HTTP APIs REST idempotency IETF APISIX

Implementing the Idempotency-Key specification on Apache APISIX

Last week, I wrote an analysis of the IETF Idempotency-Key specification. The specification aims to avoid duplicated requests. In short, the idea is for the client to send a unique key along with the request: If the server doesn’t know the key, it proceeds as usual and then stores the responseIf the server knows the key, it short-circuits any further processing and immediately returns the stored response This post shows how to implement it with Apache APISIX. Overview Before starting

HTTP APIs REST idempotency IETF

Fixing duplicate API requests

The first rule of distributed systems is 'Don’t distribute your system'. Designing distributed systems right is infamously hard for multiple reasons. The idempotency concept For example, a call to a function can succeed or fail in non-distributed systems. Once you move the called function to a remote component, a third option appears: you call the remote function but get no response from the component. At this point, it’s impossible to know whether the call reached the component o

Apache APISIX APISIXNorthAmericaTour DevRel conferences public speaking

Apache APISIX North America Tour

Once in a while, I write non-technical blog posts when I’ve something worth sharing. Today, I’d like to write about my North America 'Tour' across several conferences and user groups. The first leg of my journey started in Oakland, California, with Developer Week. Developer Week is an established conference with different editions in several locations and online during the year. Though I’m on their advisory board, this is only the second time I’ve spoken at one of their

programming coding rust kotlin

The pitfall of implicit returns

Implicit returns are a feature in some languages. They have recently bitten me, so here’s my opinion. Statements, expressions, and returns Before diving into implicit returns, we must explain two programming concepts influencing them. A lot of literature is available on the subject, so I’ll paraphrase one of the existing definitions: An expression usually refers to a piece of code that can be evaluated to a value. In most programming languages, there are typically three differ

Raspberry Pi GitHub Action self-hosted runner

Using my new Raspberry Pi to run an existing GitHub Action

Recently, I mentioned how I refactored the script that kept my GitHub profile up-to-date. Since Geecon Prague, I’m also a happy owner of a Raspberry Pi: Guess what I won @GeeCON Prague? 😎 pic.twitter.com/b9dARUhfMd— Nicolas Frankel 🇺🇦 (@nicolas_frankel) October 20, 2023 Though the current setup works flawlessly - and is free, I wanted to experiment with self-hosted runners. Here are my findings. Context GitHub offers a large free usage of GitHub Actions: GitHub Actions us

Kotlin Python migration

From Kotlin Scripting to Python

GitHub offers a way to customize one’s profile by allowing one to create a README in a specific repository, named as your profile, e.g., nfrankel/nfrankel. A couple of years ago, I automated the update of my GitHub profile with up-to-date info: my latest blog posts, my upcoming talks, and the last recorded YouTube talk. I took the time to document how to do it on this blog. At the time, I chose Kotlin scripting because I was proficient enough in Kotlin, but I wanted to learn the scripting

Apache APISIX API Security

Secure your API with these 16 Practices with Apache APISIX - part 2

Last week, we listed 16 practices to help secure one’s APIs and described how to implement them with Apache APISIX. Authentication 🕵️️ - Verifies the identity of users accessing APIs.Authorization 🚦 - Determines permissions of authenticated users.Data Redaction 🖍️ - Obscures sensitive data for protection.Encryption 🔒 - Encodes data so only authorized parties can decode it.Error Handling ❌ - Manages responses when things go wrong, avoiding revealing sensitive info.Input Validation & D

Apache APISIX API Security

Secure your API with these 16 Practices with Apache APISIX - part 1

A couple of months ago, I stumbled upon this list of 16 practices to secure your API: Authentication 🕵️️ - Verifies the identity of users accessing APIs.Authorization 🚦 - Determines permissions of authenticated users.Data Redaction 🖍️ - Obscures sensitive data for protection.Encryption 🔒 - Encodes data so only authorized parties can decode it.Error Handling ❌ - Manages responses when things go wrong, avoiding revealing sensitive info.Input Validation & Data Sanitization 🧹 - Checks input da

Rust error management

Error management in Rust, and libs that support it

As part of learning the Rust ecosystem, I dedicated the last few days to error management. Here are my findings. Error management 101 The Rust book describes the basics of error management. The language separates between recoverable errors and unrecoverable ones. Unrecoverable errors benefit from the panic!() macro. When Rust panics, it stops the program. Recoverable errors are much more enjoyable. Rust uses the Either monad, which stems from Functional Programming. Opposite to exceptions