Mathieu Fenniak

ABTraceTogether iPhone Background Capability Analysis

Posted on November 11, 2020

The Government of Alberta advertises that ABTraceTogether, their COVID contact tracing app, works on iPhones when run in the background. They are incorrect. [Read More]

Is "404 Not Found" really a client error?

Posted on August 23, 2013

A time-traveler is passing by 2013 and she opens a browser bookmark to http://mars.gov/blog/**2056**/11/21/news.html. What HTTP status code does she get back from her response? Well, it’s not going to be 200 OK, because it wasn’t OK with the server. The server couldn’t find the article that the client requested, because it won’t be published for another 43 years. “Couldn’t find the article” sounds like a 404 Not Found status code. OK, very reasonable choice. But, “The server couldn’t find the article” raises a bit of a doubt. A 404 is part of the 4xx-series status codes, which are all... [Read More]

High-Level API Documentation Considerations

Posted on July 15, 2013

When you’re building a Web API, you’re likely going to need to figure out how to provide documentation to your end-users. If you didn’t think of that when you started your project, it can be a real deflating moment when it finally comes to mind. Documentation is boring and tedious. It’s nowhere near as fun as code. Because documentation is boring, most software developers will quickly turn towards documentation tools. It’ll be so much faster to write documentation if we can just build or apply some software to do it, and building a software tool is much more fun than... [Read More]

Is your Web API susceptible to a CSRF exploit?

Posted on June 15, 2013

Cross-site request forgery (CSRF) is a type of security exploit where a user’s web browser is tricked by a third-party site into performing actions on websites that the user is logged into. It is often a difficult attack to pull off, as it requires a number of factors to line up at once. Protecting against it requires good discipline and good design practices, especially when it comes to protecting Web APIs. Here’s a brief example of a fictitious CSRF attack against a bank: [Read More]

2013 Most Popular and Successful Web APIs

Posted on June 3, 2013

Have you ever been stumped how to design a Web API? There are so many different approaches that you can take for even simple things, like paginating API result sets. If you list out your options, it can be easy to end up in analysis paralysis. I like to remind myself that I’m not the first person to tread on this soil. I often take inspiration on design choices from well-known APIs, assuming that the hard work has already been done. But I realized lately that I’m not confident what a popular or successful API is, and that I have... [Read More]