I'd say the hard part is actually providing a useful solution. A service that tells you what someone else is thinking about is a trillion dollar idea. Now implement it
As others have said, it isn't too hard to create a simple API. It doesn't need to be complex or comprehensive. The best thing to do is to wait for a new trend to integrate an API into, and then the demand for your API will come naturally. There's no point competing, just be relevant.
You are dead on, but do you realize what you're saying? These "trends" are here. Think of an idea that the news can't stop talking about, think of the vast amount and what type of data that's required for these people to pursue their (nefarious) plans... now serve it to them, if you don't someone else will. and hope history remembers you as the messenger and not the facilitator. I can think of several trends that fit this but there's particularly one that absolutely dominates the others and it's not going to be talked about by anyone making APIs already.
I used to be an Android developer, but switched to Product management shortly after since coding wasn't really for me, so i haven't coded in years. It's always great watching your videos to have a high-level understanding of how things should work. It makes talking with the developers much easier.
Hi, I feel the same way that coding isn't for me although i am trying really hard, could you please suggest me how did you make the switch to Product Management?
I am getting _really_ tired of web developers using MD5 as an example for cryptographic purposes. No mention of salt and pepper either. Oh well. At least I won’t be out of a job I guess.
I'd love to see some videos on the following topics: Gitlab Auto DevOps Chaos Engineering (Litmus) Policy as Code (Open Policy Agent) Compliance as Code In general just more topics on security, DevOps & Site Reliability
Just read the front page of any projects or notable ressources regarding the subject and you'll have the same amount of infos, his videos are nice for discovering things but otherwise it's just the basic exemples from the READMEs
@@heroe1486 @Heroe / you obviously don't know the amount of research required. You can't just "read the front page" rofl. There's a big difference between reading something, understanding it and using it in practice.
@@uziboozy4540 No, they mean reading the front page (and some docs and stuff) will provide the same level of info as Fireship's videos. However, there are various small but helpful or important things you might learn from Fireship as he is an experienced dev.
@@uziboozy4540 you need to learn "how to ask questions", if you wanna learn about these concepts read wikis, there is just a lot of content out there on the internet
Man you're golden. I've been building an API with node and express to receive payments in my country(Cameroon) with our local payment methods and with my cofounder, just yesterday I was literally talking about using stripe for international payments. Thanks for the tutorial🔥
People please don't use MD5 for your hashing... if you're asking yourself "Why?" then you have a lot more to learn before you should be messing around with anything related to payments. Also note that depending on where you are in the world, your country (or each country you're going to be operating in) may have different fiscal and certification requirements for these things, so DON'T just go and publish some random payment app. Also take into account that you might want to get some professional help with setting up some Ts&Cs for your users which they have to accept. Coding is and should be fun! But code responsibly :)
In case of not using MD5 i totally agree with you in the end just don't use it, but hashing api keys with MD5 is more secure than hashing passwords for two reasons 1) API keys are long and it's harder to break them compared to an 8 character passwords. 2)in many cases of breaking MD5 a dictionary of hashes is being used to test against for most popular passwords but this won't be the case with random bytes
@@pooyaestakhry Interesting thought🤔 but are there drawbacks to just using something like SHA-256 for your API keys? I mean surely its much more secure?
One thing I wanna say, stripe is a payment provider and essentially the global users will be buying products from the country that you're operating from. Don't worry abt international laws, just abide by the country that you're operating from, Stripe is good on it's T&C and you may not need to worry about other countries, if you think you should be worried about rules of countries I'll be operating on, you'd have to write T&C for each country, this is bullshit. Do you need to worry about laws of each country while using western union? I hope this helps somebody.
😂 I've figured out all other database names and then struggled with upside down mongo, i finally remembered it was mongodb, but totally neglected that it was upside down until I see this comment
Great stuff. Although the most challenging part is to actually register the Stripe business account being a regular developer and knowing nothing about registering a company 😅
Yoooo its so cool you mentioned Stripe's prebuilt checkout I remember writing a tutorial article in how to implement it on Laravel once I got it to work. I struggled to implement it because in the documentation it uses a different PHP framework.
yo fireship can you do a video teaching us how you learn new technologies, cuz you obviously don't know everything but anytime you make a video you have some grounded knowledge about it. could you like do a walkthrough maybe a live or something. That would be awesome.
there's a lot more nuances to developing a scalable, maintainable, secure API than this video offers. but it at least gets you on your feet to building one 😎
@@jakeflynn8043 salting isn't possible with API keys, and also NEVER ROLL YOUR OWN CRYPTO. If you're manually concatenating a salt to a password, you're doing it wrong.
I am learning front end to take over my dads business website so he can save some money. I've still got a lot of learning ahead but im starting to understand the syntax a bit more each time i study. I know watching this is probably way ahead of what im learning but its still very interesting to see what I can start working with later. Thanks for the tips Fireship :D
Excellent video. Thanks for making it! As a hardcore, paranoid nerd I'd recommend something other than MD5 like SHA1 or SHA256 but that's a simple change.
@@rogervanbommel1086 that's a good point - I was thinking of the two as analogous, but that is an important distinction. I suppose it still doesn't hurt, but you're right, it's probably unnecessary.
Md5 is broken it can be reverse hashed, use something like sha256 And Apikey shouldn't be sent as query param, it would be wise to send it in headers, headers are encrypted query is not. And To check for duplicate api key while creating them, use unix time stamp with microsecond time diff in the hex, this way u will reduce one db call
Query parameters are also encrypted by SSL. The danger is more in accidental logging of the URL and it is more clean as a header as users don’t have to manipulate the URL. You don’t need to check for duplicate API keys if your API key already is 16 Bytes (128 Bits) long and you are using secure ways to produce randomness as it is literally impossible to have collisions. I like your comment though because all my stuff is nitpicking while security is always important.
Didn't you watch the video? They clearly stated that API keys should be in the header, they were only sending it as a query parameter for simplicity of the example. But yes, MD5 is insecure but the general idea of hashing still is important.
@@rz2374 The amount of data loss and real-world harm caused by this sort of laziness in the industry really makes this crap inexcusable. Great, doing it the wrong ways is easier. Big surprise. Why bother teaching people how to do it the wrong way when you didn’t start with the right way?
I made an sms spam filter on rapid api and left it there for around 4 month,, total usage: 0. APIs need good advertisement plan and useful purpose to actually capture revenue
Great video. Instead of editing this video you could come up with your 1$/request cheap API product. But making people fool is a better business, right? :)
just get started to create an api, that solve people problems (not in general way, but in specific segment), and then the most importan part is your choice. 1. make it open source, if your api is usefull, put a link donation on your Readme. im sure community will asking you for how to donate to keep the project update and exists. 2. or use this video as guide for make the money.
$1 per API request?! At that, I could bribe NK to make me leader. It's a horrible choice since I'd gain nothing (and end up one of the most target people in the world)... But I could!
You basically explained a topic in such laconic and easy to understand manner which usually has a whole course dedicated to it. How ? Are you even human ?
What's the point of using stripe checkout rather than just replicating the UI + calling the stripe API ( they have snippets for that ) and never have your customers leave your website ? + Don't they charge more for using it ? Seems neat ( and intended ) for non developers tho.
I love your videos, they have thought me so much! The only issue I have is that I seem to have Misophonia which is triggered by the way you pronounce the "s" sound. Which makes me pause the video regularly to compose myself and refocus. I would be curious if maybe adding a de-esser effect on your voice might help 🤔 Greetings from Germany, keep up the good work!
Thanks for the mention Fireship! You are the best!!!
Hmm I just watched your video lol
He is
As soon as I saw fireships video I remembered that I am having a deja vu lol. I saw your video first. It was awesome
I have this amazing API idea in my head for weeks now, with your videos it is one step closer to reality :D
I’ve watched your video too. Very good work !
building the API is the easy part.
coming up with an idea that actually solves a problem is the hard part.
It is pretty saturated too.
Exactly
And it should solve it better than existing solutions
I'd say the hard part is actually providing a useful solution.
A service that tells you what someone else is thinking about is a trillion dollar idea. Now implement it
Just remember that ideas are cheap. Often times it doesn't matter if you're original if you can implement it better than others.
As others have said, it isn't too hard to create a simple API. It doesn't need to be complex or comprehensive. The best thing to do is to wait for a new trend to integrate an API into, and then the demand for your API will come naturally. There's no point competing, just be relevant.
You are dead on, but do you realize what you're saying? These "trends" are here. Think of an idea that the news can't stop talking about, think of the vast amount and what type of data that's required for these people to pursue their (nefarious) plans... now serve it to them, if you don't someone else will. and hope history remembers you as the messenger and not the facilitator. I can think of several trends that fit this but there's particularly one that absolutely dominates the others and it's not going to be talked about by anyone making APIs already.
@Thomas Robertson why nefarious only 🤷????
Are there no more good ones 🤔????
@@thomasrobertson9835which trends are you referring to?
I used to be an Android developer, but switched to Product management shortly after since coding wasn't really for me, so i haven't coded in years. It's always great watching your videos to have a high-level understanding of how things should work. It makes talking with the developers much easier.
you got promoted to your level of incompetence
Hi, I feel the same way that coding isn't for me although i am trying really hard, could you please suggest me how did you make the switch to Product Management?
This is hands down the best dev channel on YT. Straight to the point, clear, and easy to follow. Always great content.
It's worth pointing out that md5 is not a great hashing function for sensible data, in general argon2 and bycrypt are much more secure
Bcrypt is commonly used now (I think not sure at least that's what I've used before)
@@dynamicdanymo8343 yes, but argon2 won the competition, if you have the option to choose which one to use, my recommendation is argon2
@@lmtr0 With 10+ passes. Though that’s getting into “hey actually read the documentation” territory, which no one does even if it’s important.
I am getting _really_ tired of web developers using MD5 as an example for cryptographic purposes. No mention of salt and pepper either.
Oh well. At least I won’t be out of a job I guess.
@@liesdamnlies3372 Now I'm getting offended, I really read the documentation. LMAO
I'd love to see some videos on the following topics:
Gitlab Auto DevOps
Chaos Engineering (Litmus)
Policy as Code (Open Policy Agent)
Compliance as Code
In general just more topics on security, DevOps & Site Reliability
Just read the front page of any projects or notable ressources regarding the subject and you'll have the same amount of infos, his videos are nice for discovering things but otherwise it's just the basic exemples from the READMEs
@@heroe1486 @Heroe / you obviously don't know the amount of research required. You can't just "read the front page" rofl.
There's a big difference between reading something, understanding it and using it in practice.
@@uziboozy4540 No, they mean reading the front page (and some docs and stuff) will provide the same level of info as Fireship's videos. However, there are various small but helpful or important things you might learn from Fireship as he is an experienced dev.
@@uziboozy4540 you need to learn "how to ask questions", if you wanna learn about these concepts read wikis, there is just a lot of content out there on the internet
@@hargunbeersingh8918 bruh, when did I ever state that I specifically needed videos for these topics?
It was a simple suggestion, moron.
You're fucking awesome man!
Even though I'm not learning anything new, it's always a pleasure to watch your damn well made videos.
a dollar for a bunch of fire emoji's
sounds *LIT*
Oh my god dude, your visuals and graphics are some of the best in the game. Keep it up!
and his jokes too
If i can sell my API for dollar a request then i will make Elon Musk be a second richest man
Gotta keep up with that inflation
@@klicer3068 just preach bad code and watch people making more requests than needed.
@@rafflezs Genius
@@rafflezs you are my hero.
@@rafflezs That is literally illegal
That's exactly what I needed. Now all I have to do is find an idea for an API that anyone would want to pay for.
Exactly my thoughts.
that's the hard part.
this was awesome!!
"The API key is now save to store" It's not. MD5 is not secure AT ALL and should NEVER be used to store sensitive data!
so what should you use?
Also, a salt should always be used, regardles of the hashing algorithm.
Some hashing algorithms have this build in
Good call, that was an oversight. The main point was to not store the raw password, but hash it, but MD5 is not an ideal algorithm
@@badbunnyfreaky SHA 256 works well (for general hashing)
@@travispettry3025 no it doesn't.
Ania Kubow
@@naurapuspita5073 wtf girl?
@@alkanedust3848 he's talking about the other TH-camr he mentioned in this video. Timestamp is 1:48
Man you're golden. I've been building an API with node and express to receive payments in my country(Cameroon) with our local payment methods and with my cofounder, just yesterday I was literally talking about using stripe for international payments. Thanks for the tutorial🔥
The charging $1 for an emoji data response bit had me in tears 😂
- "You got a deal, take my money"!
Said no customer ever. 😅
Jokes aside. This is a very helpful video! Thank you!
just wow, you're every tech enthusiastics dream to be as great as you
People please don't use MD5 for your hashing... if you're asking yourself "Why?" then you have a lot more to learn before you should be messing around with anything related to payments. Also note that depending on where you are in the world, your country (or each country you're going to be operating in) may have different fiscal and certification requirements for these things, so DON'T just go and publish some random payment app. Also take into account that you might want to get some professional help with setting up some Ts&Cs for your users which they have to accept.
Coding is and should be fun! But code responsibly :)
In case of not using MD5 i totally agree with you in the end just don't use it, but hashing api keys with MD5 is more secure than hashing passwords for two reasons 1) API keys are long and it's harder to break them compared to an 8 character passwords. 2)in many cases of breaking MD5 a dictionary of hashes is being used to test against for most popular passwords but this won't be the case with random bytes
@@pooyaestakhry Interesting thought🤔 but are there drawbacks to just using something like SHA-256 for your API keys? I mean surely its much more secure?
@@hugh-martinrouxhughy7419 practically ? no. as i said in the end i wont use MD5 either
One thing I wanna say, stripe is a payment provider and essentially the global users will be buying products from the country that you're operating from. Don't worry abt international laws, just abide by the country that you're operating from, Stripe is good on it's T&C and you may not need to worry about other countries, if you think you should be worried about rules of countries I'll be operating on, you'd have to write T&C for each country, this is bullshit. Do you need to worry about laws of each country while using western union? I hope this helps somebody.
8:51 My man put the MongoDB logo upside down :(
🤦♂️
😂 proof he’s not a robot
@@AtomicCodeX That's what a robot would say
😂 I've figured out all other database names and then struggled with upside down mongo, i finally remembered it was mongodb, but totally neglected that it was upside down until I see this comment
@@twitchizle sounds really inappropriate🤣😂
billion dollar api with your basement . loved this line
thanks for teaching us in simpler way
How do you come up with ideas so fast? Such well rounded content, thank you
Love this videos about API's! Great work as always!
this was great, very helpful. it's crazy how much information you cover in such a short video.
$1 per request 😂😂
Api that returns tomorrow’s stock price
@@mrfrozen97-despicable😂
Great stuff. Although the most challenging part is to actually register the Stripe business account being a regular developer and knowing nothing about registering a company 😅
Don't need a company or anything (at least in the US). Just make a Stripe account!
@@wadefletcher8928 One would still need a U.S. bank account at the very least.
Wtf, I’m literally creating my own api atm. Just struggled with the stripe integration. This was so fucking good.
I don't understand how he does it, it's like every single time
Yoooo its so cool you mentioned Stripe's prebuilt checkout I remember writing a tutorial article in how to implement it on Laravel once I got it to work. I struggled to implement it because in the documentation it uses a different PHP framework.
Omg the editing is cleaner than the soap🧼
That’s cuz it’s REST ;)
INVESTING IN CRYPTO NOW IS VERY COOL EXPECIALLY WITH THE CURRENT RISE IN THE MARKET NOW.
Most intelligent words I've heard,
Crypto is the new gold,
I'm a huge fan of crypto, I hold some few coins in my wallet.
The rich get wealthier as they trade, the poor remain and get even more poorer because of skepticism and fear of taking risk,
The fruitfulness of your trading lies on the account manager or the expert,
The title should probably be like this "Make Money from your API - Tutorial". I was like, how can I make money from my API tutorial? :D
yo fireship can you do a video teaching us how you learn new technologies, cuz you obviously don't know everything but anytime you make a video you have some grounded knowledge about it. could you like do a walkthrough maybe a live or something. That would be awesome.
I find it’s always great to insult people when you ask them for a favor
@@illuminated2438 what was the insult??
there's a lot more nuances to developing a scalable, maintainable, secure API than this video offers. but it at least gets you on your feet to building one 😎
You should use a middleware to validate the API key and a second one the report API usage in order to keep your API implementation cleaner.
What do you recommend?
It is simply amazing that this content is free. Thank you ❤
Fireship the god of programming. AniaKubow the goddess of programming. My teacher who works in Amazon is the legend of Programming.
am not doing each video you make but you make the one watch the video just for pleasure and fun thanks for your great work
If API keys are as important as Passwords I don’t think MD5 is going to cut it.
was thinking the same
Then take SHA1 or SHA 256
@@spacemeter3001
SHA1 is also not considered secure anymore
Yep, at the very least salt your md5 hash
@@jakeflynn8043 salting isn't possible with API keys, and also NEVER ROLL YOUR OWN CRYPTO. If you're manually concatenating a salt to a password, you're doing it wrong.
I am learning front end to take over my dads business website so he can save some money. I've still got a lot of learning ahead but im starting to understand the syntax a bit more each time i study. I know watching this is probably way ahead of what im learning but its still very interesting to see what I can start working with later. Thanks for the tips Fireship :D
@Erich yes but those sites are usually pretty slow I’ve noticed, it’s also better I learn for a career later on
You don't study this..u get good by doing it
@@sangbeom6245 speak for yourself
@MsPitufo2012 Coding is something you do in application practicing not memorizing it firsr
plain and simple we need a full course of this
Excellent video. Thanks for making it! As a hardcore, paranoid nerd I'd recommend something other than MD5 like SHA1 or SHA256 but that's a simple change.
NO NO NO NO NO, pbkdf2, s/bcrypt or argon2id
@@rogervanbommel1086 And SALT!
@@n8guy salting api keys doesn’t matter, passwords should be, api keys are random and salt prevents checking duplicates and rainbow tables
@@rogervanbommel1086 that's a good point - I was thinking of the two as analogous, but that is an important distinction. I suppose it still doesn't hurt, but you're right, it's probably unnecessary.
@@n8guy yea, i mean it even CAN hurt because it’s more data to store and the more complicated the easier to screw up
Md5 is broken it can be reverse hashed, use something like sha256
And
Apikey shouldn't be sent as query param, it would be wise to send it in headers, headers are encrypted query is not.
And
To check for duplicate api key while creating them, use unix time stamp with microsecond time diff in the hex, this way u will reduce one db call
Query parameters are also encrypted by SSL. The danger is more in accidental logging of the URL and it is more clean as a header as users don’t have to manipulate the URL. You don’t need to check for duplicate API keys if your API key already is 16 Bytes (128 Bits) long and you are using secure ways to produce randomness as it is literally impossible to have collisions.
I like your comment though because all my stuff is nitpicking while security is always important.
SHA is not much better than md5 and is also not suitable for password hashing. Instead Argon2 should be used (or Bcrypt if that's not available).
Didn't you watch the video? They clearly stated that API keys should be in the header, they were only sending it as a query parameter for simplicity of the example.
But yes, MD5 is insecure but the general idea of hashing still is important.
@@rz2374 The amount of data loss and real-world harm caused by this sort of laziness in the industry really makes this crap inexcusable. Great, doing it the wrong ways is easier. Big surprise. Why bother teaching people how to do it the wrong way when you didn’t start with the right way?
man that's cool! can you make a video about cron jobs and background queues for node/next.js
Would enjoy this as well!
You're a gift for the 21st century
I just finished a web dev bootcamp a few months ago, this was the greatest tutorial I’ve ever seen
Gotta try this and I am all for this. Not for money but for authentication and generate keys
Are you reading my mind? I was literally looking for this last night.
What kinds of data do you think an amateur should collect to offer as data in the API?
Well that's the billion dollar question, isn't it? 😂
Try pictures of your mom. :-P
Song lyrics
Create an IT startup, gain customers, collect their data, sell them through api.
bravo - succinct, no fuss and on point.
Building an API is super-easy, barely an inconvenience
I made an sms spam filter on rapid api and left it there for around 4 month,, total usage: 0. APIs need good advertisement plan and useful purpose to actually capture revenue
You should do another three js course.
A million thanks for yet another gem of a work!!
Seriously, your videos are like the best. These are just awesome. Keep up the great work man.
Indiano?
This is really what I wanted. Nice one Jeff 🔥
Awesome content, Thank you. This video deserves 30 mins, you might have elaborated this a little more :-), love your work.
How can we send the unhashed API key to user when it is generated inside stripe's webhook ?
Great video.
Instead of editing this video you could come up with your 1$/request cheap API product.
But making people fool is a better business, right? :)
woww, 2 videos in a day , Crazy efforts man 😱
Love this channel and newly subscribed to Ania! Hadn’t come across her channel before now but it looks great
Well in my case, I "nearly" subscribed to Ania, but found this channel instead 😂
I love your channel, all the stuff you need in 1 video
just get started to create an api, that solve people problems (not in general way, but in specific segment), and then the most importan part is your choice.
1. make it open source, if your api is usefull, put a link donation on your Readme. im sure community will asking you for how to donate to keep the project update and exists.
2. or use this video as guide for make the money.
10:26 Please nobody use MD5 hashing to store sensitive data, md5 is old and no longer secure.
What's the alternative?
@@Speaks4itself Bcrypt is currently an industry standard.
Thanks a lot for the tutorial ✨ but what language do I need to learn to understand everything you mentioned in the video? Is it Javascript?
Epic video for getting started on this sort of thing
so it all about
- an awesome API idea
- little marketing
I love this video and I plan to start making my own API's, but is there really a market for this? I would love to gain a few extra $
$1 per API request?!
At that, I could bribe NK to make me leader.
It's a horrible choice since I'd gain nothing (and end up one of the most target people in the world)...
But I could!
He's so good I want to cry
I rarely comment, but your videos are just straight NUTTY so much deep fucking value
Disappointed to see my favorite youtuber teaching future web developers to "safely" store sensitive data with MD5...
At least now you know he's human and not some new age A.I. that knows everything.
@@ziwer1 every webdeveloper should know this, it is very basic. Also if he teaches for a living then he should know What he teaches.
This guy doesn’t miss
what if the user forgets the api key? and we have only hashed ones🤔
create a function where the user can create a new api key (renew).
You generate a new one and replace the old hash.
@@Fireship ohhh google not hashing my api keys as i can still see old ones.
Amazing, thanks for sharing it!
Talks about storing key in plain is insecure. Then uses MD5 for hashing 🤯
haha....... true
No one ever accused web developers of caring about security.
Would you make a 100 seconds video for server components in next??
You should make a video on hosting ( aws, ect.)
Amazing work! You just got a new sub.
As usual, outstanding video!!
Insomnia looks so much cleaner than the postman does
This is awesome we need more vids like this thanks a lot
its obligatory to click on your video whenever I see a notification and watch it full
even i don't have to use it anywhere
Very good explanation, congratulations! 👍
So informative! All this information in just 13min, it's just impressive! Thanks for putting this out.
Simply amazing!
Writes down PATCH, skips it while naming Request Types... AMAZING
beautiful video as always, thanks :D
You basically explained a topic in such laconic and easy to understand manner which usually has a whole course dedicated to it. How ? Are you even human ?
Jeff is still my favourite tech youtuber
As a penetration tester md5 hashes are easy to decode
this was a great tutorial thank you !
my mom is finally gonna be proud now
You deserve everything good my guy!
What's the point of using stripe checkout rather than just replicating the UI + calling the stripe API ( they have snippets for that ) and never have your customers leave your website ?
+ Don't they charge more for using it ? Seems neat ( and intended ) for non developers tho.
Great explenation and editing is on point! Been loving those videos for some time now. I just have one difference with fireship - I prefer react :P
Such a great content brother!
I love your videos, they have thought me so much! The only issue I have is that I seem to have Misophonia which is triggered by the way you pronounce the "s" sound. Which makes me pause the video regularly to compose myself and refocus. I would be curious if maybe adding a de-esser effect on your voice might help 🤔
Greetings from Germany, keep up the good work!
Fireship rocks🔥🔥
Saw Ania's video yesterday, what are the odds