The Industry Authority for APIs and Microservices

The API Academy provides expertise and best practices for the strategy, architecture, design and security of enterprise-grade APIs and microservices. Our free API education and certification programs are now available!

NEW FROM THE API ACADEMY

API Certification News

Aran White December 22, 2020

Our third API Academy course: API Product Manager is out now! Learn how to make your APIs as easy as possible to consume by your core audience – the developers who

Istio and Mesh are a Microservices Deployment Framework

Jay Thorne May 26, 2020

And Together, They Need to have Business Context The industry and our customers have expressed a great interest in Istio and service mesh over the past couple of months. I

Recent API Academy Posts

The Push for Zero Trust

The Zero Trust model is founded on the belief that organizations should not automatically trust anything inside or outside its perimeters and must verify everything trying to connect to its resources before granting access—based on identity, trustworthiness, and context. This blog discusses the Zero Trust model and its components.

Bill Oakes, CISSP September 13, 2021

Do You Need Site Reliability Engineers for Your APIs?

Most organizations want to move quickly, but aren’t willing to trade uptime or quality in order to move faster. The desire for innovation and speed puts pressure on developers to shorten their release cadence, which could leave errors undetected. When the world of developers and operations collide, the organizational boundaries can create roadblocks. Two common

Adam DuVander September 2, 2021

SRE vs DevOps for APIs

How do you expand API functionality while also ensuring existing mission-critical features continue to operate under stress? API development teams tend to focus on new features, while operations teams focus on stability. In the past, this difference in focus often led to these teams working at cross-purposes and made API development difficult. In recent years,

Adam DuVander August 16, 2021

How To Protect Your Web Applications from OWASP Top Ten (part two)

In my first blog on How to Protect Your Web Applications from OWASP Top Ten, I discussed both OWASP and the OWASP Top Ten project, as well as how a properly configured API management solution can protect you against the first five of these threats. In this blog we’ll complete the Top Ten. A6 Security

Bill Oakes, CISSP August 2, 2021

How To Protect Your Web Applications from OWASP Top Ten (part one)

The Open Web Application Security Project (OWASP) is a non-profit foundation that works the improve the security of software through open-source projects. One such project is outlining the ten most critical security concerns for application security, known as the OWASP Top Ten. This two-part blog will take a look at each of these, and how

Bill Oakes, CISSP July 26, 2021

How to Identify Your Organization’s API Landscape

Your company provides a lot of APIs to both external and internal consumers. Your API landscape is every API you’ve built, plus those in the early stages of design and development. Before you can make decisions within this landscape—such as which APIs are working well, which may need to be shelved, and which may need

Adam DuVander July 21, 2021

Microsurfaces: The Role of APIs in a Microservice Architecture

API-based communication is vital to delivering value in all aspects of a microservice architecture. Explore their relationship in this short introductory ebook.

Download Now

Microservice Architecture: Aligning Principles, Practices, and Culture

An award-winning, full-length ebook from O'Reilly and the API Academy that explains how microservices work, and what it means to build an application the microservices way.

Download Now

Securing Microservice APIs: Sustainable and Scalable Access Control

This essential ebook for technical practitioners proposes an API access control model that can be implemented to provide cohesive security over a network of microservices.

Download Now

API Design Education

For over a decade, we’ve provided thought leadership to global organizations on designing APIs, implementing API security, and modernizing mission-critical systems with continuous API management and microservices.

For Developers »

API Architecture Best Practices

We offer practical, field-tested guidance on how to use microservices and APIs to create service mesh patterns that optimize the security and scalability of multi-cloud, hybrid cloud, and on-premise IT infrastructures.

For Enterprise Architects »

API Briefings for Executives

New 5G and IoT applications will demand unprecedented levels of API performance, security, and governance. Ask us how your peers are integrating APIs and Digital BizOps to get ready for the coming revolution.

For Business Leaders »