Posted on

Secure Your API With These 16 Practices With Apache APISIX (Part 2)

Last week, we listed 16 practices to help secure one's APIs and described how to implement them with Apache APISIX.

  1. Authentication: Verifies the identity of users accessing APIs.
  2. Authorization: Determines permissions of authenticated users.
  3. Data Redaction: Obscures sensitive data for protection.
  4. Encryption: Encodes data so only authorized parties can decode it.
  5. Error Handling: Manages responses when things go wrong, avoiding revealing sensitive info.
  6. Input Validation and Data Sanitization: Checks input data and removes harmful parts.
  7. Intrusion Detection Systems: Monitor networks for suspicious activities.
  8. IP Whitelisting: Permits API access only from trusted IP addresses.
  9. Logging and Monitoring: Keeps detailed logs and regularly monitors APIs.
  10. Rate Limiting: Limits user requests to prevent overload.
  11. Secure Dependencies: Ensures third-party code is free from vulnerabilities.
  12. Security Headers: Enhances site security against types of attacks like XSS.
  13. Token Expiry: Regularly expiring and renewing tokens prevents unauthorized access.
  14. Use of Security Standards and Frameworks: Guides your API security strategy.
  15. Web Application Firewall: Protects your site from HTTP-specific attacks.
  16. API Versioning: Maintains different versions of your API for seamless updates.

This week, we will look at the remaining practices.

Posted on

Error Handling in Mule 4.4

In this article, we’ll learn what exactly error handling does and how you can apply it to the APIs of MuleSoft.

Introduction

The applications that you use are developed by developers and they are highly functional and very easy to use when it comes to working on them. There can be few crashes or errors that are of any form: it could be a bad request made to the website or a 404 not found error. These errors are listed as HTTP error codes. So to avoid this, developers create responses to such requests in advance by creating an error-handling section in their applications.

Posted on

Best Practices for Error Handling in .Net 6

Quick Microsoft .NET 6 Overview

Microsoft .NET 6 is a cross-platform framework that merges the .NET Core, .NET Framework, and  Xamarin/Mono technologies into a single framework. Continuing the unification that started with .NET 5 by unifying the runtime and SDK for desktop, web, mobile, and cloud applications.

Alongside C# 10 and Visual Studio 2022, Microsoft made .NET 6 generally available on November 9, 2021. There are many new enhancements to .NET 6, including:

Posted on

Error Handling via Dead Letter Queue in Apache Kafka

Recognizing and handling errors is essential for any reliable data streaming pipeline. This blog post explores best practices for implementing error handling using a Dead Letter Queue in Apache Kafka infrastructure. The options include a custom implementation, Kafka Streams, Kafka Connect, the Spring framework, and the Parallel Consumer. Real-world case studies show how Uber, CrowdStrike, and Santander Bank build reliable real-time error handling at an extreme scale.

Apache Kafka became the favorite integration middleware for many enterprise architectures. Even for a cloud-first strategy, enterprises leverage data streaming with Kafka as a cloud-native integration platform as a service (iPaaS).

Posted on

Error Handling in Spring for GraphQL

The Problem

Recently, I wrote some GraphQL endpoints and got a bit blocked when I came to the error handling mechanism. Usually, when writing REST endpoints, you either go for a particular @ExceptionHandler for your controller or you go for the @ControllerAdvice to handle exceptions globally for multiple controllers. Apparently, that is not the case for GraphQL. There is a completely different approach for handling errors.

First, the most important thing that I should mention is that I am using:

Posted on

Error Handling in Camunda

In this tutorial, we are going to learn about how to handle exceptions in Camunda. For this

Create a Spring Boot project with the embedded Camunda Engine using this link. Use version 7.15.0.

Posted on

Error Handling in SQL Server

In this article, we will learn how to handle exceptions in SQL Server and also see how to capture or log the exception in case of any DB Level Exception occurs so that the Developer can refer to that Error log, can check the severity of the Exception, and fix it without wasting too much time in finding the exception causing procedure or function or line which is causing the exception.

Let's Begin

In order to demonstrate how an exception is thrown in the procedure, I have created a Sample Procedure i.e. usp_SampleProcedure as shown below

Posted on

Error Handling in Spring Webflux

The topic of error handling in web applications is very important. From a client perspective it is essential to know on how was the request proceeded and in case of any error is crucial to provide to the client a valid reason, especially if the error was due to the client’s actions. There are different situations, when notifying callers about concrete reasons is important – think about server-side validations, business logic errors that come due to bad requests or simple not found situations.

The mechanism of error handling in Webflux is different, from what we know from Spring MVC. Core building blocks of reactive apps – Mono and Flux brings a special way to deal with error situations, and while old exception-based error handling still may work for some cases, it violates Spring Webflux nature. In this post I will do an overview of how to process errors in Webflux when it comes to business errors and absent data. I will not cover technical errors in this article, as they are handled by Spring framework.