Skip to content


Explore our extensive library of articles, lessons, books, whitepapers, and videos.

Explore Featured Posts About APIs and Microservices

Explore by Topic

API Design 101: API Design Basics

By Ronnie Mitra | April 23, 2015 |

The term “API design” or “API architecture” refers to the process of developing a software interface that exposes backend data and application functionality for use in new applications. In this lesson, we provide an overview of the API architecture process, as a starting point for a deeper exploration of design and implementation best practices in…

Latest Articles

APIs and the Smart City

By Amy Vujanich | July 19, 2018 |

Exploring the role of APIs in enabling smart city initiatives As cities grow and evolve, so do the issues that local governments need to address. Leveraging technology to provide public services more efficiently and intelligently is one approach that dozens of cities across the globe are doing. Examples include everything from connected streetlights to full-service…

The Internet of Things – Today

By Bill Oakes, CISSP | March 10, 2014 |

A quick intro: I’m Bill Oakes, I work in product marketing for CA and I was recently elected to write a regular blog about the business of APIs. I’ve been around the block over the years – a coder, an engineer… I even wrote a BBS once upon a time (yes, I’m pre-Web, truly a dinosaur –…

How I Lost Weight & Learned About APIs

By Ronnie Mitra | December 2, 2013 |

Trying to stay in shape is one of those never-ending life battles that I’ve come to expect as I get older. I’ve bounced between being a healthy shape and a not-so-healthy one for years and I’ve managed to live life just outside the edge of ideal fitness. A few months back, I reached an apex…

Cyber Security Awareness Month & the Internet of Vulnerable Things

By Holger Reinhardt | October 1, 2013 |

Did you know that October is National Cyber Security Awareness Month in the US? While I usually emphasize the enormous potential of the Internet of Things (IoT), let’s use the occasion to look at the security risks of the Internet of really vulnerable things. Over the last couple of months, a casual observer could have noticed a variety…


How to Use Policy to Retrieve a Portal API OAuth Token

By Geoff Duck | December 4, 2019

An API Gateway can be a fast, easy way to manage entities in an API Portal.  The Portal API (PAPI) provides entry-points to perform tasks such as onboard users, manage APIs that are protected by the gateway runtime, manage and update API versions and documentation, and administer API Management items such as application definitions, organizations,…

Enriching and Externalizing Gateway Metrics to Splunk

By Ping Tan | November 11, 2019

Overview Gateway metrics are a critical piece of intel to determine the health of Services and traffic throughput on an API Gateway. Using Layer7 API Management as an example, there are a few ways we can obtain this information: Policy Manager: Dashboard, PAPIM (Precision API Monitoring), sending this information to a monitoring solution via Gateway…

DevOps: REST API Execution Through Bash Shell Scripting III

By Thomas Cheng | October 28, 2019

A Simple Framework (Experiences) This is the third and last part of the paper proposing a framework that enables DevOps teams to issue REST API calls via bash shell scripts. This part shares some experiences/lessons learned from real world applications. Experiences It would be nice if API publishers simply provided an API client SDK in…

DevOps: REST API Execution Through Bash Shell Scripting II

By Thomas Cheng | October 24, 2019

A Simple Framework (Extension) This is the second part of the paper proposing a framework that enables DevOps teams to issue REST API calls via bash shell scripts. This part discusses the extension beyond the core of the proposed framework. The third part shares some lessons learned from real world applications. The Basics The basic…

How API Languages Evolve

By Ronnie Mitra | July 16, 2018

As API systems mature, knowing the history and evolution of various API languages will help organizations create robust and successful landscapes. How (API) Languages Evolve APIs are languages: they specify how providers and consumers of capabilities communicate. The things that can be “said” in an API conversation are determined by the expressivity of the involved…

Applying and Extending DHARMA

By Amy Vujanich | July 11, 2018

This post gives some practical examples of the DHARMA method for API Security in a Microservice Architecture, and also shares some opportunities for extending the model. This article shares concepts from the O’Reilly book Securing Microservice APIs. If you’re attending OSCON next week, Rob Wilson and Matt McLarty will be signing and giving away print copies during lunch…

Books and Guides

A Guide to REST and API Design

By Mike Amundsen | August 7, 2019

API Academy Learn how to use REST to build developer-friendly, sustainable APIs The Representational State Transfer (REST) architectural style is extremely valuable to organizations that want to create APIs as a way to leverage their existing IT resources in new Web and mobile apps. By applying REST design principles to a protocol, such as HTTP,…

5 Pillars of API Management

By Jaime Ryan | August 7, 2019

API Academy Manage security and performance risks created by opening enterprise systems via APIs Traditional enterprise are blurring, as organizations open their on-premise data and application functionality for use in new internal and external applications. APIs form the foundation of this open enterprise, allowing enterprises to reuse their existing information assets across organizational boundaries. To…

Choosing the Right API Management Solution for the Enterprise User

By Mike Amundsen | August 7, 2019

API Academy Address key functional and operational characteristics of an effective API Management solution This white paper examines the different functional and operational requirements for an enterprise-level API Management solution. In doing so, it gives IT managers, Web managers and enterprise architects key information for selecting an API Management solution. The API is undergoing a…

A How-to Guide to OAuth & API Security

By Mike Amundsen | August 7, 2019

API Academy Make OAuth implementation simple for your organization OAuth is an emerging Web standard that lets users grant third-party clients restricted access to resources they own. In the past, it was common to ask a user to share username and password information with the client. OAuth authentication is more secure as it allows the…

5 OAuth Essentials for API Access Control

By Mike Amundsen | August 7, 2019

API Academy Create a framework to address the complex challenges associated with implementing OAuth There are a number of important access-related challenges for API publishers. However, deploying OAuth as an authorization mechanism for enterprise APIs raises challenges around scalability, correct usage and integration. To make matters worse, OAuth is not supported by existing infrastructure and…

Protecting Your APIs Against Attack & Hijack

By Ronnie Mitra | August 7, 2019

API Academy Secure enterprise APIs for mobile, cloud and open Web It is a mistake to think we can secure APIs using the same methods and technologies with which we secured the conventional, browser-centric Web. While it is true that APIs share many of the same threats that plague the Web, APIs are fundamentally different…


Tutorial: The New Enterprise Topology

By Amy Vujanich | August 6, 2019

Learn how big data and mobile devices are redefining the topology of enterprise IT The three-tier topology popularized by Web applications is changing. Big Data and mobile devices are shifting the borders of enterprise IT and the API has become the new perimeter for organizations, exposing their business and data services for external consumption. This…

Tutorial: Creating a Solid Foundation for Your Web APIs

By Amy Vujanich | August 6, 2019

Learn how to create a flexible, agile, reliable and secure foundation for HTTP-based APIs This tutorial video from the API Academy identifies four implementation details (component versus connector; representation service; caching layer; security layer) that are highly useful for creating a flexible, agile, reliable and secure foundation for HTTP-based APIs.

Tutorial: The API Interaction Model – An Introduction

By Amy Vujanich | August 6, 2019

Learn about interaction-based API design The interaction model is a foundational design element for API architects. This tutorial video from the API Academy introduces the concept of interaction-based design and provides guidance on how to design an interaction model for an API.

Tutorial: Use Pagination in Web API Design

By Amy Vujanich | August 6, 2019

Learn how to use pagination effectively in your Web APIs Pagination, which is very common on the Web, allows API architects to conserve resources, improve response times and optimize the user experience. This tutorial video from the API Academy provides a crash course explaining pagination and outlining how to use it effectively in the design…

Tutorial: API Documentation Overview

By Amy Vujanich | August 6, 2019

Learn how to document your API to ensure the best possible results To make sure developers use your API to create apps that add true value to your business, you must provide proper documentation. But where do you start when it comes to creating documentation for an API? This video will give you deeper insight…

Tutorial: 3 Common Web Architecture Styles

By Amy Vujanich | August 6, 2019

Learn about different styles for implementing Web solutions There is more than one way to implement a Web solution. This video: Identifies three common styles for the implementation of Web applications Describes the key features of these styles Asks the question “Which style best fits your needs?”

Scroll To Top