APIs accelerate agility, empower developers, and enable innovative business strategies. But how do you ensure the security of your API architecture as you expose your corporate data to mobile apps, developers, and partners? Does your API security framework enable DevOps agility and a scalable security model for IT?
In this webcast, Apigee’s Tim Mather and Subra Kumaraswamy discussed API security considerations for DevOps, CSOs, and security professionals.
The recent negative publicity for Snapchat's API is a real-life demonstration of what can go wrong when a few important things are overlooked. This episode offers an opportunity to remind ourselves about some aspects of security that API teams often overlook.
It’s imperative for enterprises to deliver security built into the API channel. It has to protect the whole digital supply chain, end-to-end, from apps to APIs to backend services. In recognition of this, Apigee recently took two decisive steps to extend and strengthen our already strong security expertise and security operations team: we hired Subra Kumaraswamy and Tim Mather.
The question of whether OAuth is an effective mechanism for securing back-end resources comes up from time to time. Recently, an API developer asked whether OAuth is the right solution to secure an API that he plans to make available for mobile app development. All great questions to ask as you consider opening up your API. My take is as follows: If you are working on an API that will be used by third party developers, then there is no magic bullet that will prevent developers from using your API in bad ways. However I think that OAuth 2.0 helps you reduce the risk.
Our previous discussions about API design, which are covered in Web API Design, centered on URL design and we hinted about versioning, errors, and client considerations. Recently, we also outlined an API modeling strategy that’s easy to use. Now we’ll discuss the security measures that you can use to surround your API.
Today we released a scheduled update for the Apigee API Platform, which gives free open access to the same enterprise-grade API Platform used by industry leaders like Walgreens, eBay and AT&T.
This update delivers the following new features and improvements: ability to understand your API traffic by location, approve keys for apps either automatically or manually, get performance metrics by API resource, a 200% improvement in OAuth performance, and more.
Yesterday we released a scheduled update for the Apigee API Platform, which gives free open access to the same enterprise-grade API Platform used by industry leaders like Walgreens, eBay and AT&T.
We are happy to deliver the following new features and improvements: new Validate API Key policy, new permissions and user roles, new audit logging APIs, improvements to the Trace tool, improvements to the Policy Editor, improved OAuth.