Tag Archives: security

APIs & Agile

API Lite, Please

The first two readings this week helped solidify my understanding of what an API does: It’s the mechanism by which a client communicates with a server (like a waiter taking an order from a customer, retrieving it from the kitchen, and delivering it back to the customer).

The second two readings, on REST APIs, completely blew my mind.

In addition to taking and delivering data, APIs can also post them. Moreover, you can make API requests in a browser to view JSON data specific to your query, including specific parameters that you control. Then, you can take the data you mine from an API request on one website, and use it to access or reference additional data on another website! This waiter is multi-talented!

It does bring up a question for me about security, however. I know that access tokens must be passed to authenticate that the person accessing the data is allowed to access it, but do systems become vulnerable for malicious data scraping when their APIs are available on something like Apigee? This goes back to the recurring theme of developer tools being transparent and accessible—from web inspectors to API management software—while also being acutely aware of the risks of the internet.

Back to Agile Framework

Since Week 8’s discussion of agile frameworks, I’ve been paying more attention to how teams in my workplace function. I remembered that one of my colleagues, who works as a project manager for the marketing and technology teams, had regular “scrum” meetings on her calendar. I asked if those teams operated under an agile structure, and she (impressed by my question) responded that yes, our Chief Information Officer prefers to operate that way.

She explained they work within a framework that’s most similar to scrum, with sprints (a blend of technology and design work) lasting 10-15 days each. It’s interesting to think about this technology culture being nested within the framework of higher education, which operates on a much more drawn out and fluid timeline.

My colleague noted that, while projects aren’t always strictly within the set scrum framework, it’s been helpful for the members of the team to operate using a common language and set of expectations, and the framework has allowed them to complete a lot of high level projects with success.

She also mentioned that she uses the tool MS Project, which allows her to help the team visualize the consequences of contingencies and dependent tasks not being completed.