Clear documentation is a vital part of any API that you publish for broad consumption. No matter the quality of the API itself, consumers need documentation to get the most out of the API with a minimum amount of friction. A comprehensive specification is a great starting point, but often more is needed to establish…
Category: For API Developers
How to Protect Existing GraphQL Endpoints using an API Gateway
You’ve spent months building a GraphQL API. The schema is just right, and your front-end developers are thrilled with it. At first it’s only exposed internally, so you’re not that worried about security, but then as different clients find out that you have this awesome API out there, they want to start using it as…
Next TechTalk Session is June 24
On June 24, Aran and Bill are joined by researchers from Aite Group to talk about both the OWASP Top 10 web-based threats and the OWASP Top 10 API threats. Every month, join hosts Aran White and Bill Oakes for the reboot of our popular live webinar series, where we discuss both industry trends and…
TL;DR: Istio and Mesh are a Microservices Deployment Framework
And Together, They Need to have Business Context The industry and our customers have expressed a great interest in Istio and service mesh over the past couple of months. I find this interesting because the tool represents the next evolutionary step, but is not without a few downsides. My focus in API management has sharpened…
TechTalk: A Panel on API Security
May’s TechTalk had hosts Aran and Bill joined by Dmitry Sotnikov, CPO of 42Crunch, for a panel discussion on common API security issues and how to mitigate them. In addition to addressing these common issues, the panel also took questions from the audience. Definitely a topic of interest. API Academy encourages those who are interested…
How to Deploy a GraphQL Server Using Arvata Euclid
GraphQL is a powerful and relatively new paradigm that can greatly enhance your API offerings, and now it is possible to create a GraphQL API on the Layer7 API Gateway using Arvata Euclid. There are 4 prerequisites to deploy a GraphQL server to a Layer7 API Gateway. Let’s take a look at each. #1: The…
Advice to Developers: Double-check Configurations to Avoid Cybersecurity Pain
Last month in my API Academy blog I provided my observations and recommendations about the importance of logging and monitoring from a cybersecurity perspective. This month, I’ll focus on the importance of avoiding security misconfigurations when building and updating applications. As I noted last month, I’m a bit of an old salt in security, having…
Top Ten GraphQL Myths Debunked
There are a lot of myths out there (flying horse, anyone?). There’s even myths about GraphQL, which can lead to misunderstandings around it’s use cases, and even at times unwarranted fears over it’s usage. Let’s take a look at the top 10 most common GraphQL myths and see if we can’t assuage some worries and…
How-to: API Management and HTTP/2
As usage of the HTTP/2 protocol becomes more prevalent, it’s clear that your API security solution must be able to handle HTTP/2 traffic. The performance enhancements offered by HTTP/2 make it ideal for high volume network traffic and IOT use cases, and even simpler use cases will reap the benefits. What once seemed like a…
TechTalk: OAuth and OpenID Connect
Hosts Aran and Bill were joined by Aric Day, Layer7 Solution Strategist, for an introduction to OAuth and OpenID Connect, and how these work together to ensure a hardened solution.