Conversation
Notices
-
how to fuck with developers using nothing but an API - a guide:
- make your API return 200s for failures.
- change the spec every two weeks but don't tell anyone.
- stringent rate limiting. when you hit the limit, it also returns 200 and the rate limit error is in a JSON field
- caching API responses up to an hour. no it won't check the backend for changes
- rebrand it yearly. all the endpoints change name to fall in line with the rebrand.
- java-length endpoint names, like DataFactoryStatusCollectorEndpointStatus
- return inconsistent booleans like 1, true, etc. bonus points if the 1 is a string. further points for supposedly boolean string outputs of "zero" and "one"
- write documentation but it straight up contradicts the responses you're getting
- "our auditors asked us to put MFA on the API so you're gonna get a push notification for every new API token. also they only last an hour. sorry"
- "we have nightly maintenance at 2am during which the API will return the default Welcome to Nginx page"