Clear documentation is a vital part of any API that you publish for broad consumption. No matter the quality of the API itself, consumers need documentation to get the most out of the API with a minimum amount of friction. A comprehensive specification is a great starting point, but often more is needed to establish…
Category: All API & Microservices Content
API Keys are not API Security
I recently had an interesting article show up in my Google newsfeed on API Keys, their generation, and their distribution. A group of developers posed the following question to the community: how do you build and distribute your API keys to your API consumer audience? Being immersed in APIs and API developer communities every day,…
How to Protect Existing GraphQL Endpoints using an API Gateway
You’ve spent months building a GraphQL API. The schema is just right, and your front-end developers are thrilled with it. At first it’s only exposed internally, so you’re not that worried about security, but then as different clients find out that you have this awesome API out there, they want to start using it as…
Istio and Mesh are a Microservices Deployment Framework
And Together, They Need to have Business Context The industry and our customers have expressed a great interest in Istio and service mesh over the past couple of months. I find this interesting because the tool represents the next evolutionary step, but is not without a few downsides. My focus in API management has sharpened…
TechTalk: A Panel on API Security
May’s TechTalk had hosts Aran and Bill joined by Dmitry Sotnikov, CPO of 42Crunch, for a panel discussion on common API security issues and how to mitigate them. In addition to addressing these common issues, the panel also took questions from the audience. Definitely a topic of interest. API Academy encourages those who are interested…
How to Deploy a GraphQL Server Using Arvata Euclid
GraphQL is a powerful and relatively new paradigm that can greatly enhance your API offerings, and now it is possible to create a GraphQL API on the Layer7 API Gateway using Arvata Euclid. There are 4 prerequisites to deploy a GraphQL server to a Layer7 API Gateway. Let’s take a look at each. #1: The…
Advice to Developers: Double-check Configurations to Avoid Cybersecurity Pain
Last month in my API Academy blog I provided my observations and recommendations about the importance of logging and monitoring from a cybersecurity perspective. This month, I’ll focus on the importance of avoiding security misconfigurations when building and updating applications. As I noted last month, I’m a bit of an old salt in security, having…
Top Ten GraphQL Myths Debunked
There are a lot of myths out there (flying horse, anyone?). There’s even myths about GraphQL, which can lead to misunderstandings around it’s use cases, and even at times unwarranted fears over it’s usage. Let’s take a look at the top 10 most common GraphQL myths and see if we can’t assuage some worries and…
The Challenging Times of Delivering on OpenBanking, Part 2
In Part 1 of this 2 part series, I discussed the challenges of the open sharing of data, and consent management model. Now I’ll wrap it up with the need for a common authentication model, shareability, and we’ll start with the most important part – who’s paying for this? Banks have to foot the billThe…
DevOps in Your API Lifecycle
Your API program may be just starting or well established. Regardless, you have new APIs coming and maintenance in your future. As your program expands, so will your need to incorporate process and automation into your API workflow. A DevOps philosophy provides a framework to help you produce reliable, scalable APIs. What is DevOps? DevOps…