In my daily interactions with MuleSoft customers, I always get the question what I regard as the most effective way to secure Mule applications and APIs on Anypoint Platform. A majority of our customers deploy their Mule applications on CloudHub — our MuleSoft managed and hosted cloud offering. So by the default, any application that gets deployed on CloudHub is exposed to the outside world and needs to be secured — from an access and authentication perspective,
Security is one of the most critical requirements when we’re talking about developing modern APIs. But implementing this requirement can also be a straightforward task — today, we’re going to walk through a modern approach using the OpenID Connect mechanism to secure an API deployed in Anypoint Platform.
In 2018, there were 6,500 data breaches reported, exposing billions of records for potential misuse. In today’s digitally connected world, security is almost always top-of-mind for businesses to keep their records are safe and secure. It’s critical for organizations to implement API security best practices to keep their integrations and the data that travels between systems under tight lock and key.
Do you want to establish secure transactions between clients and your APIs? Do you want to know a safe way to represent information between two parties? Or confirm that the data was sent by an authentic source? JSON Web Token (JWT) is a compact way to securely transmit information between two parties. If you have questions regarding API security, read along to discover why MuleSoft JSON Web Token Validation Policy is one of the ways to safely protect your APIs.
As a consequence of the recent FTC investigation, Facebook cut off friend data access for Microsoft and Sony and announced an overhaul of its API. Facebook’s privacy changes will impact dozens of partners that have been using the Facebook API to build experiences on third-party apps and devices. Here are three essential considerations for API providers, consumers, and end-users to avoid a scandal like Facebook’s and protect the privacy of user data.
Here’s how NVIDIA leveraged an API-led approach to build system APIs for backend applications and stitch data together using a process API that leverages MuleSoft’s Message Processors.
Traditional security models—such as firewalls and DMZs—were designed to protect the perimeter. The thinking was that if the four walls of a company were protected, then threats would be neutralised before they come anywhere near core IT infrastructure. However, when bad actors inevitably made their way inside, they were often left undetected and free to move about as they extracted sensitive business data.
There are various types of APIs, the most popular of which is Web API––otherwise known as a Web Service. A Web API provides an interface for Web applications, or applications that need to connect to each other via the Internet to communicate. Web APIs have exploded exponentially, reaching over 17,000 in 2017. There are four popular subcategories of Web APIs, including SOAP, XML-RPC, JSON-RPC, and REST.
Jason Harmon, head of APIs at engaging forms tool Typeform, and namesake of the JSON schema, gave a fantastic proactive talk at a recent APIdays conference about “the things that break stuff in production.” Three things in fact.
