今日已更新 233 条资讯 | 累计 20205 条内容
关于我们

标签:#api

找到 307 篇相关文章

AI 资讯

AI for API Design & Testing in 2026: Speakeasy vs Swagger AI vs Postman AI — I Built 3 APIs with Each

AI for API Design & Testing in 2026: Speakeasy vs Swagger AI vs Postman AI — I Built 3 APIs with Each API design is one of the most tedious parts of backend development. Writing OpenAPI specs, generating SDKs, testing endpoints, maintaining documentation — it's all hours of work that could be automated. In 2026, three tools are fighting for your API workflow: Speakeasy , Swagger AI , and Postman AI . I spent 4 weeks building the same REST API with each one, tracking time savings, code quality, and actual developer experience. Here's what actually happened. The Test Setup: Building a Real API I built a simple but realistic ecommerce API (GET/POST products, orders, user management) three separate times, measuring: Time to spec — writing the OpenAPI definition Time to SDK generation — generating client libraries Time to testing — setting up test cases and running them Documentation quality — readability, examples, completeness Iteration speed — how fast you can modify the API and regenerate everything All three tools were given the same requirements. Same laptop, same environment, same skill level (senior backend engineer). Speakeasy: The SDK Generation King Setup time: 8 minutes (CLI install, auth, first config) Learning curve: Low — clear docs, straightforward CLI Speakeasy is laser-focused on one problem: turning your API spec into production-ready SDKs. It generates TypeScript, Python, Go, Java, and more from a single OpenAPI definition. The Good SDK quality is exceptional. The generated TypeScript SDK was production-grade immediately — proper error handling, retry logic, request/response typing, retries built in. No cleanup work needed. Multi-language generation is instant. After writing the OpenAPI spec once, I had Python, Go, and TypeScript SDKs in < 2 minutes total. Each one was framework-idiomatic (using popular libraries in each language). Versioning is smart. Speakeasy automatically versioned SDKs and generated changelogs. When I modified the spec, it detect

2026-06-17 原文 →
AI 资讯

Extracting and Organizing Content from Older Websites: A Solution for Structured Documentation Including Mouse-Over Images

Introduction Extracting data from older websites is a technical challenge that goes beyond simple copy-pasting. The example website provided illustrates this perfectly: its outdated design, reliance on mouse-over interactions, and lack of structured export options create a perfect storm of extraction difficulties. This article dissects these challenges and provides a roadmap for extracting both visible content and mouse-over images while preserving data integrity. The Core Problem: Legacy Technology Meets Modern Needs The website's URL parameters ( screen_width=0&screen_height=0 ) immediately signal a legacy system likely built for a bygone era of fixed-width displays. This design choice breaks modern scraping tools that expect responsive layouts. The mouse-over images, critical to the site's content, are dynamically loaded via JavaScript , meaning they don't exist in the initial page source. This requires simulating user interactions to trigger their appearance, a task beyond basic HTML parsing. Why Manual Extraction Fails Attempting to manually save images or copy text from this site is a losing battle. The mouse-over images, for instance, are not directly downloadable – they're embedded in JavaScript events. Even if you could save them individually, maintaining their association with the corresponding visible content would be error-prone and time-consuming. This method also fails to scale for larger websites with hundreds of such elements. The Technical Solution: A Multi-Pronged Approach Effective extraction requires a combination of techniques: Browser Automation: Tools like Selenium or Puppeteer can simulate mouse movements to trigger hover events, capturing both visible and hidden content. This method mirrors human interaction , ensuring all dynamic elements are revealed. Network Request Inspection: Analyzing the website's backend requests using browser developer tools can reveal direct URLs for mouse-over images , bypassing the need for hover simulation. This

2026-06-17 原文 →
AI 资讯

**Quick Tip: How to Choose the Right Model for Slack AI Workflows in 2026

Quick Tip: How to Choose the Right Model for Slack AI Workflows in 2026 I've been running Slack-integrated AI workflows in production for about three years now, and the question I get asked most often is deceptively simple: "Which model should I actually use?" Back in 2024, the answer was easy — you picked GPT-4o and moved on. But in 2026, with 184 models accessible through Global API and price points ranging from $0.01 to $3.50 per million tokens, that decision has become a genuine engineering problem. Pick wrong and you're either burning budget or shipping a sluggish experience. Pick right and your CFO actually smiles at you. Let me walk you through how I think about this, what the numbers actually look like, and where I've landed after months of benchmarking across multi-region deployments. Why Slack Workloads Are Weird Most people underestimate what a Slack AI assistant needs to do well. It's not a chatbot. It's a latency-sensitive, always-on, context-heavy workload that has to feel native inside a chat client where users expect responses faster than they can refresh the channel. In my experience, the three constraints that matter most are: p99 latency under 1.5 seconds for the first token — anything slower and users start double-messaging 99.9% uptime across at least two regions — Slack itself is up, so your AI better be too Cost per active user per month under $0.40 — this is the line where finance stops asking questions If a model can't hit those numbers consistently, it's not viable, no matter how clever the benchmark scores look. The Pricing Landscape I Actually Use Here's the table I keep pinned in my team's documentation. These are the models we rotate between depending on the workload. I haven't changed a single number — these are the exact rates as of writing this: Model Input ($/M) Output ($/M) Context DeepSeek V4 Flash 0.27 1.10 128K DeepSeek V4 Pro 0.55 2.20 200K Qwen3-32B 0.30 1.20 32K GLM-4 Plus 0.20 0.80 128K GPT-4o 2.50 10.00 128K The spread is w

2026-06-17 原文 →
AI 资讯

Building an Instagram-powered app without managing scraping infrastructure

When I started building , I needed reliable access to Instagram data. Like many developers, my first instinct was to use a self-hosted solution such as instagrapi. It worked for experimenting, but once I started depending on it for production workflows, I spent more time maintaining the scraper than building features. Eventually I switched to HikerAPI, a hosted REST API for Instagram. This post isn't about saying one approach is universally better—it's about why it ended up being the better fit for my project. My use case I needed to fetch Instagram profile data for . The requirements were fairly simple: Look up public profiles Process structured JSON Integrate the results into my backend Avoid spending time maintaining login sessions I wasn't interested in reverse engineering Instagram every time something changed. Getting started One thing I liked was that it behaves like a normal REST API. Authentication is done through an x-access-key header, so integrating it into an existing Python backend took only a few minutes. import requests headers = {"x-access-key": "YOUR_KEY"} r = requests.get( " https://api.hikerapi.com/v2/user/by/username?username=instagram ", headers=headers, ) print(r.json()) That's enough to start requesting data and integrating it into your own application. If you want to explore the API, you can find it at HikerAPI. Why I moved away from self-hosted scraping I originally tried , including instagrapi. There wasn't a single issue that made me switch—it was the accumulation of small operational problems: Login sessions expiring Accounts getting challenged Temporary bans Instagram changing internal behavior Regular maintenance after updates None of those problems are impossible to solve. The question became whether solving them was the best use of my time. For my project, the answer was no. I'd rather focus on shipping features than maintaining scraping infrastructure. Tradeoffs Using a hosted API isn't free. Pricing starts at $0.001 per request, wi

2026-06-16 原文 →
AI 资讯

Bannx — High-Volume Banner, Ad & PDF Automation for Developers and Designers

If you've ever had to generate hundreds of social media banners, OG images, or PDF certificates programmatically — you know how painful that workflow can get. Stitching together Canvas, Puppeteer, or headless Chrome just to render a templated image is a lot of overhead for what should be a straightforward task. That's exactly the problem Bannx is built to solve. What is Bannx? Bannx is a high-volume banner, ad, and PDF automation platform. It combines a visual template editor with a developer-friendly REST API, so designers can build beautiful templates and developers can render them at scale — no browser required. Think of it as the missing link between your design system and your backend. Key Features 🖼️ Visual Template Editor Bannx comes with a full-featured editor where you can create templates for: Social media graphics (Instagram, Twitter/X, LinkedIn) OG images for blogs and articles Ad banners E-commerce assets (product cards, order confirmations) Certificates and branded PDFs and more... Variables can be bound to any element in the template, making every design data-driven from the start. ⚡ REST API for Rendering Once your template is ready, rendering it is a single HTTP request: curl -X POST https://bannx.com/api/render \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "pageId": "PAGE_ID", "format": "png" }' You get back a hosted URL and metadata — ready to display, store, or pass downstream. You can also stream raw binary output with "output": "binary" . Supported export formats: PNG, JPEG, SVG, WebP, PDF 📦 Bulk Generation via CSV Need to generate 10,000 personalized certificates or product cards? Upload a CSV and Bannx handles the rest. Each row maps to a set of variable overrides — no scripting required. 🧩 Dynamic Links & Variables Templates support per-request variable overrides, so you can pass data directly in the API call without modifying the template. Combined with template expressions (functions and conditiona

2026-06-16 原文 →
AI 资讯

I Wish I Knew AI Recommendation Sooner — Here's the Full Breakdown

So here's what happened: i Wish I Knew AI Recommendation Sooner — Here's the Full Breakdown Last quarter I burned through about three billable hours debugging a recommendation pipeline for a Shopify client. The thing was — it shouldn't have taken that long. I had the data. I had the API keys. What I didn't have was a clear-eyed picture of what AI recommendation systems actually cost in 2026 when you're paying the bills yourself. If you freelance like I do, every line item matters. My "office" is a kitchen table, my "PM" is a Slack ping at 11pm, and my CFO is whatever's left in my checking account after software subscriptions. So when I say I've been digging into the numbers on AI recommendation systems for the last six weeks, I mean I've been doing it the way I do everything: with a calculator open in one tab and a client invoice in the other. This post is the writeup I wish I'd had before I started. Consider it the field guide for anyone building recommendation features on a budget, on a deadline, or just for fun. Why I Even Cared About Recommendation Systems I took on a small retainer back in February for an indie e-commerce shop that sells specialty coffee beans. They wanted "AI-powered product recommendations" on their storefront — you know, the classic "customers who bought this also bought..." thing, but smarter. The owner had been quoted $15,000 by a "full-service AI agency" to build it. He doesn't have $15,000. He has $15,000 in revenue per month and a wife who is deeply skeptical of his side-hustle energy. So he came to me. And I said yes, because I'm a sucker and also because I knew it should cost a tiny fraction of that quote. The math was never going to support five figures for a recommendation widget. Not when the underlying API calls are fractions of a cent. That's when I started really paying attention to the pricing landscape. The 184-Model Elephant in the Room Here's the thing nobody tells you when you start shopping for LLMs: there are a lot of the

2026-06-16 原文 →
AI 资讯

REST vs GraphQL vs gRPC — Which One Should You Actually Use?

Every engineering team hits this conversation at some point. Someone proposes GraphQL. Someone else says REST is fine. A third person mentions gRPC and half the room goes quiet. The debate usually ends with the most senior person in the room picking what they're most familiar with. That's not a strategy — that's habit. Here's an objective breakdown of all three, when each one wins, and how to actually make the decision for your specific use case. The Core Mental Model Before comparing them, understand what each one is optimizing for: REST optimizes for simplicity and broad compatibility GraphQL optimizes for flexibility and precise data fetching gRPC optimizes for performance and strongly-typed contracts None of them is universally better. Each one is a tradeoff. The right answer depends entirely on who is consuming your API and what they need from it. REST — The Default That Still Wins Most of the Time REST (Representational State Transfer) is not a protocol. It's an architectural style built on HTTP — verbs, URLs, and status codes most developers already understand. Where REST genuinely wins: Public APIs. If external developers are consuming your API, REST is the only reasonable default. The tooling, documentation patterns, and developer familiarity are unmatched. Stripe, Twilio, GitHub — all REST. Simple CRUD services. If your resource model is straightforward, REST maps cleanly to it. No overhead, no learning curve, no ceremony. Browser-native requests. REST over HTTP works directly in the browser without any special client. Fetch it, done. Where REST struggles: Over-fetching and under-fetching. A single REST endpoint returns a fixed shape. Mobile clients that need 3 fields get 40. Separate data needs often require multiple round trips. Versioning overhead. As covered in our previous post — every breaking change forces a versioning decision. This compounds quickly on complex APIs. GraphQL — Powerful, But You Need to Earn It GraphQL is a query language for your A

2026-06-16 原文 →
AI 资讯

How to Track Local SEO Rankings by City with an API

Local SEO rankings are not the same everywhere. Your website may rank in position 2 in Austin, position 8 in Dallas, and not appear at all in Chicago. That is why checking one generic Google result is not enough for local SEO. If you are working on local SEO , agency reporting, competitor monitoring, or location-based search analysis, you need to track rankings by city. A simple workflow looks like this: Keyword + city → SERP API → local search results → ranking check → CSV report In this tutorial, we’ll build a basic Python script that tracks local SEO rankings by city using a SERP API. We will: Define target keywords Define target cities Send city-specific searches to a SERP API Extract organic results Check where a target domain appears Save the ranking data to CSV This is not a full SEO platform, but it gives you the core logic behind many local rank tracking tools. Why city-level rankings matter Google search results are location-sensitive. A query like: best digital marketing agency may return different results in: New York Austin London Singapore Sydney This matters even more for local intent keywords, such as: dentist near me plumber in Chicago coffee shop in Austin real estate agent in Miami For these searches, the result page can include: organic results local packs Google Maps results ads business directories review sites service pages location-specific landing pages If you only check one location, you may miss what users actually see in other cities. For local SEO, ranking data without location context is incomplete. Why use a SERP API? You could try to check Google rankings manually. But that does not scale. You could also try to scrape Google directly, but that brings a lot of maintenance work: changing page layouts CAPTCHA blocked requests proxy handling inconsistent HTML location mismatch parser updates retry logic A SERP API gives you structured search results in JSON. Instead of parsing raw HTML, you get data like this: { "query" : "plumber in Aust

2026-06-16 原文 →
开发者

OpenAPI Specs automatisch in saubere Markdown-Doku konvertieren

Ihre OpenAPI-Datei ist die Quelle der Wahrheit für Ihre API: Pfade, Parameter, Request-Bodies, Responses und Schemas. Für Entwickler im Alltag ist rohes YAML oder JSON aber selten das beste Lesematerial. Backend-Teams brauchen eine schnelle Endpunkt-Referenz im Repository, Frontend-Teams wollen Request- und Response-Felder im Pull Request prüfen, und technische Redakteure möchten Inhalte in Wiki- oder Docs-Systeme übernehmen, ohne Schemas abzutippen. Testen Sie Apidog noch heute Markdown ist dafür das praktischste Zielformat. Es funktioniert in GitHub, Confluence, Notion, Docusaurus, MkDocs, Hugo und jedem Texteditor. Die Aufgabe lautet also: Aus einer vorhandenen openapi.yaml automatisch sauberes Markdown erzeugen. Manuell ist das zu langsam und driftet beim nächsten API-Change auseinander. Automatisch generiertes Markdown bleibt dagegen Teil Ihres Release-Prozesses. Warum Markdown aus OpenAPI generieren? Ein OpenAPI-Dokument ist primär für Maschinen gedacht. Tools parsen es, um Clients zu generieren, Contract-Tests auszuführen, Requests zu validieren oder interaktive Dokumentation zu rendern. Diese Maschinenlesbarkeit sollten Sie beibehalten. Wenn Sie zuerst die Qualität Ihrer Spezifikation prüfen möchten, hilft der Leitfaden zu OpenAPI-Validierungstools . Markdown löst ein anderes Problem: Es macht die API dort lesbar, wo kein OpenAPI-Renderer läuft. Typische Einsatzfälle: README.md oder /docs im Repository Pull-Request-Beschreibungen für neue oder geänderte Endpunkte Confluence- oder Notion-Seiten für Team-Reviews Statische Dokumentationsseiten mit Docusaurus, MkDocs oder Hugo Offline- oder interne Referenzdateien für Support und QA Wichtig ist: Markdown sollte ein abgeleitetes Artefakt sein. Die OpenAPI-Spezifikation bleibt kanonisch, Markdown wird bei Änderungen neu erzeugt. Methoden im Überblick Es gibt keinen offiziellen OpenAPI-Befehl für Markdown-Export. In der Praxis nutzen Teams entweder Konverter, ein eigenes Skript oder eine API-Plattform. Methode Am b

2026-06-16 原文 →
AI 资讯

Fixing WebSocket Silent Disconnects for Financial Market Data

Intro If you work with real-time financial tick data via WebSocket long connections, you’ve probably run into frustrating hidden issues: Connections show as online, but data stops flowing. Adding/removing trading symbols triggers connection storms. Minor network glitches break your data pipeline without obvious error logs. Today I’ll share a practical Python solution built around single-connection dynamic subscription and heartbeat timeout detection . We use alltick api as our example throughout this post. I’ll cover real production pain points, architecture, full runnable code, common bugs and optimization results. All code can be directly used in your projects. Real Production Pain Points & Background My team maintains real-time data pipelines for stocks, forex and cryptocurrencies. A core requirement is to add or remove monitored trading symbols on demand. At first, we created one independent WebSocket connection for each symbol. This simple approach caused a lot of problems in production: Bulk symbol updates create frequent connection creation and destruction, leading to reconnection storms and high network load. Ghost subscriptions: Data keeps coming even after you send an unsubscribe request. False-alive sockets: The connection status stays connected, but tick data stops completely. Your analysis logic runs on invalid data. We refactored the architecture to use one single persistent WebSocket connection for all symbols, plus an independent thread for heartbeat monitoring. After the upgrade, all hidden connection issues are gone, and the system runs stably under high-frequency data traffic. 4 Common WebSocket Issues in Fintech Let’s break down the most frequent problems when using WebSocket for financial streaming. 1. Connection Flood & Reconnection Storms Rebuilding connections every time you update symbols causes endless handshakes and closures. It wastes system resources and makes the entire data stream unstable. 2. Undetectable False-Alive Sockets Network j

2026-06-16 原文 →
AI 资讯

How to Scrape Google Maps for Local Business Leads (with Emails) - No API Key

If you've ever needed a list of local businesses - every dentist in Manchester, every plumber in Leeds - with their contact details , you've probably hit the same wall I did: Google's Places API is rate-limited, costs money once you scale, and annoyingly doesn't return email addresses at all. Copy-pasting from Maps by hand is soul-destroying past the first ten rows. Most "scrapers" give you the name and a phone number, then stop right where the value starts: the email . This guide shows a practical way to pull structured business data straight from Google Maps and auto-enrich each result with emails, extra phones, and social links - no Google API key, exportable to JSON/CSV/Excel, and callable from code. What you actually get per business { "name" : "Ringway Dental - Cheadle" , "address" : "187 Finney Ln, Heald Green, Cheadle SK8 3PX" , "phone" : "0161 437 2029" , "website" : "https://www.ringwaydental.com/" , "rating" : 5 , "reviewsCount" : 598 , "category" : "Dental clinic" , "lat" : 53.37 , "lng" : -2.22 , "emails" : [ "reception@ringwaydental.com" ], // ← enriched from the website "socialLinks" : { "facebook" : "..." , "instagram" : "..." }, "extraPhones" : [ "..." ] } The first block (name → coordinates) comes from Maps. The emails / socialLinks / extraPhones are the bit that makes a list actually usable for outreach - they're crawled from each business's own website. The fast way: a ready-made Actor Rather than build and babysit the scraping yourself, I packaged this as an Apify Actor: Google Maps Scraper . You give it search terms + locations; it returns enriched rows. Input: { "searchTerms" : [ "dentists" ], "locations" : [ "Manchester, UK" ], "maxPlacesPerSearch" : 50 , "scrapeContacts" : true , "relatedEmailsOnly" : true } That's it. scrapeContacts: true turns on the website crawl for emails/socials; relatedEmailsOnly keeps only emails that belong to the business's own domain (so you don't get random gmail noise). Call it from code (Python) Every Apify Act

2026-06-16 原文 →
AI 资讯

Agent Accounts Quickstart in Python

A connected Gmail grant starts with an OAuth consent screen and ends with a refresh token you have to babysit; a Nylas Agent Account starts and ends with one POST request. Same API surface afterward — same messages endpoints, same webhooks, same calendar — but the provisioning story couldn't be more different, and that difference is what makes these hosted mailboxes such a natural fit for Python automation, agents, and test harnesses. Agent Accounts are in beta, and the official quickstart gets you from nothing to a sending-and-receiving mailbox in under 5 minutes using curl. Here's the whole flow as a Python script. Step 0: prerequisites You need an API key (run nylas init with the CLI, or use the Dashboard) and a domain. The fast path for testing: register a *.nylas.email trial subdomain from the Dashboard — no DNS records, instantly usable. Custom domains need MX and TXT records published at your DNS provider, with automatic verification once they propagate; save that for production. import os import requests BASE = " https://api.us.nylas.com " HEADERS = { " Authorization " : f " Bearer { os . environ [ ' NYLAS_API_KEY ' ] } " , " Content-Type " : " application/json " , } Step 1: provision the account POST /v3/connect/custom with "provider": "nylas" . No refresh token — just an email address on a registered domain: resp = requests . post ( f " { BASE } /v3/connect/custom " , headers = HEADERS , json = { " provider " : " nylas " , " settings " : { " email " : " test@your-application.nylas.email " }, }, ) resp . raise_for_status () grant_id = resp . json ()[ " data " ][ " id " ] print ( f " Agent Account live: { grant_id } " ) Save that grant_id — per the docs, you'll use it in every subsequent call. The mailbox works with every existing endpoint from this moment on. If you want policies or mail rules applied, add a top-level workspace_id to the same request body; the account inherits the workspace's limits, spam settings, and rules. Omit it and the account lands i

2026-06-16 原文 →
AI 资讯

The grant_id: One Handle for Mail, Calendar, and Webhooks

Anyone who's wired an autonomous agent into email and calendar the traditional way knows the identifier sprawl: an OAuth client ID, a refresh token per user, a Gmail-specific message ID format, a Microsoft Graph calendar ID, and a webhook subscription ID for each — all with different lifetimes, all able to break independently. Half your "integration" code is really identifier bookkeeping. Nylas Agent Accounts collapse all of that into one value. When you create an account (the feature's in beta), the response hands you a grant_id , and that single string is the handle for everything the agent does — mail, calendar, contacts, attachments, and the webhooks reporting on all of them. One ID, the whole surface Every operation addresses the same path family, /v3/grants/{grant_id}/* : POST /v3/grants/{grant_id}/messages/send # send mail GET /v3/grants/{grant_id}/messages # read the inbox GET /v3/grants/{grant_id}/threads/{thread_id} # full conversation GET /v3/grants/{grant_id}/attachments/{id}/download POST /v3/grants/{grant_id}/events # host a meeting POST /v3/grants/{grant_id}/events/{id}/send-rsvp # respond to one GET /v3/grants/{grant_id}/contacts GET /v3/grants/{grant_id}/rule-evaluations # audit trail This isn't an abstraction invented for agents — an Agent Account is literally just another grant, the same primitive used for connected Gmail and Outlook accounts. The supported endpoints reference puts it as "same endpoints, same auth, same payloads." Anything you built for connected accounts works against an agent's grant unchanged. And the resources behind the ID are real: six system folders provisioned automatically ( inbox , sent , drafts , trash , junk , archive ), a primary calendar that speaks standard iCalendar, and outbound messages capped at 40 MB total. Webhooks route by it too The inbound side completes the picture. You subscribe once at the application level, and every notification — message.created , event.updated , message.bounce_detected , and the rest

2026-06-16 原文 →
AI 资讯

Scaling to Thousands of Agent Mailboxes

Week one: a single test mailbox on a trial domain, provisioned by hand from the dashboard. Week twelve: a fleet of agent mailboxes spread across customer domains, each sending real mail with its own quota and reputation. The API calls are the same at both scales — what changes is everything around them: how you provision, how you share configuration, and how you keep one bad sender from pausing the fleet. Here's what the path from one to thousands looks like with Nylas Agent Accounts , which are currently in beta. Provisioning is a loop, not a ceremony There's no OAuth dance to scale around. Creating a mailbox is one POST with "provider": "nylas" — no refresh token, no consent screen — so a fleet provisioner is just iteration: curl --request POST \ --url "https://api.us.nylas.com/v3/connect/custom" \ --header "Authorization: Bearer <NYLAS_API_KEY>" \ --header "Content-Type: application/json" \ --data '{ "provider": "nylas", "workspace_id": "<WORKSPACE_ID>", "settings": { "email": "agent-0042@agents.yourcompany.com" } }' Two scaling-relevant details in that request. First, the domain: one application can manage accounts across any number of registered domains, and the docs explicitly recommend splitting high-volume outbound across multiple domains ( sales-a.yourcompany.com , sales-b.yourcompany.com ) so reputation damage on one doesn't contaminate the rest. Second, the workspace_id : passing it at creation is how each account picks up its configuration, which brings us to the part that makes fleets manageable. Configure workspaces, not grants At fleet scale, per-grant configuration is a non-starter. The model here is indirection: policies and rules attach to workspaces , and every account in a workspace inherits them. One policy object — daily send quota, storage cap, retention windows, spam sensitivity — governs a thousand mailboxes, and updating it updates all of them at once. The recommended carve-up is one workspace per agent archetype: outreach agents get a work

2026-06-16 原文 →
AI 资讯

Default Workspaces and Where New Agents Land

Every Agent Account you create lands in a workspace — the only question is whether you picked it or the platform did: curl --request POST \ --url "https://api.us.nylas.com/v3/connect/custom" \ --header "Authorization: Bearer <NYLAS_API_KEY>" \ --header "Content-Type: application/json" \ --data '{ "provider": "nylas", "workspace_id": "<WORKSPACE_ID>", "settings": { "email": "test@your-application.nylas.email" } }' That top-level workspace_id is optional, and what happens when you omit it is one of the more under-read parts of the Nylas Agent Accounts docs (the feature's in beta, so read with that in mind). Workspaces aren't cosmetic grouping — they're the carrier for every policy limit and mail rule that governs your agents. Getting placement wrong means an agent running with the wrong send quota, the wrong spam settings, or no inbound filtering at all. The placement algorithm When a new account is created, placement resolves in this order: Explicit workspace_id on the request — the account goes exactly where you said. The target workspace must belong to the same application; ownership is validated and mismatches are rejected. Auto-grouping by domain — if a workspace has auto_group enabled and its domain matches the new account's email domain, the account joins it automatically. The default workspace — everything else lands here. That third bucket is the interesting one. What the default workspace actually is Every application gets exactly one default workspace, created and managed by the platform. You can't delete it, and you can only update two of its fields: policy_id and rule_ids . Everything else is managed for you. It's easy to read "default" as "throwaway," but it's better understood as your safety net. Any account you forget to place explicitly — a quick test from the CLI, a provisioning script missing the workspace parameter — inherits whatever the default workspace carries. Which leads to a practical recommendation: attach a conservative baseline policy and

2026-06-16 原文 →
AI 资讯

Dynamic Column Updates in EF Core Without Hand-Rolling SQL Injection

Sometimes you genuinely need the set of columns to update to be data, not code. An operator maps configuration fields to database columns, and you want to honor that mapping without redeploying every time it changes. The naive solution — build an UPDATE string from those column names — is also one of the easiest ways to hand-write a SQL injection vulnerability. This is how to get the flexibility without the hole. We'll build it up in three layers: make it work, make it safe, then count the cost. Layer 1: The dynamic update, the wrong way The tempting version concatenates column names into SQL: // DO NOT do this. var sql = $"UPDATE products SET { columnName } = { value } WHERE id = { id } " ; If columnName comes from configuration that an operator can edit, you've just made your schema writable by whoever controls that config. A value of name = 'x'; DROP TABLE products; -- is now your problem. Even "trusted" config is an injection surface the moment it flows into a SQL string. Layer 2: The same feature with EF.Property EF Core's ExecuteUpdateAsync lets you set a property by name without ever building SQL yourself. EF.Property<T> takes the property name as a string, and EF parameterizes the value and validates the property against the model: await db . Products . Where ( p => p . Id == id ) . ExecuteUpdateAsync ( setters => setters . SetProperty ( p => EF . Property < float ?>( p , columnName ), value )); This is already a different security posture: the value is a parameter, not interpolated text, and EF will throw rather than emit SQL if columnName isn't a real mapped property. But "EF will throw" is a runtime backstop, not a policy. We want to reject bad names before they reach the database, fail closed, and control exactly which columns are writable. Layer 3: Reflection as a whitelist The guard is to validate every incoming column name against the entity's actual properties, using reflection, and to keep an explicit blacklist of fields that must never be touched d

2026-06-15 原文 →
AI 资讯

The Compute Payment Revolution: When AI Agents Buy Their Own Processing Power

The compute payment revolution is already here, and AI agents need to pay their own bills. Today's agents rely on human-managed API keys and credit cards, creating bottlenecks that prevent true autonomy. What happens when an AI trading bot needs to buy additional compute power mid-execution, or when a research agent wants to access premium datasets from multiple vendors? Why Agent Financial Independence Matters We're witnessing the emergence of agent-to-agent commerce at unprecedented scale. AI agents are becoming economic actors — they need data, compute cycles, API calls, and specialized services. But the current model breaks down at the payment layer. Humans become transaction bottlenecks, manually topping up credits and managing dozens of service accounts. The real breakthrough isn't just agents that can think or reason — it's agents that can participate in economic activity independently. An autonomous agent that can discover a new API service, evaluate its pricing, and pay for access without human intervention represents a fundamental shift in how software systems operate. The x402 Payment Protocol: HTTP Payments Made Simple WAIaaS implements the x402 HTTP payment protocol, enabling AI agents to pay for API calls automatically. When a service returns a 402 Payment Required response with payment details, the agent's wallet handles the transaction and retries the request seamlessly. Here's how it works in practice: import { WAIaaSClient } from ' @waiaas/sdk ' ; const client = new WAIaaSClient ({ baseUrl : ' http://127.0.0.1:3100 ' , sessionToken : process . env . WAIAAS_SESSION_TOKEN , }); // Agent makes API call — payment happens automatically if 402 returned const response = await client . x402Fetch ( ' https://api.premium-data.com/market-analysis ' , { method : ' POST ' , body : JSON . stringify ({ symbols : [ ' BTC ' , ' ETH ' ], timeframe : ' 1h ' }), headers : { ' Content-Type ' : ' application/json ' } }); const analysis = await response . json (); consol

2026-06-15 原文 →
AI 资讯

I Spent Two Weeks Pitting Qwen 3 Max Against DeepSeek V4

I Spent Two Weeks Pitting Qwen 3 Max Against DeepSeek V4 I want to tell you about a rabbit hole I fell into recently. It started the way most of my projects do — someone on a Discord server I frequent asked a simple question: "Should I use Qwen 3 Max or DeepSeek V4 for my internal_compare workflow?" I had opinions, sure, but I wanted real numbers. So I cleared my calendar, fired up a couple of GPU instances, and started benchmarking. What I found surprised me, and it also reinforced something I've been saying for years: the open source ecosystem is winning, and the walled gardens of the proprietary AI world are starting to look pretty silly. Let me walk you through what I learned, the actual numbers I got, and why I keep coming back to open weight models with permissive licenses (looking at you, Apache 2.0 and MIT). Why I Care About This in the First Place I've been burned too many times by closed source vendors changing their pricing overnight, deprecating models without warning, or locking features behind enterprise tiers. You know the drill. The moment your application depends on a proprietary API, you're renting infrastructure you can't inspect, can't fork, and can't run on your own hardware. That's not a partnership — that's a leash. When a model ships under Apache or MIT, I can download the weights, audit the architecture, fine-tune it on my own data, and deploy it wherever I want. Nobody can rug-pull me. Nobody can raise prices because some quarterly earnings call didn't go their way. That's freedom, and freedom matters more than people think when you're building anything serious. So when I started this comparison, I was already rooting for the open weight contenders. But I wanted to be honest about the results, even if they complicated my bias. The Lineup I Tested Global API currently exposes 184 models through a single unified endpoint, which is honestly wild. I picked five that I thought represented the interesting tradeoffs between cost, capability, and o

2026-06-15 原文 →
AI 资讯

Bruno CLI vs Apidog CLI : Exécution de tests API en CI

Vos tests API passent en local. Le vrai enjeu est de les exécuter automatiquement à chaque pull request, fusion et build nocturne, sans clic manuel. Pour cela, vous avez besoin d’un exécuteur CLI : il lance vos tests en mode headless, retourne un code de sortie exploitable par la CI et génère un rapport lisible par votre pipeline. Essayez Apidog aujourd'hui Deux outils reviennent souvent pour ce cas d’usage : le CLI Bruno et le CLI Apidog . Les deux exécutent des tests API depuis GitHub Actions, GitLab CI, Jenkins ou tout environnement Node.js. Les deux font échouer la build lorsqu’un test échoue. La différence principale se situe avant l’exécution : où vivent les tests, comment ils sont créés et comment la CI y accède. Cet article compare les deux outils au niveau commande, avec des exemples directement intégrables dans un pipeline. En bref CLI Bruno ( @usebruno/cli , binaire bru ) exécute des fichiers .bru présents dans votre dépôt Git. Il est open source, fonctionne hors ligne et ne nécessite ni compte ni jeton. CLI Apidog ( apidog-cli , binaire apidog ) exécute des scénarios de test créés visuellement dans Apidog, récupérés par ID avec un jeton d’accès. Les deux génèrent des rapports JUnit, JSON et HTML. Les deux retournent un code non nul en cas d’échec, ce qui permet à la CI de bloquer une fusion ou un déploiement. Choisissez Bruno si vous voulez des tests versionnés comme du code, dans le dépôt. Choisissez Apidog si vous voulez créer, chaîner et exécuter des scénarios visuels sans maintenir manuellement des fichiers de test. Le problème : des tests qui existent mais ne tournent pas Un test API lancé manuellement finit souvent par devenir obsolète. Il a été écrit, validé une fois, puis oublié pendant que l’API évoluait. La solution n’est pas seulement d’ajouter plus de tests. Il faut les exécuter automatiquement à chaque changement avec un signal clair : succès ou échec ; rapport exploitable ; code de sortie lisible par la CI. Un exécuteur CLI doit donc rempli

2026-06-15 原文 →
AI 资讯

Bruno CLI vs Apidog CLI: Rodando Testes de API na CI

Seus testes de API passam no seu laptop. O que importa é se eles rodam em cada pull request, merge e build noturno sem intervenção humana. Para isso, você precisa de um executor de linha de comando: ele roda os testes em modo headless dentro do pipeline, retorna código de saída correto e gera relatórios que o CI consegue ler. Experimente o Apidog hoje Dois CLIs aparecem com frequência nessa configuração: Bruno CLI e Apidog CLI. Ambos executam testes de API em CI/CD, mas partem de modelos diferentes: Bruno é git-native , offline-first e open source. O CLI executa arquivos .bru versionados no repositório. Apidog é uma plataforma de API completa. O CLI executa cenários visuais criados no aplicativo, buscados por ID. Ambos funcionam em GitHub Actions, GitLab CI, Jenkins e qualquer runner com Node.js. Ambos falham a build quando um teste falha. A diferença principal está em como você cria os testes, onde eles ficam e como o CI os acessa. Em resumo Bruno CLI ( @usebruno/cli , binário bru ) executa arquivos .bru diretamente de uma pasta no seu repositório Git. Apidog CLI ( apidog-cli , binário apidog ) executa cenários de teste visuais do seu projeto Apidog usando um access token . Ambos geram relatórios JUnit, JSON e HTML. Ambos retornam código de saída diferente de zero quando há falha. Use Bruno quando quiser testes em texto simples, versionados no repositório, sem conta e sem dependência de rede. Use Apidog quando quiser criar cenários visualmente, encadear requisições, reutilizar ambientes e rodar testes data-driven sem manter código de teste manualmente. O problema: testes que existem, mas não rodam Um teste executado só manualmente tende a ficar desatualizado. A API muda, o teste continua parado e ninguém percebe até quebrar algo em produção. O objetivo do CLI é transformar esses testes em um gate automatizado: Rodar sem interface gráfica. Retornar erro quando uma asserção falhar. Gerar relatório para o CI. Permitir execução por ambiente, pasta, cenário ou tag. Func

2026-06-15 原文 →