Posted on

Extending API Management With iPaaS: Next-Step API Integration

Ten years ago, we took on a strategy to build REST APIs for our products — to build our UI on those APIs and at the same time publish these APIs as *the* product APIs. This "eat-our-dog-food" approach helped solve an API to UI functional gap, yet we had much learning to do to really be what we can call API first. About the same time, we acquired our way into the API Management space.

We recognized the emergence of API Management and API Gateways to help customers lead in digital, and it was a natural next step as we serve the variety of edge-of-the-enterprise use cases. And wow! This opened us to the amazing world of developer communities consuming APIs and building brilliant experiences. We have invested heavily in the API Management space. Now, with an API-led integration platform, we are further extending API Management.

Posted on

API Security Weekly: Issue #22

This week, we have seen vulnerabilities in 3 million car alarms, snowboard helmets, and virtual worlds. In other news, there is a new API security platform built around OpenAPI contracts. We also take a look at the SANS checklists and HTTPS/TLS tutorials.Image title

Vulnerabilities

This was a good week for PenTestPartners. They have uncovered a couple of serious API vulnerabilities:

Posted on

Object Detection and Augmentation in Modern Web Development

I’ve been playing around a lot with the Shape Detection API in Chrome and I really like the potential it has. For example, a very simple QRCode detector I wrote a long time ago has a JS polyfill but uses new BarcodeDetector() API if it is available.

You can see some of the other demo’s I’ve built here: https://paul.kinlan.me/face-detection/https://paul.kinlan.me/barcode-detection/ and https://paul.kinlan.me/detecting-text-in-an-image/

Posted on

API Ownership for the Modern Enterprise

API ownership enterpriseAPI ownership can be contentious given complexities regarding business context, accountability, shared systems, dependencies, and more.

As a guide for developing an ownership model that makes sense for your enterprise, it’s helpful to consider how the API will be used in a business context. This includes the degree to which the API is shared by multiple stakeholders across the organization, the proximity of the API to customer transactions and experiences, and the level of organizational support of DevOps cultural norms and processes inclusive of “You build it, you run it.”

Posted on

API Security Weekly: Issue #21

This week, we look at vulnerable APIs in Kubernetes, real estate services in Australia, and Amazon Ring cameras. We also take a look at upcoming healthcare API standards in the US and changes in attack trends between 2017 and 2018.

Vulnerabilities

Kubernetes continues to have API vulnerabilities (see our earlier issues 9 and 13). This time, it has turned out that PATCH API request payload was not sanitized. Attackers could craft a payload to overload the CPU and perform a denial of service (DoS) attack. To prevent the attack, upgrade Kubernetes to v1.11.8, v1.12.6, or v1.13.4, or remove the PATCH API call permission from untrusted users.

Posted on

Our Internal Version Numbering Scheme for DevOptics

In some ways, version numbering schemes can be a lot like TABs vs. Spaces or emacs vs. vi. You know the kind of wars where the wrong people just keep on fighting even if TABs are evil and emacs is harder to quit than vi? What interests me, however, is that often, there are really rather interesting reasons behind the choice of one version numbering scheme over another. In that context,I thought it might be interesting to share with you our reasons for selecting the version numbering scheme we use internally for the CloudBees DevOptics components. 

If reading a post is not your thing, you might be interested in this video I recorded on the same topic:

Posted on

API Management Is About Measuring Value Exchange

APIs are all about measuring the value exchange that occurs between internal groups, with partners, and occasionally with the public when it makes sense. API management is where you start this conversation and has been used for a decade to measure, limit, and quantify the value being exchanged at the API level. Now that API management has been baked into the cloud, we are starting to see the approach being scaled to deliver at a marketplace level. With over ten years of experience with delivering, quantifying, metering, and billing at the API level, Amazon is the best example of this monetization approach in action, with two distinct ways of quantifying the business of APIs.

AWS Marketplace Metering Service — SaaS-style billing model that provides a consumption monetization model in which customers are charged only for the number of resources they use — the best-known cloud model.