Callosum Download Purchase Docs Blog Login

Blog

Some blog posts from behind-the-scenes on the features and decisions that have gone into building Callosum.

Deep linking to OpenAPI on someone else's computer

Sharing API details with your team or partners should be simple—but staying private while doing so? That’s a much bigger challenge.

Most API tools rely on a web application to share links, combining server-side storage with user accounts and identifiers. While this works, it comes with a significant downside: every step of the process—upload, permissions, link creation, verification, and sharing—can expose your API to tracking and data leakage. Proxies, CDNs, firewalls, analytics, web browsers and extensions, are all potential points where sensitive information might be logged or shared. Even worse, do you really know if that vendor sent your API document to a third party just to share a link with their team?

Read more ...

Extending OpenAPI instead of reinventing the wheel (again)

The landscape of API tools is full of applications that each define their own way of managing and sharing API information. Postman collections, Insomnia collections, Bruno’s Bru markup language, Hoppscotch collections, and other proprietary formats abound, creating a fragmented ecosystem. While these tools each offer some convenience in their own ecosystem, they force teams into siloed workflows and make it challenging to maintain a single source of truth.

anytime we talk about standards, XKCD #927 comes up

Read more ...

Why build yet another API Client?

Two years ago, I was working on a large greenfield development project. The scope was ambitious: multiple frontend and backend teams, customer-specific job tracking systems, and numerous vendor integrations. Early on, we recognized that APIs would be the backbone of our system, so we adopted OpenAPI document to manage it all.

The OpenAPI Specification is powerful, covering a broad range of API-related concerns. For teams like ours using typed languages, JSON Schemas within OpenAPI provide even more value by ensuring our systems could communicate seamlessly. Yet, despite the widespread adoption of JSON Schema and OpenAPI, I was baffled that our API tool, Postman, could not use our JSON Schemas for contract testing or even simple request validation. Our developers had to write custom tests just to verify that requests and responses conformed to the schemas, meaning our ability to deliver and maintain robust integrations was severely restricted.

Read more ...