Mobile apps are today's vehicle for e-commerce. Apps are powered by APIs. The app store rating is *everything* when it comes to how well your app does in the market.
In this recent webcast, Ole Lensmar from SmartBear and Alan Ho of Apigee discussed ways to avoid the dreaded 1-star rating; how to ensure APIs don't compromise your app's performance and how can you take corrective action before your app earns a poor reputation.
Today we released a scheduled update for the Apigee API Platform, which gives free open access to the same enterprise-grade API Platform used by industry leaders like Walgreens, eBay and AT&T.
This update delivers the following new features and improvements: ability to understand your API traffic by location, approve keys for apps either automatically or manually, get performance metrics by API resource, a 200% improvement in OAuth performance, and more.
As discussed in previous posts, it's important for app developers and API providers to understand how to protect users, apps, and APIs from abuse and how to deal with malicious attacks when they happen. It's also important to think about how to design protection systems to optimize impact on abusers while minimizing impact on legitimate users.
In my last post I looked at some of the ways malicious users can attack your apps and APIs and ways to mitigate the risk of attack. This time we'll look at some more ways to push back against attackers.
When a malicious user or app is detected, the user or the app can be blocked, throttled or denied service. The confidence in the "maliciousness" of an app or a user can be used to take service denial actions or even to reduce the QoS available for such users and apps. Similarly, end users should be notified about actions...
Abusers or spammers are the bad guys looking to make money by getting unsuspecting end users or consumers of online services to interact with malicious content or spam that leads to one or more of the following scenarios:
- Eyeballs on spam content that lead to clicks and purchases;
- Gathering users’ private information through keyloggers (or other spyware) on the user’s machine or device which is then sold to the highest bidder.
- Phishing for users’ private information such as SSN, credit card #, or passwords and selling those to the highest bidder.
- Installing malicious software on users’ machines or devices, which in turn steals more of their information or uses their bandwidth or storage for carrying our further attacks.
Any workflow that creates or consumes content, shares or reshares content, sends or receives communications can be vulnerable to attack. This post discusses how to protect your assets and APIs.
Great article by Jonathon Feldman in Information Week recently with some steps for CIOs to take before getting into cloud computing. One is to insist on SLAs from cloud providers, especially considering the natural tension from the provider's perspective between high-availability and low-cost operations.
Absolutely agree. But to build on this - remember that scene from Seinfeld where Jerry is at the car rental counter - "Anybody can *take* a reservation, the important part is to *hold* the reservation."
Often, cloud and API providers will agree to SLAs, but have limited means to...
Who needs Twitter follower notifications clogging up their inbox? Why doesn't Twitter provide an RSS feed? And why isn't it easier to identify spam-followers?
Turn off those pesky emails and get your updates in RSS with Twitter Follower Notifications.
This tool uses Yahoo! Pipes to create an RSS feed that gives a ton more info about your new followers, like:
-Their bio and location
-Their last five tweets
-Whether or not they follow you, too
-Whether their updates are private or public
Bonus: you could use this tool for any Twitter user, which could be...