Copy
9 API threats, Hydra for hypermedia, eCommerce APIs, Postman for API testing, Monolith vs microservices security, API product analytics, and more...
View this email in your browser
2020  |  Issue #18  |  Blog
Hello API users,

The importance of security seems to be increasing throughout the API space. In our featured article, Derric Gilling presents 9 common API threats and ways to avoid them — pagination attacks, insecure API key generation, incorrect caching, and others.

What if API clients could explore and understand resources at runtime? We review the Hydra hypermedia framework, great for enabling this capability.


Also, Hardik Shah presents the role of APIs in eCommerce, Dan M. walks through using Postman for API testing, we compare microservices vs monolithic security, and look into opening up API analytics for business users

 

Thanks for reading!
- Bill Doerrfeld, Editor in Chief, Nordic APIs

Developer Empathy LiveCast
Register for our free LiveCast, feat. Adam DuVander, EveryDeveloper, and Christina Voskoglou, SlashData.
FEATURED ARTICLE:

9 Common API Threats, And How To Avoid Them

By Derric Gilling

By their very nature, APIs enable access to large amounts of data, potentially sensitive customer data, while bypassing browser precautions. No longer is it sufficient to focus on SQL injection and XSS issues. Instead, you should be concerned with bad actors who can paginate through all of your customers’ records and their associated data. Typical prevention mechanisms like Captchas and browser fingerprinting won’t work, since by design, APIs must handle a vast number of API calls for each consumer. Below, we’ll cover nine of the most common API threats, and discuss how to avoid them altogether...

Share Share
Tweet Tweet
Share Share
Forward Forward

Hydra for Hypermedia APIs: Benefits, Components, and Examples

By Thomas Bush

Hydra for Hypermedia APIs: Benefits, Components, and Examples

What if API clients could explore and understand resources at runtime? Instead of being hardcoded against specific versions of specific APIs, they’d be able to identify accessible data and functionality as they progress through an API, taking further action based on user input, simple algorithms, or even artificial intelligence. This is exactly what hypermedia APIs aim to achieve — and Hydra is one of few standardized hypermedia frameworks. In this article, we’ll look at the benefits of using a framework like Hydra, its components, and some handy examples of how it works.

Share Share
Tweet Tweet
Share Share
Forward Forward

How eCommerce Businesses Are Leveraging the API Economy

By Hardik Shah

How eCommerce Businesses Are Leveraging the API Economy

Microservices architecture and headless eCommerce are gaining popularity in the ecosystem. But what breathes life into these infrastructures are APIs. If it weren’t for APIs, there would be no communication between the different elements of a microservices architecture or headless eCommerce. However, the role of APIs in the future of eCommerce goes even beyond this. In subsequent sections of this article, we’ll develop a better understanding of APIs, their role in eCommerce, and the many benefits they can offer an eCommerce business.

Share Share
Tweet Tweet
Share Share
Forward Forward

How to Use Postman for API Testing

By Dan M.

How to Use Postman for API Testing

When a developer creates an API, it needs to be tested for its quality. There are many elements that make up modern API testing, from checking functional requirements to the performance, reliability, and security of the service. There are also many popular tools to enable quick API testing, like SoapUI, RapidAPI, and TestProject. Postman is another such tool that can aid an API developer’s testing process. Below, we’ll describe how to use Postman to test the two most common HTTP methods, GET and POST.

Share Share
Tweet Tweet
Share Share
Forward Forward

Which Is More Secure: Monolith or Microservices?

By Thomas Bush

Which Is More Secure: Monolith or Microservices?

There’s a lot to like about microservices: they facilitate scaling, aid in isolating faults, and make it possible to feed an entire development team with just two pizzas. With that said, a greater concern for some is that of security… Are microservices more or less secure than monoliths? What do you need to consider when switching from one architecture to the other? We’ll answer those questions — and others — in this five-part comparison of monolith and microservices security...

Share Share
Tweet Tweet
Share Share
Forward Forward

How to Improve API Product Analytics for Business Users

By Derric Gilling

How to Improve API Product Analytics for Business Users

The majority of B2B collaboration now happens over APIs. Ergo the data flowing through your API is a good representation of the health of your business. Yet, outside of infrastructure engineering, there’s a lack of tooling around how to leverage that API data. This has left a gap for companies trying to extract insights on not only their web and mobile assets, but any digital asset that is API-driven. These could be partner integrations, vendor APIs, or APIs served to customers. With the API industry standardizing around common design patterns like REST, JSON, and GraphQL, it’s becoming easier for companies to collect and analyze that data without building elaborate custom solutions.

Share Share
Tweet Tweet
Share Share
Forward Forward
Twitter Twitter
Facebook Facebook
Website Website
YouTube YouTube
Slideshare Slideshare
Instagram Instagram
Nordic APIs is an international community of API practitioners and enthusiasts. Interested in contributing to our blog? Submit here. Want to speak at an event? Submit here.

Copyright © 2020 Nordic APIs, All rights reserved.



We really like having you around.

Before you unsubscribe, why not update your subscription settings to not receive blog post updates?

If you really don't want to stay informed about APIs and how they can improve your business, you can ubsubscribe here.
 
Email Marketing Powered by Mailchimp