In my last post I wrote about how the book digitizing effort is trying to monetize underutilized books online.
For anyone contemplating exposing data or capabilities via APIs to create new revenue streams, there are some important implementation lessons that can be learned.
In Norway’s Bookshelf project, their free online books can only be read online and only in Norway, and cannot be downloaded or printed out. Similarly, with APIs you need to have a way to control who can access your data and from where. API...
"The only reason you'd have only a SOAP API is because you hate 80% of your addressable market." - @sramji
There's usually little argument that a REST API is easier to use than a SOAP API.
But how important is it to be 'truly' or 'strictly' RESTful? That is, adhering to standard HTTP operations or 'verbs' - GET, PUT, DELETE, POST - on well defined resources, as opposed to the common practice of embedding 'verbs' or operations as methods in a GET URL.
A recent article "Why REST Security Doesn't Exist." postulates, "REST does not have predefined security methods, so developers define their own."
Some good points in here (such as 'don't roll your own') but I might not completely agree with the premise.
One of the fundamental principles of REST is that it builds on the HTTP protocol -- and the HTTP protocol very much does have "predefined security methods."
The basic HTTP protocol supports a way to plug in different security schemes. It also supports OAuth, two-way SSL, and many other mechanisms. Not only does HTTP allow for...
Recently we rolled out two new Apigee capabilities.
First, we've added SSL support for APIs that support the HTTPS protocol. Now you can create an Apigee proxy for an API secured by HTTPS—such as the PayPal API—just specify 'https' in the API URL when creating a proxy. You could also change an existing HTTP proxy to an HTTPS proxy. (Of course, the API in question must support HTTPS, else you'll get an error.)
We're also working on adding SSL support for API providers that want to map to their own domain URL (and therefore their own certificate). Stay tuned,...
Next in our series of tech talks on cloud security issues, Greg and Ryan Bagnulo, Security Architect for ASPECT-i discuss how scalability can change security requirements and how cloud computing offers new opportunities to fend off attacks on services including.
- security at high scale - how to preserve the resilency of the busines
- cloud powered security - using elastic cloud resources at the edge to protect core services
- protecting against bot attacks and spikes through security policy enforcement and caching
Check out this talk below, last week's video on PII and Audit compliance, and the full series...
The cost of IT security breaches has almost doubled from 2008 according to this piece via ComputerWorld Canada.
While we'd love to tell you this is just a problem for our Canadian friends - unfortunately we all need to understand API attack types.
(Remember in our Cloud security tech talks last week we saw that for breaches over a certain size you may even need to issue a press release!)
Here are 10 threats that we cover in our API threat protection policy pack.
1. Malicious Code Injection: exploits backend...
Greg recently sat down with Ryan Bagnulo, Security Architect for ASPECT-i, to discuss a number of cloud security concerns and issues.