The new certification course for API Security Architect is now available. This is an in-depth, self-paced course, and by completing this course, you will be able to: Explain the unique security risks of APIs and identify typical areas of API vulnerabilities Explain the purpose of OAuth 2.0 as a framework for authorization Describe the current…
Category: For API Developers
How-to: View Rich Analytics for GraphQL APIs and Back-ends Using Euclid
After you publish your API, one of the first questions you may be asked or ask yourself is probably “who is using it?”, followed quickly by “is it working?”. Over time you’ll want to see all sorts of data about your API traffic. In the past, you may have spent months updating your endpoints to…
TechTalk: A Panel Discussion on OWASP Top 10/API Top 10
June 2020’s TechTalk had Joe Krull from Aite Group and API Academy’s own Jay Thorne join hosts Aran and Bill on a discussion around OWASP Top 10 and the newer API Top 10 and how enterprises can address common security issues around these problem areas. They also discussed the relationship between app developers and security…
A Solid Investment – Don’t Skimp on Security Training for Developers
Over the past months in API Academy blogs I’ve provided my observations and recommendations on the importance of event and access logging and the compelling reasons why you want to avoid security misconfigurations. This month, I’ll focus on security training for developers and why you should make this investment. To remind, I’m a bit of…
TL;DR: Abstractions Make Us Both More Productive and Less Certain
Today, I have a guest contributor: I was working with Vidhya Bhushan, one of my Broadcom team members on our performance testing team. We had a discussion about performance testing for a specific use case and I asked for scaling of the test generation, and he commented that we might not need to since the…
TL;DR: High Cohesion, High Consistency, but with Low (or No) Coupling
This came up in a CI/CD pipeline discussion with Aman Khurana at our customer FedEx a few weeks ago, and the more I think about it, the more I like the phrase. I’m going to call it “CCLC” for short. In my view, this is a great summary of the important goals of a modern…
You Bet That APIs Power DevOps Tools
Which came first, APIs or DevOps? Though the two are complementary, the answer here is clear. There are major benefits of DevOps in your API lifecycle, but APIs are likely responsible for the growth in DevOps methodologies. The Cloud, modern code reviews, and continuous integration all depend on APIs. APIs Cause Cloud Formations Plenty has…
How to Publish GraphQL APIs to a Developer Portal
So you’ve been using and getting all the benefits that GraphQL has to offer with the Arvata GraphQL server for a while now, and you keep hearing about these concepts with an API developer portal involving client→API mappings and account/API plans. What are these concepts and how can you benefit from them? Client → API…
How to Include Rich Content in Your API Documentation
Clear documentation is a vital part of any API that you publish for broad consumption. No matter the quality of the API itself, consumers need documentation to get the most out of the API with a minimum amount of friction. A comprehensive specification is a great starting point, but often more is needed to establish…
How to Protect Existing GraphQL Endpoints using an API Gateway
You’ve spent months building a GraphQL API. The schema is just right, and your front-end developers are thrilled with it. At first it’s only exposed internally, so you’re not that worried about security, but then as different clients find out that you have this awesome API out there, they want to start using it as…