs rolling in and contracts are being extended.
- I learned a lot, specialized in graph databases, no more db modelling hell. Loving it!
- Got a job where I can use my favorite tools and actually create something from scratch which includes a lot of different fields. I am really happy I can use all my skills and learn new things along the way, like data analysis, databricks, hadoop, data ingesting, centralised auth like promerium and centralised logging.
- I also learned how important softskills are, I've learned to understand my clients needs and how to both communicate both as a developer and an entrepeneur.
Worst:
- First job had a manager which just gave me the specifications solo project and didn't check in or meet me for 8 weeks with vague specifications. Turns out the manager was super biased on how to write code and wanted to micromanage every aspect while still being totally absent. They got mad that I had used AJAX for requests as that was a "waste of time".
- I learned the harsh reality of working as a contractor in the US from a foreign country. Worked on an "indefinite" contract, suddenly got a 2 day notification to sum up my work (not related to my performance) after being there for 7+ months.
- I really don't like the current industry standard when it comes to developing websites (I mostly work in node.js), I like working with static websites (with static website generators like what the Svelte.js driver) and use a REST API for dynamic content. When working on the backend there's a library for everything and I've wasted so many hours this year to fix bugs and create workarounds related to dependencies. You need to dive into a rabbit hole for every tool and do something which may work or break something later. I've had so many issues with CICD and deployment to the cloud. There's a library for everything but there's so many that it's impossible to learn about the edge cases of everything. Doesn't help that everything is abstracted away, which works 90% of the time but I use 15 times the time to debug things when a bug appears. I work against a black box which may or may not have an up to date documentation and it's so complex that it will require you to yell incantations from the F#$K
era and sacrifice a goat for it to work properly.
- Learned that a lot of companies call their complex services "microservices". Ah yes, the microservice with 20 endpoints which all do completely unrelated tasks?

Is having breaking changes in an API at a very early stage normal? We have like every sprint at least 3 endpoints who have breaking changes 🤔 I mean, is having refactored code better then stability?

So all my code is Lambda serverless funcs, hurray!
But I still need NAT gateway / VPC endpoints that cost $50pm to reach S3 from private VPC so what's the fucking point?!

I wanted to explore the devRant API. But couldn't find any resource. I know it's unofficial but there has to be a minimal wiki with the endpoints available right? Could someone point me to it?

!rant

Just learned how to use Spring + Eureka + Feign + Ribbon to easily discover microservices as they're deployed, do basic load balancing, easily hitting endpoints on other micro services, etc.

Mind = blown 🤓

>start new job, not very professionally experienced dev
>spend couple of months working on a feature that is supposed to be an MVP kind of thing, be rushed to finish and told to cut corners because it's "just an MVP", still lose sleep and have relationship suffer (and ultimately ruined) as I try to not lose deadlines created by the boss with questions like "you can have this done by <very soon>, right?"
>frontend created by fellow developer is a garbled mess of repeated code and questionably implemented subpages, frontend dev apparently copies CSS from Figma and pastes it into new non-reusable React components as envisioned by designer, I am tasked with making sense of the mess and adding in API consumption, when questioning boss what to do with the mess I am often told to discard stuff that the frontend dev has made and just reuse his styling; all of this on top of implementing the backend feature that a previous developer wasn't able to do
>specs change along the way, I had been using a library as a helper in some part of the original feature, now the boss sees that and (without further testing the library) promises CEO that we'll add that as a separate subfeature, but the performance of the library is garbage for larger inputs and causes problems, is basically shit that might not have been shit if we had implemented it ourselves, however at this point CEO has promised new feature to some customers, all the actual sense of responsibility falls upon my hands
>marketing folk see halfway done application and ask for more changes
>everything is rushed to launch, plenty of things aren't implemented or are done halfway
>while I'm waiting for boss to deploy, I'm called up to company office by CEO, and get new task that is pretty cool and will actually involve assessing various algorithms and experiment with them, rather than just stitching API calls and endpoints together, it involves delving into a whole new field of CS that I never had the opportunity to delve into before
>start working on cool task, doing research, making good progress
>boss finally deploys feature I had been originally implementing
>cut corners of original boring insane feature start showing up, now I have to start fixing them instead of working on cool task, however the cool task also has a deadline which is likely expected to be met

I'm not sure if I'm having it bad or not, is this what a whole career in software development will look like?

Testing API endpoints

I think the Gelbooru API is pretty nice.
It's consistent, has a structure that makes sense, supplies JSON and has pretty nice endpoints + parameters.

So i'm workin on a wrapper for an api, and it has authenticated endpoints. My request function has a check to see if the user has a token before making the authed request, but guess who forgot to actually mark like 20-40 different methods as authed : D

I have started a freelance full-stack project with some existing code-base and it was horrible. They only have API endpoints for fetching whole data. No limit, No sort, No filter. They are doing all this shit on the front end. They are even aggregating data on the front end. Seriously who the fuck does that? On top of that the guy who has coded it was a senior developer. I am wondering now, did he write that kind of code purposefully or this kind of shitty devs actually exists?

Microsoft Windows can burn.

I have this feature where I configure a remote API via some endpoints and the API pushes data back to some webhooks in my API.

Yesterday I set everything up for the final test; fired up my own API with some test data, added some configuration and started trace logging to ensure that everything works as expected when the remote site tries to send me data.

I was ready to collect ! Enter this morning: Windows have forcibly rebooted to install an update and shut everything down.

inb4 install Linux; No, I can not. Windows is company policy and I am required to use shit that is only designed for Windows.

what are some of your thoughs on GraphQL?. I Recently made a side project using it and it was not bad. I just think that GraphQL pays off if you're going to build something highly connected and your queries are very unpredictable (like a social network). Developing new features/endpoints is a bit slower than a rest api and that is a deal breaker for me. But it's ok

Getting a CodinGame puzzle's description without scraping the page.

I spent hours playing with different endpoints and changing values in postman, all to no avail. The most promising endpoint also returned user progress, which requires authentication, which requires a dummy account, which is against their ToS (it is allowed to reverse engineer the API though).

Turns out you just had to submit “null” for your user ID and it would remove the progress field.

Why is this tagged bad design?

["puzzle-id-string", user-id-as-int]

For almost anything, you POST json arrays...

Send help.

What are the most common used technologies in workplaces around you?

Everywhere here I see an endless sea of .NET with ocassional streams of Java and some islands of php on IIS or Apache on the server, with ASP/JSP or Angular and jQuery on the client side.
Workstations are 100% Windows(10 or 7, with some legacy XP here and there).
Also most servers run Windows or some Unix version. Linux only for web servers and various system appliances.

Node.js, Ruby on rails, Django/Flask, React.js,Vue.js, Mac/Linux endpoints are only rarely used by fringe hipsters like me and my friends.

I'm currently migrating one of the companies services from technology A to an B based solution...
Today I had to remotly troubleshoot an error occuring somewhere on our client's backend application, that wans't enabling us to register any given webhook to our endpoints...
We finally gave in and looked up the data packets using a sniffer only to find that the only difference was that in the A technology project our staff ended up returning a Status Code plus the respective Reason Phrase, in our newest version we only send the HTTP Status Code... Guess who wasn't aware of HTTP 1.1 RFC consideres the Reason Phrase optional and an unecessary overhead??? God dammit... In simple terms...

How to protect API endpoints from unauthorized usage by bots?

If the API end points are meant to be used by any incoming to CSR frontend user without prior registration?

So far, my the only idea is going from pure CSR React to something with partial SSR at least in Node.js, Django or any other backend framework. I would be able restricting some API endpoints usage to specific allowed server ip.

Next.js allows dynamically both things as well.

As alternative I have a guess to invent some scheme with temporally issued tokens... But all my scheme ideas I can break really easily so far.

Any options? If SSR is my only choice, what would you recommend as best option in already chosen Django and not decided fully front-end framework?

I have the most crazy idea to put some CSR frontend framework literally into my django backend and making initial SSR from it. The only thing its missing... my lack of skills how to use React, but perhaps I have enough time to get a hang of it.

SSRed frontend can be protected with captcha means at least.

Today I (/ later together with some colleagues) spent almost 4 hours trying to improve a Entity Framework LINQ to SQL query.
The initial problem was, that one of our List API endpoints took longer the more you "page" (besides the long response time it had anyways).
So after
- brainstorming in the team
- brainstorming alone
- hacking around and
- shouting at screens
- googling
we
- got nothing optimized
- got confused about what EF does
- lost the believe in our development skills

So Entity Framework is really a nice thing. But as soon as you look deeper, trying to figure out what it really does between ToList() and "yeah my data arrived" it is just....demonic.

The moment when you build support for api doc generation from endpoints in your framework, just so you don't have to create create documentation anymore

Over the last week I've slowly grown to fucking hate IMAP and SMTP. You'd think after so many years we'd have come up with better servers to manage email but no we still rely on fucking decades old protocols that can't even batch requests.

To make things worse I need to attach to IMAP through node and that has been a nightmare. All the libraries suck ass and even the ones tailored towards Gmail don't work for Gmail because Google decided one day to fucking out the header at the bottom of some emails and split into mimeparts. Also why the fuck is fetching email asynchronous? There's no point at all since we requests are processed line by line in IMAP, and if the library actually supported sending asynchronous requests it wouldn't require a new object to be created for each request and allow only a single listener.

Also callbacks are antiquated for a while and it pisses me off that node hasn't updated their libraries i.e. TLS to support async/await. I've taken to "return await new Promise" where the resolve of the promise is passed as the callback, which let's me go from callback to promise to async/await. If anyone has any other ideas I'm all ears otherwise I might just rewrite their TLS library altogether...

And this is just IMAP. I wish browsers supported TLS sockets because I can already see a server struggling with several endpoints and users, it would be much easier to open a connection from the client since the relationship is essentially:

Client [N] --- [1] Server [1] --- [1] IMAP

And to make the legs of that N : N which would fix a lot of issues, I would have to open a new IMAP connection for every client, which is cool cause it could be serverless, but horrifying because that's so inefficient.

Honestly we need a new, unifying email protocol with modern paradigms...

How come so many dev teams are working with blindfolds on?

We have two projects that communicate using endpoints. One of them throws a parsing error with some data. Cool, just give the calling project some debug references and attach a debugger right?

Apparently not. I haven't figured out why we can't do that, it seems like the project only works using nuget references so we never get any debug info for the other project.

Asked around how we usually solve issues like this. The answer: "idk the codegen always works, so we never solve issues like this".

What.

It "always works". Except now it doesn't. And you've never tried debugging it? Instead just working with blindfolds on trying random shit until it does?

This is far from the first time I've heard this on a team. That and "we don't need error codes, if something goes wrong we have to fix it either way". I'm losing faith in the dev world...

Hey guys. I need your advice about writing a documentation. I want to make a flowchart with all processes of this client’s mobile app so I could see the UX logic and also all UI screens in the app. I also want to somehow add backend info in order to see which endpoints are being called in these screens and what type of responses are we parsing there.

Currently flowchart is done in draw.io, some of sketches are in zeplin, and there is 0 backend documentation just some implementation in our mobile app.

I would like to combine all of this into some useful document/overview so I could pass this doc to a junior dev and he could jump working into project without a problem.

Do you know any tools to do this?

hello folks, any help would appreciated :). serious question about designing/developing a rest backend.

here is a little insight: I want to reduce the endpoints for many CRUD operations as I can. So for that approach I defined a set of "dynamic" routes like /:moduleName/list, /:moduleName/update and so on.

Now I want to also reduce hardcoding as much stuff as I can for the front end. like I want forms/view/components to know which fields can be sent in the "/:moduleName/xxx" endpoints from above. So I'm thinking to make some /:moduleName/list/map, /:moduleName/update/map endpoints that tells the frontend which fields/keys can be sent for X or Y operation.

regarding design/security concerns Is that a good approach? do you know any other approach that's like to what I want to achieve?

Only when the latest feature is implemented, the last bugfix and the last workaround are found, the last unit test is written, the latest CI/CD pipeline done, the customer guy does manual testing and acceptance tests on the staging server and let's them pass and a few days later it's pushed to production...
You will be reminded (again) that shitty customers do exist! A customer is the least capable person to tell you what the customer actually wants and is also the least trustworthy person to test the features he requested...
Holy fuck come on! Just test that shit on the staging Server! One Look could have already shown you that that's Not what you expected!

I checked the logs after that and yup you guessed correctly... The said endpoints weren't even used on staging, only on production...

So me and a couple of my teammates were developing a website for artists where all the things related to artists such as artworks, events, geolocation info etc. happen to live.
2 months down the line, the client comes up with another team who is supposed to develop iOS and Android apps to give the users the ability to leverage this data.
Now this team is so annoying that they want the API according to the specifications they provide. That's really weird. API should be generic, right?

But no, this doesn't end here, the PM of mobile app team comes up with a specification document for the API and what does it contain, a few endpoints which go as below:-
/home - To bring all the home screen data
/events - To bring all the event screen data. But here is a twist, on Event screen, they have defined different sections for Upcoming Events, Workshops, Talks etc. And for each event type they don't want a filtered API but just this single endpoint which will contain all event types data in their own JSON keys.
FML
:/

Quick update on our partner's API that doesn't work (see previous rant).

They gave the wrong URL! Wow!! Well we have the new URL but
the production credentials don't work!!!

Remember dear web developers, don't be a lazy are and just reuse existing web endpoints. You can only do that to a certain extent. Don't expose a form URL encoded endpoint with dozens of fields and potentially kill the productivity of your mobile dev.

Is there a Java libary or a list of the endpoints that devrant uses? Would like to write my own client

Some background:

About 2 months ago, my company wanted to build a micro service that will be used to integrate 3 of our products with external ticketing systems.

So, I was asked to take on this task. Design the service, ensure extendability and universality between our products (all have very different use cases, data models and their own sets of services).

Two weeks of meetings with multiple stakeholders and tech leads. Got the okay by 4-6 people. Built the thing with one other guy in a manner of a week. Stress tested it against one ticketing service that is used in a product my team is developing.

Everyone is happy.

Fast forward to last Thursday night.

“Email from human X”: hey, I extended the shared micro service for ticketing to add support for one of clients ghetto ticketing systems. Review my PR please. P.S. release date is Monday and I am on a personal day on Friday.

I’m thinking. Cool I know this guy. He helped me design this API. He must’ve done good. . . *looks at code* . . . work..... it’s due... Monday? Huh? Personal day? Huh?

So not to shit on the day. He did add much needed support for bear tokens and generalized some of the environment variables. Cleaned up some code. But.... big no no no...

The original code was written with a factory pattern in mind. The solution is supposed to handle communication to multiple 3rd parties, but using the same interfaces.

What did this guy do wrong? Well other than the fact that he basically put me in a spot where if I reject his code, it will look like I’m blocking progress on his code...

His “implementation” is literally copy-paste the entire class. Add 3 be urls to his specific implementation of the API.

Now we have

POST /ticket
PUT /ticket
POST /ticket-scripted
PUT /ticket-scripted
POST /callback

The latter 3 are his additions... only the last one should have been added in reality... why not just add a type to the payload of the post/put? Is he expecting us to write new endpoints for every damn integration? At this rate we might as well not have this component...

But seriously this cheeses me... especially since Monday is my day off! So not only do I have to reject this code. I also have to have a call now with him on my fucking day off!!!!

Arghhhhhh

Today i present GraphQL to my colleagues.
Tell me your experiences with "querying your REST endpoints!

Has anyone ever resumed at a new place and was impressed by the code inherited from their predecessor? If yes, did you see any need to communicate this information to the admin or the superiors he left behind?

For as long as I delved into code quality, I've taken great pride in my work and have been enthusiastic to show it off to anyone who cares to listen. I'm morbidly afraid of a colleague berating my work over something I didn't do correctly or don't know. But none of those I've worked with have that kind of time for pedagogy. The only thing I've witnessed them care about is how much your code breaks, to what extent your endpoints break, etc

Does this make code quality practically an overrated metric? All your fancy oop patterns and clever algorithms or business logic basically goes unnoticed. The business cares about output and your colleagues are more concerned about implementing their deliverables.

Is this just my experience or a more general situation of things?

Work! Terribile doubt about our project 😭i will leave this company if we do not come up with an adult solution 😔

We are working for another Company, they asked to add a web app to their project.

We made frontend and backend, we make user auth to their api, then call their api (place order, get orders etc), passing their auth token to their services.

Which Means that our endpoints are not really protected (i think) and if we add an endpoint that does not use their api, the only way to secure them Is to take the token, validate It by calling for example get /order of the api and if It fails just discard the request....too slow?

my colleagues do not want to put a serious auth they Just want to use the company api and leave the rest open...

And the customer Just asked to use some other api functionality, but that api has another auth... How do we pur them togheter? The last api want the id of the user to do machine ti machine auth

It Is my 6th month here no one thaught me anything, i think i'll Just leave ..or am i Just experiencing the developer Daily work?😔

Just an idea...

Fuck scam calls and texts. I feel like wrapping their phone cords around their necks and beating them with the handset.

So short story long, I'm looking at developing a website that has a list of websites and endpoints for text and call subscriptions. The stupider the better. Enter the annoying phone number or email address, subscribe them to every damn service on the list, and let the fun begin.

Has anyone got any such websites they'd like included?

So, need to secure some requests.
I decided on going passwordless on the website but I want to have an API too.

I am reviewing auth0.
I am also not sure if I can secure the same endpoints as private and public differently, so the private is used by the backend with no auth and the public with auth.

Wold you guys help me with some reading material?

How do y'all approach media-endpoints?
Specially publicly accessible user-uploaded media

Rn I encrypt the path to the media-
/file and expose it, decrypt on the server (returning a relative file-path) which then fetches the file via File.Read and returns it as-is

I put a cache header and works fine

But something in the back of my mind makes me feel it isnt right

Like, normal endpoints and file-read endpoints shouldnt be in the same backend, potentially affecting each other

But since it's just a fun pet project so Im not paying for a 2nd baremetal server as a CDN/media server -.-

Worst case scenario I use it as-is, but would appreciate hearing other approaches

Apparently, Spotify requires auth on all of their endpoints. So now, if I want to write a simple CRUD app I have to deal with fucking OAuth.

PHP gurus / masochists.

I've been using Symfony components for new, isolated features in a legacy php application for awhile now. the time has come to integrate using the kernel, and routing for new endpoints while existing endpoints use the existing apache means of loading pages.

It's not my first rodeo doing this, but I'd appreciate any wisdom/resources/patterns you followed for anyone who's had to do the same.

My clients don't have the means to do hire the appropriate ammount of devs to do a proper port, so this is a long path towards modernization by ceasing to bolt on features to existing code and instead, when working on something, updating it to the new design pattern and then extending that, with a spec, documentation and code coverage.

Has anyone maybe a link to HTTP security topics in general?

I find often breadcrumbs, like in several different attack possibilities, but nothing comprehensive.

Mostly regarding HTTP 1.1 / HTTP 2 (h2c) and proxying.

I'm currently unclogging an whole ecosystem of proxies, endpoints, edge nodes and so on...

My knowledge is limited and it's frustrating to Google cause seemingly I get always just pieces of the puzzles but not a collection -.-

(Looking for specific information, e.g. regarding attacks like H2C Smuggling, HPACK attacks, stuff regarding Cookies / Headers / Encoding... But please not spread over several dozen pages where it becomes frustrating to read the same shit over and over again without learning something new :( )

Apparently there's a limit to how many API endpoints you can deploy in a second using CDK. Thanks for not having an error message that says that and wasting two weeks.

Switching jobs is part of our career growth and as a developer, we do this every two years on average.
I know that after announcing my resignation my colleagues won't treat me the same.

It's like I'm an entity in the system that you don't have to query it anymore but you have to exhaust its knowledge transfer limit within the notice period.

All the facades and presenter layers will fade out and you will know which models care about you and want to keep the existent associations. Those models only deserve to publish your contact payload with them.

My requests will be faced by slow response HR endpoints and I'll have to rely on a retriable solution to access the required document data.

I was mentally ready for it but it's still painful as I have to endure this for 2 months, yes, the EU has longer notice periods.

Do you guys have tips to share from your experience?

If someone tries using "multipart/form-data" as only content type for their PUBLIC API ENDPOINTS again I am going to find them and choke them to death.
And if your documentation says you are using something else (application/x-www-form-urlencoded) I am doing it twice.
JSON apis should be standard.

EDIT: I had to fire up BurpSuite proxy, after almost an hour I accidentally switched the body type - voilà

Fucking stupid spring-boot-devtools dependency !!!

Started work at 11AM and was working on a Rest API system using Spring Boot. Got to know about Spring Boot dev tools and added it to my project.

Later in the evening my endpoints started throwing exceptions for no god damn reason. Invalidated the caches, restarted my IDE and laptop. Rolled back my code to almost vanilla branch !!! YET THE ENDPOINTS KEPT THROWING RANDOM EXCEPTIONS.

This went on till 1:30 AM (I live in a country where work-life balance is not a thing for software developers :)). Frustrated, the last thing I tried was to rollback the devtools dependency from my POM file. AND MY ENDPOINTS STARTED WORKING AGAIN 🤬

What the actual ffffuhkkk !!!!

To all those who contribute to spring-boot-devtools, you guys are doing a great job and it isn’t a personal attack towards you (I really mean it). It just messed up my project in some way and I was extremely frustrated.

Help needed.
Anyone who has worked with OpenBazaar REST APIs. I cannot seem to get any response from the endpoints even though I think I've set the server correct. Any sort of help would be highly appreciated.

P.S. (Rant) the docs and the "helpful slack community" are total shit.

Twitter developers will authenticate half of their endpoints with some authentication method and the other half with a totally different one (which doesn't work) and their sales team will have the guts to contact you to check if you're still interested to access their API.

My only interest is feeding your corpse to the ravens.

One of our previous clients is not paying the rest of the payments after receiving the codes. What are the things we can/should do digitally to make them pay the payment?

btw, it was a web app. we worked on the front end and the backend of the app. So, naturally we know all the API endpoints, we have the database access, and so on. So yeah, we can do so many things.

But still I wanna ask you guys, what would you do to make someone pay?

Baeldung.com has the just worst guide to Java Spring Websockets. They even mix up endpoints and show just the wrong code.

I need some help with TCP connection related stuff in C#. I need to figure out how to make a very basic connection between two endpoints and manage to send data between them. In my case it's a "server-side" program and a "client-side" program.

My problem is that I don't know how I go about making the client program listen for response after sending data. Do I need to have a TcpListener on the client side too? In which case, how do I use it?

Basically, I know how to make the client toss the ball and how to make the server catch it, and I think I know how to make the server toss the ball back, but I don't know how to make the client catch it. :/

Okay, so I need some serious help. Can someone explain why anyone would want to use java spring beyond IoC? Half the developers I work with swing Spring around likes it's excaliber, yet when truly pressed why they like it they all say: "because of beans".

Spring is massive, so why just beans? The IoC pattern is extremely robust, so I'm sure there are other secrets to be learned. It has to have some other significant advantage.

I totally understand things like Jax-RS for REST endpoints. I don't think spring is needed for that to work, is it?

I don't get keycloak. Anyone who has experience with it, please help.

We have what I would think is a common setup: a kubernetes cluster with a Spring boot api-gateway and keycloak as oauth2-provider.

The api-gateway needs an issuer-uri to keycloak for endpoint discovery, i.e. to configure a bunch of endpoints to keykloak for different purposes.

The two main purposes are: 1. to redirect the user to keycloak (must be an url reachable from outside the cluster, i.e. ingress) 2. to authenticate tokens directly with keycloak from within the cluster.

Keycloak can be configured to set some of these discovery endpoints to different values. Specifically it makes a separation between backfacing (system calls in cluster) and frontfacing (user call from browser) urls All seems good.

However, when using this setup, each time spring security authenticates a token against keycloak it says the "issuer" is invalid. This is because the issuer is the host on which the token was generated. This host was the one in the url which the user was redirected to i.e. the ingress.

It feels like there is no way around this except running keycloak outside the Kubernetes cluster, but surely there must be a way to run keycloak in the same cluster. What else is the purpose of keycloak having the concept of back- and frontfacing urls?