API Gateway Cipher Suite Best Practices – Part 1
In this three part article, we’ll cover some of the best practices in selecting the best TLS cipher suite algorithms with your API gateways.
All API & Microservices Content
The Push for Zero Trust
The Zero Trust model is founded on the belief that organizations should not automatically trust anything inside or outside its perimeters and must verify everything trying to connect to its resources before granting access—based on identity, trustworthiness, and context. This blog discusses the Zero Trust model and its components.
Do You Need Site Reliability Engineers for Your APIs?
Most organizations want to move quickly, but aren’t willing to trade uptime or quality in order to move faster. The desire for innovation and speed puts pressure on developers to shorten their release cadence, which could leave errors undetected. When the world of developers and operations collide, the organizational boundaries can create roadblocks. Two common […]
SRE vs DevOps for APIs
How do you expand API functionality while also ensuring existing mission-critical features continue to operate under stress? API development teams tend to focus on new features, while operations teams focus on stability. In the past, this difference in focus often led to these teams working at cross-purposes and made API development difficult. In recent years, […]
How To Protect Your Web Applications from OWASP Top Ten (part two)
In my first blog on How to Protect Your Web Applications from OWASP Top Ten, I discussed both OWASP and the OWASP Top Ten project, as well as how a properly configured API management solution can protect you against the first five of these threats. In this blog we’ll complete the Top Ten. A6 Security […]
How To Protect Your Web Applications from OWASP Top Ten (part one)
The Open Web Application Security Project (OWASP) is a non-profit foundation that works the improve the security of software through open-source projects. One such project is outlining the ten most critical security concerns for application security, known as the OWASP Top Ten. This two-part blog will take a look at each of these, and how […]
How to Identify Your Organization’s API Landscape
Your company provides a lot of APIs to both external and internal consumers. Your API landscape is every API you’ve built, plus those in the early stages of design and development. Before you can make decisions within this landscape—such as which APIs are working well, which may need to be shelved, and which may need […]
Six Health Checks for Your API
Organizations of all sizes depend on APIs to decrease time to market, achieve business goals, and connect important systems. In order to count on those APIs, they need to stay operational. You’ll want to consider the six health checks in this post to prevent issues and other interruptions. The first four are related to the […]
Continuous Monitoring for API Reliability
Anyone building APIs should know how well they perform. Without a view into your API reliability, you’ll be gambling that everything works as expected. API consumers—internal collaborators, partners, or other external developers—will discover if your API breaks and let you know about it. Continuous Monitoring can help you uncover these issues proactively. Developers that use […]
API Virtualization for Robust Testing
Testing is an essential part of software development. It’s similarly an important part of the API lifecycle and it helps developers discover errors in their APIs before it even gets to production. One of the most effective methods to test production-grade APIs is through API virtualization. In this article, I’ll briefly explain the concept of […]