Posted on

API Security Weekly: Issue 164

This week, we have news on the Log4Shell vulnerability affecting applications and infrastructure using the ubiquitous Log4j library. In addition, there's an article on how API sprawl is becoming a threat to the digital economy, a guide on API security design best practices, and views on the benefits of the zero trust approach for API security.

Vulnerability: Log4Shell Vulnerability Poses a Critical Threat to Applications

The major news this week is the critical vulnerability in the ubiquitous Log4j Java logging library. A combination of factors — including the ease of exploit (several example exploits were posted within hours of disclosure), the prevalence of the library, and the impact of the vulnerability (including complete server takeover) — has led to the vulnerability being classified a maximum score of ten on the CVSS scale. The vulnerability has been assigned the identifier CVE-2021-44228.

Posted on

A Guide to API Types and Integration Specifics

There is plenty of information on the different types of APIs, common API architectures and protocols, and such. So, instead of providing general information, I decided to take a look at all these concepts specifically from the integration perspective including:

  • What exactly working with different types, architectures, and protocols of APIs means when you want to integrate several services with each other
  • What tools can be useful in such cases and what aspects you might need to be aware of. 

So, let’s kick off this topic with the first part – the different types of APIs and their integration.

Posted on

Quantum Duality of API as a Business and a Technology

As an API strategy store project manager who is responsible for the API program, you have to look at both of these two sides and find the balance. It’s really hard to say what the correct balance is because it totally depends on the current landscape, on the business models, as well as on the technology maturity that you have. So you have to analyze it, and then look at the maturity model, and have a proper way of increasing or improving the business models as well as improving your technology stack.

What I’m going to do in this article is walk you through the concept of quantum duality of API as a business and API as a technology because a lot of organizations are focusing on API programs, but they are looking at only one aspect of this problem: either the business side or the technology side. However, we need to have a balance. This is where I’m going to discuss and share some of my experience working with different types of enterprises around the globe. The first thing we’ll talk about is the federation and business models around APIs, and then we will move on to how this polyglot and heterogeneous nature affects API development. From the technology side, it will be how you can move to the cloud and leverage cloud-native technologies and how you can modernize the development. All of these four pieces are tied together for a successful API program, so I’m going to discuss these concepts.

Posted on

New Year’s Resolutions for API Product Managers

What are your New Year's Resolutions?

The New Year brings with it a multitude of good intentions, with many of us determined to improve our lives one way or another and to set aspirational goals so that we can better our current self. With the idea of New Year resolutions, this post is about some New Year’s resolutions that all API Product Managers should consider adopting to better their API product offering.

Posted on

How Companies Benefit From an API-First Approach

The past few years have seen rapid growth in the API economy. The boom in the development of interconnected hardware, artificial intelligence, and other impressive pieces of technology bear testament to how vital APIs are, and how much more important they will become in the near future.

In the past, API design was typically consumer-centric, which meant it only came after a company had already developed a data-rich application and then decided to provide a way for all the data to be accessed by developers through an API. However, in the past few years there has been a gradual shift in the approach companies use in mobile and web development with more and more companies opting for what is called an API-first software development strategy, which has a lot of advantages and potential benefits. First, let’s delve into what API-first software development is before discussing the reasons why trying it out is important.

Posted on

The API Economy and Why It Matters to Your Business

First, Let’s Define an API

An API (or “Application Programming Interface”) is a software intermediary for an application or service that enables other applications or services to send them requests and receive responses to those requests. The API will define the terms of the request and response such as the structure of the data, the data required, the protocol, and security settings.

An API makes it easier to integrate applications and services as the API forms a “contract” governing the communication between them. This gives developers certainty when integrating systems and can also enable larger monolithic services to be broken down into smaller independent services with defined interfaces.