I'd say the hard part is actually providing a useful solution. A service that tells you what someone else is thinking about is a trillion dollar idea. Now implement it
As others have said, it isn't too hard to create a simple API. It doesn't need to be complex or comprehensive. The best thing to do is to wait for a new trend to integrate an API into, and then the demand for your API will come naturally. There's no point competing, just be relevant.
You are dead on, but do you realize what you're saying? These "trends" are here. Think of an idea that the news can't stop talking about, think of the vast amount and what type of data that's required for these people to pursue their (nefarious) plans... now serve it to them, if you don't someone else will. and hope history remembers you as the messenger and not the facilitator. I can think of several trends that fit this but there's particularly one that absolutely dominates the others and it's not going to be talked about by anyone making APIs already.
I used to be an Android developer, but switched to Product management shortly after since coding wasn't really for me, so i haven't coded in years. It's always great watching your videos to have a high-level understanding of how things should work. It makes talking with the developers much easier.
Hi, I feel the same way that coding isn't for me although i am trying really hard, could you please suggest me how did you make the switch to Product Management?
I am getting _really_ tired of web developers using MD5 as an example for cryptographic purposes. No mention of salt and pepper either. Oh well. At least I won’t be out of a job I guess.
I'd love to see some videos on the following topics: Gitlab Auto DevOps Chaos Engineering (Litmus) Policy as Code (Open Policy Agent) Compliance as Code In general just more topics on security, DevOps & Site Reliability
Just read the front page of any projects or notable ressources regarding the subject and you'll have the same amount of infos, his videos are nice for discovering things but otherwise it's just the basic exemples from the READMEs
@@heroe1486 @Heroe / you obviously don't know the amount of research required. You can't just "read the front page" rofl. There's a big difference between reading something, understanding it and using it in practice.
@@uziboozy4540 No, they mean reading the front page (and some docs and stuff) will provide the same level of info as Fireship's videos. However, there are various small but helpful or important things you might learn from Fireship as he is an experienced dev.
@@uziboozy4540 you need to learn "how to ask questions", if you wanna learn about these concepts read wikis, there is just a lot of content out there on the internet
Man you're golden. I've been building an API with node and express to receive payments in my country(Cameroon) with our local payment methods and with my cofounder, just yesterday I was literally talking about using stripe for international payments. Thanks for the tutorial🔥
😂 I've figured out all other database names and then struggled with upside down mongo, i finally remembered it was mongodb, but totally neglected that it was upside down until I see this comment
People please don't use MD5 for your hashing... if you're asking yourself "Why?" then you have a lot more to learn before you should be messing around with anything related to payments. Also note that depending on where you are in the world, your country (or each country you're going to be operating in) may have different fiscal and certification requirements for these things, so DON'T just go and publish some random payment app. Also take into account that you might want to get some professional help with setting up some Ts&Cs for your users which they have to accept. Coding is and should be fun! But code responsibly :)
In case of not using MD5 i totally agree with you in the end just don't use it, but hashing api keys with MD5 is more secure than hashing passwords for two reasons 1) API keys are long and it's harder to break them compared to an 8 character passwords. 2)in many cases of breaking MD5 a dictionary of hashes is being used to test against for most popular passwords but this won't be the case with random bytes
@@pooyaestakhry Interesting thought🤔 but are there drawbacks to just using something like SHA-256 for your API keys? I mean surely its much more secure?
One thing I wanna say, stripe is a payment provider and essentially the global users will be buying products from the country that you're operating from. Don't worry abt international laws, just abide by the country that you're operating from, Stripe is good on it's T&C and you may not need to worry about other countries, if you think you should be worried about rules of countries I'll be operating on, you'd have to write T&C for each country, this is bullshit. Do you need to worry about laws of each country while using western union? I hope this helps somebody.
there's a lot more nuances to developing a scalable, maintainable, secure API than this video offers. but it at least gets you on your feet to building one 😎
Great stuff. Although the most challenging part is to actually register the Stripe business account being a regular developer and knowing nothing about registering a company 😅
Yoooo its so cool you mentioned Stripe's prebuilt checkout I remember writing a tutorial article in how to implement it on Laravel once I got it to work. I struggled to implement it because in the documentation it uses a different PHP framework.
I am learning front end to take over my dads business website so he can save some money. I've still got a lot of learning ahead but im starting to understand the syntax a bit more each time i study. I know watching this is probably way ahead of what im learning but its still very interesting to see what I can start working with later. Thanks for the tips Fireship :D
yo fireship can you do a video teaching us how you learn new technologies, cuz you obviously don't know everything but anytime you make a video you have some grounded knowledge about it. could you like do a walkthrough maybe a live or something. That would be awesome.
Excellent video. Thanks for making it! As a hardcore, paranoid nerd I'd recommend something other than MD5 like SHA1 or SHA256 but that's a simple change.
@@rogervanbommel1086 that's a good point - I was thinking of the two as analogous, but that is an important distinction. I suppose it still doesn't hurt, but you're right, it's probably unnecessary.
@@jakeflynn8043 salting isn't possible with API keys, and also NEVER ROLL YOUR OWN CRYPTO. If you're manually concatenating a salt to a password, you're doing it wrong.
just get started to create an api, that solve people problems (not in general way, but in specific segment), and then the most importan part is your choice. 1. make it open source, if your api is usefull, put a link donation on your Readme. im sure community will asking you for how to donate to keep the project update and exists. 2. or use this video as guide for make the money.
Md5 is broken it can be reverse hashed, use something like sha256 And Apikey shouldn't be sent as query param, it would be wise to send it in headers, headers are encrypted query is not. And To check for duplicate api key while creating them, use unix time stamp with microsecond time diff in the hex, this way u will reduce one db call
Query parameters are also encrypted by SSL. The danger is more in accidental logging of the URL and it is more clean as a header as users don’t have to manipulate the URL. You don’t need to check for duplicate API keys if your API key already is 16 Bytes (128 Bits) long and you are using secure ways to produce randomness as it is literally impossible to have collisions. I like your comment though because all my stuff is nitpicking while security is always important.
Didn't you watch the video? They clearly stated that API keys should be in the header, they were only sending it as a query parameter for simplicity of the example. But yes, MD5 is insecure but the general idea of hashing still is important.
@@rz2374 The amount of data loss and real-world harm caused by this sort of laziness in the industry really makes this crap inexcusable. Great, doing it the wrong ways is easier. Big surprise. Why bother teaching people how to do it the wrong way when you didn’t start with the right way?
You basically explained a topic in such laconic and easy to understand manner which usually has a whole course dedicated to it. How ? Are you even human ?
Thanks for the mention Fireship! You are the best!!!
Hmm I just watched your video lol
He is
As soon as I saw fireships video I remembered that I am having a deja vu lol. I saw your video first. It was awesome
I have this amazing API idea in my head for weeks now, with your videos it is one step closer to reality :D
I’ve watched your video too. Very good work !
building the API is the easy part.
coming up with an idea that actually solves a problem is the hard part.
It is pretty saturated too.
Exactly
And it should solve it better than existing solutions
I'd say the hard part is actually providing a useful solution.
A service that tells you what someone else is thinking about is a trillion dollar idea. Now implement it
Just remember that ideas are cheap. Often times it doesn't matter if you're original if you can implement it better than others.
As others have said, it isn't too hard to create a simple API. It doesn't need to be complex or comprehensive. The best thing to do is to wait for a new trend to integrate an API into, and then the demand for your API will come naturally. There's no point competing, just be relevant.
You are dead on, but do you realize what you're saying? These "trends" are here. Think of an idea that the news can't stop talking about, think of the vast amount and what type of data that's required for these people to pursue their (nefarious) plans... now serve it to them, if you don't someone else will. and hope history remembers you as the messenger and not the facilitator. I can think of several trends that fit this but there's particularly one that absolutely dominates the others and it's not going to be talked about by anyone making APIs already.
@Thomas Robertson why nefarious only 🤷????
Are there no more good ones 🤔????
@@thomasrobertson9835which trends are you referring to?
I used to be an Android developer, but switched to Product management shortly after since coding wasn't really for me, so i haven't coded in years. It's always great watching your videos to have a high-level understanding of how things should work. It makes talking with the developers much easier.
you got promoted to your level of incompetence
Hi, I feel the same way that coding isn't for me although i am trying really hard, could you please suggest me how did you make the switch to Product Management?
This is hands down the best dev channel on YT. Straight to the point, clear, and easy to follow. Always great content.
It's worth pointing out that md5 is not a great hashing function for sensible data, in general argon2 and bycrypt are much more secure
Bcrypt is commonly used now (I think not sure at least that's what I've used before)
@@dynamicdanymo8343 yes, but argon2 won the competition, if you have the option to choose which one to use, my recommendation is argon2
@@lmtr0 With 10+ passes. Though that’s getting into “hey actually read the documentation” territory, which no one does even if it’s important.
I am getting _really_ tired of web developers using MD5 as an example for cryptographic purposes. No mention of salt and pepper either.
Oh well. At least I won’t be out of a job I guess.
@@liesdamnlies3372 Now I'm getting offended, I really read the documentation. LMAO
Oh my god dude, your visuals and graphics are some of the best in the game. Keep it up!
and his jokes too
You're fucking awesome man!
Even though I'm not learning anything new, it's always a pleasure to watch your damn well made videos.
a dollar for a bunch of fire emoji's
sounds *LIT*
I'd love to see some videos on the following topics:
Gitlab Auto DevOps
Chaos Engineering (Litmus)
Policy as Code (Open Policy Agent)
Compliance as Code
In general just more topics on security, DevOps & Site Reliability
Just read the front page of any projects or notable ressources regarding the subject and you'll have the same amount of infos, his videos are nice for discovering things but otherwise it's just the basic exemples from the READMEs
@@heroe1486 @Heroe / you obviously don't know the amount of research required. You can't just "read the front page" rofl.
There's a big difference between reading something, understanding it and using it in practice.
@@uziboozy4540 No, they mean reading the front page (and some docs and stuff) will provide the same level of info as Fireship's videos. However, there are various small but helpful or important things you might learn from Fireship as he is an experienced dev.
@@uziboozy4540 you need to learn "how to ask questions", if you wanna learn about these concepts read wikis, there is just a lot of content out there on the internet
@@hargunbeersingh8918 bruh, when did I ever state that I specifically needed videos for these topics?
It was a simple suggestion, moron.
If i can sell my API for dollar a request then i will make Elon Musk be a second richest man
Gotta keep up with that inflation
@@klicer3068 just preach bad code and watch people making more requests than needed.
@@rafflezs Genius
@@rafflezs you are my hero.
@@rafflezs That is literally illegal
That's exactly what I needed. Now all I have to do is find an idea for an API that anyone would want to pay for.
Exactly my thoughts.
that's the hard part.
this was awesome!!
just wow, you're every tech enthusiastics dream to be as great as you
Man you're golden. I've been building an API with node and express to receive payments in my country(Cameroon) with our local payment methods and with my cofounder, just yesterday I was literally talking about using stripe for international payments. Thanks for the tutorial🔥
"The API key is now save to store" It's not. MD5 is not secure AT ALL and should NEVER be used to store sensitive data!
so what should you use?
Also, a salt should always be used, regardles of the hashing algorithm.
Some hashing algorithms have this build in
Good call, that was an oversight. The main point was to not store the raw password, but hash it, but MD5 is not an ideal algorithm
@@badbunnyfreaky SHA 256 works well (for general hashing)
@@travispettry3025 no it doesn't.
Ania Kubow
@@naurapuspita5073 wtf girl?
@@alkanedust3848 he's talking about the other UA-camr he mentioned in this video. Timestamp is 1:48
Love this videos about API's! Great work as always!
am not doing each video you make but you make the one watch the video just for pleasure and fun thanks for your great work
this was great, very helpful. it's crazy how much information you cover in such a short video.
I just finished a web dev bootcamp a few months ago, this was the greatest tutorial I’ve ever seen
The charging $1 for an emoji data response bit had me in tears 😂
$1 per request 😂😂
Api that returns tomorrow’s stock price
@@mrfrozen97-despicable😂
plain and simple we need a full course of this
billion dollar api with your basement . loved this line
thanks for teaching us in simpler way
Fireship the god of programming. AniaKubow the goddess of programming. My teacher who works in Amazon is the legend of Programming.
8:51 My man put the MongoDB logo upside down :(
🤦♂️
😂 proof he’s not a robot
@@AtomicCodeX That's what a robot would say
😂 I've figured out all other database names and then struggled with upside down mongo, i finally remembered it was mongodb, but totally neglected that it was upside down until I see this comment
@@twitchizle sounds really inappropriate🤣😂
It is simply amazing that this content is free. Thank you ❤
Omg the editing is cleaner than the soap🧼
That’s cuz it’s REST ;)
Gotta try this and I am all for this. Not for money but for authentication and generate keys
You're a gift for the 21st century
You should use a middleware to validate the API key and a second one the report API usage in order to keep your API implementation cleaner.
What do you recommend?
People please don't use MD5 for your hashing... if you're asking yourself "Why?" then you have a lot more to learn before you should be messing around with anything related to payments. Also note that depending on where you are in the world, your country (or each country you're going to be operating in) may have different fiscal and certification requirements for these things, so DON'T just go and publish some random payment app. Also take into account that you might want to get some professional help with setting up some Ts&Cs for your users which they have to accept.
Coding is and should be fun! But code responsibly :)
In case of not using MD5 i totally agree with you in the end just don't use it, but hashing api keys with MD5 is more secure than hashing passwords for two reasons 1) API keys are long and it's harder to break them compared to an 8 character passwords. 2)in many cases of breaking MD5 a dictionary of hashes is being used to test against for most popular passwords but this won't be the case with random bytes
@@pooyaestakhry Interesting thought🤔 but are there drawbacks to just using something like SHA-256 for your API keys? I mean surely its much more secure?
@@hugh-martinrouxhughy7419 practically ? no. as i said in the end i wont use MD5 either
One thing I wanna say, stripe is a payment provider and essentially the global users will be buying products from the country that you're operating from. Don't worry abt international laws, just abide by the country that you're operating from, Stripe is good on it's T&C and you may not need to worry about other countries, if you think you should be worried about rules of countries I'll be operating on, you'd have to write T&C for each country, this is bullshit. Do you need to worry about laws of each country while using western union? I hope this helps somebody.
Building an API is super-easy, barely an inconvenience
How do you come up with ideas so fast? Such well rounded content, thank you
there's a lot more nuances to developing a scalable, maintainable, secure API than this video offers. but it at least gets you on your feet to building one 😎
Great stuff. Although the most challenging part is to actually register the Stripe business account being a regular developer and knowing nothing about registering a company 😅
Don't need a company or anything (at least in the US). Just make a Stripe account!
@@wadefletcher8928 One would still need a U.S. bank account at the very least.
Yoooo its so cool you mentioned Stripe's prebuilt checkout I remember writing a tutorial article in how to implement it on Laravel once I got it to work. I struggled to implement it because in the documentation it uses a different PHP framework.
Wtf, I’m literally creating my own api atm. Just struggled with the stripe integration. This was so fucking good.
I don't understand how he does it, it's like every single time
- "You got a deal, take my money"!
Said no customer ever. 😅
Jokes aside. This is a very helpful video! Thank you!
Seriously, your videos are like the best. These are just awesome. Keep up the great work man.
Indiano?
bravo - succinct, no fuss and on point.
I am learning front end to take over my dads business website so he can save some money. I've still got a lot of learning ahead but im starting to understand the syntax a bit more each time i study. I know watching this is probably way ahead of what im learning but its still very interesting to see what I can start working with later. Thanks for the tips Fireship :D
@Erich yes but those sites are usually pretty slow I’ve noticed, it’s also better I learn for a career later on
You don't study this..u get good by doing it
@@sangbeom6245 speak for yourself
@MsPitufo2012 Coding is something you do in application practicing not memorizing it firsr
Are you reading my mind? I was literally looking for this last night.
yo fireship can you do a video teaching us how you learn new technologies, cuz you obviously don't know everything but anytime you make a video you have some grounded knowledge about it. could you like do a walkthrough maybe a live or something. That would be awesome.
I find it’s always great to insult people when you ask them for a favor
@@illuminated2438 what was the insult??
A million thanks for yet another gem of a work!!
Excellent video. Thanks for making it! As a hardcore, paranoid nerd I'd recommend something other than MD5 like SHA1 or SHA256 but that's a simple change.
NO NO NO NO NO, pbkdf2, s/bcrypt or argon2id
@@rogervanbommel1086 And SALT!
@@n8guy salting api keys doesn’t matter, passwords should be, api keys are random and salt prevents checking duplicates and rainbow tables
@@rogervanbommel1086 that's a good point - I was thinking of the two as analogous, but that is an important distinction. I suppose it still doesn't hurt, but you're right, it's probably unnecessary.
@@n8guy yea, i mean it even CAN hurt because it’s more data to store and the more complicated the easier to screw up
So informative! All this information in just 13min, it's just impressive! Thanks for putting this out.
This guy doesn’t miss
so it all about
- an awesome API idea
- little marketing
woww, 2 videos in a day , Crazy efforts man 😱
This is really what I wanted. Nice one Jeff 🔥
I rarely comment, but your videos are just straight NUTTY so much deep fucking value
As usual, outstanding video!!
If API keys are as important as Passwords I don’t think MD5 is going to cut it.
was thinking the same
Then take SHA1 or SHA 256
@@spacemeter3001
SHA1 is also not considered secure anymore
Yep, at the very least salt your md5 hash
@@jakeflynn8043 salting isn't possible with API keys, and also NEVER ROLL YOUR OWN CRYPTO. If you're manually concatenating a salt to a password, you're doing it wrong.
You should do another three js course.
Epic video for getting started on this sort of thing
man that's cool! can you make a video about cron jobs and background queues for node/next.js
Would enjoy this as well!
I love your channel, all the stuff you need in 1 video
Love this channel and newly subscribed to Ania! Hadn’t come across her channel before now but it looks great
Well in my case, I "nearly" subscribed to Ania, but found this channel instead 😂
The title should probably be like this "Make Money from your API - Tutorial". I was like, how can I make money from my API tutorial? :D
just get started to create an api, that solve people problems (not in general way, but in specific segment), and then the most importan part is your choice.
1. make it open source, if your api is usefull, put a link donation on your Readme. im sure community will asking you for how to donate to keep the project update and exists.
2. or use this video as guide for make the money.
You deserve everything good my guy!
Awesome content, Thank you. This video deserves 30 mins, you might have elaborated this a little more :-), love your work.
Perfect timing. ✌️💯🔥
Amazing work! You just got a new sub.
Congrats 888K Subs 🚀🚀
Simply amazing!
Writes down PATCH, skips it while naming Request Types... AMAZING
Amazing, thanks for sharing it!
Such a great content brother!
He's so good I want to cry
this was a great tutorial thank you !
This is awesome we need more vids like this thanks a lot
Jeff is still my favourite tech youtuber
This is awesome! Thanks!
Very good explanation, congratulations! 👍
Awesome video man ^^
beautiful video as always, thanks :D
Md5 is broken it can be reverse hashed, use something like sha256
And
Apikey shouldn't be sent as query param, it would be wise to send it in headers, headers are encrypted query is not.
And
To check for duplicate api key while creating them, use unix time stamp with microsecond time diff in the hex, this way u will reduce one db call
Query parameters are also encrypted by SSL. The danger is more in accidental logging of the URL and it is more clean as a header as users don’t have to manipulate the URL. You don’t need to check for duplicate API keys if your API key already is 16 Bytes (128 Bits) long and you are using secure ways to produce randomness as it is literally impossible to have collisions.
I like your comment though because all my stuff is nitpicking while security is always important.
SHA is not much better than md5 and is also not suitable for password hashing. Instead Argon2 should be used (or Bcrypt if that's not available).
Didn't you watch the video? They clearly stated that API keys should be in the header, they were only sending it as a query parameter for simplicity of the example.
But yes, MD5 is insecure but the general idea of hashing still is important.
@@rz2374 The amount of data loss and real-world harm caused by this sort of laziness in the industry really makes this crap inexcusable. Great, doing it the wrong ways is easier. Big surprise. Why bother teaching people how to do it the wrong way when you didn’t start with the right way?
return missing in 10:42 for the recursive call?
You should make a video on hosting ( aws, ect.)
This guy is amazing!!
posts weather data like a chad
Jeff... you’re the best.
Awesome video. Very informative
I love this video and I plan to start making my own API's, but is there really a market for this? I would love to gain a few extra $
Your content is excellent!
1$ per api call , this deal is damn good
This is amazing thanks!
You basically explained a topic in such laconic and easy to understand manner which usually has a whole course dedicated to it. How ? Are you even human ?
Would you make a 100 seconds video for server components in next??
its obligatory to click on your video whenever I see a notification and watch it full
even i don't have to use it anywhere
Fireship rocks🔥🔥
thanks for making this video
my mom is finally gonna be proud now
What kinds of data do you think an amateur should collect to offer as data in the API?
Well that's the billion dollar question, isn't it? 😂
Try pictures of your mom. :-P
Song lyrics
Create an IT startup, gain customers, collect their data, sell them through api.
Great content!!
this is great. thanks for the tutorial :)
Thanks a lot for the tutorial ✨ but what language do I need to learn to understand everything you mentioned in the video? Is it Javascript?