How to secure an API with OIDC in Anypoint Platform

Security is one of the most critical requirements when we’re talking about developing modern APIs. But implementing this requirement can also be a straightforward task — today, we’re going to walk through a modern approach using the OpenID Connect mechanism to secure an API deployed in Anypoint Platform.

5 ways to ensure data and API security

In 2018, there were 6,500 data breaches reported, exposing billions of records for potential misuse. In today’s digitally connected world, security is almost always top-of-mind for businesses to keep their records are safe and secure. It’s critical for organizations to implement API security best practices to keep their integrations and the data that travels between systems under tight lock and key.   

How to use JSON Web Token (JWT) validation policy

Do you want to establish secure transactions between clients and your APIs? Do you want to know a safe way to represent information between two parties? Or confirm that the data was sent by an authentic source? JSON Web Token (JWT) is a compact way to securely transmit information between two parties. If you have questions regarding API security, read along to discover why MuleSoft JSON Web Token Validation Policy is one of the ways to safely protect your APIs. 

Facebook, privacy, and the delicate data dance

security-data-privacy-concept

As a consequence of the recent FTC investigation, Facebook cut off friend data access for Microsoft and Sony and announced an overhaul of its API. Facebook’s privacy changes will impact dozens of partners that have been using the Facebook API to build experiences on third-party apps and devices. Here are three essential considerations for API providers, consumers, and end-users to avoid a scandal like Facebook’s and protect the privacy of user data. 

Identity and Access Management with Anypoint Platform

open door to the world

This blog aims at capturing different technologies and protocols in the IAM space and mapping them to Anypoint Platform.

How NVIDIA integrated 12 different systems for GDPR compliance

gdpr-img

Here’s how NVIDIA leveraged an API-led approach to build system APIs for backend applications and stitch data together using a process API that leverages MuleSoft’s Message Processors.

It’s time for a new security model

blog security apis

Traditional security models—such as firewalls and DMZs—were designed to protect the perimeter. The thinking was that if the four walls of a company were protected, then threats would be neutralised before they come anywhere near core IT infrastructure. However, when bad actors inevitably made their way inside, they were often left undetected and free to move about as they extracted sensitive business data.

What type of API is right for my project?

types of apis

There are various types of APIs, the most popular of which is Web API––otherwise known as a Web Service. A Web API provides an interface for Web applications, or applications that need to connect to each other via the Internet to communicate. Web APIs have exploded exponentially, reaching over 17,000 in 2017. There are four popular subcategories of Web APIs, including SOAP, XML-RPC, JSON-RPC, and REST.

Three common API design mistakes and how to overcome them

apis

Jason Harmon, head of APIs at engaging forms tool Typeform, and namesake of the JSON schema, gave a fantastic proactive talk at a recent APIdays conference about “the things that break stuff in production.” Three things in fact.

Reusable KPIs for Reusable APIs: The Metrics – Part 2

reusable apis mulesoft

In part 1 of this post, we have established the overall value proposition of defining reusable KPIs in an attempt to assess and drive the concept of reuse within your API platform. Once the capability to establish and monitor both abstract baselines and progress against them have been established within an enterprise, the next step is to determine what metrics are worth tracking, where they break down, and how they relate to each other.