ReactFirst Weekly Roundup

What's new in the world of APIs, brought to your inbox every week. Technical help, business-facing insights, best practices and guides.

Screen Shot 2021-11-29 at 9.17.51 AM.png

1/21/2022

3 Vital API Metrics You Should Monitor

Alerts shouldn’t be reinvented for every application. The three vital signs you need to monitor for every API are: Success Rate, Latency, and QPS.

 

When to Use API Management and Service Mesh Together

Though sometimes described as competing architectures, API management and service mesh have slightly different use cases and can actually work well together. Whereas API management provides the business logic for outside-facing traffic, a service mesh excels at handling intercommunication between microservices. An organization could certainly adopt both simultaneously across their projects. So, when does it make sense to use both API management and service mesh?

 

Omnichannel Growth Increases API Risks

Today, a lot of the digital innovation we see is largely thanks to the application programming interface (API). Without APIs, rapid development would be nearly impossible. After all, the API is the link between computers, software and computer programs. But wherever there's a link, a potential data security weakness exists.

 

Nobody cares about API design guidelines

"Did you read our API design guidelines? Yes we did! ... Sorry, but I don't think so". Let's be honest, besides those who write them, nobody cares about API design guidelines. Some don't read them, some don't agree with them. Should we punish the offenders? Though it is sometimes tempting, no.

1/14/2022

Predicts 2022: APIs Demand Improved Security and Management

Software engineering leaders are rapidly adopting APIs to improve connectivity and enable digitization, but face an increased challenge of securely managing API sprawl. Our predictions about the future of APIs enable software engineering leaders to plan for API management and security challenges.

 

Principles of Web API Design: Delivering Value with APIs and Microservices

This is a comprehensive, start-to-finish guide to the processes required for effective API design. Unlike other books, it covers the entire lifecycle. by James Higginbotham

 

9 Ways That Cybersecurity May Change in 2022

The dramatic rise in ransomware and other cyberattacks over the past year has finally driven home the point that cybersecurity needs to be taken much more seriously. Amid initiatives by the U.S. government and other parties, there's a growing global awareness of the need to focus on security to combat attacks that threaten vital areas of society. How might this renewed focus on security start to play out in 2022?

 

API Vulnerability in the AWS Cloudformation API

On January 13th, researchers from Orca Security published a vulnerability found in the AWS CloudFormation API, a service that helps users model and set up their AWS resources. The vulnerability allowed the researchers to get file and credential disclosure primitives on an internal AWS service and leverage these to leak sensitive files found on the CloudFormation vulnerable machines. The attack flow then continues to an SSRF (server-side request forgery) leveraging the connectivity and permissions of the targeted service.

 

5 lessons for an effective API strategy

Application programming interfaces (APIs) are widely used to connect systems and applications, and they have become an integral part of many mission-critical business capabilities. In fact, a recent Gartner survey found that 70% of organizations are using API management and mediation to build their digital platforms. However, many software leaders overlook the business potential of APIs as digital products, focusing instead on technical use cases.

12/17/2021

RapidAPI Report Finds Partner-Facing APIs on the Rise

2021 was undoubtedly a big year for APIs. Amid rapid digitalization, APIs propelled many areas of the digital economy, powering many of the apps we use all the time. They can enable agile eCommerce, mainframe modernization, make DevOps tools more programmable, and bring flexibility to many other environments.

 

22 Engineering Leaders Weigh in on APIs

Every business today is a digital business ... and if it's not, it will be soon. A recent study by Deloitte found that digitally mature companies are better able to navigate rapid change and, as a result, perform much better financially. Nearly two-thirds of survey respondents asserted that organizations that don't digitize in the next five years will be "doomed."

 

Log4Shell: We Are in So Much Trouble

The open source Java logging library Apache Log4j is used a lot. And, when I say a lot, I mean it's used in hundreds of applications. And, these aren't just any old programs, they include Apache projects, such as Druid, Dubbo, Flink, Flume, Hadoop, Kafka, Solr, Spark, and Struts; Apple iCloud; numerous Cisco...

 

Fighting API Sprawl in the Modern Cloud Maul

The new network malady is API sprawl, also potentially known as API abomination or API application anathema if we’re looking for a snappier and more alliterative name tag. So what kind of API meltdown is happening and what can we do about it?

 

No Tool Will Fix Your OWASP Top 10 Risks

Companies want to prioritize their vulnerabilities, but the Top 10 document should be considered a prompt for discussing how business and security groups should tackle cybersecurity, rather than attempting to use it as a blueprint for an application security program.

12/9/2021

10 Trends Shaping the API Industry in 2022

2021 has been a big year in APIs.

 

Developer Marketing for API Companies

Nordic APIs has long tracked the API-as-a-product trend, where companies expose their products primarily through a developer interface. The companies that treat their APIs as an external product need to reach potential customers, but technical audiences can be difficult to attract. They're often averse to traditional promotion techniques.

 

5 reasons why you should treat private APIs like public ones

"Why should we care about our privates APIs? They're only consumed by us, so let's do minimal work on them. We'll keep our effort only for the public ones we sell to the outside world." Such stance will have terrible consequences for an organization, even more if it will never create public APIs.

 

Ford's 5 Steps to Navigating the Digital Transformation Frontier Via APIs

The wave of APIs taking over the world manifests not only in new companies springing up that are absolutely reliant on APIs but also in transforming industries that have been around for hundreds of years. For one, the entire automotive industry is heading in the direction of being an ultimately API drive ecosystem.

 

Tyk Whitepaper: Approaching your API Strategy

As well as writing for the James Higginbotham is an Executive API Consultant with experience in API strategy and software architecture. James guides enterprises through their digital transformation journey to deliver a great customer experience and provides training in API and microservice design.

12/3/2021

Tesla owners report app being down, locking them out of their cars

Tesla Inc.'s application programming interface (API) has reportedly been down since 3 p.m. EST, according to TeslaFi, a website that tracks Tesla data. While this might seem like a typical small bug seen in technology, the API going down has reportedly caused a number of Tesla owners to be locked outside of their cars, with seemingly no way to enter the vehicle or start it.

 

Enabling Exponential Growth Through APIs

Some of the largest companies today have built their immense success on the cutting-edge of API development. This undeniable success can be used as a North Star by companies of all sizes today.

 

Claiming Space in the API Market, (Part One)

Web APIs made their debut in 2000 when both Salesforce and eBay introduced API-based services. The basic architecture of a web API hasn't changed much since then, though the diversity of API offerings has exploded. The core simplicity of API architecture is part of what has helped them endure and grow.

 

The Internet is Held Together With Spit & Baling Wire

Imagine being able to disconnect or redirect Internet traffic destined for some of the world's biggest companies - just by spoofing an email. This is the nature of a threat vector recently removed by a Fortune 500 firm that operates one of the largest Internet backbones.

11/26/2021

GoDaddy Data Breach Leaves 1.2 Million Users Vulnerable

More than 1.2 million GoDaddy customers might have had their information exposed in a recent data breach, according to the web hosting company. GoDaddy’s chief information security officer Demetrius Comes notified the Securities and Exchange Commission that it had detected unauthorized access to its WordPress servers, which is where it keeps customer information, including their email addresses.

 

The 60 Biggest Data Breaches Ranked by Impact (Updated Nov. 2021) Even prestigious companies like Facebook, LinkedIn, and Twitter are vulnerable to the rising trend of data breaches. Each of the listed data breaches reveal the mistakes that lead to the exposure of up to millions of personal data records.

 

Security Analytics Market Size ($34,226.73Mn by 2028) Impelled by Big Data and Cloud-Based Infrastructure (16% CAGR)

The security analytics market size expected to reach $34,226.73 million by 2028 from $12,076.36 million in 2021 to grow at a CAGR of 16.0% during 2021-2028; while the global market dominated by BFSI segment with market share of 26.6% in 2020.

 

11/19/2021

WhatsApp brings its Business API to the cloud to speed adoption

The company has been steadily building out its Business API over the past couple of years to become one of the key ways the otherwise free messaging app will generate revenue from its service

 

5 Common Mistakes Developers Make With API Security

With more meticulous attention to code hygiene, developers can help themselves and their companies avoid major headaches later on

 

Researcher Details Vulnerabilities Found in AWS API Gateway

All it took was a space between characters and a few random letters, and Web researcher Daniel Thatcher was able to modify the HTTP header sent to Amazon API Gateway

11/12/2021

 

REST vs. GraphQL: A Side-By-Side Comparison

APIs and REST are often thought of together, to the point of being synonymous or used interchangeably. Take a look at GraphQL and how it stacks up against REST with a detailed REST vs. GraphQL side-by-side comparison.

 

What Open API Means for Today's IT and Physical Security Strategies

Choosing the right business and security software is no short order. These are big, important investments, and it’s hard (and expensive) to switch systems once you’re already working with one. But open source and open API security software can make it easier to future-proof security systems and adapt to new challenges as they arise.

 

How to Identify and Mitigate API Security Risks to Defend Critical Infrastructure

Application Programming Interfaces (APIs) are integral components in internet-connected services as they provide businesses with a cost-effective way to improve user experience on their websites. This is why APIs are growing rapidly in use and popularity, with new ones being released every month.

 

API Adoption: The Dangerous Delay
Launching an API is the easiest thing you'll ever do. On the minimum end, you can put a framework in front of your database and call it done. If you add annotations to your source code, you can even auto-generate documentation.

 

12 API Features for Successful eCommerce Sites

Let's imagine the Internet as a restaurant. You sit and read the menu and place an order. You don't go directly to the chef, do you? Instead, there is an intermediary between you and the kitchen - a waiter. APIs, or application programming interfaces, work the same way.