GraphQL is undeniably gaining traction in the Enterprise. TechTalk hosts Bill and Aran were joined by Broadcom Technology Partner Arvata for an introduction to GraphQL and an exciting unveiling of Arvata’s innovation that enables gateways to function as an Enterprise GraphQL server and GraphQL proxy. Arvata demonstrated how easy it is to use their GraphQL…
Category: API Design
API Design Best Practices for Enterprises
Your API program will see more success with a thoughtful API design phase. Effort spent on architecture often returns as time saved during other phases of your project. These efficiencies add up across the hundreds or thousands of APIs you support. Your API design should be backed by your company’s strategy and focused on real…
Gateway Secure Deployment Architecture
In today’s digital world, API gateways are often the first interaction of incoming requests from the outside world. In most scenarios, enterprises place the gateways in DMZ strategically to secure, protect and throttle their internal digital assets. Hence, security for these gateways becomes crucial and they need to be properly configured and hardened. Whether it…
Managing the Effect of Slow Back-end Systems
Introduction: API deployments need to maintain a stable network behaviour, with widely varying back end systems. In a previous article, I talked about the need to maintain user experience. In a Layer7 API Gateway based deployment, back end systems that have high latency have some very interesting side effects. To effectively manage a gateway in…
TechTalk: Docker and High Performance Architecture
In our February 2020 TechTalk, hosts Bill and Aran were joined by Michael Skolik, managing Consultant and Architect, Enterprise Studio by HCL Technologies. He described the steps necessary to achieve a high-performance architecture when using Docker, with an excellent Q&A at the end. Definitely worth watching!
How-to: OpenID Connect Authentication for OAuth
As we know by now, the OAuth 2.0 protocol was built for authorization, not authentication. It excels at delegated authorization. Log in with Google? Sure. The OAuth protected API endpoint never sees your Google username and password. It doesn’t need to know who you are. In fact, like a discreet bouncer at an exclusive club,…
How-to: OAuth and SAML – A Love Story for Valentine’s Day
Naturally, OAuth 2.0 is the shining star of the OAuth Toolkit (OTK), the prima donna that performs center stage in Layer7’s API security implementation. But waiting in the wings with a bouquet of slightly wilted flowers is an older standard who once shone just as brightly before all those mobile apps came along. His name…
How To: Validate Your OAuth Implementation
Is my Layer7 OAuth Toolkit (OTK) installation working? Valid question. Now that you’ve installed OTK on your API Gateway, and have access to OTK-specific policies and assertions in Policy Manager, it’s time to see OAuth in action. The quickest way to do this is through the pre-configured OAuth test clients and OAuth Manager.You can access…
How To: OTK Solution Kit Installation
This is the second post in the blog series focusing on the OAuth Toolkit (OTK) kit. The first video was a more academic overview of the OAuth protocol and workflow. This time we take a look at how to install the OTK solution kit, and how the OTK integrates with the API Gateway to provide easy implementation of OAuth security…
How-To: OAuth Overview
Today we’re going to take a look at the Layer 7 API Management OAuth toolkit or OTK. For most customers, the OTK is not an optional Gateway add-on. It is an essential product used in the API management lifecycle for securing client authorization and authentication. The OTK implements security using a combination of the OAuth…