The Industry Authority for APIs and Microservices

The API Academy provides expertise and best practices for the strategy, architecture, design and security of enterprise-grade APIs and microservices. Our free API education and certification programs are now available!

NEW FROM THE API ACADEMY

Crank-Up Your API Security with Sender-Constrained API Tokens

Francois Lascelles September 6, 2023

In his latest blog, Francois takes a look at the API security best practice of sender-constraints and how to apply it to improve your overall security posture.

2023 OWASP Top 10 API Security Risks: Broken Authorization and Authentication

Balaji Radhakrishnan, PMP, CISSP August 28, 2023

In this first piece of our three-part series, we’ll examine the top three risks on the 2023 list: Broken Object Level Authorization, Broken Authentication and Broken Object Property Level Authorization.

Recent API Academy Posts

Emerging Protocols and Security

In his latest blog, Bill takes a look at a few of the emerging API protocols and their impact on enterprise security models – with a few pointers for mitigating those concerns.

Bill Oakes, CISSP September 25, 2023

OWASP API Security Risks: What’s Ahead

In this final blog in his series on OWASP API Security Top Ten, Bala takes a look at what’s likely ahead for API and application developers.

Balaji Radhakrishnan, PMP, CISSP September 18, 2023

2023 OWASP Top Ten API Security Risks: Unrestricted Resource Consumption, Unrestricted Access to Sensitive Business Flows and Security Misconfiguration

In part two of this series on the updated OWASP Top Ten API Security risks, Bala examines three more of the Top Ten: Unrestricted Resource Consumption, Unrestricted Access to Sensitive Business Flows and Security Misconfiguration.

Balaji Radhakrishnan, PMP, CISSP September 11, 2023

Crank-Up Your API Security with Sender-Constrained API Tokens

In his latest blog, Francois takes a look at the API security best practice of sender-constraints and how to apply it to improve your overall security posture.

Francois Lascelles September 6, 2023

2023 OWASP Top 10 API Security Risks: Broken Authorization and Authentication

Balaji Radhakrishnan, PMP, CISSP August 28, 2023

The Open Web Application Security Project

This blog reviews the OWASP, the Top Ten and API Security Top Ten, and opens the door for an upcoming series on the latter two.

Bill Oakes, CISSP August 21, 2023

Microsurfaces: The Role of APIs in a Microservice Architecture

API-based communication is vital to delivering value in all aspects of a microservice architecture. Explore their relationship in this short introductory ebook.

Download Now

Microservice Architecture: Aligning Principles, Practices, and Culture

An award-winning, full-length ebook from O'Reilly and the API Academy that explains how microservices work, and what it means to build an application the microservices way.

Download Now

Securing Microservice APIs: Sustainable and Scalable Access Control

This essential ebook for technical practitioners proposes an API access control model that can be implemented to provide cohesive security over a network of microservices.

Download Now

API Design Education

For over a decade, we’ve provided thought leadership to global organizations on designing APIs, implementing API security, and modernizing mission-critical systems with continuous API management and microservices.

For Developers »

API Architecture Best Practices

We offer practical, field-tested guidance on how to use microservices and APIs to create service mesh patterns that optimize the security and scalability of multi-cloud, hybrid cloud, and on-premise IT infrastructures.

For Enterprise Architects »

API Briefings for Executives

New 5G and IoT applications will demand unprecedented levels of API performance, security, and governance. Ask us how your peers are integrating APIs and Digital BizOps to get ready for the coming revolution.

For Business Leaders »