After you publish your API, one of the first questions you may be asked or ask yourself is probably “who is using it?”, followed quickly by “is it working?”. Over time you’ll want to see all sorts of data about your API traffic. In the past, you may have spent months updating your endpoints to […]
For Enterprise Architects
TL;DR: Abstractions Make Us Both More Productive and Less Certain
Today, I have a guest contributor: I was working with Vidhya Bhushan, one of my Broadcom team members on our performance testing team. We had a discussion about performance testing for a specific use case and I asked for scaling of the test generation, and he commented that we might not need to since the […]
TL;DR: High Cohesion, High Consistency, but with Low (or No) Coupling
This came up in a CI/CD pipeline discussion with Aman Khurana at our customer FedEx a few weeks ago, and the more I think about it, the more I like the phrase. I’m going to call it “CCLC” for short. In my view, this is a great summary of the important goals of a modern […]
TechTalk: A Panel on API Security
May’s TechTalk had hosts Aran and Bill joined by Dmitry Sotnikov, CPO of 42Crunch, for a panel discussion on common API security issues and how to mitigate them. In addition to addressing these common issues, the panel also took questions from the audience. Definitely a topic of interest. API Academy encourages those who are interested […]
How to Deploy a GraphQL Server Using Arvata Euclid
GraphQL is a powerful and relatively new paradigm that can greatly enhance your API offerings, and now it is possible to create a GraphQL API on the Layer7 API Gateway using Arvata Euclid. There are 4 prerequisites to deploy a GraphQL server to a Layer7 API Gateway. Let’s take a look at each. #1: The […]
Advice to Developers: Double-check Configurations to Avoid Cybersecurity Pain
Last month in my API Academy blog I provided my observations and recommendations about the importance of logging and monitoring from a cybersecurity perspective. This month, I’ll focus on the importance of avoiding security misconfigurations when building and updating applications. As I noted last month, I’m a bit of an old salt in security, having […]
Top Ten GraphQL Myths Debunked
There are a lot of myths out there (flying horse, anyone?). There’s even myths about GraphQL, which can lead to misunderstandings around it’s use cases, and even at times unwarranted fears over it’s usage. Let’s take a look at the top 10 most common GraphQL myths and see if we can’t assuage some worries and […]
The Challenging Times of Delivering on OpenBanking, Part 2
In Part 1 of this 2 part series, I discussed the challenges of the open sharing of data, and consent management model. Now I’ll wrap it up with the need for a common authentication model, shareability, and we’ll start with the most important part – who’s paying for this? Banks have to foot the billThe […]
How-to: API Management and HTTP/2
As usage of the HTTP/2 protocol becomes more prevalent, it’s clear that your API security solution must be able to handle HTTP/2 traffic. The performance enhancements offered by HTTP/2 make it ideal for high volume network traffic and IOT use cases, and even simpler use cases will reap the benefits. What once seemed like a […]
TechTalk: OAuth and OpenID Connect
Hosts Aran and Bill were joined by Aric Day, Layer7 Solution Strategist, for an introduction to OAuth and OpenID Connect, and how these work together to ensure a hardened solution.