Plan to scaleWhen planning for scale, every tool out there has individual capacity limits. Many can scale horizontally, and many scale vertically, but ALL of them cost time, money, or both to scale. Unbounded scaling is just not available for free. Even if the products in use attract no licenses fees, there are always costs:…
Category: For Enterprise Architects
How-To: Create a Private Key for Signing JWT ID Tokens
Feel free to jot this down: RFC7519. We all have our favourite IETF standards, don’t we? Something we read again and again in front of the roaring fireplace with our slippers on. Something to chuckle at in darker times, to ponder over, and oh yes, to shed a tear for, whilst contemplating the sheer brilliance…
TechTalk: Docker and High Performance Architecture
In our February 2020 TechTalk, hosts Bill and Aran were joined by Michael Skolik, managing Consultant and Architect, Enterprise Studio by HCL Technologies. He described the steps necessary to achieve a high-performance architecture when using Docker, with an excellent Q&A at the end. Definitely worth watching!
How to Beat Cross-Site Request Forgery Attacks
Cross-Site Request Forgery (CSRF) is a type of security threat in which malicious actors can steal user data and authentication information by gaining access to HTTP Cookies. Cookies are small nuggets of information which are sent in responses from web servers to the browser. The browser stores this information and will include these cookies in…
Secure your GraphQL Implementation with an API Gateway
Do APIs, not security in your GraphQL I can’t remember the last time I was excited about a new technology like I am with GraphQL. I don’t think there is anything I don’t like about it- at least not yet! I have not been leveraging it every day as my job so keep that in…
How-to: OAuth and SAML – A Love Story for Valentine’s Day
Naturally, OAuth 2.0 is the shining star of the OAuth Toolkit (OTK), the prima donna that performs center stage in Layer7’s API security implementation. But waiting in the wings with a bouquet of slightly wilted flowers is an older standard who once shone just as brightly before all those mobile apps came along. His name…
How To: Validate Your OAuth Implementation
Is my Layer7 OAuth Toolkit (OTK) installation working? Valid question. Now that you’ve installed OTK on your API Gateway, and have access to OTK-specific policies and assertions in Policy Manager, it’s time to see OAuth in action. The quickest way to do this is through the pre-configured OAuth test clients and OAuth Manager.You can access…
How To: OTK Solution Kit Installation
This is the second post in the blog series focusing on the OAuth Toolkit (OTK) kit. The first video was a more academic overview of the OAuth protocol and workflow. This time we take a look at how to install the OTK solution kit, and how the OTK integrates with the API Gateway to provide easy implementation of OAuth security…
Using Consul as a Source of Truth in Microservices
App Economy and Microservices In today’s app economy, APIs are playing an essential role in helping customers to achieve their digital transformation goals. In this process, enterprises are trying to convert their monolithic applications into more granular and autonomous microservices to support their business objective and also speed to market. Consul as Source of Truth…
How-To: OAuth Overview
Today we’re going to take a look at the Layer 7 API Management OAuth toolkit or OTK. For most customers, the OTK is not an optional Gateway add-on. It is an essential product used in the API management lifecycle for securing client authorization and authentication. The OTK implements security using a combination of the OAuth…