Today we’re going to take a look at the Layer 7 API Management OAuth toolkit or OTK. For most customers, the OTK is not an optional Gateway add-on. It is an essential product used in the API management lifecycle for securing client authorization and authentication. The OTK implements security using a combination of the OAuth 2.0 (authorization) and…
Category: For Developers
TechTalk: Building API-Aware Service Meshes
In our first TechTalk of 2020, hosts Bill and Aran introduce Jay Thorne, Head of Product Strategy at Broadcom’s Layer7 API Management. He talks about Building API-aware Service Meshes with Layer7 and Istio, and includes a demo plus a comprehensive Q&A session.
The benefits of JWT + JWS + JWE on API Designs
In this post I cover some good reasons to adopt JWT (JSON Web Token), JWS (JSON Web Sign), and JWE (JSON Web Encryption) in your API Designs. JWTs are a modern solution to an old problem: how to I know who this user is? They help us by being signed and stateless, and by having a common data…
How to Use Policy to Retrieve a Portal API OAuth Token
An API Gateway can be a fast, easy way to manage entities in an API Portal. The Portal API (PAPI) provides entry-points to perform tasks such as onboard users, manage APIs that are protected by the gateway runtime, manage and update API versions and documentation, and administer API Management items such as application definitions, organizations, API plans and…
Layer7 API Gateway – Did You Know? Microsoft Forefront TMG Replacement
Most people familiar with APIs know the role of an API Gateway, which is typically used to secure access to APIs and provide capabilities such as threat protection, rate limiting, authentication, and authorization. The Layer7 API Gateway does all of this and much, much more. This series of posts will highlight scenarios where the Layer7 API Gateway has…
Enriching and Externalizing Gateway Metrics to Splunk
Overview Gateway metrics are a critical piece of intel to determine the health of Services and traffic throughput on an API Gateway. Using Layer7 API Management as an example, there are a few ways we can obtain this information: Policy Manager: Dashboard, PAPIM (Precision API Monitoring), sending this information to a monitoring solution via Gateway Metrics Tactical Assertion…
DevOps: REST API Execution Through Bash Shell Scripting III
A Simple Framework (Experiences) This is the third and last part of the paper proposing a framework that enables DevOps teams to issue REST API calls via bash shell scripts. This part shares some experiences/lessons learned from real world applications. Experiences It would be nice if API publishers simply provided an API client SDK in shell scripts. While…
DevOps: REST API Execution Through Bash Shell Scripting II
A Simple Framework (Extension) This is the second part of the paper proposing a framework that enables DevOps teams to issue REST API calls via bash shell scripts. This part discusses the extension beyond the core of the proposed framework. The third part shares some lessons learned from real world applications. The Basics The basic set of operations…
DevOps: REST API Execution Through Bash Shell Scripting
A Simple Framework: Core This is the first part of a paper proposing a framework that enables DevOps teams to issue REST API calls via bash shell scripts. The second part of the paper discusses the extension beyond the core of the proposed framework. The third part shares some experiences learned from real world applications. Introduction JSON-based REST…
A Guide to REST and API Design
API Academy Learn how to use REST to build developer-friendly, sustainable APIs The Representational State Transfer (REST) architectural style is extremely valuable to organizations that want to create APIs as a way to leverage their existing IT resources in new Web and mobile apps. By applying REST design principles to a protocol, such as HTTP, developers can build…