Runscope API Monitoring    Learn More →

Best Practices for API Security: Avoiding Common Security Vulnerabilities

By Scott Fitzpatrick on .

It’s fairly easy to see that API security can be of the utmost importance when designing and implementing an interface that might be used by another entity over which you have no control. By allowing another organization to interact with your application directly, you are putting your data at risk.

Taking the appropriate security measures throughout the design process can ensure that your API is used properly by those you allow to interact with your application. Such measures include the utilization of an effective strategy to authenticate the application employing your API, taking steps to ensure that the client application is authorized to perform the actions they are attempting through your API, and bulletproofing against common API vulnerabilities such as XSS and SQL injection.

In this article, we’ll take a look at API security best practices and discuss strategies for securing APIs. […]

Read More →

Categories: apis, security


How to Write Your First AWS Lambda Function

How to Write Your First AWS Lambda Function

By Mike Mackrory on .

Have you been looking for a quick and straightforward guide to writing your first AWS Lambda function? If so, we have got you covered. This article explains everything you need to know to create your first Lambda function, and how to upload and run it in the AWS Cloud.

AWS Lambda in a Nutshell

AWS Lambda is a serverless computing platform that allows engineers to create a small function, configure the function in the AWS console, and have the code executed without the need to provision servers—paying only for the resources used during the execution. As many organizations move towards implementing serverless architectures, AWS Lambda would be the central building block they’ll use. […]

Read More →

Categories: apis, code samples, serverless, tutorial


Synthetic Monitoring vs. API Monitoring: Why You Need Both

Synthetic Monitoring vs. API Monitoring: Why You Need Both

By Chris Riley on .

There are so many different types of monitoring in the DevOps world today that it can be easy to lose track of them. There’s application performance monitoring and infrastructure monitoring. There’s user experience monitoring, uptime monitoring and real-user monitoring.

And then there’s synthetic monitoring and API monitoring—two types of monitoring that can seem similar, but are actually quite different.

Let’s take a look at what synthetic monitoring and API monitoring have in common, how they differ, and which types of use cases each supports. […]

Read More →

Categories: monitoring


Serverless Computing Platforms—It’s Not All Cloud

Serverless Computing Platforms—It’s Not All Cloud

By Eric Bruno on .

When cloud computing came into vogue, some viewed it as simply running software in someone else’s data center, or the proliferation of virtualization. But as cloud has matured, it has become clear that cloud computing, public or private, is an industry-changing paradigm shift.

In a similar way, some view serverless computing as nothing more than a meta-definition for cloud computing. But like cloud computing, serverless means so much more.

For example, Platform-as-a-Service (PaaS) offerings are often too prescriptive and confining, and Infrastructure-as-a-Service (IaaS) can be both too generic and too limiting. The true serverless movement is more abstract, promoting computing in the small (think microservices), right-sized APIs, stateless components, and reliable units of processing that are similar to transactions, yet lighter weight and less restrictive.

Whether these components run on one server or 100, on your desk, or in the cloud should be of no concern. What’s important is that serverless computing enables you to focus more closely on solving a problem without spending time building servers, installing an OS, worrying about patches and upgrades, or network, security issues, and so on. […]

Read More →

Categories: serverless


7 Tips for Building an API

7 Tips for Building an API

By Theo Despoudis on .

As of 2018, businesses are relying more and more on APIs to serve their clients. Microservices and serverless architectures are becoming increasingly prevalent, and that creates a higher number of required API integration points to ensure a competitive advantage and business visibility.

APIs should be designed from the ground up with these needs in mind. In this article, I discuss seven design tips for APIs that can help to meet these goals. (I should note that these insights are based on my experience building APIs for mobile clients, but the lessons apply more broadly to include API design of any type.)

1. Treat your API as a Product

A key factor when starting with any sort of development is the notion of the product. It defines the stand-alone entity that exposes useful functionality and benefits to the market. It is no easy task to design and implement an API that is easily consumable, scalable, properly documented and secured without having a strong sense of responsibility and ownership in the process. […]

Read More →

Categories:


Building Serverless Applications with an API-First Approach

Building Serverless Applications with an API-First Approach

By Mike Mackrory on .

In this article, we’re going to be examining what an API-first design strategy looks like when it comes to developing serverless applications. We’re going to talk about why this approach is essential, what are its benefits, and walk through a simple example of creating a basic OpenAPI spec using SwaggerHub, and deploying it using AWS Lambda.

Start with the End in Mind

As developers and engineers, we like to solve problems. Give us an idea of what needs to be fixed or produced, and we’ll have our IDE open and our fingers tapping out magical code before you finish speaking.

Fast innovation is a good thing. In this case, however, there is a downside: You’ll end up with an API that is “designed” and “documented” as an afterthought and made to fit the code. This approach may require additional work […]

Read More →

Categories: swagger, openapi, apis, serverless


Everything is going to be 200 OK®