In his latest blog, Adam discusses best practices for Continuous API Management , including several significant ways that drives change when the API is operating on cloud architecture. API management, whether on the cloud or off, comes down to discovery, documentation, monitoring, alerting, and authentication/security. How well you implement best practices in these areas will make or break your service. In this article, we’ll summarize several considerations for adapting to the cloud.
API Academy for All Roles
GraphQL vs. gRPC vs. REST: Comparing Data Exchange Methods for APIs
In his latest blog, Adam discusses how APIs are the building blocks of the distributed systems that run our world, and how they constantly move data from point to point. He then discusses different API technologies to provide solutions to different pain points in API data exchange.
Q2 TechTalk
Our API Academy quarterly TechTalk is April 28th at 9:00AM PDT/12:00PM EDT, and has Noname Security experts joining the API Academy team for what promises to be a most interesting discussion. Our team will be talking about API Security – not only from an API management perspective (i.e. locked down gateways, best practices, secured mobile apps) but also enterprise-wide API security tactics, as well as emerging threat vectors.
Three Very Different Categories of APIs
The latest blog from Adam covers the three primary categories of APIs (Single Implementation, Internal Utility, and External Extension) and when best to choose each.
How-to Protect Your APIs from OWASP API Security Top Ten (part two)
In this second part of a two-part series, Francois takes a look at #’s 6-10 of the OWASP API Security Top 10 risks and how to best mitigate them through a secured API management solution.
How-to Protect Your APIs from OWASP API Security Top Ten – (part one)
In a recent blog series, my colleague, Bill Oakes, discussed the OWASP Top Ten web-based threats and how a proven API management solution can help mitigate against those threats. So, that covers web applications, but what about APIs? Several analysts are pinpointing APIs as one of the top attack vectors over the next four to […]
API Gateway Cipher Suite Best Practices – Part 1
In this three part article, we’ll cover some of the best practices in selecting the best TLS cipher suite algorithms with your API gateways.
The Push for Zero Trust
The Zero Trust model is founded on the belief that organizations should not automatically trust anything inside or outside its perimeters and must verify everything trying to connect to its resources before granting access—based on identity, trustworthiness, and context. This blog discusses the Zero Trust model and its components.
Do You Need Site Reliability Engineers for Your APIs?
Most organizations want to move quickly, but aren’t willing to trade uptime or quality in order to move faster. The desire for innovation and speed puts pressure on developers to shorten their release cadence, which could leave errors undetected. When the world of developers and operations collide, the organizational boundaries can create roadblocks. Two common […]
SRE vs DevOps for APIs
How do you expand API functionality while also ensuring existing mission-critical features continue to operate under stress? API development teams tend to focus on new features, while operations teams focus on stability. In the past, this difference in focus often led to these teams working at cross-purposes and made API development difficult. In recent years, […]