Nginx TLS tuning won't fix a slow application, but it does cut handshake overhead and improve connection reuse, which shaves milliseconds off every HTTPS request. Continue reading...
#blog
147 posts
Yesterday
9 Jun
The number of APIs has been increasing year-over-year, as they’re the infrastructure that makes the majority of modern digital architecture possible. Given that everything from AI to SaaS involves APIs at their core, it’s not the greatest shock that 78% of organizations don’t even know how many APIs they manage. A report from F5 finds ...
8 Jun
tmpfs lets you mount a filesystem entirely in RAM. Here is how Linux already uses it, how to create your own mounts, and where it actually makes sense to use one. Continue reading...
7 Jun
Every so often, something surfaces in the LinuxCommunity.io forums that deserves a wider audience. Generally it is a question, a solved problem, or a quick tip. Continue reading...
6 Jun
A practical guide to Linux user and group management using useradd, usermod, userdel, groupadd, gpasswd, and chage. Covers real-world examples, common mistakes, service accounts, and safe account removal. Continue reading...
Let's take a quick look at how best to set up PHP-FPM for high throughput, low latency, and more stable CPU and memory use. By default, most setups have PHP-FPM's PM (process manager) string set to dynamic and there's also the common advice to use ondemand if you suffer from available memory issues. Continue reading...
5 Jun
Embarking on the quest to find the ideal home office, home lab or small business firewall device is akin to navigating a jungle, but let's narrow it down by setting the budget to under $300 USD. Continue reading...
4 Jun
Model Context Protocol (MCP) has, almost overnight, become a mainstay for developer tools and enterprise AI workflows. Anthropic open-sourced MCP in late 2024 and later donated it to the recently established Agentic AI Foundation (AAIF), a Linux Foundation project. As AI agents and large language model (LLM) applications start to put MCP servers into use, ...
3 Jun
Looking for the best Linux distro (distribution) to enhance your desktop or laptop experience? This article will guide you to what, I believe, are the best Linux distros for beginner, experienced, and expert users. Continue reading...
2 Jun
A developer can ship an MCP server in an afternoon. Getting that same server running in regulated production, with credentials provisioned, access controls enforced, and security sign-off obtained, takes weeks. This post walks through the six challenges teams hit when scaling enterprise MCP deployments from prototype to production, the fix for each, a posture assessment ...
1 Jun
Two network interfaces are better than one. With Linux network bonding (also known as NIC bonding or link aggregation), you can combine multiple NICs into a single logical interface, gaining either increased throughput, failover redundancy, or both. Continue reading...
28 May
Often, enterprises end up treating all their APIs roughly the same. They’re authenticated, maybe rate-limited, and hopefully behind a gateway, but ultimately, they’re lumped together as part of a collection of APIs. While that flatness makes sense from a product management perspective, it poses a problem for risk management. A payment processing API and a ...
Fail2ban watches your log files and automatically bans IPs that repeatedly fail authentication, protecting your Linux server from brute-force attacks on SSH, web servers, and more. This guide covers installation, jail configuration, testing, and practical tuning to get real protection instead of just running defaults. Continue reading...
26 May
AI agents are pieces of software that autonomously perform actions to achieve a goal or objective. They operate in loops where they analyze input, such as prompts, context, tools, and memory. They then plan, take actions, and feed the output back into the loop to decide how to proceed. In this way, agents can dynamically ...
24 May
A practical guide to nmap on Linux covering host discovery, port and service scanning, OS detection, NSE scripts, output formats, and real-world command combinations sysadmins actually use. Continue reading...
21 May
A practical guide to Linux log files: where they live, how to read and search them with tail, grep, and journalctl, how to manage log rotation, and a real-world troubleshooting workflow. Continue reading...
When discussing modern API security, developers frequently conflate terms like bearer token and JSON Web Token (JWT). This semantic confusion around access tokens often masks a critical architectural distinction. A bearer token specifies the transmission mechanism, while a JWT defines a specific, structured data format. But due to the extensive adoption of JWTs, there is ...
20 May
The application and API security industries are rethinking access control for AI agents. However, the underlying foundations remain the same ones the industry has relied on for years. What’s changing is how and when those foundations are applied. Depending on the use case, a given approach may work best at runtime, with proper contextual signals, ...
19 May
API keys often give a false sense of security: it seems like they protect access to APIs. Yet, there are plenty of API key security risks. For one, they’re simply static strings that are often exposed, leaked, and end up helping attackers. As such, leaky API keys are at the heart of many of today’s ...
18 May
Agentic AI certainly dominated the theme of apidays New York, an event that brought together some of the API industry’s top thinkers and implementers for two days in mid-May 2026. It’s clear that APIs are still as important as ever, but they are now being repositioned as an execution layer for this new paradigm. In ...
17 May
After twenty years on the Linux desktop, more than a dozen distros, multiple desktop environments, a seven-year tiling window manager phase, and one detour through whatever I thought of as the stable answer at the time, I'm finally in a noticeably more comfortable place than ever before. Continue reading...
14 May
The age of AI is well upon us. According to research by Microsoft, 24.7% of the working age population in the Global North is using AI, paired with 14.1% of the Global South. As AI adoption increases, organizations are increasingly finding their minds focused on not just the potential upside of AI, but on the ...
13 May
In February 2026, Peter Steinberger, the creator of OpenClaw, told Lex Fridman that the best tool for agentic AI has been on their desktop for 50 years. According to him, the simple command line interface (CLI) is the ideal tool for working with today’s non-deterministic technologies. The modular architecture of AI, LLMs, and agents require ...
12 May
In many existing systems, enterprise data uses only basic security protections. For example, the backend of a web application might call an API and use an API key to secure the request. The solution may seem secure enough, since the web application only calls a subset of API endpoints and the user seems constrained by ...
7 May
Learn how to write, manage, and troubleshoot systemd service unit files on Linux. From basic service definitions to hardening options, restart policies, timers, and real-world debugging techniques. Continue reading...
Thanks to pioneers like Twilio and Stripe, API products have redefined what a great developer experience (DX) looks like. These companies have demonstrated how targeted API products, along with exceptional documentation and onboarding, can make developers enthusiastic advocates for their brands. However, the API product market is shifting — the rise of AI agents means ...
6 May
Between August 9 and August 17, 2025, malicious actors were able to export data from over 700 organizations. To make matters worse, the breach, referred to as UNC6395, was caused by insecure tokens leaked by a third-party app called Salesloft. As a representative from Google put it in a statement, “After the data was exfiltrated, ...
5 May
“REST is dead.” “MCP will be gone within a year”. “Tooling is the new sprawl layer.” These are all takes we’ve read recently on the issues people are facing when it comes to connecting AI to APIs. Kelsey Hightower, for example, recently opened some interesting debate around the future of REST and MCP on Bluesky ...
4 May
Over the last couple of months I've had performance issues with Cloudflare (CF) about 2 times, including today. That's a sentence I never thought I'd write, because Cloudflare genuinely doesn't have performance issues most of the time, and when they do, it's usually on the status page as part of a larger issue. Continue reading...
3 May
A practical guide to Linux environment variables: how to set, export, persist, and debug them correctly across shell sessions, user accounts, system-wide configs, and systemd services. Continue reading...
2 May
If you spend any time in Linux forums, you've seen DistroWatch's Page Hit Ranking cited as proof one distro is "more popular" than another. It isn't. Continue reading...
30 Apr
At PayPalDevDay 2025, PayPal’s Nathaniel Olson discussed a familiar problem. When he asked an AI coding assistant to build a product involving APIs, it was far too common for the AI to use outdated APIs rather than the most current iterations. It’s not that the official documentation or SDKs weren’t up-to-date, it’s the fact that ...
29 Apr
There’s much more to effective translation than just providing a language switcher dropdown. The idea that merely swapping out English for Chinese or Spanish is enough to get by is a misconception that actively harms businesses who are trying to appeal to a truly global audience. Modern translation APIs go beyond language swaps, handling tone ...
28 Apr
In February 2026, nearly 3,000 Google API keys were accidentally exposed. Data breaches are always damaging, but a data breach due to an authenticated, active API key can be catastrophic. An active API key allows actors to access uploaded files, cached data, and charge LLM-usage to your account, as noted by cybersecurity researcher Joe Leon. ...
24 Apr
If the Linux desktop and applications on your thin and light laptop or low-end PC feel sluggish under a busy session, the usual suspects are slow storage R/W, not enough RAM, or occasionally a CPU bottleneck. But on machines with integrated graphics, there is a fourth bottleneck most people never check: VRAM. Continue reading...
23 Apr
Since the advent of the internet, software developers have used online assistants, like search engines, to improve their time to market. In the AI era, you can think of AI agents as a new type of user agent that goes beyond the capabilities of search engines to perform concrete tasks and provide further efficiency improvements. ...
22 Apr
A practical guide to Linux signals: how to use kill, pkill, and trap correctly to manage processes, reload configs, and write scripts that clean up gracefully instead of dying mid-operation. Continue reading...
At some point or another, most software developers find themselves at a career crossroads. In one direction is comfort, ease, and predictability. In the other? Challenge, intention, and responsibility. (And, yes, higher salaries to go along with them.) That second route is what happens when developers start to think more deeply about the systems behind ...
21 Apr
A practical guide to Linux disk partitioning with fdisk, parted, and lsblk. Covers creating partition tables, formatting filesystems, mounting, and setting up persistent mounts via /etc/fstab. Continue reading...
Analysts are predicting that the digital economy is growing at three times the rate of national GDPs, driven largely by AI in various ways. Some speculators think AI-enhanced workplaces could generate nearly USD $4.91 trillion by 2026. With that kind of money involved, it’s no surprise that a whole new financial ecosystem is emerging around ...
20 Apr
Bash aliases turn long, repetitive commands into short custom shortcuts that load every time you open a terminal. Here's how to set them up, where to store them, and a practical set of aliases built for real sysadmin work. Continue reading...
16 Apr
“Web APIs today are broken.” A bold statement made by Microsoft’s Darrel Miller during his talk at the November 2025 A2ASummit. It’s a sentiment shared by many industry leaders. The interfaces that we see as the glue holding the digital world together have become too brittle to support modern applications, especially those powered by AI. ...
15 Apr
While some commentators in tech say that microservices architecture has seen its heyday, in reality, it’s still foundational to some massive distributed digital systems, from Netflix, to Amazon, SoundCloud, and beyond. But how exactly do you operationalize thousands of distributed microservices living in various environments? Successful microservices adoption tales often revolve around using service mesh, ...
14 Apr
New data underscores what many of us have known all along: APIs are now the most common doorway for attackers. But while the reigning API security risks may not look all that new, the new technology around agentic AI, like Model Context Protocol (MCP), seems to be disproportionately exacerbating classic API- and application-level security gaps. ...
9 Apr
In recent months, the hype machine around agentic API consumption has been working overtime. In 2025, Kong reported that as many as 90% of enterprises are actively adopting AI agents and 79% expect full-scale adoption within three years. The agents aren’t coming; they’re here. The importance of agent experience has taken center stage, while AI ...
8 Apr
It’s 2026, and if you follow the tech industry, you are likely already familiar with terms like MCP servers and clients, LLMs, AI agents, and RAG applications. These components represent the visible surface when it comes to the AI conversation. But have you ever stopped to consider the underlying infrastructure that actually makes these technologies ...
7 Apr
In 2020, software engineer Ivan Velichko published an article titled “API Developers Never REST,” detailing the rise of alternate design strategies that have emerged since Roy Fielding published his dissertation in 2000. Yes, the title is a jokey hook designed to snag eyeballs and attention, but like all good humor, there’s a kernel of truth ...
2 Apr
Enterprise teams treated bots like volume problems for years. Scrapers. Credential stuffing. Occasional denial of service spikes. Sure, it was frustrating. But mostly it was manageable. That old playbook doesn’t work anymore. The most harmful automation of today flies under the radar, appearing as “normal” transactions happening at machine speed through your company’s own digital ...
1 Apr
In October 2025, Anthropic released Agent Skills as a feature for Claude. Within two months, early Agentic Skills had been built by partners like Atlassian, Figma, Canva, Stripe, Notion, and Zapier. How did a brand-new feature evolve into a pattern adopted so quickly across the enterprise? The rapid ascent of agent skills speaks to their ...
31 Mar
APIs are the modern doorway for systems to share data, but this common pathway is often unlocked. As a result, over the past two years, we’ve witnessed a string of API security incidents, including headline-worthy API exploits at 23andMe, Avelo Airlines, Authy, Optus, Trello, Volkswagen, WhatsApp, and others. 42Crunch recently released its State of API ...
26 Mar
The autonomous future is nearly upon us. Every day seems to bring a fresh wave of headlines involving autonomous cars or self-driving trucks. Users are taking more than 700,000 autonomous taxi rides each week, according to McKinsey, while the first autonomous truck pilots are starting to hit the pavement. European countries have already hosted 35 ...
25 Mar
When it comes to APIs, security has always been a serious concern. Developers who design and build APIs strive to mitigate vulnerabilities before attackers find them. Consumers want to be reassured that the APIs their applications integrate with won’t compromise data or application integrity. However, the rise of AI has led to new and evolving ...
24 Mar
On January 7, 2026, Dr. Wayne Liu, president and chief growth officer of Perfect Corp., delivered a presentation at the Consumer Electronics Show (CES) titled “API-First Innovation: Scalable AI for the Modern Beauty Shopper,” discussing the many different ways that AI is impacting the beauty industry. In the process, he makes a case for our ...
19 Mar
Model Context Protocol (MCP) has been absolutely everywhere since it was first released in November 2024. Sometimes referred to as the “USB-C of AI,” MCP has come forward to help tame some of AI’s most glaring issues, namely a lack of standardization around integration as well as the context to understand what it’s accessing. Given ...
18 Mar
If your application calls even one third-party API, its reliability ceiling is no longer yours to control. That is the uncomfortable truth behind the uptime numbers API Status Check has been tracking since late 2025 across more than 215 services spanning cloud infrastructure, AI, payments, developer tools, and communications. This is not a ranking exercise. ...
17 Mar
If you build distributed applications, you’re likely already familiar with microservices. While the definition varies across the tech industry, I prefer the one from Sam Newman’s book Building Microservices. In it, he concisely describes microservices as “small, autonomous services that work together.” The concepts of microservices have been around for about fifteen years now. However, ...
12 Mar
Over the past decade or two, APIs have quietly shifted from behind-the-scenes infrastructure to fully-fledged products. And companies that treat them as such are making big bucks doing so. According to Postman’s 2025 State of the API Report, 65% of organizations now generate revenue from their API programs. And, among organizations that make money from ...
11 Mar
AI introduces many exciting developments in the software industry. However, the uncontrolled use of generative AI has the potential to undermine our mission to provide a platform for authentic voices in the API community. For this reason, we are clarifying our AI usage policy. This policy applies to anyone who contributes content to Nordic APIs, ...
10 Mar
APIs are no longer just infrastructure holding organizations together. They’re business products in their own right. As Postman put it in the 2024 State of the API report, “62% of respondents report working with APIs that generate income. This signals the rise of the API-as-a-product model, where APIs are designed, developed, and marketed as strategic ...
5 Mar
Most API teams I talk to are serious about the front door. They have a documented API surface, versioning rules, code review, and a continuous integration and continuous delivery (CI/CD) pipeline that runs tests and security checks before anything ships. That’s all good hygiene. But the incidents that turn into painful postmortems often start somewhere ...
4 Mar
The evolution of the modern enterprise is often marked by a transition from streamlined simplicity to architectural fragmentation. What begins as a strategic move toward distributed systems frequently devolves into gateway sprawl, a phenomenon where decentralized business units adopt distinct API tools based on localized budgets, engineering preferences, or specific technical requirements. While this flexibility ...
3 Mar
In years gone by, API specifications and developer portals were created for developers’ eyes only. It wasn’t unusual for them to include the occasional joke or pop culture reference, or omit context that any qualified API consumer would easily be able to infer. While the introduction of standards like OpenAPI has already systematized and sanitized ...
26 Feb
Agentic AI systems promise something beyond single-turn inference. They can provide persistence, autonomy, and the ability to plan and act across time. However, anyone who’s tried to wire real APIs into an agent quickly discovers an uncomfortable reality. Even well-trained models can become jerky, brittle, or outright wrong once network calls, retries, partial failures, and ...
25 Feb
When it comes to APIs, access control is an incredibly important part of ensuring that your APIs are as secure and properly controlled as possible. In this context, one of the most effective methods that has arisen is role-based access control (RBAC), a security practice that segments access to digital systems based on roles. In ...
24 Feb
When building agentic AI systems that interact with APIs and other services, securely managing JSON Web Tokens (JWTs) becomes a critical part of the architecture. Unlike traditional web applications, agentic AI can operate autonomously, invoking APIs, making decisions, and passing sensitive information without direct human supervision. These nuances create unique authorization challenges around how JWTs ...
19 Feb
Over the years, we’ve had the pleasure of hosting many exceptional speakers on the Nordic APIs stage. Our most memorable talks span architectural deep dives, anti-patterns, emerging trends, personal journeys, and hard-earned lessons on what it takes to build great API platforms. To the audience, these presentations often look effortless. But the truth is, there’s ...
18 Feb
As APIs scale and organizations structure complex systems, it’s almost inevitable that some enterprises are going to end up with more than one API gateway. Sometimes this is intentional — especially when those gateways represent different environments, segmented data services across regions, or different teams and thus different focuses. More often, however, this is just ...
17 Feb
In recent months, we’ve been writing extensively about some of the exciting possibilities offered by artificial intelligence and the agentic consumption of APIs, from new routes to monetization via AI through to more efficient workflows. But there are downsides to consider here, too. Large language models (LLMs) have a habit of disregarding the API contract, ...
12 Feb
Model Context Protocol (MCP) has made huge waves in the industry as of late. Since MCP makes it incredibly easy to point agentic implementations towards tools and resources, it’s been used for everything from context-driven customer service tools to order fulfillment backends. One of the most interesting use cases, and one that is currently emerging ...
11 Feb
Nothing frustrates a user more than a slow or non-responsive website or application. This is especially true in ecommerce, where slow-loading pages lead to high bounce rates and lower conversion rates. Often, the hidden culprit behind delays is a high-latency API. Many app developers integrate multiple third-party APIs, cumulatively adding more latency. As more APIs ...
10 Feb
A product manager at a mid-sized SaaS company notices a familiar pattern. The mobile app team is blocked waiting for a backend change, the data team has built its own undocumented endpoints to move faster, and the DevOps team is fielding late-night incidents caused by services calling each other in unexpected ways. Each team is ...
5 Feb
Building API-first is an incredibly powerful strategy — it brings a ton of value to organizations seeking to make their data and APIs more consumable, more useful, and more valuable. Interestingly, however, it seems like API-first has another huge benefit: AI-first. So what does it mean to be API-first, and what benefits does this carry ...
4 Feb
It is no longer a secret that AI and APIs are intimately connected. Whether it’s building foundational infrastructure or powering MCP servers, APIs are the essential building blocks. However, for AI to deliver a positive impact, these APIs require rigorous governance and management. APIs serve as the technical key to an AI initiative and provide ...
3 Feb
Imagine you’re a developer working with multiple AI agents based on large language models (LLMs). On Monday morning, your client asks you to connect an AI coding assistant to access GitHub issues, Jira tickets, and internal documentation via MCP-powered tools. That’s where a centralized MCP tool registry comes into play. Instead of spending hours browsing ...
29 Jan
Agentic AI is an incredibly powerful frontier technology, and it’s actively changing the tech landscape day by day. One of the most significant changes is that APIs are no longer solely called by deterministic code developed and reviewed by humans. Instead, APIs are being actively and frequently called, explored, linked, and even adapted by autonomous ...
28 Jan
In December 2025, roughly 14,000 Stranger Things fans experienced their worst nightmare. No, Vecna didn’t rise up to pull Hawkins, Indiana, into the Upside Down. Even worse, thousands of fans signed onto Netflix to watch the conclusion of the series they’d dedicated the last decade of their lives to, only to have the world’s largest ...
27 Jan
For much of their history, APIs have quietly powered the online world we depend on. They form the invisible framework connecting applications, synchronizing data, and automating workflows. Once considered a technical necessity, APIs have now evolved from backend utilities into strategic assets that sit at the core of digital transformation. The growth of AI has ...
22 Jan
There’s nothing particularly new about APIs calling it quits and closing up shop. Twitter, for example, ended free access to its API in 2023 as part of a monetization push by Elon Musk. Netflix shuttered its public API for third-party developers back in 2014 and implemented strict rules around data scraping for the APIs that ...
21 Jan
When it comes to building tech initiatives, we often say that they should be treated as products in order for them to succeed. Treating your internal APIs as a product means that you’re not just thinking about the utilitarian nature of your systems — you’re thinking about internal users as consumers, and thereby prioritizing the ...
20 Jan
Model Context Protocol (MCP) had a banner year in 2025. Since MCP was first released in November 2024, the protocol has exploded with thousands of public MCP servers and millions of monthly SDK downloads. Everyone from Microsoft to Google has adopted MCP in their quest for agentic AI. However, right when MCP was celebrating its ...
15 Jan
The emergence of AI coding assistants has ushered in a new era of software creation, formalized under the concept of “vibe coding.” This concept offers tremendous productivity but also introduces significant complexities, particularly when building critical APIs. Here is a comprehensive overview of what vibe coding is and the benefits it delivers. We also cover ...
14 Jan
In the age of AI, there is a worrying trend of simply letting AI "take care of it." You have invested in an agentic system, so when you need something done, why not just let the AI agent make the API request? After all, it is just a machine making a machine request — right? ...
13 Jan
The API community has been known to be on the lookout for shadow APIs for a number of years, as they are a common source of cybersecurity risks like unauthorized access and data leaks. It does not matter how robust your cybersecurity is when an endpoint falls outside of your protective barriers. Once an API ...
8 Jan
In the software field, one of the most commonly referred to and leveraged resources is the Top Ten list from OWASP. This is for good reason — OWASP stands as a platform- and vendor-agnostic voice that can highlight application security risks in a potentially more meaningful way than the litany of whitepapers and reports issued ...
7 Jan
In OpenAPI, the industry standard API specification, small steps can have major implications. While OpenAPI 3.2.0 may not reinvent the wheel, as it still follows the same architecture and uses the JSON Schema Specification Draft 2020-12 implemented in OpenAPI 3.1.0, OpenAPI Specification v3.2.0 still has enough changes to warrant excitement while remaining compatible with older ...
6 Jan
Model Context Protocol (MCP) was all the rage in the tech world in 2025 and will likely stay that way throughout 2026. MCP is changing how developers bridge the gap between AI applications and local or remote data. One of these bridges is the MCP server, which exposes capabilities to AI applications through tools, resources, ...
1 Jan
In the last few months, multiple vendors across the agentic ecosystem have independently embraced a similar pattern referred to as code mode. Instead of thinking of Model Context Protocol (MCP) solely as a protocol for issuing JSON-RPC tool calls, the code mode pattern treats MCP schemas as a foundation for generating typed client libraries that ...
31 Dec 2025
The Model Context Protocol (MCP) was published in November 2024 and has seen tremendous success and adoption. That is not a big surprise, as AI is still very much trending, and MCP has turned into the glue that allows LLM-based applications to interact with resources and tools. Without MCP, LLMs remain in their closed worlds ...
30 Dec 2025
In the interconnected digital landscape, software applications communicate through layers of application programming interfaces (APIs). For architects responsible for steering large, complex systems, the move to an API-first strategy is no longer optional — it’s the bedrock for delivering resilient, scalable, and innovative digital experiences. This approach ensures that APIs are treated as first-class citizens, ...
24 Dec 2025
For as long as most of us can remember, “developer experience” has been the umbrella term when it comes to measuring the usability, reliability, and effectiveness of APIs. A great developer experience, meaning one that makes things straightforward and reduces friction as much as possible, is the gold standard. Get your DX right, and word ...
23 Dec 2025
Authorization Exchange, or AuthZEN for short, is a new specification from the OpenID Foundation that aims to bring clarity and standardization to authorization. If OAuth 2.0 and OpenID Connect brought us standardized protocols for authentication and identity, AuthZEN aims to do something similar for fine-grained authorization. It defines a shared, interoperable way for applications to ...
22 Dec 2025
Agentic AI has been one of the hottest buzzwords of 2025, with developers and business owners racing to unlock the vast potential of AI. Agentic AI is a vital link in this technological chain, as it allows AI systems to make decisions and implement actions with little to no human input necessary. If you have ...
18 Dec 2025
In 2025, building an API is only half the battle. If you’re quite lucky, your API will eventually see its usage explode — but this comes with increased costs, and therefore increased need for revenue generation. Accordingly, figuring out how best to monetize your API is incredibly important — not only will it set the ...
17 Dec 2025
Speaking at tech conferences can be a very fruitful professional experience. Placing yourself on stage is a fantastic way to share your ideas with the world, network with others, and build your reputation in tech. But the first hurdle is pitching a topic — selection committees look for very specific things when they review their ...
16 Dec 2025
With their usage increasing by more than 50% since the start of the pandemic, it’s clear that eSignatures (and eSignature APIs) are here to stay. As we edge closer and closer towards a paperless world, public perception of electronic signatures has moved from “are those even legally binding?” to something used for everything from sending ...
11 Dec 2025
Explore 2026 predictions on how AI agents, MCP standards, authorization, and new API models will reshape the AI-driven API economy.
10 Dec 2025
Choosing the right architectural style isn’t just a technical detail — it’s critical to the success of your API and every application that relies on it. The architecture determines how easily developers can understand and integrate your API, profoundly impacting their experience. It dictates how clients and servers communicate, directly affecting application efficiency, performance, and ...
9 Dec 2025
The tech space is often overly concerned with the new and flashy — it seems like every day, there is a new product release, a new iteration, some big new thing that secures headlines and coverage. But the reality is that there is a whole world of old protocols that are not only alive — ...
4 Dec 2025
Technology is only as useful as it is usable. Users will only discover a product’s innovative features if it’s designed well enough for a user to first find and then use them. This is just as true with agentic AI as anything else — even if the agent’s doing a good portion of the work. ...
3 Dec 2025
Model Context Protocol (MCP), a standard for connecting AI agents to external tools and data, is still a very new tech, and as such, it’s experiencing the same growth pains that any other technology experiences. In this process, certain use and design patterns are starting to emerge — and not always for the better. One ...
2 Dec 2025
The API specification landscape is quickly becoming almost unrecognizable from what it was even five years ago. AI was still on the horizon in 2020, still the territory of sci-fi dreamers and bleeding-edge tech enthusiasts. Now, not only has AI caused an explosion of API usage — the most recent Postman State of the API ...
27 Nov 2025
Authorization is having a bit of a moment in the tech world right now. Organizations like Apple are investing more heavily in policy-driven access control, signalling a shift towards policy as code. As this approach is solidified, it’s becoming clear that the next big revolution in the authorization space will be focused on a specific ...
26 Nov 2025
A cybersecurity system is only as secure as its weakest link. Consumers and developers likely had no reason to doubt the security of a fintech API used by most of the largest banks in the world, official financial institutions, and the majority of the most widely used financial software and services on the market. Unfortunately, ...
25 Nov 2025
If you asked ten software developers what a contract test is, you’d get twelve different answers. One might say that it’s something to do with schema validation. Another might say that it’s something to do with API specifications. Yet another might tell you that it’s got something to do with the legal profession and kindly ...
20 Nov 2025
“Is that API ready to go yet?” It’s a phrase that can strike fear in the heart of any API developer, especially if the answer to the question is “not even close.” In an ideal world, the final steps of developing an API would be making a few final tweaks and adding a bit of ...
19 Nov 2025
The Model Context Protocol (MCP) community recently made quite a splash with the introduction of the Official MCP Registry, an open catalog of available MCP servers. This open-source directory is meant as a single point of discovery for all MCP servers, helping to make MCP servers more discoverable while enforcing a standardized format. It also ...
18 Nov 2025
Imagine you’re running an API gateway that routes traffic to several microservices, such as authentication, payments, order management, or analytics, for example. Now imagine that everything had been running flawlessly for months, when one night a malformed request body from a mobile client triggers a 500 Internal Server Error in your monitoring system. Even the ...
13 Nov 2025
In modern system architectures, understanding data flow is crucial. Two fundamental concepts are north-south and east-west communications. Although both deal with APIs and services, they solve fundamentally different problems and require distinct tools. Below, we’ll explore when to use API gateways or a service mesh for north-south and east-west traffic. We’ll consider when each approach ...
12 Nov 2025
Imagine a scenario where you want to translate a sentence from English to another language. Without additional logic or processing, a simple phrase like “the cat is sitting on the mat” in English might translate to “Le chat est séance sur le tapis.” The actual translation should be “Le chat est assis sur le tapis,” ...
11 Nov 2025
We often talk about API design here at Nordic APIs and best practices to follow. One of those best practices is clear and consistent naming conventions throughout the API — from endpoint resources and URIs to fields and parameters. Naming is often overlooked in API design, leading to a poor experience for consumers. Imagine the ...
6 Nov 2025
You never get a second chance to make a first impression. Apps and digital tools need to have the best possible design, as it will influence not only how users feel about your product but the brand itself. In fact, brands with good design are thought to be more trustworthy, with nearly half of users ...
5 Nov 2025
Monetizing an API, often one of the final hurdles in the lengthy process of building and deploying an API, is one of those steps that feels like it should be one of the easiest. But as anyone who has gone through the process will tell you, that’s rarely the case. And recent developments in AI ...
4 Nov 2025
We recently published an article about why developers should use an OpenAPI specification as a starting point for an MCP server. The piece led to an interesting discussion on LinkedIn about what makes an MCP server performant and useful. One critical piece is building tools that can orchestrate multiple API calls together for AI consumers. ...
30 Oct 2025
Model Context Protocol (MCP) has been proliferating at the speed of thought, as more and more developers and users strive to make their AI truly agentic and independent. Without MCP, AI-driven systems like large language models (LLMs) can only make suggestions. They can save you work, but they can also create work if you have ...
29 Oct 2025
Supply chain management has never been more important. With the business world and global economy in such a state of constant flux, it’s imperative that business owners find every conceivable way to make their businesses competitive, innovative, and efficient. Failure to do so could result in losing a lifelong customer to a competitor, who’s often ...
28 Oct 2025
It’s not an overstatement to say that the health and fitness space has been transformed in the past couple of decades. Thanks to the introduction of wearables and trackers, keeping tabs on one’s progress no longer means manually entering weights and reps into a chalky old notebook between sets. Fitness has been streamlined, incentivized, and ...
23 Oct 2025
API documentation is the cornerstone of discoverability. Well-structured API documentation allows an API to be understood by humans as well as machines. It lets a system understand how the API is structured, what it does, and includes invaluable metadata for further filtering and sorting. This means that API documentation is equally vital for an API ...
22 Oct 2025
AI agents are increasingly autonomous in the way they interact with APIs and the systems those APIs represent. But unlike human developers, who can intuit solutions pretty readily, agents aren’t quite up to the task of reading docs, joining Slack channels, or pinging support when something breaks. They rely entirely on metadata, structure, and observed ...
21 Oct 2025
Agentic AI has been the talk of the tech world in 2025. A quick query on Google Trends shows a 6100% uptick in Google searches for agentic AI in the last 12 months. Emergen Research anticipates that the Agentic AI market could be worth as much as $48.2 billion by 2030, with a compound annual ...
20 Oct 2025
For the past six years, Postman has released their annual State of the API report. Surveying thousands of developers and professionals, it reflects changes in the industry and has become the de facto gospel for anyone looking for insight into what’s going on in the world of APIs. Looking at previous editions of the report ...
16 Oct 2025
Translating physical reality into digital data that’s understandable and consumable by machines is one of the most persistent roadblocks in digital transformation. You can have all the automation, data processing, and filtering in the world, and it won’t make a difference if you’re still performing manual data entry. Computer vision is an essential part of ...
15 Oct 2025
Healthcare systems worldwide are navigating a complex landscape, challenged by rising patient expectations, soaring operational costs, shortages of medical staff, strict compliance requirements, and the need to manage vast amounts of sensitive data. In this environment, digital transformation is essential to stop accepting what’s broken and start building what works. A pivotal standard driving transformation ...
14 Oct 2025
Model Context Protocol (MCP) has been the talk of the tech world in 2025, promising to unlock the next level of AI’s usefulness. It’s the next stage in autonomous AI, allowing systems to make changes directly to the real world. Autonomy is just one reason that MCP promises to be such a game-changer, though. It ...
13 Oct 2025
Real-world constraints often impact how we build digital services. This is especially true for enterprise APIs in regulated industries that transmit sensitive data across jurisdictions. Constraints around how data is managed can easily slow progress — but it doesn’t have to be that way. At Platform Summit 2025, Yinka Omole, a lead software engineer at ...
9 Oct 2025
“So it happened, Scott. An MCP server I use in one of my workflows shipped a breaking API change, and my entire workflow broke.” With this single line, Scott Feinberg illuminates a core problem that the excitement around Model Context Protocol (MCP) has fundamentally ignored: API versioning. APIs change all the time — that’s what ...
8 Oct 2025
APIs have a reputation for being the weakest link in an enterprise’s cybersecurity. This can become a self-fulfilling prophecy, as APIs’ supposed vulnerabilities make them a popular target for potential attackers and cybercriminals. This can cause all manner of security issues, as APIs can be made to divulge a wealth of sensitive information using valid ...
7 Oct 2025
You may have heard it repeatedly that “API sprawl is the new shadow IT.” But what does that actually mean? Where is this problem coming from? What does this practically mean in the age of AI? And more importantly, how pervasive is this problem across the API industry? Today, we’re going to look at the ...
3 Oct 2025
In January 2024, the Centers for Medicare and Medicaid Services updated The CMS Interoperability and Patient Access Act. The new revision outlines requirements and specifications for what information medical providers need to provide, as well as how it should be formatted to ensure API security and data compliance. This is towards the goal of improving ...
2 Oct 2025
Can AI work with open finance? If you know something about AI, and especially AI agents, you may have read the title of this post and be thinking, “yes, of course it can, stupid!”. The use case for AI and AI agents in the context of financial services generally is significant, with agents having the ...
1 Oct 2025
Most teams do at least some sort of injection attack testing. This testing, however, is typically focused on a small subset of particular vulnerabilities. SQL injection is a popular target, as is command injection. Some teams may even do log injection if they’ve been burned before. But when it comes to APIs — and especially ...
11 Feb 2020
This isn’t part of the series on Stack Overflow’s architecture, but is a topic that has bitten us many times. Hopefully, some of this information helps you sort out issues you hit. You’re probably here because of an error like this: Could not load file or assembly ‘System.<…>, Version=4.x.x.x, Culture=neutral, PublicKeyToken=<…>’ or one of its dependencies. The system cannot find…
6 Aug 2019
This is #5 in a very long series of posts on Stack Overflow’s architecture. Stack Overflow: How We Do Monitoring - 2018 Edition So…caching. What is it? It’s a way to get a quick payoff by not re-calculating or fetching things over and over, resulting in performance and cost wins. That’s even where the name comes from, it’s a short…
18 Dec 2018
In a previous post, Docker PHP/PHP-FPM Configuration via Environment Variables, I described how to use environment variables to configure PHP FPM and CLI. With my method you can override one of over 650 PHP INI settings. More INI settings are but a PR away! In a more recent post, PHP Modules Toggled via Environment Variables I extended this concept to…
14 Dec 2018
In my previous post, Docker PHP/PHP-FPM Configuration via Environment Variables I introduced my new PHP image that uses environment variables to configure its INI settings. The Dockerfile is a beast, to be sure. At over 650 lines it documents my attempt at bringing true flexibility to an immutable PHP image. With it, you can set any number of PHP INI…
29 Nov 2018
This is #4 in a very long series of posts on Stack Overflow’s architecture. Stack Overflow: How We Do Deployment - 2016 Edition What is monitoring? As far as I can tell, it means different things to different people. But we more or less agree on the concept. I think. Maybe. Let’s find out! When someone says monitoring, I think…
15 Nov 2018
ed: If you want to run the containers right now, jump ahead to How to Use the Images. For several months now I have been working on PuPHPet.com’s replacement. It is a Docker-based GUI functionally similar to PuPHPet. Docker, like Vagrant, allows sharing directories and files from the host to the container/VM. Unlike Vagrant, Docker images are easy to create,…
8 Aug 2018
For several years this blog was generated using the PHP static site generator Sculpin. I switched to Grav before deciding it was not for me. My blog does not contain dynamic data that requires PHP processing, and static HTML with JS is fine. One of the issues I had with Grav was its requirement of both a PHP-FPM and Nginx/Apache…
5 Aug 2018
ed: If you want to jump right to the solution, jump ahead to Ok so what actually works?. Docker is an excellent tool for local web development. It allows creating non-trivial environments without polluting the local system with tools. There are still some things that make working with it just a tad bit harder than necessary. Today’s topic involves running…
31 Jul 2018
Over the last 5+ years I have done all my development on local virtual machines managed by Vagrant and provisioned by Puppet. I even created a fairly well-received FOSS called PuPHPet. At the end of 2017 I started really looking into containers, and as of January started working on what will become PuPHPet’s successor, Dashtainer. While this is not a…
22 May 2017
Today, we deployed HTTPS by default on Stack Overflow. All traffic is now redirected to https:// and Google links will change over the next few weeks. The activation of this is quite literally flipping a switch (feature flag), but getting to that point has taken years of work. As of now, HTTPS is the default on all Q&A websites. We’ve…
3 May 2016
This is #3 in a very long series of posts on Stack Overflow’s architecture. Stack Overflow: The Hardware - 2016 Edition We’ve talked about Stack Overflow’s architecture and the hardware behind it. The next most requested topic was Deployment. How do we get code a developer (or some random stranger) writes into production? Let’s break it down. Keep in mind…
29 Mar 2016
This is #2 in a very long series of posts on Stack Overflow’s architecture. Stack Overflow: The Architecture - 2016 Edition Stack Overflow: How We Do Deployment - 2016 Edition Who loves hardware? Well, I do and this is my blog so I win. If you don’t love hardware then I’d go ahead and close the browser. Still here? Awesome.…
17 Feb 2016
This is #1 in a very long series of posts on Stack Overflow’s architecture. Welcome. Previous post (#0): Stack Overflow: A Technical Deconstruction Next post (#2): Stack Overflow: The Hardware - 2016 Edition To get an idea of what all of this stuff “does,” let me start off with an update on the average day at Stack Overflow. So you…
3 Feb 2016
As new posts in the series appear, I’ll add them here to serve as a master list: Stack Overflow: The Architecture - 2016 Edition Stack Overflow: The Hardware - 2016 Edition Stack Overflow: How We Do Deployment - 2016 Edition Stack Overflow: How We Do Monitoring - 2018 Edition Stack Overflow: How We Do App Caching - 2019 Edition One…
27 Jul 2015
Update (August 11th): A patch for this bug has been released by Microsoft. Here’s their update to the advisory: We released an updated version of RyuJIT today, which resolves this advisory. The update was released as Microsoft Security Bulletin MS15-092 and is available on Windows Update or via direct download as KB3086251. The update resolves: CoreCLR #1296, CoreCLR #1299, and…
22 Sept 2014
What do people do when they run out of topics? They recycle previous topics and create top 10 lists. Here is a list of the top 10 most popular articles from the jOOQ blog: Top 10 Very Very VERY Important Topics to Discuss A fun, not so serious parody on what is being discussed on reddit’s … Continue reading Top…
16 Jun 2011
Olá pessoal. É meu primeiro post no blog. Depois de alguns anos me rendendo à tentação (por falta de tempo), mas sabendo de sua importância, me rendi aos encantos do WordPress e fiz um blog, simples, que espero que sirva de referência para pessoas assim como eu, que todo dia recorre ao Google para tirar … Continue reading Primeiro post…