And Together, They Need to have Business Context The industry and our customers have expressed a great interest in Istio and service mesh over the past couple of months. I find this interesting because the tool represents the next evolutionary step, but is not without a few downsides. My focus in API management has sharpened…
Category: All API & Microservices Content
TechTalk: A Panel on API Security
May’s TechTalk had hosts Aran and Bill joined by Dmitry Sotnikov, CPO of 42Crunch, for a panel discussion on common API security issues and how to mitigate them. In addition to addressing these common issues, the panel also took questions from the audience. Definitely a topic of interest. API Academy encourages those who are interested…
How to Deploy a GraphQL Server Using Arvata Euclid
GraphQL is a powerful and relatively new paradigm that can greatly enhance your API offerings, and now it is possible to create a GraphQL API on the Layer7 API Gateway using Arvata Euclid. There are 4 prerequisites to deploy a GraphQL server to a Layer7 API Gateway. Let’s take a look at each. #1: The…
Advice to Developers: Double-check Configurations to Avoid Cybersecurity Pain
Last month in my API Academy blog I provided my observations and recommendations about the importance of logging and monitoring from a cybersecurity perspective. This month, I’ll focus on the importance of avoiding security misconfigurations when building and updating applications. As I noted last month, I’m a bit of an old salt in security, having…
Top Ten GraphQL Myths Debunked
There are a lot of myths out there (flying horse, anyone?). There’s even myths about GraphQL, which can lead to misunderstandings around it’s use cases, and even at times unwarranted fears over it’s usage. Let’s take a look at the top 10 most common GraphQL myths and see if we can’t assuage some worries and…
The Challenging Times of Delivering on OpenBanking, Part 2
In Part 1 of this 2 part series, I discussed the challenges of the open sharing of data, and consent management model. Now I’ll wrap it up with the need for a common authentication model, shareability, and we’ll start with the most important part – who’s paying for this? Banks have to foot the billThe…
DevOps in Your API Lifecycle
Your API program may be just starting or well established. Regardless, you have new APIs coming and maintenance in your future. As your program expands, so will your need to incorporate process and automation into your API workflow. A DevOps philosophy provides a framework to help you produce reliable, scalable APIs. What is DevOps? DevOps…
How-to: API Management and HTTP/2
As usage of the HTTP/2 protocol becomes more prevalent, it’s clear that your API security solution must be able to handle HTTP/2 traffic. The performance enhancements offered by HTTP/2 make it ideal for high volume network traffic and IOT use cases, and even simpler use cases will reap the benefits. What once seemed like a…
API Product Management Certification
Earlier this year, the API Academy, in conjunction with the site relaunch released the first 2 certifications API design and and API Security. The third course is being finalized as we type and is on track to be released in the next 2 months.
The Challenging Times of Delivering on OpenBanking, Part 1
The terms, OpenBanking and PSD-2 (Payment Services Directive-2) are largely used interchangeably nowadays to summarise the very significant challenges that are being experienced by the Global financial and Banking sector today. As a response to global financial crisis of 2006, the European Banking Association, 4000+ member banks were mandated, under the regulation, PSD-2, to empower…