Runscope API Monitoring    Learn More →

Synthetic Monitoring vs. API Monitoring: Why You Need Both

Synthetic Monitoring vs. API Monitoring: Why You Need Both

By Chris Riley on .

There are so many different types of monitoring in the DevOps world today that it can be easy to lose track of them. There’s application performance monitoring and infrastructure monitoring. There’s user experience monitoring, uptime monitoring and real-user monitoring.

And then there’s synthetic monitoring and API monitoring—two types of monitoring that can seem similar, but are actually quite different.

Let’s take a look at what synthetic monitoring and API monitoring have in common, how they differ, and which types of use cases each supports. […]

Read More →

Categories: monitoring


Serverless Computing Platforms—It’s Not All Cloud

Serverless Computing Platforms—It’s Not All Cloud

By Eric Bruno on .

When cloud computing came into vogue, some viewed it as simply running software in someone else’s data center, or the proliferation of virtualization. But as cloud has matured, it has become clear that cloud computing, public or private, is an industry-changing paradigm shift.

In a similar way, some view serverless computing as nothing more than a meta-definition for cloud computing. But like cloud computing, serverless means so much more.

For example, Platform-as-a-Service (PaaS) offerings are often too prescriptive and confining, and Infrastructure-as-a-Service (IaaS) can be both too generic and too limiting. The true serverless movement is more abstract, promoting computing in the small (think microservices), right-sized APIs, stateless components, and reliable units of processing that are similar to transactions, yet lighter weight and less restrictive.

Whether these components run on one server or 100, on your desk, or in the cloud should be of no concern. What’s important is that serverless computing enables you to focus more closely on solving a problem without spending time building servers, installing an OS, worrying about patches and upgrades, or network, security issues, and so on. […]

Read More →

Categories: serverless


7 Tips for Building an API

7 Tips for Building an API

By Theo Despoudis on .

As of 2018, businesses are relying more and more on APIs to serve their clients. Microservices and serverless architectures are becoming increasingly prevalent, and that creates a higher number of required API integration points to ensure a competitive advantage and business visibility.

APIs should be designed from the ground up with these needs in mind. In this article, I discuss seven design tips for APIs that can help to meet these goals. (I should note that these insights are based on my experience building APIs for mobile clients, but the lessons apply more broadly to include API design of any type.)

1. Treat your API as a Product

A key factor when starting with any sort of development is the notion of the product. It defines the stand-alone entity that exposes useful functionality and benefits to the market. It is no easy task to design and implement an API that is easily consumable, scalable, properly documented and secured without having a strong sense of responsibility and ownership in the process. […]

Read More →

Categories:


Building Serverless Applications with an API-First Approach

Building Serverless Applications with an API-First Approach

By Mike Mackrory on .

In this article, we’re going to be examining what an API-first design strategy looks like when it comes to developing serverless applications. We’re going to talk about why this approach is essential, what are its benefits, and walk through a simple example of creating a basic OpenAPI spec using SwaggerHub, and deploying it using AWS Lambda.

Start with the End in Mind

As developers and engineers, we like to solve problems. Give us an idea of what needs to be fixed or produced, and we’ll have our IDE open and our fingers tapping out magical code before you finish speaking.

Fast innovation is a good thing. In this case, however, there is a downside: You’ll end up with an API that is “designed” and “documented” as an afterthought and made to fit the code. This approach may require additional work […]

Read More →

Categories: swagger, openapi, apis, serverless


Understanding OAuth 2.0 and OpenID Connect

Understanding OAuth 2.0 and OpenID Connect

By Keith Casey on .

Keith Casey, an API Problem Solver at Okta, covers the basics of OAuth 2.0 and OpenID Connect to help you build applications that are secure, reliable, and protect your systems and data the way you expect.

In the last few years, I’ve worked with dozens of companies to understand their needs, goals, and design on how they’ll use OAuth within their systems. Throughout those projects, I’ve found good news and bad news.

The good news is the tools and supporting libraries are steadily getting better, both in terms of ongoing support and security overall. As a result, mistakes that were common just a few years ago are steadily disappearing. This is a major win because if we start with better, more secure tools, we’ll build more secure software by default.

The bad news is there are still too many easy ways to build systems that look secure and seem secure but leak user information, application data, or inadvertently encourage bad security practices in downstream applications.

Therefore, let’s talk about some of those common mistakes and how we can improve security from day one. […]

Read More →

Categories: apis, featured guest series


Everything is going to be 200 OK®