The Open Web Application Security Project (OWASP) is a non-profit foundation that works the improve the security of software through open-source projects. One such project is outlining the ten most critical security concerns for application security, known as the OWASP Top Ten. This two-part blog will take a look at each of these, and how…
Category: For API Developers
How to Identify Your Organization’s API Landscape
Your company provides a lot of APIs to both external and internal consumers. Your API landscape is every API you’ve built, plus those in the early stages of design and development. Before you can make decisions within this landscape—such as which APIs are working well, which may need to be shelved, and which may need…
Six Health Checks for Your API
Organizations of all sizes depend on APIs to decrease time to market, achieve business goals, and connect important systems. In order to count on those APIs, they need to stay operational. You’ll want to consider the six health checks in this post to prevent issues and other interruptions. The first four are related to the…
Continuous Monitoring for API Reliability
Anyone building APIs should know how well they perform. Without a view into your API reliability, you’ll be gambling that everything works as expected. API consumers—internal collaborators, partners, or other external developers—will discover if your API breaks and let you know about it. Continuous Monitoring can help you uncover these issues proactively. Developers that use…
API Virtualization for Robust Testing
Testing is an essential part of software development. It’s similarly an important part of the API lifecycle and it helps developers discover errors in their APIs before it even gets to production. One of the most effective methods to test production-grade APIs is through API virtualization. In this article, I’ll briefly explain the concept of…
How HTTP/2 & Protobuf Paved the Way for gRPC
with Raju Gurram In 2015, Google open-sourced a new RPC (remote procedure call) framework named gRPC. The fact that this was built and adopted by the company that has one of the largest (if not the largest) ecosystem of microservices should speak volumes about its efficacy. Google makes tens of billions of gRPC calls per…
Modern API Description Formats
For many organizations, the days of undocumented APIs are mostly gone. There are now several formats used to describe APIs. These machine-readable files can be converted into documentation and even be used to test integrations. While there are several formats, the most well-known is OpenAPI. In this article, we’ll provide a highlight of that and…
Kafka Integration with API Management
Kafka messaging busses are becoming more prevalent in today’s enterprises. In this video, I briefly discuss why, and then demonstrate integration with an API management solution (using Layer7 as the example – if you use a different API management solution, this will likely have differences).
The Most Common API Authentication Methods
Unless your API is a public feed of read-only data, you likely need authentication. There are many options you could choose, which may vary depending on your use case. However, it’s unlikely you’ll need to go out and create your own authentication method. Whenever possible, use a standard that is widely implemented. Otherwise, developers will…
API Metrics with a Time Series Database
This blog examines the different ways to collect metrics on your APIs, and shows the value of Apache Druid as a time series database option.