The Industry Authority for APIs and Microservices

The API Academy provides expertise and best practices for the strategy, architecture, design and security of enterprise-grade APIs and microservices. Our free API education and certification programs are now available!


API Certification News

Our third API Academy course: API Product Manager is out now! Learn how to make your APIs as easy as possible to consume by your core audience – the developers who

Recent API Academy Posts

The Push for Zero Trust

The Zero Trust model is founded on the belief that organizations should not automatically trust anything inside or outside its perimeters and must verify everything trying to connect to its resources before granting access—based on identity, trustworthiness, and context. This blog discusses the Zero Trust model and its components.

Read More »

Do You Need Site Reliability Engineers for Your APIs?

Most organizations want to move quickly, but aren’t willing to trade uptime or quality in order to move faster. The desire for innovation and speed puts pressure on developers to shorten their release cadence, which could leave errors undetected. When the world of developers and operations collide, the organizational boundaries can create roadblocks. Two common

Read More »

SRE vs DevOps for APIs

How do you expand API functionality while also ensuring existing mission-critical features continue to operate under stress? API development teams tend to focus on new features, while operations teams focus on stability. In the past, this difference in focus often led to these teams working at cross-purposes and made API development difficult. In recent years,

Read More »

How To Protect Your Web Applications from OWASP Top Ten (part two)

In my first blog on How to Protect Your Web Applications from OWASP Top Ten, I discussed both OWASP and the OWASP Top Ten project, as well as how a properly configured API management solution can protect you against the first five of these threats.  In this blog we’ll complete the Top Ten. A6 Security

Read More »

How To Protect Your Web Applications from OWASP Top Ten (part one)

The Open Web Application Security Project (OWASP) is a non-profit foundation that works the improve the security of software through open-source projects.  One such project is outlining the ten most critical security concerns for application security, known as the OWASP Top Ten.  This two-part blog will take a look at each of these, and how

Read More »

How to Identify Your Organization’s API Landscape

Your company provides a lot of APIs to both external and internal consumers. Your API landscape is every API you’ve built, plus those in the early stages of design and development. Before you can make decisions within this landscape—such as which APIs are working well, which may need to be shelved, and which may need

Read More »
Microsurfaces: The Role of APIs in a Microservice Architecture
API-based communication is vital to delivering value in all aspects of a microservice architecture. Explore their relationship in this short introductory ebook.
Download Now
Microservice Architecture: Aligning Principles, Practices, and Culture
An award-winning, full-length ebook from O'Reilly and the API Academy that explains how microservices work, and what it means to build an application the microservices way.
Download Now
Securing Microservice APIs: Sustainable and Scalable Access Control
This essential ebook for technical practitioners proposes an API access control model that can be implemented to provide cohesive security over a network of microservices.
Download Now
APIs & Microservices from the API Academy

API Design Education

For over a decade, we’ve provided thought leadership to global organizations on designing APIs, implementing API security, and modernizing mission-critical systems with continuous API management and microservices.

Cloud Architectures from the API Academy

API Architecture Best Practices

We offer practical, field-tested guidance on how to use microservices and APIs to create service mesh patterns that optimize the security and scalability of multi-cloud, hybrid cloud, and on-premise IT infrastructures.

5G and IoT Applications from the API Academy

API Briefings for Executives

New 5G and IoT applications will demand unprecedented levels of API performance, security, and governance. Ask us how your peers are integrating APIs and Digital BizOps to get ready for the coming revolution.