The importance of security seems to be increasing throughout the API space. In our featured article, Derric Gilling presents 9 common API threats and ways to avoid them — pagination attacks, insecure API key generation, incorrect caching, and others.
What if API clients could explore and understand resources at runtime? We review the Hydra hypermedia framework, great for enabling this capability.
By their very nature, APIs enable access to large amounts of data, potentially sensitive customer data, while bypassing browser precautions. No longer is it sufficient to focus on SQL injection and XSS issues. Instead, you should be concerned with bad actors who can paginate through all of your customers’ records and their associated data. Typical prevention mechanisms like Captchas and browser fingerprinting won’t work, since by design, APIs must handle a vast number of API calls for each consumer. Below, we’ll cover nine of the most common API threats, and discuss how to avoid them altogether...
What if API clients could explore and understand resources at runtime? Instead of being hardcoded against specific versions of specific APIs, they’d be able to identify accessible data and functionality as they progress through an API, taking further action based on user input, simple algorithms, or even artificial intelligence. This is exactly what hypermedia APIs aim to achieve — and Hydra is one of few standardized hypermedia frameworks. In this article, we’ll look at the benefits of using a framework like Hydra, its components, and some handy examples of how it works.
Microservices architecture and headless eCommerce are gaining popularity in the ecosystem. But what breathes life into these infrastructures are APIs. If it weren’t for APIs, there would be no communication between the different elements of a microservices architecture or headless eCommerce. However, the role of APIs in the future of eCommerce goes even beyond this. In subsequent sections of this article, we’ll develop a better understanding of APIs, their role in eCommerce, and the many benefits they can offer an eCommerce business.
When a developer creates an API, it needs to be tested for its quality. There are many elements that make up modern API testing, from checking functional requirements to the performance, reliability, and security of the service.
There are also many popular tools to enable quick API testing, like SoapUI, RapidAPI, and TestProject. Postman is another such tool that can aid an API developer’s testing process. Below, we’ll describe how to use Postman to test the two most common HTTP methods, GET and POST.
There’s a lot to like about microservices: they facilitate scaling, aid in isolating faults, and make it possible to feed an entire development team with just two pizzas. With that said, a greater concern for some is that of security… Are microservices more or less secure than monoliths? What do you need to consider when switching from one architecture to the other? We’ll answer those questions — and others — in this five-part comparison of monolith and microservices security...
The majority of B2B collaboration now happens over APIs. Ergo the data flowing through your API is a good representation of the health of your business. Yet, outside of infrastructure engineering, there’s a lack of tooling around how to leverage that API data. This has left a gap for companies trying to extract insights on not only their web and mobile assets, but any digital asset that is API-driven. These could be partner integrations, vendor APIs, or APIs served to customers. With the API industry standardizing around common design patterns like REST, JSON, and GraphQL, it’s becoming easier for companies to collect and analyze that data without building elaborate custom solutions.
Nordic APIs is an international community of API practitioners and enthusiasts. Interested in contributing to our blog? Submit here. Want to speak at an event? Submit here.