TechTalk: Common OAuth Security Mistakes and Threat Mitigations

With vulnerabilities recently surfacing in the OAuth implementations of popular service providers like Yammer, Instagram and Facebook, it’s hard to blame anyone for getting the impression that there are fundamental security flaws in the OAuth protocol. Francois Lascelles, Chief Architect at Layer7, answered OAuth questions live, discussed the common security mistakes made in OAuth implementations…

API Management 201: API Security

Identify typical areas of API vulnerability and learn best practices for securing APIs In Lesson 103: Choosing a Solution, we discuss the importance of considering functional and operational security characteristics when choosing an API Management solution. Regardless of the solution, understanding the risk profile of APIs is vital to protecting an API against attack. In this…

API Design 303: Pagination

Minimize response times for requests and improve the app-user experience Pagination is a ubiquitous method for handling large datasets and responses in the browser-based Web but developers of API-based apps also turn to pagination in order to minimize response times for requests and generally improve the end-user experience. In this lesson, we will explore some…

API Management 102: Architectural Components

To architect an effective API Management infrastructure, it is necessary to adopt and deploy some new technology components. In this lesson, we look into specific requirements and features associated with the components of an effective API Management architecture, including security, performance, data transformation and developer management. In Lesson 101: API Management Basics, we give an overview…

API Design 202: Architectural Layers

No matter what API design style you choose, there are certain key qualities you will want your interface to have. Designing API architecture able to encompass all these qualities can be challenging. In this lesson, we outline a layered architectural style that simplifies the process of implementing a full-functioned Web API design. For a Web…