joshua stein
via
@jcs@jcs.org
-
Jul 12 2023 13:38:30
My advice for running a public-facing API, coming from 11 years of operating the Pushover (@pushover) API:
- Host the API on its own hostname
- Don't be too liberal in what you accept
- Avoid OAuth if you can
- Log a unique id with every request
- Be descriptive in your error responses
- Use prefixed tokens
- Stay on top of failures