
两位工程师正在查看同一个API。一位在设计它,另一位在尝试集成它。他们从同一个契约的两端做着相同的工作——几乎没有课程这样教。本课程做到了。 你已经会调用HTTP端点。但你从未学过的是底层的技艺:为什么重试的`POST`会悄悄地向客户重复收费,为什么你的"v2"在发布当天早上就破坏了所有消费者,为什么你从博客复制的OAuth流程信任了一个从未真正验证过的令牌。这些不是奇怪的bug。它们是将API视为"只管调用"的默认结果。 因此,我们构建的是持久的原语,而不是某个供应商的SDK。在设计方面:资源与状态码名实相符,机器可读的错误(Problem Details, RFC 9457),幂等键,能在动态数据集上生效的分页,一个你可以版本化而不背叛依赖它的用户的OpenAPI契约。在集成方面:具有真实超时的客户端,带退避和抖动的重试,断路器,你在信任之前要验证和去重的webhook,一个防损坏层使供应商的架构变更不会波及你的代码,以及你可以实际轮换的凭据。 在此过程中,我们解决了那些在无人告知的情况下已经发生变化的事情:认证不等于授权,ID令牌不等于访问令牌,PKCE现在是强制性的,JWT是签名但可读的——所以你要阅读规范而非传闻。课程结束于真正的工作:一个支付集成和一个公共API,端到端构建,以及一个可用于任何内容的检查清单。
Abhishek Kumar is the engineer teams trust with the parts of a product that cannot quietly break—authentication, payments, data synchronization, and the APIs on which other services depend. Over eight years, he has decomposed legacy applications into independently deployable services, designed event-driven workflows, and improved heavily used systems through query tuning, caching, asynchronous processing, and careful capacity planning. His working environment spans Java, Python, Go, and Node.js, supported by PostgreSQL, Redis, Kafka, Docker, Kubernetes, and AWS. Abhishek remains involved after deployment, tracing production failures, strengthening observability and automated testing, reviewing architecture decisions, and helping younger engineers develop the judgment required to keep complex systems fast, secure, and recoverable.
great explanation
Trop facile
Trop basique
love it, helped a lot
thx, super clear!