API security: Platform capabilities and API-led Connectivity example

November 10 2016

0 comments 0
api-security-mulesoft-api-led-connectivity

This is part 3 of my API security blog series. I will be showing an example scenario of how Anypoint platform can be a vital component of a secure API-led architecture and the capabilities to securing the API.

If you missed part 1 and part 2 here they are:

  1. API security: Ways to authenticate and authorize
  2. API security: Keeping data private but accessible

Advanced API Patterns with RAML

November 3 2016

1 comment. 0
advanced raml design

The vast majority of RESTful APIs follow a simple “request-response” message exchange pattern, but that pattern is often too limiting and is not sufficient to achieving robust and reliable application performance.  We frequently get questions from customers asking:  ‘How I design asynchronous APIs?’ and ‘How I design an API that allows for the concurrent modification of the same API resource without bringing the resource into inconsistent state?’.  In this blog post, we present two approaches answering these questions using standard HTTP headers and status codes. Further, we provide RAML snippets that can serve as a starting point when designing such APIs.

API security: Keeping data private but accessible

September 27 2016

0 comments 0
api-security-keep-data-private-while-accessible

This post is part 2 of 3 for my ultimate guide to API security best practices series. In this post, I will be discussing confidentiality, integrity, and availability of data. In essence, methods of how we can keep data private, protect it from being compromised while making it accessible anytime.

Part 1 – API security: Ways to authenticate and authorize discussed authentication and authorization of identity security.

API security: Ways to authenticate and authorize

August 15 2016

4 comments 0
API Security- Authentication and Authorization

This post will be part 1 of 3 for my ultimate guide to API security best practices series. In this post, I will be discussing the current concerns IT decision makers have in regards to their current digital assets.

Part 2 – API security: Keeping data private but accessible will address the need for keeping data private and protecting it from being compromised while making it accessible at all times.

Proxying with API Manager

We often expose the proxy APIs that connect applications to their backend APIs. With a proxy API, the application continues to run without issue and continue to call and connect to the backend API while a developer is editing it. Exposing a proxy API also protects the backend API from the world, shielding the real IP address.

Using APIs to build a great architecture

apis-icon

As we often say, APIs are the way to connect applications, data, and devices that will give your organization greater agility and flexibility. We recommend an API-led approach to connectivity that will enable your business to take advantage of digital transformation. But how does API-led connectivity work from an architecture perspective?

Software company Perficient has put together an excellent overview of our three-layered approach to API-led connectivity, highlighting the three layers:

RAMLing again with API Workbench: From setup to design

I previously published a blog post in DZone that demonstrated how to design a RAML in API Designer, which is an online cloud editor that uses an in-browser filesystem in HTML5 Local storage. But then I thought of exploring some more options for a tool/editor that can help us to design and code our RAML locally as an IDE (such as Eclipse or Netbean for Java).

The Four Secrets of a Great API

April 19 2016

0 comments 0
apis-icon

Not all APIs are created equal – some are better than others. In fact, says ProgrammableWeb’s Adam DuVander, the not not-so-secret truth about APIs is that “creating a great one is really, really hard.”

How to Create and Use OData APIs for Any Connectivity Need

March 16 2016

0 comments 0

In my blogpost last week, I shared how, in just 5 minutes, you can expose MySQL, DB2, SQLServer, Oracle or SAP datasource as an OData API into Salesforce using Anypoint Data Gateway for Lightning Connect.

Data Gateway - Out of the box

But let’s say what Data Gateway offers out-of-the-box is not a perfect fit for what you want to do. Maybe you want to create an OData API for a different datasource, expose a legacy API as an OData API or do data orchestration before exposing data into Salesforce. So what do you do?

Ensure API security with Anypoint Platform

January 25 2016

0 comments 0
apis-icon

API security breaches are expensive. How expensive? They can cost $400m or more. APIs are a strategic necessity for any business but it’s equally important to keep them safe.

Fortunately, there are lots of resources available to make sure that API security is baked into your APIs as you design and deploy them.

We have released a new whitepaper, Protect Your APIs, which goes into detail about the top security concerns around APIs and how Anypoint Platform addresses them.