Runscope API Monitoring    Learn More →

Posts filtered by category: apis

Getting Started with the OpenAPI Specification

Getting Started with the OpenAPI Specification

By Mike Mackrory on .

When I’m not writing articles, I work for a large software organization. We have lots of engineering teams, all of which contribute to specific elements of a sophisticated, versatile and highly available commerce platform. We’ve chosen an API-First approach to accelerate development and enhance collaboration between domains.

Because APIs are so central to how our software runs, documenting our APIs is essential for making sure that everyone across our large IT organization understands what is going on. That’s why we use OpenAPI to help document API specifications.

In this article, I’m going to introduce you to the OpenAPI specification and API-First development principles. In a subsequent article, I’ll describe how our teams use the API-First approach to support our engineering endeavors. […]

Read More →

Categories: swagger, openapi, apis


Best Practices for API Security: Avoiding Common Security Vulnerabilities

By Scott Fitzpatrick on .

It’s fairly easy to see that API security can be of the utmost importance when designing and implementing an interface that might be used by another entity over which you have no control. By allowing another organization to interact with your application directly, you are putting your data at risk.

Taking the appropriate security measures throughout the design process can ensure that your API is used properly by those you allow to interact with your application. Such measures include the utilization of an effective strategy to authenticate the application employing your API, taking steps to ensure that the client application is authorized to perform the actions they are attempting through your API, and bulletproofing against common API vulnerabilities such as XSS and SQL injection.

In this article, we’ll take a look at API security best practices and discuss strategies for securing APIs. […]

Read More →

Categories: apis, security


How to Write Your First AWS Lambda Function

How to Write Your First AWS Lambda Function

By Mike Mackrory on .

Have you been looking for a quick and straightforward guide to writing your first AWS Lambda function? If so, we have got you covered. This article explains everything you need to know to create your first Lambda function, and how to upload and run it in the AWS Cloud.

AWS Lambda in a Nutshell

AWS Lambda is a serverless computing platform that allows engineers to create a small function, configure the function in the AWS console, and have the code executed without the need to provision servers—paying only for the resources used during the execution. As many organizations move towards implementing serverless architectures, AWS Lambda would be the central building block they’ll use. […]

Read More →

Categories: apis, code samples, serverless, tutorial


Building Serverless Applications with an API-First Approach

Building Serverless Applications with an API-First Approach

By Mike Mackrory on .

In this article, we’re going to be examining what an API-first design strategy looks like when it comes to developing serverless applications. We’re going to talk about why this approach is essential, what are its benefits, and walk through a simple example of creating a basic OpenAPI spec using SwaggerHub, and deploying it using AWS Lambda.

Start with the End in Mind

As developers and engineers, we like to solve problems. Give us an idea of what needs to be fixed or produced, and we’ll have our IDE open and our fingers tapping out magical code before you finish speaking.

Fast innovation is a good thing. In this case, however, there is a downside: You’ll end up with an API that is “designed” and “documented” as an afterthought and made to fit the code. This approach may require additional work […]

Read More →

Categories: swagger, openapi, apis, serverless


Understanding OAuth 2.0 and OpenID Connect

Understanding OAuth 2.0 and OpenID Connect

By Keith Casey on .

Keith Casey, an API Problem Solver at Okta, covers the basics of OAuth 2.0 and OpenID Connect to help you build applications that are secure, reliable, and protect your systems and data the way you expect.

In the last few years, I’ve worked with dozens of companies to understand their needs, goals, and design on how they’ll use OAuth within their systems. Throughout those projects, I’ve found good news and bad news.

The good news is the tools and supporting libraries are steadily getting better, both in terms of ongoing support and security overall. As a result, mistakes that were common just a few years ago are steadily disappearing. This is a major win because if we start with better, more secure tools, we’ll build more secure software by default.

The bad news is there are still too many easy ways to build systems that look secure and seem secure but leak user information, application data, or inadvertently encourage bad security practices in downstream applications.

Therefore, let’s talk about some of those common mistakes and how we can improve security from day one. […]

Read More →

Categories: apis, featured guest series


3 Reasons Your API Might Fail

3 Reasons Your API Might Fail

By Michael Churchman on .

APIs. You depend on them, but can you always trust them to work as advertised? The truth is that APIs can fail, and even when they don't fail, they can perform in ways that are less than adequate. When that happens, your application may be left hanging, or worse yet, it may crash. What kind of failures are we talking about, and what can you do about them?

First, though, consider what an API does—It provides a way for a programmer to communicate with an external application or service, and to ask that application to do something. You may or may not know what the other program does internally with your data and your request, but as long as everything works correctly, all you need to know is how to use the API. But that is not enough to ensure that APIs perform adequately.

In this article, we'll look at three common reasons why an API might fail or underperform, and how DevOps engineers can address them. [...]

Read More →

Categories: apis, debugging


Everything is going to be 200 OK®