You’ve spent months building a GraphQL API. The schema is just right, and your front-end developers are thrilled with it. At first it’s only exposed internally, so you’re not that worried about security, but then as different clients find out that you have this awesome API out there, they want to start using it as…
Category: API Academy for All Roles
Next TechTalk Session is June 24
On June 24, Aran and Bill are joined by researchers from Aite Group to talk about both the OWASP Top 10 web-based threats and the OWASP Top 10 API threats. Every month, join hosts Aran White and Bill Oakes for the reboot of our popular live webinar series, where we discuss both industry trends and…
TL;DR: Istio and Mesh are a Microservices Deployment Framework
And Together, They Need to have Business Context The industry and our customers have expressed a great interest in Istio and service mesh over the past couple of months. I find this interesting because the tool represents the next evolutionary step, but is not without a few downsides. My focus in API management has sharpened…
TechTalk: A Panel on API Security
May’s TechTalk had hosts Aran and Bill joined by Dmitry Sotnikov, CPO of 42Crunch, for a panel discussion on common API security issues and how to mitigate them. In addition to addressing these common issues, the panel also took questions from the audience. Definitely a topic of interest. API Academy encourages those who are interested…
How-to: Deploy a GraphQL Server Using Arvata Euclid
GraphQL is a powerful and relatively new paradigm that can greatly enhance your API offerings, and now it is possible to create a GraphQL API on the Layer7 API Gateway using Arvata Euclid. There are 4 prerequisites to deploy a GraphQL server to a Layer7 API Gateway. Let’s take a look at each. #1: The…
Advice to Developers: Double-check Configurations to Avoid Cybersecurity Pain
Last month in my API Academy blog I provided my observations and recommendations about the importance of logging and monitoring from a cybersecurity perspective. This month, I’ll focus on the importance of avoiding security misconfigurations when building and updating applications. As I noted last month, I’m a bit of an old salt in security, having…
Top Ten GraphQL Myths Debunked
There are a lot of myths out there (flying horse, anyone?). There’s even myths about GraphQL, which can lead to misunderstandings around it’s use cases, and even at times unwarranted fears over it’s usage. Let’s take a look at the top 10 most common GraphQL myths and see if we can’t assuage some worries and…
The Challenging Times of Delivering on OpenBanking, Part 2
In Part 1 of this 2 part series, I discussed the challenges of the open sharing of data, and consent management model. Now I’ll wrap it up with the need for a common authentication model, shareability, and we’ll start with the most important part – who’s paying for this? Banks have to foot the billThe…
DevOps in Your API Lifecycle
Your API program may be just starting or well established. Regardless, you have new APIs coming and maintenance in your future. As your program expands, so will your need to incorporate process and automation into your API workflow. A DevOps philosophy provides a framework to help you produce reliable, scalable APIs. What is DevOps? DevOps…
How-to: API Management and HTTP/2
As usage of the HTTP/2 protocol becomes more prevalent, it’s clear that your API security solution must be able to handle HTTP/2 traffic. The performance enhancements offered by HTTP/2 make it ideal for high volume network traffic and IOT use cases, and even simpler use cases will reap the benefits. What once seemed like a…