openapi spec | The Blog Pros

July 8, 2022

API Security Weekly: Issue 166

This week, we have a comprehensive article on approaches to securing large API ecosystems, an interesting read on how to create OpenAPI definitions from HTTP traffic, how “Frankenstein APIs” are exposing businesses to additional risk, and why the continued API proliferation presents security challenges to organizations.

Securing Large API Ecosystems

First up this week is an excellent article from Michał Trojanowski in TheNewStack discussing the challenges facing the security of large API ecosystems. Trojanowski’s view is that security patterns applied to small-scale API deployments do not scale nor are they appropriate for larger-scale API deployments.

October 25, 2021

How to Use OpenAPI for Secure and Robust API Integration

Standards are awesome.

What kind of world would this be if programming languages allowed () and [] and {} to be used interchangeably or even mixed together? Chaos would ensue.

May 27, 2021

Problem: Spreadsheets. Solution: Specifications

In Analysis

A business analyst and a developer may have different objectives and perspectives

Here’s an example of a conversation that you may have been part of sometime in your life as a developer.

Business Analyst: Our next user story involves creating an API (let’s call it “Customer API”).
Developer A: How novel! That’s what I did yesterday and the day before and the day before that.
Business Analyst: Great, should I let the clients know that it wouldn’t take as long to build it?
Developer A: Hold on. We haven’t even heard the requirements for Customer API.
Business Analyst: It’s just a couple of hundred fields that Customer API needs to send to another downstream API to perform the transaction.
Developer A: And how will we know the values for these fields that Customer API needs to send?
Business Analyst: I’ll take care of it. I have already spoken to the lead developer from the downstream API team, and he’s sent me a spreadsheet. It has all the fields and the values that need to be part of the request body. He’s also sent me a document with information on the headers and auth details required to call the downstream API.
Developer A: Is this downstream API available in a testing environment? A playground, maybe?
Business Analyst: They’re still working on building the downstream API, so they don’t have a working version yet.

In Development

Developer A gets to work. She pairs with Developer B, another application developer on her team, to finish the Customer API story. Business Analyst sends them an email with a spreadsheet containing the fields and a document that includes the API currently in development by the downstream API team. It seems like Developer A and Developer B have all the information required to start building the Customer API, so they come up with the following list of tasks:

April 1, 2021

Secure API Design With OpenAPI Specification

Editor’s Note: The following is an article written for and published in DZone’s 2021 API Design and Management Trend Report.

API security is at the forefront of cybersecurity. Emerging trends and technologies like cloud-native applications, serverless, microservices, single-page applications, and mobile and IoT devices have led to the proliferation of APIs. Application components are no longer internal objects communicating with each other on a single machine within a single process — they are APIs talking to each other over a network.

August 28, 2020

Benefits of Using the OpenAPI (Swagger) Specification for Your APIs

With software products becoming just a bunch of micro-services and third-party APIs mashed together, it's more crucial than ever to get their structure in order.

GraphQL already did this at its inception by coming up with a whole specification that describes how APIs of its type should behave. In the RESTful API landscape, things were a bit more wild west. However, even if not all backend devs know it, there are a number of specifications for REST APIs as well.

July 8, 2020

Can your API Gateway Tango to Open API Spec?

Open API Spec — an API-First Approach

Enterprises today use an API first approach towards application development and sharing data. This API based approach is used under several scenarios like — breaking up a monolith into microservices, adopting cloud, and adopting Kubernetes.

APIs are also a popular choice to adopt Service Oriented Architectural approach. API also forms a key tenant to support data sharing and logic reuse. An API in an application can be compared to a function in the imperative programming paradigm.

April 26, 2019

Why API Schemas Are Better Than Connectors for Integration

Why Enterprise Application Integration Platforms Have Traditionally Used Connectors

A connector (often called an SDK) is a piece of code that wraps an external API so that it can communicate with your application. Huh? Ok, well, let’s run through a practical example.

Say you wanted to update a contact in your CRM system every time there was a change to the same contact in your ERP (or accounting system). The providers of both the CRM and ERP system document their APIs on their websites. This documentation describes all of the operations available in the API, the method by which you should connect to the API, security, and other settings.