Runscope API Monitoring    Learn More →

Serverless Computing Platforms—It’s Not All Cloud

Serverless Computing Platforms—It’s Not All Cloud

By Eric Bruno on .

When cloud computing came into vogue, some viewed it as simply running software in someone else’s data center, or the proliferation of virtualization. But as cloud has matured, it has become clear that cloud computing, public or private, is an industry-changing paradigm shift.

In a similar way, some view serverless computing as nothing more than a meta-definition for cloud computing. But like cloud computing, serverless means so much more.

For example, Platform-as-a-Service (PaaS) offerings are often too prescriptive and confining, and Infrastructure-as-a-Service (IaaS) can be both too generic and too limiting. The true serverless movement is more abstract, promoting computing in the small (think microservices), right-sized APIs, stateless components, and reliable units of processing that are similar to transactions, yet lighter weight and less restrictive.

Whether these components run on one server or 100, on your desk, or in the cloud should be of no concern. What’s important is that serverless computing enables you to focus more closely on solving a problem without spending time building servers, installing an OS, worrying about patches and upgrades, or network, security issues, and so on. […]

Read More →

Categories: serverless


7 Tips for Building an API

7 Tips for Building an API

By Theo Despoudis on .

As of 2018, businesses are relying more and more on APIs to serve their clients. Microservices and serverless architectures are becoming increasingly prevalent, and that creates a higher number of required API integration points to ensure a competitive advantage and business visibility.

APIs should be designed from the ground up with these needs in mind. In this article, I discuss seven design tips for APIs that can help to meet these goals. (I should note that these insights are based on my experience building APIs for mobile clients, but the lessons apply more broadly to include API design of any type.)

1. Treat your API as a Product

A key factor when starting with any sort of development is the notion of the product. It defines the stand-alone entity that exposes useful functionality and benefits to the market. It is no easy task to design and implement an API that is easily consumable, scalable, properly documented and secured without having a strong sense of responsibility and ownership in the process. […]

Read More →

Categories:


Building Serverless Applications with an API-First Approach

Building Serverless Applications with an API-First Approach

By Mike Mackrory on .

In this article, we’re going to be examining what an API-first design strategy looks like when it comes to developing serverless applications. We’re going to talk about why this approach is essential, what are its benefits, and walk through a simple example of creating a basic OpenAPI spec using SwaggerHub, and deploying it using AWS Lambda.

Start with the End in Mind

As developers and engineers, we like to solve problems. Give us an idea of what needs to be fixed or produced, and we’ll have our IDE open and our fingers tapping out magical code before you finish speaking.

Fast innovation is a good thing. In this case, however, there is a downside: You’ll end up with an API that is “designed” and “documented” as an afterthought and made to fit the code. This approach may require additional work […]

Read More →

Categories: swagger, openapi, apis, serverless


Understanding OAuth 2.0 and OpenID Connect

Understanding OAuth 2.0 and OpenID Connect

By Keith Casey on .

Keith Casey, an API Problem Solver at Okta, covers the basics of OAuth 2.0 and OpenID Connect to help you build applications that are secure, reliable, and protect your systems and data the way you expect.

In the last few years, I’ve worked with dozens of companies to understand their needs, goals, and design on how they’ll use OAuth within their systems. Throughout those projects, I’ve found good news and bad news.

The good news is the tools and supporting libraries are steadily getting better, both in terms of ongoing support and security overall. As a result, mistakes that were common just a few years ago are steadily disappearing. This is a major win because if we start with better, more secure tools, we’ll build more secure software by default.

The bad news is there are still too many easy ways to build systems that look secure and seem secure but leak user information, application data, or inadvertently encourage bad security practices in downstream applications.

Therefore, let’s talk about some of those common mistakes and how we can improve security from day one. […]

Read More →

Categories: apis, featured guest series


3 Reasons Your API Might Fail

3 Reasons Your API Might Fail

By Michael Churchman on .

APIs. You depend on them, but can you always trust them to work as advertised? The truth is that APIs can fail, and even when they don't fail, they can perform in ways that are less than adequate. When that happens, your application may be left hanging, or worse yet, it may crash. What kind of failures are we talking about, and what can you do about them?

First, though, consider what an API does—It provides a way for a programmer to communicate with an external application or service, and to ask that application to do something. You may or may not know what the other program does internally with your data and your request, but as long as everything works correctly, all you need to know is how to use the API. But that is not enough to ensure that APIs perform adequately.

In this article, we'll look at three common reasons why an API might fail or underperform, and how DevOps engineers can address them. [...]

Read More →

Categories: apis, debugging


Everything is going to be 200 OK®